Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Ludvi.4999

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:18:49.165442498Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:49.174265518Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:18:49.175494134Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:49.17669163Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:18:49.179033994Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:49.180101213Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:49.181168805Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:18:49.182424363Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:18:49.183875794Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:18:49.185071336Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:18:49.186303738Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:18:49.188255571Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:18:49.189772155Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:18:49.191156651Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:18:49.19320042Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:18:49.194405984Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:18:49.195646347Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:18:49.198076509Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:49.199704273Z	53	PC: 137ea \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:18:49.201041633Z	37	PC: 137ff \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:49.215085391Z	37	PC: 13807 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:49.216400061Z	37	PC: 1380f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:49.217792574Z	37	PC: 13817 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:49.237411826Z	68	PC: 1422a \| I/O control for devices (Set for = '')
2018-12-17T22:18:49.239974961Z	44	PC: 14361 \| Get time 0x14361: mov word ptr [0x3e], cx 0x14365: mov word ptr [0x40], dx 0x14369: retf 0x1436a: mov di, 0x50 0x1436d: push ds 0x1436e: pop es 0x1436f: mov cx, 0x1d5e 0x14372: sub cx, di 0x14374: shr cx, 1 0x14376: xor ax, ax 0x14378: cld 0x14379: rep stosd dword ptr es:[di], eax 0x1437b: ret 0x1437c: add byte ptr [bx + si], al 0x1437e: add byte ptr [bx + si], al 0x14380: add byte ptr [bx + si], al 0x14382: add byte ptr [bx + si], al 0x14384: add byte ptr [bx + si], al 0x14386: add byte ptr [bx + si], al 0x14388: add byte ptr [bx + si], al
2018-12-17T22:18:49.242935981Z	42	PC: 133a7 \| Get date 0x133a7: xor ah, ah 0x133a9: les di, ptr [bp + 6] 0x133ac: stosw word ptr es:[di], ax 0x133ad: mov al, dl 0x133af: les di, ptr [bp + 0xa] 0x133b2: stosw word ptr es:[di], ax 0x133b3: mov al, dh 0x133b5: les di, ptr [bp + 0xe] 0x133b8: stosw word ptr es:[di], ax 0x133b9: xchg ax, cx 0x133ba: les di, ptr [bp + 0x12] 0x133bd: stosw word ptr es:[di], ax 0x133be: pop bp 0x133bf: retf 0x10 0x133c2: push bp 0x133c3: mov bp, sp 0x133c5: mov cx, word ptr [bp + 0xa] 0x133c8: mov dh, byte ptr [bp + 8] 0x133cb: mov dl, byte ptr [bp + 6] 0x133ce: mov ah, 0x2b
2018-12-17T22:18:49.246072186Z	48	PC: 13e6f \| Get DOS version
2018-12-17T22:18:49.248161857Z	67	PC: 1347c \| Get or set file attributes
2018-12-17T22:18:49.264841983Z	25	PC: 13efc \| Get default drive
2018-12-17T22:18:49.274489789Z	71	PC: 13f0f \| Get current directory
2018-12-17T22:18:49.2815324Z	54	PC: 1341c \| Get free disk space
2018-12-17T22:18:49.290462166Z	59	PC: 13fc3 \| Change current directory
2018-12-17T22:18:49.294798922Z	26	PC: 134f3 \| Set disk transfer address
2018-12-17T22:18:49.298443903Z	78	PC: 134ff \| Find first file
2018-12-17T22:18:49.305329977Z	26	PC: 134f3 \| Set disk transfer address
2018-12-17T22:18:49.306918288Z	78	PC: 134ff \| Find first file
2018-12-17T22:18:49.32002061Z	25	PC: 135f5 \| Get default drive
2018-12-17T22:18:49.321414678Z	71	PC: 13614 \| Get current directory
2018-12-17T22:18:49.324747601Z	26	PC: 13517 \| Set disk transfer address
2018-12-17T22:18:49.327040915Z	79	PC: 1351c \| Find next file
2018-12-17T22:18:49.330361097Z	26	PC: 134f3 \| Set disk transfer address
2018-12-17T22:18:49.331679462Z	78	PC: 134ff \| Find first file
2018-12-17T22:18:49.338634207Z	25	PC: 135f5 \| Get default drive
2018-12-17T22:18:49.340325575Z	71	PC: 13614 \| Get current directory
2018-12-17T22:18:49.344073079Z	25	PC: 135f5 \| Get default drive
2018-12-17T22:18:49.34562712Z	71	PC: 13614 \| Get current directory
2018-12-17T22:18:49.349758824Z	67	PC: 1347c \| Get or set file attributes
2018-12-17T22:18:49.36230527Z	86	PC: 13e3a \| Rename file
2018-12-17T22:18:49.376718221Z	61	PC: 13cad \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:18:49.384004153Z	60	PC: 13cad \| Create or truncate file
2018-12-17T22:18:49.395090199Z	25	PC: 135f5 \| Get default drive
2018-12-17T22:18:49.396355232Z	71	PC: 13614 \| Get current directory
2018-12-17T22:18:49.400284375Z	61	PC: 13cad \| Open file (Filename = 'A:\EDOUQH.TMP')
2018-12-17T22:18:49.40703788Z	63	PC: 13d80 \| Read file or device (Read 4999 bytes on handle 5)
2018-12-17T22:18:49.414818823Z	64	PC: 13d80 \| Write file or device (Write 4999 bytes on handle 6)
2018-12-17T22:18:49.423811566Z	63	PC: 13d80 \| Read file or device (Read 4999 bytes on handle 7)
2018-12-17T22:18:49.430160504Z	64	PC: 13d80 \| Write file or device (Write 407 bytes on handle 6)
2018-12-17T22:18:49.438162149Z	87	PC: 134c3 \| Get or set file date and time
2018-12-17T22:18:49.441288386Z	62	PC: 13cfd \| Close file
2018-12-17T22:18:49.449039337Z	62	PC: 13cfd \| Close file
2018-12-17T22:18:49.451140249Z	62	PC: 13cfd \| Close file
2018-12-17T22:18:49.454754153Z	65	PC: 13df6 \| Delete file (Filename = 'EDOUQH.tmp')
2018-12-17T22:18:49.466965471Z	61	PC: 13cad \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:18:49.473981888Z	63	PC: 13d80 \| Read file or device (Read 4999 bytes on handle 5)
2018-12-17T22:18:49.483183498Z	60	PC: 13cad \| Create or truncate file
2018-12-17T22:18:49.494353224Z	63	PC: 13d80 \| Read file or device (Read 4999 bytes on handle 5)
2018-12-17T22:18:49.502379749Z	64	PC: 13d80 \| Write file or device (Write 2182 bytes on handle 6)
2018-12-17T22:18:49.512091363Z	62	PC: 13cfd \| Close file
2018-12-17T22:18:49.514095435Z	62	PC: 13cfd \| Close file
2018-12-17T22:18:49.522673616Z	41	PC: 13754 \| Parse filename
2018-12-17T22:18:49.525278901Z	41	PC: 13762 \| Parse filename
2018-12-17T22:18:49.527083246Z	75	PC: 1376d \| Execute program
2018-12-17T22:18:49.535820847Z	65	PC: 13df6 \| Delete file (Filename = 'aEDOUQH.tmp')
2018-12-17T22:18:49.547304749Z	64	PC: 13c08 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:18:49.550035033Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:18:49.551310711Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:18:49.552573348Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:18:49.555209716Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:18:49.556478337Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:18:49.558077265Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:18:49.560806592Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:18:49.562128167Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:18:49.563381611Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:18:49.566002276Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:18:49.567807629Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:18:49.569284599Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:18:49.572121134Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:18:49.573626935Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:18:49.575193686Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:18:49.577518509Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:18:49.578871525Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:18:49.580409806Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:18:49.582910759Z	37	PC: 13941 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:18:49.584212673Z	76	PC: 13980 \| Terminate with return code (Return code = '0')