Sample viewer

vx.netlux.org/Virus.DOS.HLLP.5844

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:41.711429441Z 74 PC: 14522 | Reallocate memory
2018-12-17T22:19:41.713504677Z 53 PC: 1337a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:19:41.714401839Z 53 PC: 1337a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:19:41.715568597Z 53 PC: 1337a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:19:41.721373152Z 53 PC: 1337a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:41.722484925Z 53 PC: 1337a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:19:41.723625688Z 53 PC: 1337a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:41.726080316Z 53 PC: 1337a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:19:41.727293039Z 53 PC: 1337a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:19:41.732735619Z 53 PC: 1337a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:19:41.734131425Z 53 PC: 1337a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:19:41.735634052Z 53 PC: 1337a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:19:41.736734231Z 53 PC: 1337a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:19:41.738022225Z 53 PC: 1337a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:19:41.739296159Z 53 PC: 1337a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:19:41.740358027Z 53 PC: 1337a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:19:41.74153938Z 53 PC: 1337a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:19:41.742974852Z 53 PC: 1337a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:19:41.743957572Z 53 PC: 1337a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:19:41.744916173Z 53 PC: 1337a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:19:41.746264972Z 37 PC: 1338f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:19:41.74720282Z 37 PC: 13397 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:19:41.748106348Z 37 PC: 1339f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:41.749451638Z 37 PC: 133a7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:19:41.75085088Z 68 PC: 14335 | I/O control for devices (Set for = '')
2018-12-17T22:19:41.752323887Z 48 PC: 13e65 | Get DOS version
2018-12-17T22:19:41.75441223Z 61 PC: 13ca3 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:19:41.761049443Z 60 PC: 13ca3 | Create or truncate file
2018-12-17T22:19:41.778730437Z 63 PC: 13d76 | Read file or device (Read 5844 bytes on handle 5)
2018-12-17T22:19:41.787033746Z 66 PC: 13dd5 | Move file pointer
2018-12-17T22:19:41.788555659Z 66 PC: 14434 | Move file pointer
2018-12-17T22:19:41.790169436Z 66 PC: 14442 | Move file pointer
2018-12-17T22:19:41.79241482Z 66 PC: 14450 | Move file pointer
2018-12-17T22:19:41.79801829Z 63 PC: 13d76 | Read file or device (Read 4096 bytes on handle 5)
2018-12-17T22:19:41.805617714Z 64 PC: 13d76 | Write file or device (Write 4096 bytes on handle 6)
2018-12-17T22:19:41.814135383Z 66 PC: 14434 | Move file pointer
2018-12-17T22:19:41.815511919Z 66 PC: 14442 | Move file pointer
2018-12-17T22:19:41.816878207Z 66 PC: 14450 | Move file pointer
2018-12-17T22:19:41.819104535Z 63 PC: 13d76 | Read file or device (Read 4096 bytes on handle 5)
2018-12-17T22:19:41.826841771Z 64 PC: 13d76 | Write file or device (Write 4096 bytes on handle 6)
2018-12-17T22:19:41.835035306Z 66 PC: 14434 | Move file pointer
2018-12-17T22:19:41.837644293Z 66 PC: 14442 | Move file pointer
2018-12-17T22:19:41.839047137Z 66 PC: 14450 | Move file pointer
2018-12-17T22:19:41.840631162Z 63 PC: 13d76 | Read file or device (Read 4096 bytes on handle 5)
2018-12-17T22:19:41.849755424Z 64 PC: 13d76 | Write file or device (Write 3016 bytes on handle 6)
2018-12-17T22:19:41.85661945Z 66 PC: 14434 | Move file pointer
2018-12-17T22:19:41.858098384Z 66 PC: 14442 | Move file pointer
2018-12-17T22:19:41.859898333Z 66 PC: 14450 | Move file pointer
2018-12-17T22:19:41.861257608Z 62 PC: 13cf3 | Close file
2018-12-17T22:19:41.869082192Z 62 PC: 13cf3 | Close file
2018-12-17T22:19:41.871740343Z 41 PC: 1327f | Parse filename
2018-12-17T22:19:41.873437275Z 41 PC: 1328d | Parse filename
2018-12-17T22:19:41.875084749Z 75 PC: 13298 | Execute program
2018-12-17T22:19:41.895859827Z 74 PC: 18d67 | Reallocate memory
2018-12-17T22:19:41.898081353Z 99 PC: 1add8 | Get DBCS lead byte table pointer
2018-12-17T22:19:41.899384829Z 68 PC: 1adf4 | I/O control for devices (Set for = '')
2018-12-17T22:19:41.901143667Z 68 PC: 1adff | I/O control for devices (Set for = '�+')
2018-12-17T22:19:41.902850019Z 68 PC: 1ae0a | I/O control for devices (Set for = '')
2018-12-17T22:19:41.904327771Z 68 PC: 1ae12 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T22:19:41.906349502Z 48 PC: 1ae17 | Get DOS version
2018-12-17T22:19:41.908088139Z 64 PC: 1b0a8 | Write file or device (Write 23 bytes on handle 2)
2018-12-17T22:19:41.913021694Z 37 PC: 1bc0b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:19:41.915153896Z 76 PC: 1bbf4 | Terminate with return code (Return code = '11')
2018-12-17T22:19:41.918315365Z 65 PC: 13dec | Delete file (Filename = '')
2018-12-17T22:19:41.929904369Z 26 PC: 131c7 | Set disk transfer address
2018-12-17T22:19:41.93165135Z 78 PC: 131d3 | Find first file
2018-12-17T22:19:41.938013637Z 61 PC: 13ca3 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:19:41.957326919Z 63 PC: 13d76 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:41.960488349Z 62 PC: 13cf3 | Close file
2018-12-17T22:19:41.96267654Z 26 PC: 131eb | Set disk transfer address
2018-12-17T22:19:41.963841327Z 79 PC: 131f0 | Find next file
2018-12-17T22:19:41.966545778Z 44 PC: 1316d | Get time 0x1316d: xor ah, ah
0x1316f: mov al, dl
0x13171: les di, ptr [bp + 6]
0x13174: stosw word ptr es:[di], ax
0x13175: mov al, dh
0x13177: les di, ptr [bp + 0xa]
0x1317a: stosw word ptr es:[di], ax
0x1317b: mov al, cl
0x1317d: les di, ptr [bp + 0xe]
0x13180: stosw word ptr es:[di], ax
0x13181: mov al, ch
0x13183: les di, ptr [bp + 0x12]
0x13186: stosw word ptr es:[di], ax
0x13187: pop bp
0x13188: retf 0x10
0x1318b: push bp
0x1318c: mov bp, sp
0x1318e: mov ch, byte ptr [bp + 0xc]
0x13191: mov cl, byte ptr [bp + 0xa]
0x13194: mov dh, byte ptr [bp + 8]
2018-12-17T22:19:41.968540337Z 64 PC: 139fb | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:19:41.96999598Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:19:41.971577537Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:19:41.973170479Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:19:41.974654095Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:41.977159907Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:19:41.978291108Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:41.980089349Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:19:41.981822865Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:19:41.983139855Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:19:41.984221481Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:19:41.986093715Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:19:41.987187423Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:19:41.988337648Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:19:41.990099453Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:19:41.991207531Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:19:41.992430536Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:19:41.994324793Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:19:41.997320507Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:19:41.998729753Z 37 PC: 134d1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:19:42.000874926Z 76 PC: 13510 | Terminate with return code (Return code = '0')