Sample viewer

vx.netlux.org/Virus.DOS.HLLO.9999

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:53:47.959086567Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:53:47.961742596Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:53:47.963217268Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:53:47.964375745Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:53:47.966372395Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:53:47.967490629Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:53:47.968978743Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:53:47.971814102Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:53:47.972987162Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:53:47.974129513Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:53:47.976146038Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:53:47.97751178Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:53:47.979554312Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:53:47.980939821Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:53:47.99402065Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:53:47.995202905Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:53:47.996388253Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:53:47.99901601Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:53:48.000429597Z	53	PC: 13e02 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:53:48.001896444Z	37	PC: 13e17 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:53:48.013782603Z	37	PC: 13e1f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:53:48.015309708Z	37	PC: 13e27 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:53:48.016619336Z	37	PC: 13e2f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:53:48.019245612Z	68	PC: 1419f \| I/O control for devices (Set for = '')
2018-12-17T21:53:48.103835144Z	37	PC: 13765 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:53:48.849604144Z	26	PC: 13d15 \| Set disk transfer address
2018-12-17T21:53:48.851459181Z	78	PC: 13d21 \| Find first file
2018-12-17T21:53:48.858268345Z	48	PC: 14824 \| Get DOS version
2018-12-17T21:53:48.859653312Z	61	PC: 146d6 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:48.867275175Z	61	PC: 146d6 \| Open file (Filename = '\TEST.EXE')
2018-12-17T21:53:48.874590123Z	63	PC: 147a9 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T21:53:48.877165098Z	63	PC: 147a9 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T21:53:48.880700554Z	62	PC: 14726 \| Close file
2018-12-17T21:53:48.882944636Z	62	PC: 14726 \| Close file
2018-12-17T21:53:48.885439006Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:48.887980096Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:48.891452798Z	26	PC: 13d15 \| Set disk transfer address
2018-12-17T21:53:48.892643807Z	78	PC: 13d21 \| Find first file
2018-12-17T21:53:48.897947723Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:48.899251474Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:48.901522995Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:48.902753756Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:48.906555997Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:48.907593143Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:48.911345613Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:48.91314346Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:48.915772161Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:48.916764356Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:48.919373771Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:48.920443843Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:48.922864996Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:48.924615357Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:48.92673662Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:48.927617453Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:48.930594759Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:48.931706366Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:48.934484649Z	26	PC: 13d15 \| Set disk transfer address
2018-12-17T21:53:48.936368763Z	78	PC: 13d21 \| Find first file
2018-12-17T21:53:48.941772839Z	48	PC: 14824 \| Get DOS version
2018-12-17T21:53:48.943197547Z	61	PC: 146d6 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:48.950105839Z	61	PC: 146d6 \| Open file (Filename = '\SLEEP.COM')
2018-12-17T21:53:48.957308331Z	63	PC: 147a9 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T21:53:48.960212651Z	63	PC: 147a9 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T21:53:48.967802642Z	62	PC: 14726 \| Close file
2018-12-17T21:53:48.969845253Z	62	PC: 14726 \| Close file
2018-12-17T21:53:48.972551588Z	48	PC: 14824 \| Get DOS version
2018-12-17T21:53:48.977225785Z	61	PC: 146d6 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:48.985052753Z	61	PC: 146d6 \| Open file (Filename = '\SLEEP.COM')
2018-12-17T21:53:48.992164216Z	63	PC: 147a9 \| Read file or device (Read 9999 bytes on handle 5)
2018-12-17T21:53:49.00122324Z	64	PC: 147a9 \| Write file or device (Write 9999 bytes on handle 6)
2018-12-17T21:53:49.016595741Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.018579763Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.02872271Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:49.029924075Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:49.033549774Z	48	PC: 14824 \| Get DOS version
2018-12-17T21:53:49.035595554Z	61	PC: 146d6 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:49.042142082Z	61	PC: 146d6 \| Open file (Filename = '\PRINT.COM')
2018-12-17T21:53:49.049292827Z	63	PC: 147a9 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T21:53:49.054116424Z	63	PC: 147a9 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T21:53:49.061666877Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.063534422Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.066666068Z	48	PC: 14824 \| Get DOS version
2018-12-17T21:53:49.068842863Z	61	PC: 146d6 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:49.076227176Z	61	PC: 146d6 \| Open file (Filename = '\PRINT.COM')
2018-12-17T21:53:49.08294614Z	63	PC: 147a9 \| Read file or device (Read 9999 bytes on handle 5)
2018-12-17T21:53:49.090338728Z	64	PC: 147a9 \| Write file or device (Write 9999 bytes on handle 6)
2018-12-17T21:53:49.099160441Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.102349179Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.110706203Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:49.111736183Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:49.116354972Z	48	PC: 14824 \| Get DOS version
2018-12-17T21:53:49.117954962Z	61	PC: 146d6 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:49.12523378Z	61	PC: 146d6 \| Open file (Filename = '\HELLO.COM')
2018-12-17T21:53:49.133272811Z	63	PC: 147a9 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T21:53:49.136782678Z	63	PC: 147a9 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T21:53:49.144362068Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.147343564Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.150599964Z	48	PC: 14824 \| Get DOS version
2018-12-17T21:53:49.15236965Z	61	PC: 146d6 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:49.160992181Z	61	PC: 146d6 \| Open file (Filename = '\HELLO.COM')
2018-12-17T21:53:49.167717629Z	63	PC: 147a9 \| Read file or device (Read 9999 bytes on handle 5)
2018-12-17T21:53:49.175249322Z	64	PC: 147a9 \| Write file or device (Write 9999 bytes on handle 6)
2018-12-17T21:53:49.185864288Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.187724158Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.196118594Z	26	PC: 13d39 \| Set disk transfer address
2018-12-17T21:53:49.197971102Z	79	PC: 13d3e \| Find next file
2018-12-17T21:53:49.201478118Z	48	PC: 14824 \| Get DOS version
2018-12-17T21:53:49.202839001Z	61	PC: 146d6 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:49.209960752Z	61	PC: 146d6 \| Open file (Filename = '\PHANG.COM')
2018-12-17T21:53:49.219197209Z	63	PC: 147a9 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T21:53:49.221716261Z	63	PC: 147a9 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T21:53:49.231920684Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.233677173Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.238229613Z	48	PC: 14824 \| Get DOS version
2018-12-17T21:53:49.240510173Z	61	PC: 146d6 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:49.250751218Z	61	PC: 146d6 \| Open file (Filename = '\PHANG.COM')
2018-12-17T21:53:49.257518729Z	63	PC: 147a9 \| Read file or device (Read 9999 bytes on handle 5)
2018-12-17T21:53:49.265416357Z	64	PC: 147a9 \| Write file or device (Write 9999 bytes on handle 6)
2018-12-17T21:53:49.326028026Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.327894493Z	62	PC: 14726 \| Close file
2018-12-17T21:53:49.496541191Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:53:49.499030753Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:53:49.500905188Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:53:49.502199705Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:53:49.503889582Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:53:49.50526701Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:53:49.506331604Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:53:49.507933303Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:53:49.509070289Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:53:49.51007741Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:53:49.511637042Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:53:49.512671917Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:53:49.513667228Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:53:49.51515916Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:53:49.51624714Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:53:49.517260391Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:53:49.518963099Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:53:49.520004265Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:53:49.520990795Z	37	PC: 13f16 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:53:49.522730539Z	76	PC: 13f55 \| Terminate with return code (Return code = '0')