Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Anser.6544

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:20:43.547613048Z 53 PC: 1347a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:43.549738897Z 53 PC: 1347a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:20:43.550883267Z 53 PC: 1347a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:43.551894286Z 53 PC: 1347a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:43.553768359Z 53 PC: 1347a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:43.554863324Z 53 PC: 1347a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:43.555966526Z 53 PC: 1347a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:43.557024742Z 53 PC: 1347a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:43.558624114Z 53 PC: 1347a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:43.559623664Z 53 PC: 1347a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:43.560690972Z 53 PC: 1347a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:43.562099404Z 53 PC: 1347a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:43.563297628Z 53 PC: 1347a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:43.564458952Z 53 PC: 1347a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:43.56635424Z 53 PC: 1347a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:43.567779144Z 53 PC: 1347a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:43.568884322Z 53 PC: 1347a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:20:43.57086685Z 53 PC: 1347a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:43.572223539Z 53 PC: 1347a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:20:43.573402083Z 37 PC: 1348f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:43.574991517Z 37 PC: 13497 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:43.576221416Z 37 PC: 1349f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:43.577525326Z 37 PC: 134a7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:43.579261512Z 68 PC: 140bd | I/O control for devices (Set for = '����^�QW�G����')
2018-12-17T22:20:43.581076325Z 42 PC: 131c7 | Get date 0x131c7: xor ah, ah
0x131c9: les di, ptr [bp + 6]
0x131cc: stosw word ptr es:[di], ax
0x131cd: mov al, dl
0x131cf: les di, ptr [bp + 0xa]
0x131d2: stosw word ptr es:[di], ax
0x131d3: mov al, dh
0x131d5: les di, ptr [bp + 0xe]
0x131d8: stosw word ptr es:[di], ax
0x131d9: xchg ax, cx
0x131da: les di, ptr [bp + 0x12]
0x131dd: stosw word ptr es:[di], ax
0x131de: pop bp
0x131df: retf 0x10
0x131e2: push bp
0x131e3: mov bp, sp
0x131e5: mov cx, word ptr [bp + 0xa]
0x131e8: mov dh, byte ptr [bp + 8]
0x131eb: mov dl, byte ptr [bp + 6]
0x131ee: mov ah, 0x2b
2018-12-17T22:20:43.583448015Z 53 PC: 132b8 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:43.585330141Z 53 PC: 132b8 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:43.586582657Z 37 PC: 132d4 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:43.587923687Z 37 PC: 132d4 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:43.591857418Z 48 PC: 13d02 | Get DOS version
2018-12-17T22:20:43.593413486Z 48 PC: 13d02 | Get DOS version
2018-12-17T22:20:43.594935762Z 48 PC: 13d02 | Get DOS version
2018-12-17T22:20:43.597550452Z 60 PC: 13b40 | Create or truncate file
2018-12-17T22:20:43.613689504Z 65 PC: 13c89 | Delete file (Filename = '�')
2018-12-17T22:20:43.625328682Z 26 PC: 13257 | Set disk transfer address
2018-12-17T22:20:43.628408049Z 78 PC: 13263 | Find first file
2018-12-17T22:20:43.635062946Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:20:43.63648761Z 79 PC: 13280 | Find next file
2018-12-17T22:20:43.639794342Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:20:43.642072634Z 79 PC: 13280 | Find next file
2018-12-17T22:20:43.64508364Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:20:43.646472634Z 79 PC: 13280 | Find next file
2018-12-17T22:20:43.649937721Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:20:43.65112001Z 79 PC: 13280 | Find next file
2018-12-17T22:20:43.653867258Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:20:43.664569172Z 79 PC: 13280 | Find next file
2018-12-17T22:20:43.67056777Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:20:43.673840322Z 79 PC: 13280 | Find next file
2018-12-17T22:20:43.681660384Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:20:43.68395425Z 79 PC: 13280 | Find next file
2018-12-17T22:20:43.687219387Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:20:43.689827032Z 79 PC: 13280 | Find next file
2018-12-17T22:20:43.692942979Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:20:43.694383488Z 79 PC: 13280 | Find next file
2018-12-17T22:20:43.698178293Z 26 PC: 13257 | Set disk transfer address
2018-12-17T22:20:43.699522067Z 78 PC: 13263 | Find first file
2018-12-17T22:20:43.70620745Z 26 PC: 13257 | Set disk transfer address
2018-12-17T22:20:43.708287032Z 78 PC: 13263 | Find first file
2018-12-17T22:20:43.714853346Z 86 PC: 13ccd | Rename file
2018-12-17T22:20:43.72671938Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:43.729096389Z 37 PC: 133fa | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:43.73053807Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:20:43.732075664Z 37 PC: 133fa | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:20:43.734535613Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:43.736200564Z 37 PC: 133fa | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:43.737628935Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:43.739732647Z 37 PC: 133fa | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:43.741172514Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:43.742621564Z 37 PC: 133fa | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:43.744638077Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:43.745758004Z 37 PC: 133fa | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:43.746848617Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:43.749016645Z 37 PC: 133fa | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:43.750412153Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:43.751832955Z 37 PC: 133fa | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:43.753738962Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:43.755172294Z 37 PC: 133fa | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:43.756575409Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:43.759485113Z 37 PC: 133fa | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:43.760834459Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:43.762224703Z 37 PC: 133fa | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:43.764253831Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:43.765624331Z 37 PC: 133fa | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:43.766996207Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:43.769076967Z 37 PC: 133fa | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:43.770459581Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:43.771867639Z 37 PC: 133fa | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:43.773934848Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:43.775142451Z 37 PC: 133fa | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:43.776387544Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:43.778768736Z 37 PC: 133fa | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:43.780049418Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:20:43.781285784Z 37 PC: 133fa | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:20:43.78305338Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:43.784522153Z 37 PC: 133fa | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:43.785950823Z 53 PC: 133f1 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:20:43.787826729Z 37 PC: 133fa | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:20:43.789659612Z 41 PC: 133a8 | Parse filename
2018-12-17T22:20:43.791053142Z 41 PC: 133b6 | Parse filename
2018-12-17T22:20:43.793194304Z 75 PC: 133c1 | Execute program
2018-12-17T22:20:43.814985854Z 80 PC: 19db9 | Set current PSP
2018-12-17T22:20:43.815793402Z 48 PC: 19dbe | Get DOS version
2018-12-17T22:20:43.818140106Z 99 PC: 205a0 | Get DBCS lead byte table pointer
2018-12-17T22:20:43.820620078Z 101 PC: 19e44 | Get extended country info
2018-12-17T22:20:43.821844587Z 99 PC: 19e4a | Get DBCS lead byte table pointer
2018-12-17T22:20:43.82327127Z 74 PC: 19eac | Reallocate memory
2018-12-17T22:20:43.825441469Z 25 PC: 19ee3 | Get default drive
2018-12-17T22:20:43.826597793Z 37 PC: 199a3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:20:43.827652586Z 37 PC: 199aa | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:43.830129712Z 37 PC: 199b1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:43.834633774Z 74 PC: 18b4c | Reallocate memory
2018-12-17T22:20:43.836327418Z 72 PC: 18b8d | Allocate memory
2018-12-17T22:20:43.839226601Z 72 PC: 18bc5 | Allocate memory
2018-12-17T22:20:43.841230177Z 72 PC: 18bcd | Allocate memory