Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Doggy.6425

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:23:06.53722452Z 53 PC: 137ea | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:06.539196384Z 53 PC: 137ea | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:23:06.540413043Z 53 PC: 137ea | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:23:06.541548708Z 53 PC: 137ea | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:23:06.544968865Z 53 PC: 137ea | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:06.546580016Z 53 PC: 137ea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:23:06.548106163Z 53 PC: 137ea | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:23:06.550358285Z 53 PC: 137ea | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:23:06.552242201Z 53 PC: 137ea | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:23:06.553546105Z 53 PC: 137ea | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:23:06.555144603Z 53 PC: 137ea | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:23:06.556810414Z 53 PC: 137ea | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:23:06.558036406Z 53 PC: 137ea | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:23:06.559363375Z 53 PC: 137ea | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:23:06.561075224Z 53 PC: 137ea | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:23:06.562242905Z 53 PC: 137ea | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:23:06.563232733Z 53 PC: 137ea | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:23:06.564648876Z 53 PC: 137ea | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:23:06.565811627Z 53 PC: 137ea | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:23:06.566984232Z 37 PC: 137ff | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:06.568298438Z 37 PC: 13807 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:06.569651773Z 37 PC: 1380f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:23:06.570848459Z 37 PC: 13817 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:23:06.572438474Z 68 PC: 14461 | I/O control for devices (Set for = '���=')
2018-12-17T22:23:06.574223181Z 42 PC: 13507 | Get date 0x13507: xor ah, ah
0x13509: les di, ptr [bp + 6]
0x1350c: stosw word ptr es:[di], ax
0x1350d: mov al, dl
0x1350f: les di, ptr [bp + 0xa]
0x13512: stosw word ptr es:[di], ax
0x13513: mov al, dh
0x13515: les di, ptr [bp + 0xe]
0x13518: stosw word ptr es:[di], ax
0x13519: xchg ax, cx
0x1351a: les di, ptr [bp + 0x12]
0x1351d: stosw word ptr es:[di], ax
0x1351e: pop bp
0x1351f: retf 0x10
0x13522: push bp
0x13523: mov bp, sp
0x13525: mov cx, word ptr [bp + 0xa]
0x13528: mov dh, byte ptr [bp + 8]
0x1352b: mov dl, byte ptr [bp + 6]
0x1352e: mov ah, 0x2b
2018-12-17T22:23:06.577506847Z 48 PC: 14072 | Get DOS version
2018-12-17T22:23:06.579489785Z 61 PC: 13eb0 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:23:06.588113468Z 26 PC: 13597 | Set disk transfer address
2018-12-17T22:23:06.589944243Z 78 PC: 135a3 | Find first file
2018-12-17T22:23:06.596952583Z 26 PC: 13597 | Set disk transfer address
2018-12-17T22:23:06.599698368Z 78 PC: 135a3 | Find first file
2018-12-17T22:23:06.605757617Z 26 PC: 135bb | Set disk transfer address
2018-12-17T22:23:06.60706476Z 79 PC: 135c0 | Find next file
2018-12-17T22:23:06.610999118Z 26 PC: 135bb | Set disk transfer address
2018-12-17T22:23:06.612249578Z 79 PC: 135c0 | Find next file
2018-12-17T22:23:06.615222337Z 26 PC: 135bb | Set disk transfer address
2018-12-17T22:23:06.616858894Z 79 PC: 135c0 | Find next file
2018-12-17T22:23:06.620508084Z 26 PC: 13597 | Set disk transfer address
2018-12-17T22:23:06.621718029Z 78 PC: 135a3 | Find first file
2018-12-17T22:23:06.633156226Z 61 PC: 13eb0 | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:23:06.640882812Z 66 PC: 14963 | Move file pointer
2018-12-17T22:23:06.64270016Z 66 PC: 14971 | Move file pointer
2018-12-17T22:23:06.644965695Z 66 PC: 1497f | Move file pointer
2018-12-17T22:23:06.648692921Z 62 PC: 13f00 | Close file
2018-12-17T22:23:06.65161666Z 26 PC: 135bb | Set disk transfer address
2018-12-17T22:23:06.653185032Z 79 PC: 135c0 | Find next file
2018-12-17T22:23:06.657076254Z 61 PC: 13eb0 | Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T22:23:06.664496476Z 66 PC: 14963 | Move file pointer
2018-12-17T22:23:06.666094133Z 66 PC: 14971 | Move file pointer
2018-12-17T22:23:06.668386199Z 66 PC: 1497f | Move file pointer
2018-12-17T22:23:06.669831438Z 62 PC: 13f00 | Close file
2018-12-17T22:23:06.671942958Z 26 PC: 135bb | Set disk transfer address
2018-12-17T22:23:06.674047542Z 79 PC: 135c0 | Find next file
2018-12-17T22:23:06.677865979Z 61 PC: 13eb0 | Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T22:23:06.68559626Z 66 PC: 14963 | Move file pointer
2018-12-17T22:23:06.687506936Z 66 PC: 14971 | Move file pointer
2018-12-17T22:23:06.689120847Z 66 PC: 1497f | Move file pointer
2018-12-17T22:23:06.690733815Z 62 PC: 13f00 | Close file
2018-12-17T22:23:06.692832279Z 26 PC: 135bb | Set disk transfer address
2018-12-17T22:23:06.693705835Z 79 PC: 135c0 | Find next file
2018-12-17T22:23:06.696181798Z 61 PC: 13eb0 | Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T22:23:06.70117697Z 66 PC: 14963 | Move file pointer
2018-12-17T22:23:06.702215213Z 66 PC: 14971 | Move file pointer
2018-12-17T22:23:06.703209646Z 66 PC: 1497f | Move file pointer
2018-12-17T22:23:06.704878789Z 62 PC: 13f00 | Close file
2018-12-17T22:23:06.706393445Z 26 PC: 135bb | Set disk transfer address
2018-12-17T22:23:06.707245938Z 79 PC: 135c0 | Find next file
2018-12-17T22:23:06.710082756Z 61 PC: 13eb0 | Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:23:06.714775186Z 66 PC: 14963 | Move file pointer
2018-12-17T22:23:06.71606191Z 66 PC: 14971 | Move file pointer
2018-12-17T22:23:06.717943176Z 66 PC: 1497f | Move file pointer
2018-12-17T22:23:06.719416307Z 66 PC: 14963 | Move file pointer
2018-12-17T22:23:06.720730387Z 66 PC: 14971 | Move file pointer
2018-12-17T22:23:06.723075351Z 66 PC: 1497f | Move file pointer
2018-12-17T22:23:06.724635346Z 66 PC: 14963 | Move file pointer
2018-12-17T22:23:06.726953306Z 66 PC: 14971 | Move file pointer
2018-12-17T22:23:06.728764587Z 66 PC: 1497f | Move file pointer
2018-12-17T22:23:06.730494055Z 66 PC: 13fe2 | Move file pointer
2018-12-17T22:23:06.732161536Z 63 PC: 13f42 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:23:06.739458002Z 63 PC: 13f42 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:23:06.742626758Z 63 PC: 13f42 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:23:06.745721216Z 63 PC: 13f42 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:23:06.749712737Z 62 PC: 13f00 | Close file
2018-12-17T22:23:06.752593066Z 26 PC: 13727 | Set disk transfer address
2018-12-17T22:23:06.754850735Z 61 PC: 13eb0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:23:06.762602677Z 63 PC: 13f83 | Read file or device (Read 6421 bytes on handle 6)
2018-12-17T22:23:06.768918683Z 62 PC: 13f00 | Close file
2018-12-17T22:23:06.770470194Z 60 PC: 13eb0 | Create or truncate file
2018-12-17T22:23:06.784632805Z 61 PC: 13eb0 | Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:23:06.789865107Z 64 PC: 13f83 | Write file or device (Write 6421 bytes on handle 6)
2018-12-17T22:23:06.795650916Z 63 PC: 13f83 | Read file or device (Read 6421 bytes on handle 7)
2018-12-17T22:23:06.801864748Z 64 PC: 13f83 | Write file or device (Write 6421 bytes on handle 6)
2018-12-17T22:23:06.811873293Z 63 PC: 13f83 | Read file or device (Read 6421 bytes on handle 7)
2018-12-17T22:23:06.820157762Z 64 PC: 13f83 | Write file or device (Write 6421 bytes on handle 6)
2018-12-17T22:23:06.830494131Z 63 PC: 13f83 | Read file or device (Read 6421 bytes on handle 7)
2018-12-17T22:23:06.839150973Z 64 PC: 13f83 | Write file or device (Write 6421 bytes on handle 6)
2018-12-17T22:23:06.845501454Z 63 PC: 13f83 | Read file or device (Read 6421 bytes on handle 7)
2018-12-17T22:23:06.85139699Z 64 PC: 13f83 | Write file or device (Write 6421 bytes on handle 6)
2018-12-17T22:23:06.858063615Z 63 PC: 13f83 | Read file or device (Read 6421 bytes on handle 7)
2018-12-17T22:23:06.867708402Z 64 PC: 13f83 | Write file or device (Write 3652 bytes on handle 6)
2018-12-17T22:23:06.881874999Z 63 PC: 13f83 | Read file or device (Read 6421 bytes on handle 7)
2018-12-17T22:23:06.884511753Z 64 PC: 13f83 | Write file or device (Write 4 bytes on handle 6)
2018-12-17T22:23:06.886836094Z 62 PC: 13f00 | Close file
2018-12-17T22:23:06.89309369Z 62 PC: 13f00 | Close file
2018-12-17T22:23:06.895315526Z 65 PC: 13ff9 | Delete file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:23:07.234893088Z 86 PC: 1403d | Rename file
2018-12-17T22:23:07.24101198Z 64 PC: 13c08 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:23:07.243322637Z 37 PC: 13941 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:07.244681155Z 37 PC: 13941 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:23:07.246003942Z 37 PC: 13941 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:23:07.248076819Z 37 PC: 13941 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:23:07.250458498Z 37 PC: 13941 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:07.251818128Z 37 PC: 13941 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:23:07.254244282Z 37 PC: 13941 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:23:07.256857461Z 37 PC: 13941 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:23:07.258507467Z 37 PC: 13941 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:23:07.263986649Z 37 PC: 13941 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:23:07.265390964Z 37 PC: 13941 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:23:07.266765092Z 37 PC: 13941 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:23:07.268753722Z 37 PC: 13941 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:23:07.270132118Z 37 PC: 13941 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:23:07.27147533Z 37 PC: 13941 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:23:07.273419506Z 37 PC: 13941 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:23:07.274722017Z 37 PC: 13941 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:23:07.275951181Z 37 PC: 13941 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:23:07.277954441Z 37 PC: 13941 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:23:07.279752363Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.282145621Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.286329438Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.288754747Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.291187873Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.294068551Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.296719042Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.299495246Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.302653514Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.305017726Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.309260052Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.312039101Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.314409822Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.317090177Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.320719497Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.323130758Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.328360388Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.330763799Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.333177404Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.335129717Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.337774303Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.3408458Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.343848149Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.346544511Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.349007692Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.351415438Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.354492581Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.357342541Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.359773059Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.363250271Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.365764276Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.368628826Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.372225897Z 6 PC: 139c8 | Direct console I/O
2018-12-17T22:23:07.37962855Z 76 PC: 13980 | Terminate with return code (Return code = '17')