Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Ab.7508

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:17:41.781787358Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:17:41.783832619Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:17:41.793501978Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:17:41.794862259Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:41.797290786Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:17:41.798657695Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:41.79990887Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:17:41.804616987Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:17:41.805913785Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:17:41.807024966Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:17:41.808376734Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:17:41.814145883Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:17:41.815238667Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:17:41.816832277Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:17:41.819500486Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:17:41.82089411Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:17:41.822253289Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:17:41.825195465Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:17:41.826783971Z	53	PC: 139ea \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:17:41.828346536Z	37	PC: 139ff \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:17:41.831302466Z	37	PC: 13a07 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:17:41.833484468Z	37	PC: 13a0f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:41.8349924Z	37	PC: 13a17 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:17:41.841687177Z	68	PC: 143ea \| I/O control for devices (Set for = '')
2018-12-17T22:17:41.954712242Z	37	PC: 132b1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:17:41.956598302Z	44	PC: 1386d \| Get time 0x1386d: xor ah, ah 0x1386f: mov al, dl 0x13871: les di, ptr [bp + 6] 0x13874: stosw word ptr es:[di], ax 0x13875: mov al, dh 0x13877: les di, ptr [bp + 0xa] 0x1387a: stosw word ptr es:[di], ax 0x1387b: mov al, cl 0x1387d: les di, ptr [bp + 0xe] 0x13880: stosw word ptr es:[di], ax 0x13881: mov al, ch 0x13883: les di, ptr [bp + 0x12] 0x13886: stosw word ptr es:[di], ax 0x13887: pop bp 0x13888: retf 0x10 0x1388b: push bp 0x1388c: mov bp, sp 0x1388e: mov ch, byte ptr [bp + 0xc] 0x13891: mov cl, byte ptr [bp + 0xa] 0x13894: mov dh, byte ptr [bp + 8]
2018-12-17T22:17:41.960672792Z	48	PC: 13ffb \| Get DOS version
2018-12-17T22:17:41.962673668Z	61	PC: 13ead \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:17:41.969674607Z	63	PC: 13f80 \| Read file or device (Read 7504 bytes on handle 5)
2018-12-17T22:17:41.980750773Z	62	PC: 13efd \| Close file
2018-12-17T22:17:41.983290438Z	26	PC: 138c7 \| Set disk transfer address
2018-12-17T22:17:41.984419504Z	78	PC: 138d3 \| Find first file
2018-12-17T22:17:41.990811522Z	44	PC: 1386d \| Get time 0x1386d: xor ah, ah 0x1386f: mov al, dl 0x13871: les di, ptr [bp + 6] 0x13874: stosw word ptr es:[di], ax 0x13875: mov al, dh 0x13877: les di, ptr [bp + 0xa] 0x1387a: stosw word ptr es:[di], ax 0x1387b: mov al, cl 0x1387d: les di, ptr [bp + 0xe] 0x13880: stosw word ptr es:[di], ax 0x13881: mov al, ch 0x13883: les di, ptr [bp + 0x12] 0x13886: stosw word ptr es:[di], ax 0x13887: pop bp 0x13888: retf 0x10 0x1388b: push bp 0x1388c: mov bp, sp 0x1388e: mov ch, byte ptr [bp + 0xc] 0x13891: mov cl, byte ptr [bp + 0xa] 0x13894: mov dh, byte ptr [bp + 8]
2018-12-17T22:17:41.995021103Z	61	PC: 13ead \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:17:42.002432958Z	66	PC: 144e9 \| Move file pointer
2018-12-17T22:17:42.004133783Z	66	PC: 144f7 \| Move file pointer
2018-12-17T22:17:42.006212067Z	66	PC: 14505 \| Move file pointer
2018-12-17T22:17:42.008102075Z	66	PC: 13fdf \| Move file pointer
2018-12-17T22:17:42.009604182Z	63	PC: 13f80 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:17:42.018243374Z	63	PC: 13f80 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:17:42.021175064Z	63	PC: 13f80 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:17:42.023831327Z	63	PC: 13f80 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:17:42.027135208Z	62	PC: 13efd \| Close file
2018-12-17T22:17:42.028982814Z	26	PC: 138eb \| Set disk transfer address
2018-12-17T22:17:42.03043529Z	79	PC: 138f0 \| Find next file
2018-12-17T22:17:42.035342184Z	26	PC: 138c7 \| Set disk transfer address
2018-12-17T22:17:42.036420775Z	78	PC: 138d3 \| Find first file
2018-12-17T22:17:42.042586134Z	44	PC: 1386d \| Get time 0x1386d: xor ah, ah 0x1386f: mov al, dl 0x13871: les di, ptr [bp + 6] 0x13874: stosw word ptr es:[di], ax 0x13875: mov al, dh 0x13877: les di, ptr [bp + 0xa] 0x1387a: stosw word ptr es:[di], ax 0x1387b: mov al, cl 0x1387d: les di, ptr [bp + 0xe] 0x13880: stosw word ptr es:[di], ax 0x13881: mov al, ch 0x13883: les di, ptr [bp + 0x12] 0x13886: stosw word ptr es:[di], ax 0x13887: pop bp 0x13888: retf 0x10 0x1388b: push bp 0x1388c: mov bp, sp 0x1388e: mov ch, byte ptr [bp + 0xc] 0x13891: mov cl, byte ptr [bp + 0xa] 0x13894: mov dh, byte ptr [bp + 8]
2018-12-17T22:17:42.046141389Z	61	PC: 13ead \| Open file (Filename = 'a:\TEST.EXE')
2018-12-17T22:17:42.052782475Z	66	PC: 144e9 \| Move file pointer
2018-12-17T22:17:42.054177517Z	66	PC: 144f7 \| Move file pointer
2018-12-17T22:17:42.057186723Z	66	PC: 14505 \| Move file pointer
2018-12-17T22:17:42.058657682Z	66	PC: 13fdf \| Move file pointer
2018-12-17T22:17:42.060127825Z	63	PC: 13f80 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:17:42.063768118Z	63	PC: 13f80 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:17:42.066883945Z	63	PC: 13f80 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:17:42.070267705Z	63	PC: 13f80 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:17:42.075204573Z	62	PC: 13efd \| Close file
2018-12-17T22:17:42.077252262Z	26	PC: 138eb \| Set disk transfer address
2018-12-17T22:17:42.078509139Z	79	PC: 138f0 \| Find next file
2018-12-17T22:17:42.082249559Z	26	PC: 138c7 \| Set disk transfer address
2018-12-17T22:17:42.083987052Z	78	PC: 138d3 \| Find first file