Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Zombie.7312

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:52:50.732227262Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:52:50.734044246Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:52:50.735650705Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:52:50.738066526Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:52:50.739728028Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:52:50.741415943Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:52:50.744138354Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:52:50.745871853Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:52:50.747567445Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:52:50.749387866Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:52:50.760932292Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:52:50.76263466Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:52:50.76458897Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:52:50.766884584Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:52:50.76839128Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:52:50.769904001Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:52:50.783273566Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:52:50.784271561Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:52:50.785216043Z	53	PC: 26a6a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:52:50.786849166Z	37	PC: 26a7f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:52:50.787978338Z	37	PC: 26a87 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:52:50.789042719Z	37	PC: 26a8f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:52:50.790727035Z	37	PC: 26a97 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:52:50.792170897Z	68	PC: 276e1 \| I/O control for devices (Set for = '')
2018-12-17T21:52:50.796078891Z	26	PC: 2697d \| Set disk transfer address
2018-12-17T21:52:50.798176678Z	78	PC: 26989 \| Find first file
2018-12-17T21:52:50.80534299Z	26	PC: 2697d \| Set disk transfer address
2018-12-17T21:52:50.80652292Z	78	PC: 26989 \| Find first file
2018-12-17T21:52:50.813147599Z	61	PC: 27130 \| Open file (Filename = 'TEST.EXE')
2018-12-17T21:52:50.820348133Z	60	PC: 27130 \| Create or truncate file
2018-12-17T21:52:51.113268548Z	63	PC: 27203 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T21:52:51.125707912Z	66	PC: 277e0 \| Move file pointer
2018-12-17T21:52:51.127503428Z	66	PC: 277ee \| Move file pointer
2018-12-17T21:52:51.12921483Z	66	PC: 277fc \| Move file pointer
2018-12-17T21:52:51.133091648Z	62	PC: 27180 \| Close file
2018-12-17T21:52:51.135296764Z	62	PC: 27180 \| Close file
2018-12-17T21:52:51.137403637Z	65	PC: 27279 \| Delete file (Filename = 'tempfile')
2018-12-17T21:52:51.149989521Z	26	PC: 269a1 \| Set disk transfer address
2018-12-17T21:52:51.15137495Z	79	PC: 269a6 \| Find next file
2018-12-17T21:52:51.154273558Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:52:51.156649998Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:52:51.15877508Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:52:51.161289261Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:52:51.163267528Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:52:51.164413889Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:52:51.16559718Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:52:51.167666186Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:52:51.168720275Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:52:51.169819644Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:52:51.171600488Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:52:51.173435238Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:52:51.174488842Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:52:51.17631731Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:52:51.177627059Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:52:51.178690649Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:52:51.180526389Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:52:51.181758238Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:52:51.18287799Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:52:51.184650205Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:52:51.185701265Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:52:51.187379704Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:52:51.189257806Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:52:51.19034686Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:52:51.191423431Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:52:51.19396094Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:52:51.194945559Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:52:51.195887786Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:52:51.197503914Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:52:51.198492437Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:52:51.199320862Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:52:51.200383193Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:52:51.201749481Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:52:51.203139512Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:52:51.204456593Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:52:51.205626788Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:52:51.207382006Z	53	PC: 269e5 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:52:51.208502222Z	37	PC: 269ee \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:52:51.209483218Z	98	PC: 267ac \| Get current PSP
2018-12-17T21:52:51.237806442Z	74	PC: 2b86d \| Reallocate memory
2018-12-17T21:52:51.239647854Z	48	PC: 2cf36 \| Get DOS version
2018-12-17T21:52:51.241086171Z	53	PC: 2b8f7 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:52:51.242980626Z	37	PC: 2b909 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:52:51.24425101Z	68	PC: 2b995 \| I/O control for devices (Set for = '׹��2��E�$� �!�E�')
2018-12-17T21:52:51.245706514Z	68	PC: 2b995 \| I/O control for devices (Set for = '�v�v� ')
2018-12-17T21:52:51.247551848Z	68	PC: 2b995 \| I/O control for devices (Set for = '�u�v�v�v�v �')
2018-12-17T21:52:51.248976363Z	68	PC: 2b995 \| I/O control for devices (Set for = '�)��}�')
2018-12-17T21:52:51.25010983Z	68	PC: 2b995 \| I/O control for devices (Set for = '�)��}�')
2018-12-17T21:52:51.251909626Z	72	PC: 2e069 \| Allocate memory
2018-12-17T21:52:51.254513826Z	74	PC: 2de15 \| Reallocate memory
2018-12-17T21:52:51.257234586Z	37	PC: 2cd84 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:52:51.258824089Z	37	PC: 2cd84 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:52:51.25988394Z	74	PC: 2de15 \| Reallocate memory
2018-12-17T21:52:51.261781039Z	61	PC: 2bcb9 \| Open file (Filename = 'A:\TEST.INI')
2018-12-17T21:52:51.267079068Z	43	PC: 12cae \| Set date
2018-12-17T21:52:51.268515897Z	61	PC: 2bcb9 \| Open file (Filename = 'A:\TEST.xlt')
2018-12-17T21:52:51.272870604Z	61	PC: 2bcb9 \| Open file (Filename = 'HIEW.SAV')
2018-12-17T21:52:51.280690251Z	8	PC: 2c225 \| Console input without echo