Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Sara.6672.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:02.630121783Z 53 PC: 1339a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:02.632094641Z 53 PC: 1339a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:25:02.633447302Z 53 PC: 1339a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:25:02.634939362Z 53 PC: 1339a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:25:02.637460263Z 53 PC: 1339a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:02.638919223Z 53 PC: 1339a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:02.641255561Z 53 PC: 1339a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:25:02.644408151Z 53 PC: 1339a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:25:02.647062596Z 53 PC: 1339a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:25:02.649270376Z 53 PC: 1339a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:25:02.652594888Z 53 PC: 1339a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:25:02.654730582Z 53 PC: 1339a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:25:02.656433431Z 53 PC: 1339a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:25:02.658405698Z 53 PC: 1339a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:25:02.66093226Z 53 PC: 1339a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:25:02.662703636Z 53 PC: 1339a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:25:02.664947866Z 53 PC: 1339a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:25:02.667657678Z 53 PC: 1339a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:25:02.669418176Z 53 PC: 1339a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:25:02.67113813Z 37 PC: 133af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:02.673906265Z 37 PC: 133b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:02.675940701Z 37 PC: 133bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:02.67757768Z 37 PC: 133c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:25:02.680816166Z 68 PC: 1400c | I/O control for devices (Set for = '')
2018-12-17T22:25:02.682952771Z 44 PC: 14143 | Get time 0x14143: mov word ptr [0x62], cx
0x14147: mov word ptr [0x64], dx
0x1414b: retf
0x1414c: call 0x14193
0x1414f: jb 0x14160
0x14151: mov cx, word ptr es:[di + 4]
0x14155: cmp cx, 1
0x14158: je 0x14160
0x1415a: xor bx, bx
0x1415c: push cs
0x1415d: call 0x23cd4
0x14160: retf 4
0x14163: call 0x14193
0x14166: jb 0x1417b
0x14168: mov ax, cx
0x1416a: mov dx, bx
0x1416c: mov cx, word ptr es:[di + 4]
0x14170: cmp cx, 1
0x14173: je 0x1417b
0x14175: xor bx, bx
2018-12-17T22:25:02.686823445Z 48 PC: 13c22 | Get DOS version
2018-12-17T22:25:02.691909425Z 67 PC: 1310f | Get or set file attributes
2018-12-17T22:25:02.701438833Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:02.720175412Z 61 PC: 13a60 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:25:02.724656056Z 63 PC: 13b33 | Read file or device (Read 6672 bytes on handle 5)
2018-12-17T22:25:02.731117247Z 66 PC: 141ad | Move file pointer
2018-12-17T22:25:02.732574453Z 66 PC: 141bb | Move file pointer
2018-12-17T22:25:02.733867211Z 66 PC: 141c9 | Move file pointer
2018-12-17T22:25:02.736347813Z 26 PC: 131ad | Set disk transfer address
2018-12-17T22:25:02.737287627Z 78 PC: 131b9 | Find first file
2018-12-17T22:25:02.741324324Z 26 PC: 131d1 | Set disk transfer address
2018-12-17T22:25:02.743735832Z 79 PC: 131d6 | Find next file
2018-12-17T22:25:02.746775799Z 26 PC: 131ad | Set disk transfer address
2018-12-17T22:25:02.748182831Z 78 PC: 131b9 | Find first file
2018-12-17T22:25:02.755809689Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:02.767680679Z 61 PC: 13a60 | Open file (Filename = 'HX1IF.HGW')
2018-12-17T22:25:02.780224776Z 86 PC: 13bed | Rename file
2018-12-17T22:25:02.796246351Z 61 PC: 13a60 | Open file (Filename = 'HX1IF.HGW')
2018-12-17T22:25:02.803884315Z 87 PC: 1317d | Get or set file date and time
2018-12-17T22:25:02.805659437Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:02.816705706Z 62 PC: 13ab0 | Close file
2018-12-17T22:25:02.825190384Z 26 PC: 131d1 | Set disk transfer address
2018-12-17T22:25:02.826636804Z 79 PC: 131d6 | Find next file
2018-12-17T22:25:02.830365249Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:02.845171944Z 61 PC: 13a60 | Open file (Filename = '6V2HP.W')
2018-12-17T22:25:02.853335083Z 86 PC: 13bed | Rename file
2018-12-17T22:25:02.866002283Z 61 PC: 13a60 | Open file (Filename = '6V2HP.W')
2018-12-17T22:25:02.874678646Z 87 PC: 1317d | Get or set file date and time
2018-12-17T22:25:02.877064527Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:02.886261671Z 62 PC: 13ab0 | Close file
2018-12-17T22:25:02.892989997Z 26 PC: 131d1 | Set disk transfer address
2018-12-17T22:25:02.894113149Z 79 PC: 131d6 | Find next file
2018-12-17T22:25:02.896532983Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:02.904276756Z 61 PC: 13a60 | Open file (Filename = 'O124M.REN')
2018-12-17T22:25:02.91206612Z 86 PC: 13bed | Rename file
2018-12-17T22:25:02.920111056Z 61 PC: 13a60 | Open file (Filename = 'O124M.REN')
2018-12-17T22:25:02.929065442Z 87 PC: 1317d | Get or set file date and time
2018-12-17T22:25:02.931510216Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:02.942872093Z 62 PC: 13ab0 | Close file
2018-12-17T22:25:02.954503357Z 26 PC: 131d1 | Set disk transfer address
2018-12-17T22:25:02.956191942Z 79 PC: 131d6 | Find next file
2018-12-17T22:25:02.960247103Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:02.975584709Z 61 PC: 13a60 | Open file (Filename = 'KKGPI.K4O')
2018-12-17T22:25:02.983924342Z 86 PC: 13bed | Rename file
2018-12-17T22:25:02.996612761Z 61 PC: 13a60 | Open file (Filename = 'KKGPI.K4O')
2018-12-17T22:25:03.006618274Z 87 PC: 1317d | Get or set file date and time
2018-12-17T22:25:03.009004484Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:03.019985624Z 62 PC: 13ab0 | Close file
2018-12-17T22:25:03.028397321Z 26 PC: 131d1 | Set disk transfer address
2018-12-17T22:25:03.031330725Z 79 PC: 131d6 | Find next file
2018-12-17T22:25:03.035544486Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:03.047941639Z 61 PC: 13a60 | Open file (Filename = 'WE5NE.TM2')
2018-12-17T22:25:03.056446417Z 86 PC: 13bed | Rename file
2018-12-17T22:25:03.069456831Z 61 PC: 13a60 | Open file (Filename = 'WE5NE.TM2')
2018-12-17T22:25:03.077343176Z 87 PC: 1317d | Get or set file date and time
2018-12-17T22:25:03.080074203Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:03.094231942Z 62 PC: 13ab0 | Close file
2018-12-17T22:25:03.105330842Z 26 PC: 131d1 | Set disk transfer address
2018-12-17T22:25:03.107142093Z 79 PC: 131d6 | Find next file
2018-12-17T22:25:03.111379935Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:03.123122171Z 61 PC: 13a60 | Open file (Filename = '5CPI3KD1.N8A')
2018-12-17T22:25:03.130387191Z 86 PC: 13bed | Rename file
2018-12-17T22:25:03.14303341Z 61 PC: 13a60 | Open file (Filename = '5CPI3KD1.N8A')
2018-12-17T22:25:03.156173513Z 87 PC: 1317d | Get or set file date and time
2018-12-17T22:25:03.158355065Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:03.174981444Z 62 PC: 13ab0 | Close file
2018-12-17T22:25:03.18306413Z 26 PC: 131d1 | Set disk transfer address
2018-12-17T22:25:03.184825652Z 79 PC: 131d6 | Find next file
2018-12-17T22:25:03.189818244Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:03.201590312Z 61 PC: 13a60 | Open file (Filename = 'D9QJ7G.751')
2018-12-17T22:25:03.209402463Z 86 PC: 13bed | Rename file
2018-12-17T22:25:03.225357769Z 61 PC: 13a60 | Open file (Filename = 'D9QJ7G.751')
2018-12-17T22:25:03.233714769Z 87 PC: 1317d | Get or set file date and time
2018-12-17T22:25:03.23565001Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:03.247166292Z 62 PC: 13ab0 | Close file
2018-12-17T22:25:03.255895419Z 26 PC: 131d1 | Set disk transfer address
2018-12-17T22:25:03.257417003Z 79 PC: 131d6 | Find next file
2018-12-17T22:25:03.261942494Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:03.273409393Z 61 PC: 13a60 | Open file (Filename = 'S2Y.FUO')
2018-12-17T22:25:03.279756574Z 86 PC: 13bed | Rename file
2018-12-17T22:25:03.289884157Z 61 PC: 13a60 | Open file (Filename = 'S2Y.FUO')
2018-12-17T22:25:03.294855874Z 87 PC: 1317d | Get or set file date and time
2018-12-17T22:25:03.296058511Z 67 PC: 13136 | Get or set file attributes
2018-12-17T22:25:03.303459741Z 62 PC: 13ab0 | Close file
2018-12-17T22:25:03.313419149Z 26 PC: 131d1 | Set disk transfer address
2018-12-17T22:25:03.314571828Z 79 PC: 131d6 | Find next file
2018-12-17T22:25:03.318643372Z 26 PC: 131d1 | Set disk transfer address
2018-12-17T22:25:03.320218796Z 79 PC: 131d6 | Find next file
2018-12-17T22:25:03.322993385Z 64 PC: 137b8 | Write file or device (Write 35 bytes on handle 1)
2018-12-17T22:25:03.329175933Z 64 PC: 137b8 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:25:03.331512021Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:03.332830404Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:25:03.334260708Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:25:03.335864952Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:25:03.337260514Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:03.338655964Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:03.340530614Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:25:03.341927132Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:25:03.343302042Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:25:03.345100267Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:25:03.34652158Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:25:03.350436316Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:25:03.355138855Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:25:03.356370685Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:25:03.357999563Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:25:03.360547092Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:25:03.362218851Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:25:03.363663098Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:25:03.365399171Z 37 PC: 134f1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:25:03.366724264Z 76 PC: 13530 | Terminate with return code (Return code = '0')