Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Membrain

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:21:54.70170101Z	48	PC: 1c5c0 \| Get DOS version
2018-12-17T22:21:54.713237938Z	74	PC: 1c610 \| Reallocate memory
2018-12-17T22:21:54.734605796Z	48	PC: 1c1fe \| Get DOS version
2018-12-17T22:21:54.736399854Z	53	PC: 1c206 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:21:54.739231959Z	37	PC: 1c218 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:21:54.741272678Z	53	PC: 1f342 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:21:54.742994836Z	37	PC: 1f352 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:21:54.745994429Z	53	PC: 1f357 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:21:54.748332262Z	37	PC: 1f367 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:21:54.751230935Z	53	PC: 1d096 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:21:54.753942581Z	53	PC: 1d096 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:21:54.755672721Z	53	PC: 1d096 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:21:54.757410856Z	53	PC: 1d096 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:21:54.760126474Z	53	PC: 1d096 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:21:54.768826979Z	53	PC: 1d096 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:21:54.77074013Z	53	PC: 1d096 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:21:54.773154738Z	53	PC: 1d096 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:21:54.779131245Z	53	PC: 1d096 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:21:54.78088418Z	53	PC: 1d096 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:21:54.782595278Z	53	PC: 1d096 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:21:54.785404824Z	37	PC: 1d0c5 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:21:54.787285334Z	37	PC: 1d0c5 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:21:54.788836634Z	37	PC: 1d0c5 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:21:54.797062993Z	37	PC: 1d0c5 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:21:54.798793476Z	37	PC: 1d0c5 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:21:54.800562064Z	37	PC: 1d0c5 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:21:54.803595353Z	37	PC: 1d0c5 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:21:54.805010953Z	37	PC: 1d0c5 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:21:54.8065217Z	37	PC: 1d0cc \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:21:54.80950205Z	37	PC: 1d0d1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:21:54.811786868Z	68	PC: 1c2a9 \| I/O control for devices (Set for = 'ï¿½ØFï¿½Pï¿½ï¿½ï¿½Pï¿½^ï¿½ï¿½ï¿½ï¿½ï¿½')
2018-12-17T22:21:54.814009427Z	68	PC: 1c2a9 \| I/O control for devices (Set for = 'ï¿½Au"ï¿½7ï¿½ï¿½9ï¿½9>ï¿½ï¿½ï¿½=ï¿½ï¿½ï¿½tï¿½ï¿½ï¿½Qï¿½ï¿½mYÃ‹>ï¿½ï¿½ï¿½9ï¿½W3ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ ï¿½ï¿½_ï¿½ï¿½ï¿½3ï¿½ï¿½ï¿½ß‹×‹ï¿½ï¿½zr9 ï¿½u ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½kPï¿½D')
2018-12-17T22:21:54.816502784Z	68	PC: 1c2a9 \| I/O control for devices (Set for = 'ï¿½ï¿½PS ï¿½uï¿½ < uï¿½
2018-12-17T22:21:54.818447866Z	68	PC: 1c2a9 \| I/O control for devices (Set for = 'ï¿½Y[Xï¿½Sï¿½ï¿½ï¿½ï¿½8ï¿½Qï¿½')
2018-12-17T22:21:54.820243772Z	68	PC: 1c2a9 \| I/O control for devices (Set for = 'ï¿½Y[Xï¿½Sï¿½ï¿½ï¿½ï¿½8ï¿½Qï¿½')
2018-12-17T22:21:54.824197944Z	53	PC: 19882 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:21:54.825747774Z	53	PC: 1988f \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:21:54.827265273Z	53	PC: 1989c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:54.829102776Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:21:54.830789652Z	37	PC: 198b9 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:21:54.832421223Z	37	PC: 198c1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:54.834672959Z	53	PC: 19dfa \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:21:54.843149263Z	53	PC: 19e07 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:21:54.844959634Z	53	PC: 19e16 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:21:54.851217237Z	37	PC: 19e23 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:21:54.852705833Z	53	PC: 19e2a \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:21:54.854201613Z	37	PC: 19e37 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:21:54.855825733Z	53	PC: 19e43 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:21:54.861063757Z	48	PC: 19f05 \| Get DOS version
2018-12-17T22:21:54.866653901Z	74	PC: 1846b \| Reallocate memory
2018-12-17T22:21:54.870181614Z	74	PC: 1846b \| Reallocate memory
2018-12-17T22:21:54.872016287Z	68	PC: 197f8 \| I/O control for devices (Set for = '')
2018-12-17T22:21:54.873613294Z	68	PC: 197f8 \| I/O control for devices (Set for = '')
2018-12-17T22:21:54.875183221Z	51	PC: 19816 \| Get or set Ctrl-Break
2018-12-17T22:21:54.877181683Z	51	PC: 19822 \| Get or set Ctrl-Break
2018-12-17T22:21:54.878953909Z	72	PC: 1ba94 \| Allocate memory
2018-12-17T22:21:54.881902116Z	74	PC: 1846b \| Reallocate memory
2018-12-17T22:21:54.884543804Z	72	PC: 1ba94 \| Allocate memory
2018-12-17T22:21:54.888666001Z	44	PC: 17227 \| Get time 0x17227: mov al, 0x3c 0x17229: mul ch 0x1722b: xor ch, ch 0x1722d: add ax, cx 0x1722f: mov bx, ax 0x17231: push dx 0x17232: call 0x1b334 0x17235: pop dx 0x17236: mov ax, 0x3c 0x17239: call 0x17263 0x1723c: mov al, dh 0x1723e: mov ah, 1 0x17240: call 0x17263 0x17243: mov ax, 0x64 0x17246: call 0x17263 0x17249: mov al, dl 0x1724b: mov ah, 1 0x1724d: call 0x17263 0x17250: mov ax, 0x264 0x17253: call 0x17263
2018-12-17T22:21:54.893634101Z	61	PC: 15366 \| Open file (Filename = 'C:\XBRAIN.MEM')
2018-12-17T22:21:54.901524783Z	60	PC: 1522b \| Create or truncate file
2018-12-17T22:21:55.248847182Z	62	PC: 17e03 \| Close file
2018-12-17T22:21:55.251349032Z	61	PC: 15366 \| Open file (Filename = 'C:\XBRAIN.MEM')
2018-12-17T22:21:55.260403125Z	68	PC: 152bf \| I/O control for devices (Set for = '')
2018-12-17T22:21:55.262700184Z	62	PC: 17e03 \| Close file
2018-12-17T22:21:55.266796372Z	61	PC: 15366 \| Open file (Filename = 'C:\XBRAIN.MEM')
2018-12-17T22:21:55.27543486Z	68	PC: 152bf \| I/O control for devices (Set for = '')
2018-12-17T22:21:55.278075604Z	66	PC: 17ba5 \| Move file pointer
2018-12-17T22:21:55.279909023Z	66	PC: 17ba5 \| Move file pointer
2018-12-17T22:21:55.282737875Z	66	PC: 17ba5 \| Move file pointer
2018-12-17T22:21:55.284687814Z	62	PC: 17e03 \| Close file
2018-12-17T22:21:55.287988627Z	73	PC: 1ba94 \| Release memory
2018-12-17T22:21:55.291690872Z	74	PC: 1846b \| Reallocate memory
2018-12-17T22:21:55.293743909Z	51	PC: 1982d \| Get or set Ctrl-Break
2018-12-17T22:21:55.295195349Z	37	PC: 19aaf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:21:55.297577118Z	37	PC: 19ab9 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:21:55.299241141Z	37	PC: 19ac3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:55.300931384Z	53	PC: 17e98 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:21:55.303320895Z	53	PC: 17ea5 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:21:55.305000803Z	53	PC: 17eb2 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:21:55.306482947Z	37	PC: 17ecd \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:21:55.308451374Z	53	PC: 17ed5 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:21:55.309709173Z	37	PC: 17ee2 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:21:55.311105295Z	53	PC: 17ee9 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:21:55.31422939Z	37	PC: 17ef6 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:21:55.317259382Z	37	PC: 17f00 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:21:55.318882926Z	37	PC: 17f0b \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:21:55.321355121Z	37	PC: 1d0e1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:21:55.323168861Z	37	PC: 1d0e1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:21:55.324851585Z	37	PC: 1d0e1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:21:55.326760842Z	37	PC: 1d0e1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:21:55.329045412Z	37	PC: 1d0e1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:21:55.330461959Z	37	PC: 1d0e1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:21:55.332898623Z	37	PC: 1d0e1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:21:55.334320978Z	37	PC: 1d0e1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:21:55.335928778Z	37	PC: 1d0e1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:21:55.337733834Z	37	PC: 1d0e1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:21:55.339467151Z	37	PC: 1d0e1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:21:55.341116611Z	37	PC: 1f376 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:21:55.343024404Z	37	PC: 1c35a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:21:55.34865023Z	41	PC: 1c037 \| Parse filename
2018-12-17T22:21:55.354491822Z	41	PC: 1c039 \| Parse filename
2018-12-17T22:21:55.356371213Z	41	PC: 1c03e \| Parse filename
2018-12-17T22:21:55.35870712Z	75	PC: 1c054 \| Execute program
2018-12-17T22:21:55.383532924Z	80	PC: 2f329 \| Set current PSP
2018-12-17T22:21:55.384568421Z	48	PC: 2f32e \| Get DOS version
2018-12-17T22:21:55.387278465Z	99	PC: 35b10 \| Get DBCS lead byte table pointer
2018-12-17T22:21:55.390508305Z	101	PC: 2f3b4 \| Get extended country info
2018-12-17T22:21:55.392267061Z	99	PC: 2f3ba \| Get DBCS lead byte table pointer
2018-12-17T22:21:55.394420275Z	74	PC: 2f41c \| Reallocate memory
2018-12-17T22:21:55.396425225Z	25	PC: 2f453 \| Get default drive
2018-12-17T22:21:55.398097448Z	37	PC: 2ef13 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:21:55.400587232Z	37	PC: 2ef1a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:21:55.402248688Z	37	PC: 2ef21 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:21:55.407418472Z	74	PC: 2e0bc \| Reallocate memory
2018-12-17T22:21:55.410229258Z	72	PC: 2e0fd \| Allocate memory
2018-12-17T22:21:55.412430362Z	72	PC: 2e135 \| Allocate memory
2018-12-17T22:21:55.414427284Z	72	PC: 2e13d \| Allocate memory