Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Brian.4629

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:20:29.59620857Z 53 PC: 1317a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:29.59870556Z 53 PC: 1317a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:20:29.60052768Z 53 PC: 1317a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:29.602274996Z 53 PC: 1317a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:29.60501506Z 53 PC: 1317a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:29.606700172Z 53 PC: 1317a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:29.608426832Z 53 PC: 1317a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:29.611151904Z 53 PC: 1317a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:29.612946752Z 53 PC: 1317a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:29.614727235Z 53 PC: 1317a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:29.617930502Z 53 PC: 1317a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:29.619791296Z 53 PC: 1317a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:29.621688962Z 53 PC: 1317a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:29.623801101Z 53 PC: 1317a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:29.625608936Z 53 PC: 1317a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:29.627027907Z 53 PC: 1317a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:29.628419311Z 53 PC: 1317a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:20:29.630777166Z 53 PC: 1317a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:29.63223299Z 53 PC: 1317a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:20:29.633593972Z 37 PC: 1318f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:29.636226627Z 37 PC: 13197 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:29.638445097Z 37 PC: 1319f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:29.640644073Z 37 PC: 131a7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:29.64412897Z 68 PC: 13a05 | I/O control for devices (Set for = '')
2018-12-17T22:20:29.662735904Z 44 PC: 12f80 | Get time 0x12f80: mov byte ptr [0x56], dh
0x12f84: mov di, 0x58
0x12f87: push ds
0x12f88: push di
0x12f89: call 0x22a40
0x12f8c: cmp byte ptr [0x56], 0x1e
0x12f91: jb 0x12fa1
0x12f93: mov ah, 0x40
0x12f95: mov bx, 1
0x12f98: lea dx, word ptr [0x58]
0x12f9c: mov cx, 0x3b
0x12f9f: int 0x21
0x12fa1: push ax
0x12fa2: in al, 0x21
0x12fa4: or al, 3
0x12fa6: out 0x21, al
0x12fa8: pop ax
0x12fa9: call 0x22a99
0x12fac: call 0x22ed1
0x12faf: push ax
2018-12-17T22:20:29.666526451Z 64 PC: 12fa1 | Write file or device (Write 59 bytes on handle 1)
2018-12-17T22:20:29.671707245Z 48 PC: 13730 | Get DOS version
2018-12-17T22:20:29.67358776Z 48 PC: 13730 | Get DOS version
2018-12-17T22:20:29.6763276Z 61 PC: 135e2 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:20:29.686411531Z 63 PC: 136b5 | Read file or device (Read 4624 bytes on handle 5)
2018-12-17T22:20:29.695441675Z 62 PC: 13632 | Close file
2018-12-17T22:20:29.698745989Z 26 PC: 12ff5 | Set disk transfer address
2018-12-17T22:20:29.700092047Z 78 PC: 13001 | Find first file
2018-12-17T22:20:29.707392492Z 61 PC: 135e2 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:20:29.716205272Z 66 PC: 13714 | Move file pointer
2018-12-17T22:20:29.721825387Z 63 PC: 136b5 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:20:29.728707213Z 26 PC: 13019 | Set disk transfer address
2018-12-17T22:20:29.730841482Z 79 PC: 1301e | Find next file
2018-12-17T22:20:29.733174334Z 48 PC: 13730 | Get DOS version
2018-12-17T22:20:29.734364597Z 26 PC: 12ff5 | Set disk transfer address
2018-12-17T22:20:29.735699641Z 78 PC: 13001 | Find first file
2018-12-17T22:20:29.739976996Z 48 PC: 13730 | Get DOS version
2018-12-17T22:20:29.741442356Z 67 PC: 12ba4 | Get or set file attributes
2018-12-17T22:20:29.745567409Z 61 PC: 135e2 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:20:29.750469445Z 66 PC: 13714 | Move file pointer
2018-12-17T22:20:29.752047725Z 63 PC: 136b5 | Read file or device (Read 4624 bytes on handle 6)
2018-12-17T22:20:29.756947654Z 66 PC: 13714 | Move file pointer
2018-12-17T22:20:29.75817239Z 64 PC: 13613 | Write file or device (Write 0 bytes on handle 6)
2018-12-17T22:20:29.77208734Z 66 PC: 13714 | Move file pointer
2018-12-17T22:20:29.774378811Z 64 PC: 136b5 | Write file or device (Write 4624 bytes on handle 6)
2018-12-17T22:20:29.784006808Z 62 PC: 13632 | Close file
2018-12-17T22:20:29.797173008Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:29.799166942Z 37 PC: 130ff | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:29.801038684Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:20:29.803934099Z 37 PC: 130ff | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:20:29.805792817Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:29.807676822Z 37 PC: 130ff | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:29.810740557Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:29.812361025Z 37 PC: 130ff | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:29.81414839Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:29.816736719Z 37 PC: 130ff | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:29.818536641Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:29.820173819Z 37 PC: 130ff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:29.822420846Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:29.824051291Z 37 PC: 130ff | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:29.82568688Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:29.827955995Z 37 PC: 130ff | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:29.829582066Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:29.831232734Z 37 PC: 130ff | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:29.833607999Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:29.835425199Z 37 PC: 130ff | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:29.837035255Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:29.839084491Z 37 PC: 130ff | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:29.840827938Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:29.842486765Z 37 PC: 130ff | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:29.844794012Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:29.847442535Z 37 PC: 130ff | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:29.849957403Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:29.852501694Z 37 PC: 130ff | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:29.854322264Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:29.855620894Z 37 PC: 130ff | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:29.857050201Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:29.858330228Z 37 PC: 130ff | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:29.859554065Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:20:29.86090858Z 37 PC: 130ff | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:20:29.862423813Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:29.864201055Z 37 PC: 130ff | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:29.879631511Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:20:29.88148712Z 37 PC: 130ff | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:20:29.883373216Z 41 PC: 130ad | Parse filename
2018-12-17T22:20:29.885528652Z 41 PC: 130bb | Parse filename
2018-12-17T22:20:29.889124645Z 75 PC: 130c6 | Execute program
2018-12-17T22:20:29.910799826Z 9 PC: 170dc | Display string (Could not find end pointer)
2018-12-17T22:20:29.915859348Z 76 PC: 170e1 | Terminate with return code (Return code = '0')
2018-12-17T22:20:29.920724405Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:29.922484356Z 37 PC: 130ff | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:29.924201984Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:20:29.927016296Z 37 PC: 130ff | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:20:29.928711137Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:29.930468774Z 37 PC: 130ff | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:29.933178697Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:29.934909796Z 37 PC: 130ff | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:29.936577845Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:29.942577933Z 37 PC: 130ff | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:29.943984971Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:29.945381107Z 37 PC: 130ff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:29.947917668Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:29.949320618Z 37 PC: 130ff | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:29.950674236Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:29.95304712Z 37 PC: 130ff | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:29.954393698Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:29.955777855Z 37 PC: 130ff | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:29.957864112Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:29.959258714Z 37 PC: 130ff | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:29.960576248Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:29.962120478Z 37 PC: 130ff | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:29.96421405Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:29.966007041Z 37 PC: 130ff | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:29.967694901Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:29.97047959Z 37 PC: 130ff | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:29.972482153Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:29.974469183Z 37 PC: 130ff | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:29.97815664Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:29.983153967Z 37 PC: 130ff | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:29.98515154Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:29.988021166Z 37 PC: 130ff | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:29.98988012Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:20:29.998647102Z 37 PC: 130ff | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:20:30.000602561Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:30.001817011Z 37 PC: 130ff | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:30.003127624Z 53 PC: 130f6 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:20:30.005656685Z 37 PC: 130ff | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:20:30.012230877Z 48 PC: 13730 | Get DOS version
2018-12-17T22:20:30.014324284Z 61 PC: 135e2 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:20:30.023285002Z 64 PC: 136b5 | Write file or device (Write 4624 bytes on handle 6)
2018-12-17T22:20:30.032878402Z 66 PC: 13714 | Move file pointer
2018-12-17T22:20:30.034671566Z 64 PC: 136b5 | Write file or device (Write 4624 bytes on handle 6)
2018-12-17T22:20:30.044668236Z 66 PC: 13714 | Move file pointer
2018-12-17T22:20:30.046800008Z 64 PC: 136b5 | Write file or device (Write 5 bytes on handle 6)
2018-12-17T22:20:30.050113741Z 62 PC: 13632 | Close file
2018-12-17T22:20:30.060330338Z 64 PC: 1353d | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:20:30.062764157Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:30.064510274Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:20:30.066331351Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:30.068326328Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:30.070065095Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:30.072094578Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:30.073879566Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:30.075557769Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:30.078011328Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:30.080422625Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:30.082915125Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:30.08476066Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:30.086792371Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:30.088493895Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:30.090349734Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:30.092263987Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:30.093941252Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:20:30.096121569Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:30.097713896Z 37 PC: 132d1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:20:30.099192032Z 76 PC: 13310 | Terminate with return code (Return code = '0')