Sample viewer

vx.netlux.org/Virus.DOS.HLLP.PPZ.8514

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:18:18.774485562Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:18.776842645Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:18:18.779889371Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:18.781255265Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:18:18.783003822Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:18.784666059Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:18.785924513Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:18:18.78757804Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:18:18.789270404Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:18:18.790754214Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:18:18.792350484Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:18:18.794230512Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:18:18.800905565Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:18:18.80262123Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:18:18.804851107Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:18:18.806474328Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:18:18.808082689Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:18:18.810410869Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:18.812010158Z 53 PC: 14f8a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:18:18.81353741Z 37 PC: 14f9f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:18.816030376Z 37 PC: 14fa7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:18.817414236Z 37 PC: 14faf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:18.818783301Z 37 PC: 14fb7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:18.821078637Z 68 PC: 15aec | I/O control for devices (Set for = '')
2018-12-17T22:18:18.864377648Z 37 PC: 146a1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:18.869642271Z 48 PC: 15812 | Get DOS version
2018-12-17T22:18:18.872122647Z 53 PC: 14dc1 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:18:18.873766829Z 37 PC: 14ddd | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:18:18.875252917Z 53 PC: 14dc1 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:18:18.877670849Z 37 PC: 14ddd | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:18:18.879033071Z 53 PC: 14dc1 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:18.880384108Z 37 PC: 14ddd | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:18.883522447Z 51 PC: 14caf | Get or set Ctrl-Break
2018-12-17T22:18:18.884643428Z 60 PC: 15650 | Create or truncate file
2018-12-17T22:18:18.90535434Z 65 PC: 15799 | Delete file (Filename = '/�')
2018-12-17T22:18:18.919234564Z 48 PC: 15812 | Get DOS version
2018-12-17T22:18:18.920758031Z 61 PC: 15650 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:18:18.927255084Z 66 PC: 15782 | Move file pointer
2018-12-17T22:18:18.930049882Z 63 PC: 15723 | Read file or device (Read 4 bytes on handle 6)
2018-12-17T22:18:18.933011388Z 62 PC: 156a0 | Close file
2018-12-17T22:18:18.935389571Z 48 PC: 15812 | Get DOS version
2018-12-17T22:18:18.938126988Z 61 PC: 15650 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:18:18.944835147Z 63 PC: 15723 | Read file or device (Read 8514 bytes on handle 6)
2018-12-17T22:18:18.952658534Z 62 PC: 156a0 | Close file
2018-12-17T22:18:18.95516733Z 26 PC: 14d60 | Set disk transfer address
2018-12-17T22:18:18.956987061Z 78 PC: 14d6c | Find first file
2018-12-17T22:18:18.963352418Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:18.964555077Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:18.969232799Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:18.970603149Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:18.974064778Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:18.976486017Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:18.980040677Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:18.981504813Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:18.986635302Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:18.987877225Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:18.99118068Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:18.992989117Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:18.996439278Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:18.997707011Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.001366943Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.00240472Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.006095538Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.008113166Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.011338414Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.012374164Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.016162163Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.017250532Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.020667975Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.025890121Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.030012904Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.034026675Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.038793631Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.04028736Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.044837703Z 61 PC: 15650 | Open file (Filename = '\TEST.EXE')
2018-12-17T22:18:19.052629873Z 66 PC: 15782 | Move file pointer
2018-12-17T22:18:19.054603745Z 63 PC: 15723 | Read file or device (Read 4 bytes on handle 6)
2018-12-17T22:18:19.057950553Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.060406101Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.063416431Z 26 PC: 14d60 | Set disk transfer address
2018-12-17T22:18:19.065492505Z 78 PC: 14d6c | Find first file
2018-12-17T22:18:19.0725823Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.073959467Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.077002764Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.079119899Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.083162492Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.084519986Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.088198673Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.089871905Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.09246991Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.093466085Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.09527844Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.096023232Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.097875981Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.099290533Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.101058335Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.102041435Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.10411443Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.105092191Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.107044505Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.108149337Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.109949108Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.110972529Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.113872086Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.114802773Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.116534532Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.117994282Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.119872356Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.120738427Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.122954537Z 26 PC: 14d84 | Set disk transfer address
2018-12-17T22:18:19.123853057Z 79 PC: 14d89 | Find next file
2018-12-17T22:18:19.125712164Z 44 PC: 14c5d | Get time 0x14c5d: xor ah, ah
0x14c5f: mov al, dl
0x14c61: les di, ptr [bp + 6]
0x14c64: stosw word ptr es:[di], ax
0x14c65: mov al, dh
0x14c67: les di, ptr [bp + 0xa]
0x14c6a: stosw word ptr es:[di], ax
0x14c6b: mov al, cl
0x14c6d: les di, ptr [bp + 0xe]
0x14c70: stosw word ptr es:[di], ax
0x14c71: mov al, ch
0x14c73: les di, ptr [bp + 0x12]
0x14c76: stosw word ptr es:[di], ax
0x14c77: pop bp
0x14c78: retf 0x10
0x14c7b: push bp
0x14c7c: mov bp, sp
0x14c7e: mov ch, byte ptr [bp + 0xc]
0x14c81: mov cl, byte ptr [bp + 0xa]
0x14c84: mov dh, byte ptr [bp + 8]
2018-12-17T22:18:19.127653683Z 42 PC: 14c27 | Get date 0x14c27: xor ah, ah
0x14c29: les di, ptr [bp + 6]
0x14c2c: stosw word ptr es:[di], ax
0x14c2d: mov al, dl
0x14c2f: les di, ptr [bp + 0xa]
0x14c32: stosw word ptr es:[di], ax
0x14c33: mov al, dh
0x14c35: les di, ptr [bp + 0xe]
0x14c38: stosw word ptr es:[di], ax
0x14c39: xchg ax, cx
0x14c3a: les di, ptr [bp + 0x12]
0x14c3d: stosw word ptr es:[di], ax
0x14c3e: pop bp
0x14c3f: retf 0x10
0x14c42: push bp
0x14c43: mov bp, sp
0x14c45: mov cx, word ptr [bp + 0xa]
0x14c48: mov dh, byte ptr [bp + 8]
0x14c4b: mov dl, byte ptr [bp + 6]
0x14c4e: mov ah, 0x2b
2018-12-17T22:18:19.129168591Z 48 PC: 15812 | Get DOS version
2018-12-17T22:18:19.130160577Z 26 PC: 14d60 | Set disk transfer address
2018-12-17T22:18:19.131453861Z 78 PC: 14d6c | Find first file
2018-12-17T22:18:19.135151449Z 48 PC: 15812 | Get DOS version
2018-12-17T22:18:19.136223298Z 67 PC: 14ce9 | Get or set file attributes
2018-12-17T22:18:19.384588392Z 61 PC: 15650 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:18:19.391278342Z 66 PC: 15782 | Move file pointer
2018-12-17T22:18:19.392675302Z 63 PC: 15723 | Read file or device (Read 8514 bytes on handle 7)
2018-12-17T22:18:19.491660258Z 66 PC: 15782 | Move file pointer
2018-12-17T22:18:19.493254496Z 64 PC: 15681 | Write file or device (Write 0 bytes on handle 7)
2018-12-17T22:18:19.50081831Z 66 PC: 15782 | Move file pointer
2018-12-17T22:18:19.503210008Z 64 PC: 15723 | Write file or device (Write 8514 bytes on handle 7)
2018-12-17T22:18:19.511579248Z 87 PC: 14d30 | Get or set file date and time
2018-12-17T22:18:19.513170529Z 67 PC: 14ce9 | Get or set file attributes
2018-12-17T22:18:19.523749626Z 62 PC: 156a0 | Close file
2018-12-17T22:18:19.530634873Z 37 PC: 14ddd | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:18:19.531732991Z 37 PC: 14ddd | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:18:19.533422488Z 37 PC: 14ddd | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:19.53468151Z 53 PC: 14efa | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:19.535781731Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:19.537901729Z 53 PC: 14efa | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:18:19.538988537Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:18:19.539994138Z 53 PC: 14efa | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:19.541509118Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:19.542349207Z 53 PC: 14efa | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:18:19.543392948Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:18:19.54480447Z 53 PC: 14efa | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:19.545988025Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:19.546965979Z 53 PC: 14efa | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:19.548745499Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:19.5498498Z 53 PC: 14efa | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:18:19.550821974Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:18:19.552212906Z 53 PC: 14efa | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:18:19.553176412Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:18:19.554134931Z 53 PC: 14efa | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:18:19.555585603Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:18:19.556506583Z 53 PC: 14efa | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:18:19.557505021Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:18:19.559009836Z 53 PC: 14efa | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:18:19.560050582Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:18:19.56118607Z 53 PC: 14efa | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:18:19.562737061Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:18:19.563725537Z 53 PC: 14efa | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:18:19.565351963Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:18:19.567480721Z 53 PC: 14efa | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:18:19.569573815Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:18:19.571309872Z 53 PC: 14efa | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:18:19.573265783Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:18:19.578245122Z 53 PC: 14efa | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:18:19.580778482Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:18:19.582375694Z 53 PC: 14efa | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:18:19.58390526Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:18:19.585705186Z 53 PC: 14efa | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:19.587349559Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:19.5885737Z 53 PC: 14efa | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:18:19.59045046Z 37 PC: 14f03 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:18:19.592170796Z 41 PC: 14eb1 | Parse filename
2018-12-17T22:18:19.59355319Z 41 PC: 14ebf | Parse filename
2018-12-17T22:18:19.595995933Z 75 PC: 14eca | Execute program
2018-12-17T22:18:19.617179763Z 80 PC: 1c3f9 | Set current PSP
2018-12-17T22:18:19.618015909Z 48 PC: 1c3fe | Get DOS version
2018-12-17T22:18:19.620332805Z 99 PC: 22be0 | Get DBCS lead byte table pointer
2018-12-17T22:18:19.623076013Z 101 PC: 1c484 | Get extended country info
2018-12-17T22:18:19.624675594Z 99 PC: 1c48a | Get DBCS lead byte table pointer
2018-12-17T22:18:19.627115979Z 74 PC: 1c4ec | Reallocate memory
2018-12-17T22:18:19.629312614Z 25 PC: 1c523 | Get default drive
2018-12-17T22:18:19.630748351Z 37 PC: 1bfe3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:18:19.632996724Z 37 PC: 1bfea | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:19.634183325Z 37 PC: 1bff1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:19.63822766Z 74 PC: 1b18c | Reallocate memory
2018-12-17T22:18:19.64141492Z 72 PC: 1b1cd | Allocate memory
2018-12-17T22:18:19.657799016Z 72 PC: 1b205 | Allocate memory
2018-12-17T22:18:19.660611988Z 72 PC: 1b20d | Allocate memory