Sample viewer

vx.netlux.org/Virus.DOS.HLLP.4313

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:18:24.939706449Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:24.941301467Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:18:24.942760614Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:24.943960464Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:18:24.945937932Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:24.947026552Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:24.948093501Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:18:24.949915978Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:18:24.951155738Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:18:24.952367193Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:18:24.953786886Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:18:24.955125293Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:18:24.956343625Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:18:24.964763257Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:18:24.966224001Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:18:24.967383033Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:18:24.96850354Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:18:24.970353589Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:24.971474808Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:18:24.972591154Z	37	PC: 1355f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:24.98023245Z	37	PC: 13567 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:24.981237982Z	37	PC: 1356f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:24.982349779Z	37	PC: 13577 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:24.984867406Z	68	PC: 13c16 \| I/O control for devices (Set for = '')
2018-12-17T22:18:24.987058404Z	53	PC: 12ba2 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:18:24.988978724Z	37	PC: 12bbb \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:18:24.990818166Z	44	PC: 13d4d \| Get time 0x13d4d: mov word ptr [0x8e], cx 0x13d51: mov word ptr [0x90], dx 0x13d55: retf 0x13d56: mov di, 0xa0 0x13d59: push ds 0x13d5a: pop es 0x13d5b: mov cx, 0x2712 0x13d5e: sub cx, di 0x13d60: shr cx, 1 0x13d62: xor ax, ax 0x13d64: cld 0x13d65: rep stosd dword ptr es:[di], eax 0x13d67: ret 0x13d68: add byte ptr [bx + si], al 0x13d6a: add byte ptr [bx + si], al 0x13d6c: add byte ptr [bx + si], al 0x13d6e: add byte ptr [bx + si], al 0x13d70: add byte ptr [bx + si], al 0x13d72: movhps qword ptr [di + 2], xmm7 0x13d76: sbb word ptr [di + 0x29], sp
2018-12-17T22:18:24.992950383Z	48	PC: 13941 \| Get DOS version
2018-12-17T22:18:24.99431084Z	61	PC: 12c27 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:18:25.001653652Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:18:25.003031969Z	63	PC: 12c06 \| Read file or device (Read 4313 bytes on handle 5)
2018-12-17T22:18:25.010781858Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:18:25.012494829Z	63	PC: 12c06 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:18:25.019197137Z	62	PC: 12d5b \| Close file
2018-12-17T22:18:25.020857088Z	48	PC: 13941 \| Get DOS version
2018-12-17T22:18:25.022815294Z	61	PC: 12c27 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:18:25.027281669Z	87	PC: 12d3d \| Get or set file date and time
2018-12-17T22:18:25.028529393Z	66	PC: 12bd0 \| Move file pointer
2018-12-17T22:18:25.030601617Z	66	PC: 12bdc \| Move file pointer
2018-12-17T22:18:25.031751233Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:18:25.032894187Z	63	PC: 12c06 \| Read file or device (Read 133 bytes on handle 5)
2018-12-17T22:18:25.03843147Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:18:25.039599756Z	63	PC: 12c06 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:18:25.041636898Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:18:25.043541865Z	63	PC: 12c06 \| Read file or device (Read 4317 bytes on handle 5)
2018-12-17T22:18:25.04853776Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:18:25.049662784Z	63	PC: 12c06 \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:18:25.052256861Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:18:25.053406273Z	64	PC: 12c53 \| Write file or device (Write 10 bytes on handle 5)
2018-12-17T22:18:25.055595614Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:18:25.057251251Z	63	PC: 12c06 \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:18:25.061505292Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:18:25.062524817Z	64	PC: 12c53 \| Write file or device (Write 10 bytes on handle 5)
2018-12-17T22:18:25.064836412Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:18:25.066377657Z	64	PC: 12c53 \| Write file or device (Write 4317 bytes on handle 5)
2018-12-17T22:18:26.228904333Z	66	PC: 12bf0 \| Move file pointer
2018-12-17T22:18:26.232105366Z	64	PC: 12c53 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:18:26.368303362Z	87	PC: 12d4f \| Get or set file date and time
2018-12-17T22:18:26.369682333Z	62	PC: 12d5b \| Close file
2018-12-17T22:18:26.397774669Z	37	PC: 12bbb \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:18:26.399105139Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:26.400383449Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:26.403223677Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:18:26.404782541Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:18:26.406472566Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:26.410930848Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:26.412596649Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:18:26.414252204Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:18:26.417401814Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:26.418940444Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:26.420360219Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:26.422262511Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:26.42387018Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:18:26.425514044Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:18:26.427360614Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:18:26.432742087Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:18:26.433836781Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:18:26.435513971Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:18:26.437025814Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:18:26.438337656Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:18:26.439759176Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:18:26.441219507Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:18:26.442386224Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:18:26.444109537Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:18:26.445160659Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:18:26.446265104Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:18:26.447545359Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:18:26.448901222Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:18:26.450027415Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:18:26.451385515Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:18:26.452828836Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:18:26.453832793Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:18:26.454896423Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:18:26.456236866Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:18:26.457122023Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:26.458188211Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:26.45936592Z	53	PC: 134c8 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:18:26.460285689Z	37	PC: 134d1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:18:26.461694305Z	41	PC: 1347f \| Parse filename
2018-12-17T22:18:26.46309314Z	41	PC: 1348d \| Parse filename
2018-12-17T22:18:26.464164272Z	75	PC: 13498 \| Execute program
2018-12-17T22:18:26.476859632Z	80	PC: 180a9 \| Set current PSP
2018-12-17T22:18:26.47840832Z	48	PC: 180ae \| Get DOS version
2018-12-17T22:18:26.479581948Z	99	PC: 1e890 \| Get DBCS lead byte table pointer
2018-12-17T22:18:26.481546677Z	101	PC: 18134 \| Get extended country info
2018-12-17T22:18:26.483013344Z	99	PC: 1813a \| Get DBCS lead byte table pointer
2018-12-17T22:18:26.484033331Z	74	PC: 1819c \| Reallocate memory
2018-12-17T22:18:26.485322619Z	25	PC: 181d3 \| Get default drive
2018-12-17T22:18:26.486606567Z	37	PC: 17c93 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:18:26.487488857Z	37	PC: 17c9a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:26.488674935Z	37	PC: 17ca1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:26.491678472Z	74	PC: 16e3c \| Reallocate memory
2018-12-17T22:18:26.492742197Z	72	PC: 16e7d \| Allocate memory
2018-12-17T22:18:26.494579328Z	72	PC: 16eb5 \| Allocate memory
2018-12-17T22:18:26.496357731Z	72	PC: 16ebd \| Allocate memory