Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Merlin.4230

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:26:54.024604922Z	53	PC: 13c52 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:26:54.026872279Z	53	PC: 13c89 \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:26:54.027991694Z	53	PC: 13cb3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:26:54.029694213Z	53	PC: 13d92 \| Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:26:54.031350586Z	53	PC: 13da1 \| Get interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:26:54.032820564Z	37	PC: 13db4 \| Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:26:54.034265097Z	37	PC: 13dbd \| Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:26:54.037759075Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:54.039506742Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:26:54.041178473Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:26:54.043365136Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:26:54.045007023Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:26:54.046758786Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:26:54.048666921Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:26:54.050924561Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:26:54.05229907Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:26:54.053706339Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:26:54.056208449Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:26:54.057597129Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:26:54.059422999Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:26:54.063541805Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:26:54.064874024Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:26:54.06603324Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:26:54.06775503Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:26:54.068870463Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:26:54.069987861Z	53	PC: 156aa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:26:54.072074261Z	37	PC: 156bf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:54.07343324Z	37	PC: 156c7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:26:54.074782625Z	37	PC: 156cf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:26:54.077089037Z	37	PC: 156d7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:26:54.078919768Z	68	PC: 1607d \| I/O control for devices (Set for = '��t��ѭ� ��')
2018-12-17T22:26:54.080497189Z	44	PC: 1524a \| Get time 0x1524a: mov word ptr cs:[0x6fe], cx 0x1524f: mov word ptr cs:[0x701], dx 0x15254: ret 0x15255: mov word ptr cs:[0x513], di 0x1525a: mov word ptr cs:[0x531], cx 0x1525f: mov word ptr cs:[0x53e], si 0x15264: mov word ptr cs:[0x520], ax 0x15268: mov byte ptr cs:[0x4b1], 0xff 0x1526e: call 0x15428 0x15271: call 0x15377 0x15274: call 0x15428 0x15277: mov ax, 4 0x1527a: call 0x154f9 0x1527d: cmp al, 0 0x1527f: jne 0x15285 0x15281: mov al, 3 0x15283: jmp 0x15287 0x15285: add al, 4 0x15287: mov byte ptr cs:[0x4b1], al 0x1528b: call 0x15356
2018-12-17T22:26:54.083203473Z	60	PC: 15d70 \| Create or truncate file
2018-12-17T22:26:54.101008884Z	62	PC: 15dc0 \| Close file
2018-12-17T22:26:54.102774406Z	65	PC: 15eb9 \| Delete file (Filename = '�')
2018-12-17T22:26:54.114205295Z	26	PC: 15585 \| Set disk transfer address
2018-12-17T22:26:54.115225862Z	78	PC: 15591 \| Find first file
2018-12-17T22:26:54.121445698Z	61	PC: 15d70 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:26:54.128298175Z	66	PC: 1617c \| Move file pointer
2018-12-17T22:26:54.129621172Z	66	PC: 1618a \| Move file pointer
2018-12-17T22:26:54.13090071Z	66	PC: 16198 \| Move file pointer
2018-12-17T22:26:54.132809283Z	66	PC: 1617c \| Move file pointer
2018-12-17T22:26:54.134043702Z	66	PC: 1618a \| Move file pointer
2018-12-17T22:26:54.135263746Z	66	PC: 16198 \| Move file pointer
2018-12-17T22:26:54.136911554Z	63	PC: 15e43 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:26:54.13952371Z	62	PC: 15dc0 \| Close file
2018-12-17T22:26:54.141074551Z	26	PC: 155a9 \| Set disk transfer address
2018-12-17T22:26:54.14246119Z	79	PC: 155ae \| Find next file
2018-12-17T22:26:54.145549609Z	64	PC: 15ac8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:26:54.14699815Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:26:54.148441607Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:26:54.14957065Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:26:54.150528861Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:26:54.151911928Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:26:54.152995062Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:26:54.153978882Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:26:54.15531003Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:26:54.15679819Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:26:54.158312513Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:26:54.160215677Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:26:54.16192957Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:26:54.163527777Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:26:54.16556501Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:26:54.166895563Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:26:54.168148662Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:26:54.169919646Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:26:54.170916717Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:26:54.171888101Z	37	PC: 15801 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:26:54.173248828Z	37	PC: 13e26 \| Set interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:26:54.175121994Z	37	PC: 13e30 \| Set interrupt vector (Interrupt = '145' AKA 'UNKNOWN!')
2018-12-17T22:26:54.176352334Z	98	PC: 13e34 \| Get current PSP
2018-12-17T22:26:54.178265317Z	26	PC: 13e3f \| Set disk transfer address
2018-12-17T22:26:54.179464324Z	9	PC: 12a5c \| Display string (Could not find end pointer)
2018-12-17T22:26:54.184743329Z	76	PC: 12a61 \| Terminate with return code (Return code = '0')