Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Marek.6016

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:18:25.983077345Z 53 PC: 1324a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:25.986544118Z 53 PC: 1324a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:18:25.987893683Z 53 PC: 1324a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:25.989175321Z 53 PC: 1324a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:18:25.990919419Z 53 PC: 1324a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:25.992654444Z 53 PC: 1324a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:25.994438375Z 53 PC: 1324a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:18:25.996896179Z 53 PC: 1324a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:18:25.999021244Z 53 PC: 1324a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:18:26.000720489Z 53 PC: 1324a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:18:26.006679657Z 53 PC: 1324a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:18:26.008548242Z 53 PC: 1324a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:18:26.00960583Z 53 PC: 1324a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:18:26.013704769Z 53 PC: 1324a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:18:26.015133259Z 53 PC: 1324a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:18:26.016476917Z 53 PC: 1324a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:18:26.018389175Z 53 PC: 1324a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:18:26.019599829Z 53 PC: 1324a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:26.020679759Z 53 PC: 1324a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:18:26.022333563Z 37 PC: 1325f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:26.023371513Z 37 PC: 13267 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:26.02444863Z 37 PC: 1326f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:26.027130979Z 37 PC: 13277 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:26.028652795Z 68 PC: 13e5c | I/O control for devices (Set for = '')
2018-12-17T22:18:26.030204758Z 48 PC: 13a5e | Get DOS version
2018-12-17T22:18:26.032042019Z 67 PC: 12faf | Get or set file attributes
2018-12-17T22:18:26.039066931Z 67 PC: 12fd6 | Get or set file attributes
2018-12-17T22:18:26.401827284Z 61 PC: 13910 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:18:26.409369789Z 63 PC: 139e3 | Read file or device (Read 6016 bytes on handle 5)
2018-12-17T22:18:26.417881747Z 87 PC: 1301d | Get or set file date and time
2018-12-17T22:18:26.419800334Z 62 PC: 13960 | Close file
2018-12-17T22:18:26.427917529Z 67 PC: 12fd6 | Get or set file attributes
2018-12-17T22:18:26.436704211Z 26 PC: 1304d | Set disk transfer address
2018-12-17T22:18:26.437809986Z 78 PC: 13059 | Find first file
2018-12-17T22:18:26.442361366Z 26 PC: 13071 | Set disk transfer address
2018-12-17T22:18:26.443714677Z 79 PC: 13076 | Find next file
2018-12-17T22:18:26.446932769Z 48 PC: 13a5e | Get DOS version
2018-12-17T22:18:26.448614253Z 48 PC: 13a5e | Get DOS version
2018-12-17T22:18:26.450991613Z 67 PC: 12faf | Get or set file attributes
2018-12-17T22:18:26.456786503Z 67 PC: 12fd6 | Get or set file attributes
2018-12-17T22:18:26.466739247Z 61 PC: 13910 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:18:26.475824863Z 66 PC: 13f5b | Move file pointer
2018-12-17T22:18:26.477600356Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:18:26.479277215Z 66 PC: 13f77 | Move file pointer
2018-12-17T22:18:26.482274766Z 66 PC: 13a42 | Move file pointer
2018-12-17T22:18:26.484183136Z 63 PC: 139e3 | Read file or device (Read 6016 bytes on handle 5)
2018-12-17T22:18:26.49301317Z 66 PC: 13a42 | Move file pointer
2018-12-17T22:18:26.495608484Z 64 PC: 139e3 | Write file or device (Write 6016 bytes on handle 5)
2018-12-17T22:18:26.504189946Z 87 PC: 1301d | Get or set file date and time
2018-12-17T22:18:26.506075093Z 62 PC: 13960 | Close file
2018-12-17T22:18:26.514076674Z 67 PC: 12fd6 | Get or set file attributes
2018-12-17T22:18:26.524444725Z 53 PC: 131bc | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:26.525651198Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:26.527394593Z 53 PC: 131bc | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:18:26.528595898Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:18:26.529868419Z 53 PC: 131bc | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:26.53173872Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:26.532752329Z 53 PC: 131bc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:18:26.533822588Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:18:26.535678174Z 53 PC: 131bc | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:26.536788452Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:26.538167464Z 53 PC: 131bc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:26.539714913Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:26.541007483Z 53 PC: 131bc | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:18:26.542136479Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:18:26.543587277Z 53 PC: 131bc | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:18:26.544669135Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:18:26.545917975Z 53 PC: 131bc | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:18:26.547889618Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:18:26.548836855Z 53 PC: 131bc | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:18:26.54974561Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:18:26.551442645Z 53 PC: 131bc | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:18:26.552229199Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:18:26.553215884Z 53 PC: 131bc | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:18:26.554402468Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:18:26.555145618Z 53 PC: 131bc | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:18:26.555973706Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:18:26.557057032Z 53 PC: 131bc | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:18:26.557880133Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:18:26.558617923Z 53 PC: 131bc | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:18:26.559911549Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:18:26.560703789Z 53 PC: 131bc | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:18:26.561642456Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:18:26.562808985Z 53 PC: 131bc | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:18:26.563549563Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:18:26.564363147Z 53 PC: 131bc | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:26.567138925Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:26.56829404Z 53 PC: 131bc | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:18:26.569324405Z 37 PC: 131c5 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:18:26.571420236Z 41 PC: 13173 | Parse filename
2018-12-17T22:18:26.57270489Z 41 PC: 13181 | Parse filename
2018-12-17T22:18:26.573776302Z 75 PC: 1318c | Execute program
2018-12-17T22:18:26.594366188Z 80 PC: 1eae9 | Set current PSP
2018-12-17T22:18:26.595166227Z 48 PC: 1eaee | Get DOS version
2018-12-17T22:18:26.596932104Z 99 PC: 252d0 | Get DBCS lead byte table pointer
2018-12-17T22:18:26.600220571Z 101 PC: 1eb74 | Get extended country info
2018-12-17T22:18:26.601262254Z 99 PC: 1eb7a | Get DBCS lead byte table pointer
2018-12-17T22:18:26.60231318Z 74 PC: 1ebdc | Reallocate memory
2018-12-17T22:18:26.603939039Z 25 PC: 1ec13 | Get default drive
2018-12-17T22:18:26.604792665Z 37 PC: 1e6d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:18:26.605584741Z 37 PC: 1e6da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:26.60731058Z 37 PC: 1e6e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:26.610317015Z 74 PC: 1d87c | Reallocate memory
2018-12-17T22:18:26.611701683Z 72 PC: 1d8bd | Allocate memory
2018-12-17T22:18:26.614094528Z 72 PC: 1d8f5 | Allocate memory
2018-12-17T22:18:26.615700834Z 72 PC: 1d8fd | Allocate memory