Sample viewer

vx.netlux.org/Virus.DOS.HLLP.5658.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:16:51.960814297Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:16:51.963808288Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:16:51.96488714Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:16:51.966306353Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:16:51.968200887Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:51.969294454Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:16:51.970133491Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:16:51.971402159Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:16:51.972296997Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:16:51.973154437Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:16:51.97444995Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:16:51.975470133Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:16:51.977173727Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:16:51.978706327Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:16:51.979773073Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:16:51.980778204Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:16:51.997166006Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:16:51.998254555Z	53	PC: 137b6 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:16:51.999269385Z	37	PC: 137cb \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:16:52.000394002Z	37	PC: 137d3 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:16:52.001475545Z	37	PC: 137db \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:52.002432788Z	37	PC: 137e3 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:16:52.003712824Z	68	PC: 13e77 \| I/O control for devices (Set for = '')
2018-12-17T22:16:52.006198747Z	44	PC: 13d13 \| Get time 0x13d13: mov word ptr [0x138], cx 0x13d17: mov word ptr [0x13a], dx 0x13d1b: retf 0x13d1c: mov bx, sp 0x13d1e: push ds 0x13d1f: les di, ptr ss:[bx + 8] 0x13d23: lds si, ptr ss:[bx + 4] 0x13d27: cld 0x13d28: xor ax, ax 0x13d2a: stosw word ptr es:[di], ax 0x13d2b: mov ax, 0xd7b0 0x13d2e: stosw word ptr es:[di], ax 0x13d2f: mov ax, 0x80 0x13d32: stosw word ptr es:[di], ax 0x13d33: xor ax, ax 0x13d35: stosw word ptr es:[di], ax 0x13d36: stosw word ptr es:[di], ax 0x13d37: stosw word ptr es:[di], ax 0x13d38: lea ax, word ptr [di + 0x74] 0x13d3b: stosw word ptr es:[di], ax
2018-12-17T22:16:52.008279918Z	44	PC: 13499 \| Get time 0x13499: xor ah, ah 0x1349b: mov al, dl 0x1349d: les di, ptr [bp + 6] 0x134a0: stosw word ptr es:[di], ax 0x134a1: mov al, dh 0x134a3: les di, ptr [bp + 0xa] 0x134a6: stosw word ptr es:[di], ax 0x134a7: mov al, cl 0x134a9: les di, ptr [bp + 0xe] 0x134ac: stosw word ptr es:[di], ax 0x134ad: mov al, ch 0x134af: les di, ptr [bp + 0x12] 0x134b2: stosw word ptr es:[di], ax 0x134b3: pop bp 0x134b4: retf 0x10 0x134b7: push bp 0x134b8: mov bp, sp 0x134ba: mov ch, byte ptr [bp + 0xc] 0x134bd: mov cl, byte ptr [bp + 0xa] 0x134c0: mov dh, byte ptr [bp + 8]
2018-12-17T22:16:52.010430884Z	42	PC: 13463 \| Get date 0x13463: xor ah, ah 0x13465: les di, ptr [bp + 6] 0x13468: stosw word ptr es:[di], ax 0x13469: mov al, dl 0x1346b: les di, ptr [bp + 0xa] 0x1346e: stosw word ptr es:[di], ax 0x1346f: mov al, dh 0x13471: les di, ptr [bp + 0xe] 0x13474: stosw word ptr es:[di], ax 0x13475: xchg ax, cx 0x13476: les di, ptr [bp + 0x12] 0x13479: stosw word ptr es:[di], ax 0x1347a: pop bp 0x1347b: retf 0x10 0x1347e: push bp 0x1347f: mov bp, sp 0x13481: mov cx, word ptr [bp + 0xa] 0x13484: mov dh, byte ptr [bp + 8] 0x13487: mov dl, byte ptr [bp + 6] 0x1348a: mov ah, 0x2b
2018-12-17T22:16:52.013076266Z	48	PC: 143d9 \| Get DOS version
2018-12-17T22:16:52.014322204Z	67	PC: 134dd \| Get or set file attributes
2018-12-17T22:16:52.019934794Z	67	PC: 13504 \| Get or set file attributes
2018-12-17T22:16:52.037147328Z	61	PC: 14199 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:16:52.044317498Z	63	PC: 1426c \| Read file or device (Read 5658 bytes on handle 5)
2018-12-17T22:16:52.052617126Z	62	PC: 141e9 \| Close file
2018-12-17T22:16:52.05505975Z	25	PC: 14466 \| Get default drive
2018-12-17T22:16:52.056070804Z	71	PC: 14479 \| Get current directory
2018-12-17T22:16:52.059158661Z	26	PC: 1357b \| Set disk transfer address
2018-12-17T22:16:52.06096815Z	78	PC: 13587 \| Find first file
2018-12-17T22:16:52.067316244Z	67	PC: 134dd \| Get or set file attributes
2018-12-17T22:16:52.072985087Z	67	PC: 13504 \| Get or set file attributes
2018-12-17T22:16:52.083016759Z	61	PC: 14199 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:16:52.094438104Z	66	PC: 14335 \| Move file pointer
2018-12-17T22:16:52.095688163Z	66	PC: 14343 \| Move file pointer
2018-12-17T22:16:52.097800122Z	66	PC: 14351 \| Move file pointer
2018-12-17T22:16:52.099540728Z	66	PC: 14335 \| Move file pointer
2018-12-17T22:16:52.101302658Z	66	PC: 14343 \| Move file pointer
2018-12-17T22:16:52.10351829Z	66	PC: 14351 \| Move file pointer
2018-12-17T22:16:52.104885408Z	87	PC: 1351e \| Get or set file date and time
2018-12-17T22:16:52.107173467Z	87	PC: 1351e \| Get or set file date and time
2018-12-17T22:16:52.109449436Z	63	PC: 1426c \| Read file or device (Read 5658 bytes on handle 5)
2018-12-17T22:16:52.11867327Z	62	PC: 141e9 \| Close file
2018-12-17T22:16:52.120306334Z	61	PC: 14199 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:16:52.127165281Z	87	PC: 1354b \| Get or set file date and time
2018-12-17T22:16:52.128676594Z	62	PC: 141e9 \| Close file
2018-12-17T22:16:52.135604279Z	67	PC: 13504 \| Get or set file attributes
2018-12-17T22:16:52.145778796Z	26	PC: 1359f \| Set disk transfer address
2018-12-17T22:16:52.14696273Z	79	PC: 135a4 \| Find next file
2018-12-17T22:16:52.149676076Z	59	PC: 1452d \| Change current directory
2018-12-17T22:16:52.154317966Z	26	PC: 1357b \| Set disk transfer address
2018-12-17T22:16:52.155476702Z	78	PC: 13587 \| Find first file
2018-12-17T22:16:52.166681817Z	26	PC: 1359f \| Set disk transfer address
2018-12-17T22:16:52.168412806Z	79	PC: 135a4 \| Find next file
2018-12-17T22:16:52.171802548Z	26	PC: 1359f \| Set disk transfer address
2018-12-17T22:16:52.172752009Z	79	PC: 135a4 \| Find next file
2018-12-17T22:16:52.175918823Z	26	PC: 1359f \| Set disk transfer address
2018-12-17T22:16:52.176957099Z	79	PC: 135a4 \| Find next file
2018-12-17T22:16:52.179894101Z	26	PC: 1359f \| Set disk transfer address
2018-12-17T22:16:52.181543653Z	79	PC: 135a4 \| Find next file
2018-12-17T22:16:52.184099705Z	26	PC: 1359f \| Set disk transfer address
2018-12-17T22:16:52.185062318Z	79	PC: 135a4 \| Find next file
2018-12-17T22:16:52.188564855Z	26	PC: 1359f \| Set disk transfer address
2018-12-17T22:16:52.189507876Z	79	PC: 135a4 \| Find next file
2018-12-17T22:16:52.192085484Z	26	PC: 1359f \| Set disk transfer address
2018-12-17T22:16:52.193603526Z	79	PC: 135a4 \| Find next file
2018-12-17T22:16:52.196476154Z	26	PC: 1359f \| Set disk transfer address
2018-12-17T22:16:52.197941034Z	79	PC: 135a4 \| Find next file
2018-12-17T22:16:52.201433113Z	26	PC: 1359f \| Set disk transfer address
2018-12-17T22:16:52.202457246Z	79	PC: 135a4 \| Find next file
2018-12-17T22:16:52.204718667Z	48	PC: 143d9 \| Get DOS version
2018-12-17T22:16:52.206644738Z	67	PC: 13504 \| Get or set file attributes
2018-12-17T22:16:52.216222423Z	48	PC: 143d9 \| Get DOS version
2018-12-17T22:16:52.217554745Z	67	PC: 134dd \| Get or set file attributes
2018-12-17T22:16:52.22384572Z	67	PC: 13504 \| Get or set file attributes
2018-12-17T22:16:52.233450128Z	61	PC: 14199 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:16:52.239980216Z	87	PC: 1351e \| Get or set file date and time
2018-12-17T22:16:52.243200275Z	87	PC: 1351e \| Get or set file date and time
2018-12-17T22:16:52.244580937Z	66	PC: 14335 \| Move file pointer
2018-12-17T22:16:52.245916174Z	66	PC: 14343 \| Move file pointer
2018-12-17T22:16:52.248146939Z	66	PC: 14351 \| Move file pointer
2018-12-17T22:16:52.249861592Z	66	PC: 142cb \| Move file pointer
2018-12-17T22:16:52.251853103Z	63	PC: 1426c \| Read file or device (Read 5658 bytes on handle 5)
2018-12-17T22:16:52.260249259Z	66	PC: 142cb \| Move file pointer
2018-12-17T22:16:52.261913991Z	64	PC: 1426c \| Write file or device (Write 5658 bytes on handle 5)
2018-12-17T22:16:52.271814101Z	62	PC: 141e9 \| Close file
2018-12-17T22:16:52.279719115Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:16:52.280918286Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:16:52.28195117Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:16:52.283521372Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:16:52.284660989Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:16:52.286066242Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:16:52.287997205Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:16:52.289161087Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:16:52.290263763Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:52.291941791Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:52.293017003Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:16:52.294243499Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:16:52.29630442Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:16:52.297388561Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:16:52.298477303Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:16:52.300673347Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:16:52.301990741Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:16:52.303160617Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:16:52.304385558Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:16:52.305535081Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:16:52.306534504Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:16:52.307714406Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:16:52.309086856Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:16:52.310081943Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:16:52.311026179Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:16:52.312623323Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:16:52.313617836Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:16:52.314696787Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:16:52.316161642Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:16:52.317155972Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:16:52.318540282Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:16:52.320550044Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:16:52.321629512Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:16:52.322718167Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:16:52.324242736Z	53	PC: 13689 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:16:52.325418313Z	37	PC: 13692 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:16:52.326560999Z	48	PC: 143d9 \| Get DOS version
2018-12-17T22:16:52.328394151Z	41	PC: 1372b \| Parse filename
2018-12-17T22:16:52.329721468Z	41	PC: 13739 \| Parse filename
2018-12-17T22:16:52.331020305Z	75	PC: 13744 \| Execute program