Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Xep.5532

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:25:03.260478864Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:03.263792686Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:25:03.265889244Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:25:03.267432472Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:25:03.270024643Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:03.270980788Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:03.271918063Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:25:03.273038866Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:25:03.274598393Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:25:03.275431436Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:25:03.276243779Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:25:03.277794233Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:25:03.278763303Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:25:03.280041081Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:25:03.282499818Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:25:03.28357651Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:25:03.28509382Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:25:03.2865219Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:25:03.287647119Z	53	PC: 135ba \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:25:03.288701352Z	37	PC: 135cf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:03.290098767Z	37	PC: 135d7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:03.291127962Z	37	PC: 135df \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:03.291995778Z	37	PC: 135e7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:25:03.293375586Z	68	PC: 144ac \| I/O control for devices (Set for = ':��I�� ')
2018-12-17T22:25:03.29545948Z	60	PC: 13ee3 \| Create or truncate file
2018-12-17T22:25:03.314282369Z	65	PC: 1402c \| Delete file (Filename = '\xep3')
2018-12-17T22:25:03.329273775Z	26	PC: 13365 \| Set disk transfer address
2018-12-17T22:25:03.330934744Z	78	PC: 13371 \| Find first file
2018-12-17T22:25:03.349160872Z	48	PC: 140a5 \| Get DOS version
2018-12-17T22:25:03.352049082Z	61	PC: 13ee3 \| Open file (Filename = '\SLEEP.COM')
2018-12-17T22:25:03.369825658Z	61	PC: 13ee3 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:25:03.377288678Z	63	PC: 13fb6 \| Read file or device (Read 5532 bytes on handle 7)
2018-12-17T22:25:03.386060521Z	63	PC: 13fb6 \| Read file or device (Read 407 bytes on handle 6)
2018-12-17T22:25:03.39420343Z	62	PC: 13f33 \| Close file
2018-12-17T22:25:03.396468808Z	61	PC: 13ee3 \| Open file (Filename = '\SLEEP.COM')
2018-12-17T22:25:03.404437868Z	64	PC: 13fb6 \| Write file or device (Write 5532 bytes on handle 6)
2018-12-17T22:25:03.41488329Z	64	PC: 13fb6 \| Write file or device (Write 407 bytes on handle 6)
2018-12-17T22:25:03.430485507Z	62	PC: 13f33 \| Close file
2018-12-17T22:25:03.439720413Z	62	PC: 13f33 \| Close file
2018-12-17T22:25:03.442498572Z	26	PC: 13389 \| Set disk transfer address
2018-12-17T22:25:03.443854348Z	79	PC: 1338e \| Find next file
2018-12-17T22:25:03.448081329Z	48	PC: 140a5 \| Get DOS version
2018-12-17T22:25:03.451401864Z	61	PC: 13ee3 \| Open file (Filename = '\PRINT.COM')
2018-12-17T22:25:03.45934114Z	61	PC: 13ee3 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:25:03.467663529Z	63	PC: 13fb6 \| Read file or device (Read 5532 bytes on handle 7)
2018-12-17T22:25:03.47691997Z	63	PC: 13fb6 \| Read file or device (Read 27 bytes on handle 6)
2018-12-17T22:25:03.484785936Z	62	PC: 13f33 \| Close file
2018-12-17T22:25:03.486991779Z	61	PC: 13ee3 \| Open file (Filename = '\PRINT.COM')
2018-12-17T22:25:03.495951566Z	64	PC: 13fb6 \| Write file or device (Write 5532 bytes on handle 6)
2018-12-17T22:25:03.506139288Z	64	PC: 13fb6 \| Write file or device (Write 27 bytes on handle 6)
2018-12-17T22:25:03.510423972Z	62	PC: 13f33 \| Close file
2018-12-17T22:25:03.519744401Z	62	PC: 13f33 \| Close file
2018-12-17T22:25:03.522235245Z	26	PC: 13389 \| Set disk transfer address
2018-12-17T22:25:03.523619769Z	79	PC: 1338e \| Find next file
2018-12-17T22:25:03.528024055Z	48	PC: 140a5 \| Get DOS version
2018-12-17T22:25:03.530697053Z	61	PC: 13ee3 \| Open file (Filename = '\HELLO.COM')
2018-12-17T22:25:03.538202242Z	61	PC: 13ee3 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:25:03.546335368Z	63	PC: 13fb6 \| Read file or device (Read 5532 bytes on handle 7)
2018-12-17T22:25:03.557807694Z	63	PC: 13fb6 \| Read file or device (Read 92 bytes on handle 6)
2018-12-17T22:25:03.565074882Z	62	PC: 13f33 \| Close file
2018-12-17T22:25:03.566864238Z	61	PC: 13ee3 \| Open file (Filename = '\HELLO.COM')
2018-12-17T22:25:03.574945159Z	64	PC: 13fb6 \| Write file or device (Write 5532 bytes on handle 6)
2018-12-17T22:25:03.584533139Z	64	PC: 13fb6 \| Write file or device (Write 92 bytes on handle 6)
2018-12-17T22:25:03.587650273Z	62	PC: 13f33 \| Close file
2018-12-17T22:25:03.597737925Z	62	PC: 13f33 \| Close file
2018-12-17T22:25:03.599816423Z	48	PC: 140a5 \| Get DOS version
2018-12-17T22:25:03.601996044Z	61	PC: 13ee3 \| Open file (Filename = 'A:\XEP3.COM')
2018-12-17T22:25:03.608286097Z	48	PC: 140a5 \| Get DOS version
2018-12-17T22:25:03.610067884Z	61	PC: 13ee3 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:25:03.61859837Z	66	PC: 14015 \| Move file pointer
2018-12-17T22:25:03.620290427Z	66	PC: 145ab \| Move file pointer
2018-12-17T22:25:03.621536176Z	66	PC: 145b9 \| Move file pointer
2018-12-17T22:25:03.622720577Z	66	PC: 145c7 \| Move file pointer
2018-12-17T22:25:03.624482502Z	66	PC: 145ab \| Move file pointer
2018-12-17T22:25:03.62602216Z	66	PC: 145b9 \| Move file pointer
2018-12-17T22:25:03.627998391Z	66	PC: 145c7 \| Move file pointer
2018-12-17T22:25:03.630584707Z	63	PC: 13fb6 \| Read file or device (Read 29696 bytes on handle 6)
2018-12-17T22:25:03.640971238Z	60	PC: 13ee3 \| Create or truncate file
2018-12-17T22:25:03.654145265Z	66	PC: 145ab \| Move file pointer
2018-12-17T22:25:03.65662601Z	66	PC: 145b9 \| Move file pointer
2018-12-17T22:25:03.658296935Z	66	PC: 145c7 \| Move file pointer
2018-12-17T22:25:03.660227429Z	64	PC: 13fb6 \| Write file or device (Write 0 bytes on handle 7)
2018-12-17T22:25:03.66358645Z	64	PC: 13c3b \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:25:03.665825953Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:03.66700422Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:25:03.668573396Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:25:03.669734932Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:25:03.670849307Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:03.672296548Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:03.673487523Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:25:03.674951734Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:25:03.676769278Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:25:03.678061298Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:25:03.67927785Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:25:03.681084624Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:25:03.682405802Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:25:03.683646371Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:25:03.6877401Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:25:03.689374782Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:25:03.691031518Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:25:03.693659223Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:25:03.695299264Z	37	PC: 13711 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:25:03.696940844Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.700987882Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.703213568Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.705371138Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.707744245Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.710469471Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.713056443Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.715607169Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.71839251Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.720541706Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.722691801Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.725114044Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.727674271Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.73005384Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.732544084Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.734718344Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.736926634Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.739113951Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.741279767Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.743450779Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.74577247Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.748190376Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.750244057Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.752855883Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.755340117Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.758333032Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.762035697Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.764657186Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.76735471Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.77100429Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.773680913Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.777146732Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.779870242Z	6	PC: 13798 \| Direct console I/O
2018-12-17T22:25:03.783841819Z	76	PC: 13750 \| Terminate with return code (Return code = '101')