Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Holop.5504

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:28.541812175Z 53 PC: 1323a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:28.543077844Z 53 PC: 1323a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:25:28.544495254Z 53 PC: 1323a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:25:28.545696035Z 53 PC: 1323a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:25:28.546920756Z 53 PC: 1323a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:28.548526294Z 53 PC: 1323a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:28.549644017Z 53 PC: 1323a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:25:28.550643763Z 53 PC: 1323a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:25:28.552234564Z 53 PC: 1323a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:25:28.553576297Z 53 PC: 1323a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:25:28.554961707Z 53 PC: 1323a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:25:28.556875749Z 53 PC: 1323a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:25:28.55824722Z 53 PC: 1323a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:25:28.559556914Z 53 PC: 1323a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:25:28.561445564Z 53 PC: 1323a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:25:28.562801587Z 53 PC: 1323a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:25:28.564002304Z 53 PC: 1323a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:25:28.566054841Z 53 PC: 1323a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:25:28.567127272Z 53 PC: 1323a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:25:28.568217939Z 37 PC: 1324f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:28.569806688Z 37 PC: 13257 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:28.570947556Z 37 PC: 1325f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:28.572132104Z 37 PC: 13267 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:25:28.573843933Z 68 PC: 13d28 | I/O control for devices (Set for = '')
2018-12-17T22:25:28.575368358Z 42 PC: 12fb7 | Get date 0x12fb7: xor ah, ah
0x12fb9: les di, ptr [bp + 6]
0x12fbc: stosw word ptr es:[di], ax
0x12fbd: mov al, dl
0x12fbf: les di, ptr [bp + 0xa]
0x12fc2: stosw word ptr es:[di], ax
0x12fc3: mov al, dh
0x12fc5: les di, ptr [bp + 0xe]
0x12fc8: stosw word ptr es:[di], ax
0x12fc9: xchg ax, cx
0x12fca: les di, ptr [bp + 0x12]
0x12fcd: stosw word ptr es:[di], ax
0x12fce: pop bp
0x12fcf: retf 0x10
0x12fd2: push bp
0x12fd3: mov bp, sp
0x12fd5: mov cx, word ptr [bp + 0xa]
0x12fd8: mov dh, byte ptr [bp + 8]
0x12fdb: mov dl, byte ptr [bp + 6]
0x12fde: mov ah, 0x2b
2018-12-17T22:25:28.577509274Z 48 PC: 13a4e | Get DOS version
2018-12-17T22:25:28.579403875Z 48 PC: 13a4e | Get DOS version
2018-12-17T22:25:28.581053801Z 61 PC: 13900 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:25:28.5870847Z 63 PC: 139d3 | Read file or device (Read 5504 bytes on handle 5)
2018-12-17T22:25:28.593606261Z 62 PC: 13950 | Close file
2018-12-17T22:25:28.595886129Z 26 PC: 13089 | Set disk transfer address
2018-12-17T22:25:28.596912147Z 78 PC: 13095 | Find first file
2018-12-17T22:25:28.603421811Z 61 PC: 13900 | Open file (Filename = 'TEST.COM')
2018-12-17T22:25:28.609295294Z 60 PC: 13900 | Create or truncate file
2018-12-17T22:25:28.624921069Z 64 PC: 139d3 | Write file or device (Write 5504 bytes on handle 5)
2018-12-17T22:25:28.634569956Z 67 PC: 13031 | Get or set file attributes
2018-12-17T22:25:28.641578215Z 67 PC: 13058 | Get or set file attributes
2018-12-17T22:25:28.653236589Z 61 PC: 13900 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:25:28.660476022Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.662657077Z 63 PC: 139d3 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:25:28.665612113Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.668052497Z 63 PC: 139d3 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:25:28.671340989Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.673045588Z 63 PC: 139d3 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:25:28.675846297Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.677615044Z 63 PC: 139d3 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:25:28.680639284Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.682232718Z 63 PC: 139d3 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:25:28.685141357Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.686926113Z 63 PC: 139d3 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:25:28.689663325Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.691199484Z 63 PC: 139d3 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:25:28.693975058Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.695296548Z 63 PC: 139d3 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:25:28.69803078Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.700059225Z 63 PC: 139d3 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:25:28.703143998Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.705183353Z 63 PC: 139d3 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:25:28.709308812Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.711361296Z 63 PC: 139d3 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:25:28.714640713Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.717440187Z 63 PC: 139d3 | Read file or device (Read 2000 bytes on handle 6)
2018-12-17T22:25:28.726191605Z 66 PC: 13a32 | Move file pointer
2018-12-17T22:25:28.728532208Z 64 PC: 139d3 | Write file or device (Write 2000 bytes on handle 6)
2018-12-17T22:25:28.739226917Z 62 PC: 13950 | Close file
2018-12-17T22:25:28.748122051Z 67 PC: 13058 | Get or set file attributes
2018-12-17T22:25:28.759224808Z 62 PC: 13950 | Close file
2018-12-17T22:25:28.768438454Z 26 PC: 130ad | Set disk transfer address
2018-12-17T22:25:28.769870036Z 79 PC: 130b2 | Find next file
2018-12-17T22:25:28.777513316Z 64 PC: 13658 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:25:28.779770372Z 37 PC: 13391 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:28.782068848Z 37 PC: 13391 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:25:28.783619251Z 37 PC: 13391 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:25:28.78513723Z 37 PC: 13391 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:25:28.787464236Z 37 PC: 13391 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:28.789006596Z 37 PC: 13391 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:28.790627635Z 37 PC: 13391 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:25:28.793090333Z 37 PC: 13391 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:25:28.794786641Z 37 PC: 13391 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:25:28.796399096Z 37 PC: 13391 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:25:28.798787064Z 37 PC: 13391 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:25:28.800331304Z 37 PC: 13391 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:25:28.802018443Z 37 PC: 13391 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:25:28.804108471Z 37 PC: 13391 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:25:28.805556344Z 37 PC: 13391 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:25:28.807157206Z 37 PC: 13391 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:25:28.808929428Z 37 PC: 13391 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:25:28.810521779Z 37 PC: 13391 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:25:28.812132262Z 37 PC: 13391 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:25:28.81370685Z 76 PC: 133d0 | Terminate with return code (Return code = '0')