Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Rarin.6157

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:22:44.480439168Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:22:44.486099513Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:22:44.487512514Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:22:44.488698011Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:22:44.490692255Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:22:44.491902799Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:44.49323446Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:22:44.494688823Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:22:44.496953297Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:22:44.49809424Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:22:44.499306714Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:22:44.501011621Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:22:44.502807234Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:22:44.504577745Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:22:44.5067526Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:22:44.508915136Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:22:44.510583343Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:22:44.520030269Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:22:44.521435002Z 53 PC: 13d6a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:22:44.522880022Z 37 PC: 13d7f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:22:44.525381198Z 37 PC: 13d87 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:22:44.526726954Z 37 PC: 13d8f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:44.52801685Z 37 PC: 13d97 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:22:44.530756709Z 68 PC: 14a0b | I/O control for devices (Set for = 't ��=��t�x S���?')
2018-12-17T22:22:44.583562798Z 37 PC: 13431 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:22:44.585246318Z 44 PC: 14b42 | Get time 0x14b42: mov word ptr [0x3e], cx
0x14b46: mov word ptr [0x40], dx
0x14b4a: retf
0x14b4b: call 0x14b92
0x14b4e: jb 0x14b5f
0x14b50: mov cx, word ptr es:[di + 4]
0x14b54: cmp cx, 1
0x14b57: je 0x14b5f
0x14b59: xor bx, bx
0x14b5b: push cs
0x14b5c: call 0x246ce
0x14b5f: retf 4
0x14b62: call 0x14b92
0x14b65: jb 0x14b7a
0x14b67: mov ax, cx
0x14b69: mov dx, bx
0x14b6b: mov cx, word ptr es:[di + 4]
0x14b6f: cmp cx, 1
0x14b72: je 0x14b7a
0x14b74: xor bx, bx
2018-12-17T22:22:44.589319485Z 67 PC: 13a58 | Get or set file attributes
2018-12-17T22:22:44.597148748Z 67 PC: 13a58 | Get or set file attributes
2018-12-17T22:22:44.60318998Z 48 PC: 1461c | Get DOS version
2018-12-17T22:22:44.606244814Z 67 PC: 13a58 | Get or set file attributes
2018-12-17T22:22:44.613809975Z 67 PC: 13a58 | Get or set file attributes
2018-12-17T22:22:44.620851448Z 67 PC: 13a58 | Get or set file attributes
2018-12-17T22:22:44.627794489Z 67 PC: 13a58 | Get or set file attributes
2018-12-17T22:22:44.640083257Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:22:44.641419902Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:22:44.642860728Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:22:44.644683078Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:22:44.645897644Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:22:44.647063765Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:44.648694142Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:22:44.649937335Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:22:44.651146451Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:22:44.652946193Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:22:44.654163903Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:22:44.655327895Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:22:44.6578313Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:22:44.659583976Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:22:44.661284223Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:22:44.662949038Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:22:44.665348156Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:22:44.667279095Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:22:44.669079198Z 37 PC: 13ec1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:22:44.676231649Z 76 PC: 13f00 | Terminate with return code (Return code = '0')