Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Merlin.5921

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:22:37.142367605Z 53 PC: 13c90 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:22:37.144208664Z 53 PC: 13cd6 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:22:37.146403534Z 53 PC: 13d11 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:22:37.150168685Z 53 PC: 13e4e | Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:22:37.151834923Z 53 PC: 13e5d | Get interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:22:37.153121786Z 37 PC: 13e70 | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:22:37.154074789Z 37 PC: 13e79 | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:22:37.155595183Z 98 PC: 13e97 | Get current PSP
2018-12-17T22:22:37.169567992Z 53 PC: 166ea | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:22:37.171842125Z 53 PC: 166ea | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:22:37.173377041Z 53 PC: 166ea | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:22:37.174838711Z 53 PC: 166ea | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:22:37.176231636Z 53 PC: 166ea | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:22:37.177965467Z 53 PC: 166ea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:37.180087048Z 53 PC: 166ea | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:22:37.182093338Z 53 PC: 166ea | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:22:37.184454241Z 53 PC: 166ea | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:22:37.189547449Z 53 PC: 166ea | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:22:37.190968551Z 53 PC: 166ea | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:22:37.192445145Z 53 PC: 166ea | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:22:37.202034517Z 53 PC: 166ea | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:22:37.203333771Z 53 PC: 166ea | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:22:37.204750478Z 53 PC: 166ea | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:22:37.216219063Z 53 PC: 166ea | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:22:37.218504289Z 53 PC: 166ea | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:22:37.219565006Z 53 PC: 166ea | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:22:37.222091799Z 53 PC: 166ea | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:22:37.223176326Z 37 PC: 166ff | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:22:37.224173388Z 37 PC: 16707 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:22:37.225725034Z 37 PC: 1670f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:37.227044613Z 37 PC: 16717 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:22:37.228317009Z 68 PC: 17379 | I/O control for devices (Set for = '&�')
2018-12-17T22:22:37.231419614Z 44 PC: 16347 | Get time 0x16347: mov word ptr cs:[0xcf7], cx
0x1634c: mov word ptr cs:[0xcfa], dx
0x16351: ret
0x16352: push bx
0x16353: push cx
0x16354: push dx
0x16355: push ax
0x16356: mov ax, 0
0x16359: mov bx, 0
0x1635c: mov cx, ax
0x1635e: mov dx, 0x8405
0x16361: mul dx
0x16363: shl cx, 3
0x16366: add ch, cl
0x16368: add dx, cx
0x1636a: add dx, bx
0x1636c: shl bx, 2
0x1636f: add dx, bx
0x16371: add dh, bl
0x16373: mov cl, 5
2018-12-17T22:22:37.234837713Z 61 PC: 16e41 | Open file (Filename = 'c:\mirc\mirc.ini')
2018-12-17T22:22:37.238831991Z 61 PC: 16e41 | Open file (Filename = 'c:\progra~1\mirc\mirc.ini')
2018-12-17T22:22:37.243550748Z 60 PC: 16e41 | Create or truncate file
2018-12-17T22:22:37.25658195Z 62 PC: 16e91 | Close file
2018-12-17T22:22:37.258242205Z 65 PC: 16f8a | Delete file (Filename = '�')
2018-12-17T22:22:37.26650717Z 26 PC: 16555 | Set disk transfer address
2018-12-17T22:22:37.267506734Z 78 PC: 16561 | Find first file
2018-12-17T22:22:37.272102481Z 61 PC: 16e41 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:22:37.277056855Z 66 PC: 17478 | Move file pointer
2018-12-17T22:22:37.27832477Z 66 PC: 17486 | Move file pointer
2018-12-17T22:22:37.279622333Z 66 PC: 17494 | Move file pointer
2018-12-17T22:22:37.28161329Z 66 PC: 17478 | Move file pointer
2018-12-17T22:22:37.28362851Z 66 PC: 17486 | Move file pointer
2018-12-17T22:22:37.285049335Z 66 PC: 17494 | Move file pointer
2018-12-17T22:22:37.286973655Z 63 PC: 16f14 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:22:37.289418528Z 62 PC: 16e91 | Close file
2018-12-17T22:22:37.290777349Z 26 PC: 16579 | Set disk transfer address
2018-12-17T22:22:37.292060341Z 79 PC: 1657e | Find next file
2018-12-17T22:22:37.294583539Z 61 PC: 16e41 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:22:37.298435655Z 66 PC: 17478 | Move file pointer
2018-12-17T22:22:37.299586665Z 66 PC: 17486 | Move file pointer
2018-12-17T22:22:37.304994331Z 66 PC: 17494 | Move file pointer
2018-12-17T22:22:37.307569344Z 66 PC: 17478 | Move file pointer
2018-12-17T22:22:37.310316155Z 66 PC: 17486 | Move file pointer
2018-12-17T22:22:37.312481581Z 66 PC: 17494 | Move file pointer
2018-12-17T22:22:37.314055977Z 63 PC: 16f14 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:22:37.317407021Z 66 PC: 17478 | Move file pointer
2018-12-17T22:22:37.319339213Z 66 PC: 17486 | Move file pointer
2018-12-17T22:22:37.321311338Z 66 PC: 17494 | Move file pointer
2018-12-17T22:22:37.323264346Z 66 PC: 17478 | Move file pointer
2018-12-17T22:22:37.325903493Z 66 PC: 17486 | Move file pointer
2018-12-17T22:22:37.327960385Z 66 PC: 17494 | Move file pointer
2018-12-17T22:22:37.330512573Z 66 PC: 17478 | Move file pointer
2018-12-17T22:22:37.332954447Z 66 PC: 17486 | Move file pointer
2018-12-17T22:22:37.33495739Z 66 PC: 17494 | Move file pointer
2018-12-17T22:22:37.337045191Z 62 PC: 16e91 | Close file
2018-12-17T22:22:37.339836886Z 64 PC: 16b08 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:22:37.341604535Z 37 PC: 16841 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:22:37.342745684Z 37 PC: 16841 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:22:37.34482175Z 37 PC: 16841 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:22:37.34604843Z 37 PC: 16841 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:22:37.347319577Z 37 PC: 16841 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:22:37.349562786Z 37 PC: 16841 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:37.351438755Z 37 PC: 16841 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:22:37.353102663Z 37 PC: 16841 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:22:37.355127104Z 37 PC: 16841 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:22:37.356605353Z 37 PC: 16841 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:22:37.358269549Z 37 PC: 16841 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:22:37.360050896Z 37 PC: 16841 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:22:37.361204355Z 37 PC: 16841 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:22:37.363279282Z 37 PC: 16841 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:22:37.365048797Z 37 PC: 16841 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:22:37.366251206Z 37 PC: 16841 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:22:37.367746163Z 37 PC: 16841 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:22:37.369924997Z 37 PC: 16841 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:22:37.371275597Z 37 PC: 16841 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:22:37.372665675Z 37 PC: 13eef | Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:22:37.375336871Z 37 PC: 13ef9 | Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:22:37.376691956Z 98 PC: 13efd | Get current PSP
2018-12-17T22:22:37.377767411Z 26 PC: 13f08 | Set disk transfer address
2018-12-17T22:22:37.380076372Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-17T22:22:37.386304528Z 76 PC: 12a61 | Terminate with return code (Return code = '0')