Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Rangel.5000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:24:16.02990242Z 53 PC: 1380a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:24:16.031941718Z 53 PC: 1380a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:24:16.033398646Z 53 PC: 1380a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:24:16.03479334Z 53 PC: 1380a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:24:16.03727484Z 53 PC: 1380a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:24:16.038384272Z 53 PC: 1380a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:16.039418851Z 53 PC: 1380a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:24:16.041043614Z 53 PC: 1380a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:24:16.042447437Z 53 PC: 1380a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:24:16.043763576Z 53 PC: 1380a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:24:16.045602727Z 53 PC: 1380a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:24:16.046746271Z 53 PC: 1380a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:24:16.047868752Z 53 PC: 1380a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:24:16.050878104Z 53 PC: 1380a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:24:16.052672618Z 53 PC: 1380a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:24:16.05422888Z 53 PC: 1380a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:24:16.05610442Z 53 PC: 1380a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:24:16.057770094Z 53 PC: 1380a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:24:16.059159366Z 53 PC: 1380a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:24:16.060783519Z 37 PC: 1381f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:24:16.067456743Z 37 PC: 13827 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:24:16.068537722Z 37 PC: 1382f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:16.069595054Z 37 PC: 13837 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:24:16.071721085Z 68 PC: 142f2 | I/O control for devices (Set for = '')
2018-12-17T22:24:16.073399158Z 44 PC: 1348d | Get time 0x1348d: xor ah, ah
0x1348f: mov al, dl
0x13491: les di, ptr [bp + 6]
0x13494: stosw word ptr es:[di], ax
0x13495: mov al, dh
0x13497: les di, ptr [bp + 0xa]
0x1349a: stosw word ptr es:[di], ax
0x1349b: mov al, cl
0x1349d: les di, ptr [bp + 0xe]
0x134a0: stosw word ptr es:[di], ax
0x134a1: mov al, ch
0x134a3: les di, ptr [bp + 0x12]
0x134a6: stosw word ptr es:[di], ax
0x134a7: pop bp
0x134a8: retf 0x10
0x134ab: push bp
0x134ac: mov bp, sp
0x134ae: mov ch, byte ptr [bp + 0xc]
0x134b1: mov cl, byte ptr [bp + 0xa]
0x134b4: mov dh, byte ptr [bp + 8]
2018-12-17T22:24:16.076096534Z 48 PC: 13e22 | Get DOS version
2018-12-17T22:24:16.078376892Z 25 PC: 13eaf | Get default drive
2018-12-17T22:24:16.079641861Z 71 PC: 13ec2 | Get current directory
2018-12-17T22:24:16.082906666Z 14 PC: 13f08 | Set default drive (Drive = 'A')
2018-12-17T22:24:16.085001387Z 25 PC: 13f0c | Get default drive
2018-12-17T22:24:16.086103183Z 59 PC: 13f76 | Change current directory
2018-12-17T22:24:16.090124471Z 26 PC: 1352d | Set disk transfer address
2018-12-17T22:24:16.101571669Z 78 PC: 13539 | Find first file
2018-12-17T22:24:16.10760359Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.108862901Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.113092641Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.12969826Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.134331499Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.135904959Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.14003797Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.141303481Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.144957157Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.147165516Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.150900771Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.152160964Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.156678983Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.15795771Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.161236413Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.163295829Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.166791183Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.168071455Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.172499998Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.17354584Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.176530373Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.178402276Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.181813098Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.182789828Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.186920044Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.188702966Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.192026892Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.193732014Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.197331732Z 26 PC: 13551 | Set disk transfer address
2018-12-17T22:24:16.198344782Z 79 PC: 13556 | Find next file
2018-12-17T22:24:16.201584157Z 14 PC: 13f08 | Set default drive (Drive = 'A')
2018-12-17T22:24:16.203291592Z 25 PC: 13f0c | Get default drive
2018-12-17T22:24:16.204292525Z 59 PC: 13f76 | Change current directory
2018-12-17T22:24:16.208533194Z 48 PC: 13e22 | Get DOS version
2018-12-17T22:24:16.210671111Z 61 PC: 13cd4 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:24:16.217883339Z 87 PC: 134d0 | Get or set file date and time
2018-12-17T22:24:16.219646573Z 63 PC: 13da7 | Read file or device (Read 4942 bytes on handle 5)
2018-12-17T22:24:16.227853868Z 62 PC: 13d24 | Close file
2018-12-17T22:24:16.229479922Z 61 PC: 13cd4 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:24:16.236296444Z 66 PC: 143f1 | Move file pointer
2018-12-17T22:24:16.23762777Z 66 PC: 143ff | Move file pointer
2018-12-17T22:24:16.239065516Z 66 PC: 1440d | Move file pointer
2018-12-17T22:24:16.240811381Z 66 PC: 13e06 | Move file pointer
2018-12-17T22:24:16.243021113Z 63 PC: 13da7 | Read file or device (Read 5000 bytes on handle 5)
2018-12-17T22:24:16.251362448Z 62 PC: 13d24 | Close file
2018-12-17T22:24:16.25318936Z 61 PC: 13cd4 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:24:16.261294588Z 64 PC: 13da7 | Write file or device (Write 5000 bytes on handle 5)
2018-12-17T22:24:16.274663969Z 66 PC: 13e06 | Move file pointer
2018-12-17T22:24:16.275712559Z 64 PC: 13d05 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:24:16.281185227Z 87 PC: 134fd | Get or set file date and time
2018-12-17T22:24:16.282411443Z 62 PC: 13d24 | Close file
2018-12-17T22:24:16.289174853Z 74 PC: 1344b | Reallocate memory
2018-12-17T22:24:16.291349752Z 53 PC: 1377c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:24:16.292470543Z 37 PC: 13785 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:24:16.293634989Z 53 PC: 1377c | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:24:16.295377465Z 37 PC: 13785 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:24:16.296739446Z 53 PC: 1377c | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:24:16.2979899Z 37 PC: 13785 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:24:16.299550617Z 53 PC: 1377c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:24:16.300629594Z 37 PC: 13785 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:24:16.30162105Z 53 PC: 1377c | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:24:16.303105169Z 37 PC: 13785 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:24:16.304057051Z 53 PC: 1377c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:16.305026772Z 37 PC: 13785 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:16.306479864Z 53 PC: 1377c | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:24:16.307453435Z 37 PC: 13785 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:24:16.308383573Z 53 PC: 1377c | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:24:16.309691895Z 37 PC: 13785 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:24:16.310612675Z 53 PC: 1377c | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:24:16.311586353Z 37 PC: 13785 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:24:16.31344251Z 53 PC: 1377c | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:24:16.314727967Z 37 PC: 13785 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:24:16.315934244Z 53 PC: 1377c | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:24:16.317605322Z 37 PC: 13785 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:24:16.318657277Z 53 PC: 1377c | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:24:16.319853979Z 37 PC: 13785 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:24:16.321313475Z 53 PC: 1377c | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:24:16.322607798Z 37 PC: 13785 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:24:16.323639336Z 53 PC: 1377c | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:24:16.325285263Z 37 PC: 13785 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:24:16.326182565Z 53 PC: 1377c | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:24:16.327142984Z 37 PC: 13785 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:24:16.328925457Z 53 PC: 1377c | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:24:16.330829784Z 37 PC: 13785 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:24:16.332129763Z 53 PC: 1377c | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:24:16.33385963Z 37 PC: 13785 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:24:16.335515574Z 53 PC: 1377c | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:24:16.33740236Z 37 PC: 13785 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:24:16.339064941Z 53 PC: 1377c | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:24:16.340424377Z 37 PC: 13785 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:24:16.342603142Z 41 PC: 13733 | Parse filename
2018-12-17T22:24:16.345164037Z 41 PC: 13741 | Parse filename
2018-12-17T22:24:16.346697492Z 75 PC: 1374c | Execute program
2018-12-17T22:24:16.367146705Z 80 PC: 1c709 | Set current PSP
2018-12-17T22:24:16.369046454Z 48 PC: 1c70e | Get DOS version
2018-12-17T22:24:16.370710176Z 99 PC: 22ef0 | Get DBCS lead byte table pointer
2018-12-17T22:24:16.373312758Z 101 PC: 1c794 | Get extended country info
2018-12-17T22:24:16.374991053Z 99 PC: 1c79a | Get DBCS lead byte table pointer
2018-12-17T22:24:16.376068817Z 74 PC: 1c7fc | Reallocate memory
2018-12-17T22:24:16.377551464Z 25 PC: 1c833 | Get default drive
2018-12-17T22:24:16.379473324Z 37 PC: 1c2f3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:24:16.380975863Z 37 PC: 1c2fa | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:24:16.382468703Z 37 PC: 1c301 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:16.386861456Z 74 PC: 1b49c | Reallocate memory
2018-12-17T22:24:16.388197965Z 72 PC: 1b4dd | Allocate memory
2018-12-17T22:24:16.389599207Z 72 PC: 1b515 | Allocate memory
2018-12-17T22:24:16.399867277Z 72 PC: 1b51d | Allocate memory