Sample viewer

vx.netlux.org/Virus.DOS.HLLC.5696

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:28:10.567307072Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:28:10.569008154Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:28:10.570303299Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:28:10.571524503Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:10.57352028Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:10.575461984Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:10.576614911Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:28:10.578198638Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:28:10.579828782Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:28:10.581079825Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:28:10.58284832Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:28:10.58393912Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:28:10.584965072Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:28:10.590884257Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:28:10.592388786Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:28:10.593691797Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:28:10.595499337Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:28:10.603338549Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:28:10.60442819Z	53	PC: 12f4a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:28:10.605865694Z	37	PC: 12f5f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:28:10.606865578Z	37	PC: 12f67 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:10.607851558Z	37	PC: 12f6f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:10.625477673Z	37	PC: 12f77 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:28:10.627010359Z	68	PC: 13dc9 \| I/O control for devices (Set for = ' �Î�3��p')
2018-12-17T22:28:10.628481291Z	48	PC: 139da \| Get DOS version
2018-12-17T22:28:10.630319694Z	61	PC: 13818 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:28:10.637143799Z	66	PC: 13ec8 \| Move file pointer
2018-12-17T22:28:10.638686448Z	66	PC: 13ed6 \| Move file pointer
2018-12-17T22:28:10.640462957Z	66	PC: 13ee4 \| Move file pointer
2018-12-17T22:28:10.643215863Z	63	PC: 138eb \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:28:10.646163785Z	66	PC: 1394a \| Move file pointer
2018-12-17T22:28:10.648057618Z	48	PC: 139da \| Get DOS version
2018-12-17T22:28:10.65091838Z	86	PC: 139a5 \| Rename file
2018-12-17T22:28:10.657721451Z	63	PC: 138eb \| Read file or device (Read 5696 bytes on handle 5)
2018-12-17T22:28:10.664936282Z	62	PC: 13868 \| Close file
2018-12-17T22:28:10.667311231Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:28:10.668421753Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:28:10.669543825Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:28:10.671263886Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:28:10.672403653Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:28:10.673578415Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:28:10.675424617Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:10.676650975Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:10.677672168Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:10.680008598Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:10.681228708Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:10.682512057Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:10.684512941Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:28:10.686020601Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:28:10.687379391Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:28:10.68917131Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:28:10.690238548Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:28:10.691306879Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:28:10.693599131Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:28:10.694760949Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:28:10.696000997Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:28:10.69781633Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:28:10.699177858Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:28:10.700388007Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:28:10.70236653Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:28:10.703580486Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:28:10.704630401Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:28:10.706300501Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:28:10.707704729Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:28:10.709268496Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:28:10.710751894Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:28:10.712102781Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:28:10.713504651Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:28:10.715803924Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:28:10.717224239Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:28:10.718653279Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:28:10.720897999Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:28:10.722053786Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:28:10.723262493Z	41	PC: 12e7d \| Parse filename
2018-12-17T22:28:10.725886178Z	41	PC: 12e8b \| Parse filename
2018-12-17T22:28:10.727547637Z	75	PC: 12e96 \| Execute program
2018-12-17T22:28:10.733866755Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:28:10.735136568Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:28:10.736876572Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:28:10.738288785Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:28:10.739608819Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:28:10.742222844Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:28:10.743858908Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:10.746395736Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:10.747769492Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:10.749177853Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:10.750773571Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:10.752959204Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:10.754450373Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:28:10.755967958Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:28:10.758975028Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:28:10.76067051Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:28:10.761883906Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:28:10.764279661Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:28:10.7656834Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:28:10.767139377Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:28:10.769120584Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:28:10.770479199Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:28:10.771895975Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:28:10.775128571Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:28:10.776519807Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:28:10.777738611Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:28:10.779987143Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:28:10.781137695Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:28:10.782117774Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:28:10.783830276Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:28:10.784839788Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:28:10.785939718Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:28:10.787877082Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:28:10.789297039Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:28:10.790502712Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:28:10.79325233Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:28:10.794350056Z	53	PC: 12ec6 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:28:10.795434041Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:28:10.797682737Z	86	PC: 139a5 \| Rename file
2018-12-17T22:28:10.804940437Z	26	PC: 12dc5 \| Set disk transfer address
2018-12-17T22:28:10.80611394Z	78	PC: 12dd1 \| Find first file
2018-12-17T22:28:10.813897495Z	61	PC: 13818 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:28:10.820465814Z	63	PC: 138eb \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:28:10.823158445Z	66	PC: 1394a \| Move file pointer
2018-12-17T22:28:10.829929721Z	62	PC: 13868 \| Close file
2018-12-17T22:28:10.832577158Z	86	PC: 139a5 \| Rename file
2018-12-17T22:28:10.852093872Z	60	PC: 13818 \| Create or truncate file
2018-12-17T22:28:10.86306392Z	64	PC: 138eb \| Write file or device (Write 5696 bytes on handle 5)
2018-12-17T22:28:10.871665753Z	62	PC: 13868 \| Close file
2018-12-17T22:28:10.879826444Z	26	PC: 12de9 \| Set disk transfer address
2018-12-17T22:28:10.880929366Z	79	PC: 12dee \| Find next file
2018-12-17T22:28:10.884151983Z	61	PC: 13818 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:28:10.890651807Z	63	PC: 138eb \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:28:10.896801448Z	66	PC: 1394a \| Move file pointer
2018-12-17T22:28:10.898987864Z	62	PC: 13868 \| Close file
2018-12-17T22:28:10.901338344Z	86	PC: 139a5 \| Rename file
2018-12-17T22:28:10.908714652Z	60	PC: 13818 \| Create or truncate file
2018-12-17T22:28:10.921147119Z	64	PC: 138eb \| Write file or device (Write 5696 bytes on handle 5)
2018-12-17T22:28:10.929700328Z	62	PC: 13868 \| Close file
2018-12-17T22:28:10.937790148Z	26	PC: 12de9 \| Set disk transfer address
2018-12-17T22:28:10.939885322Z	79	PC: 12dee \| Find next file
2018-12-17T22:28:10.947699325Z	64	PC: 13570 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:28:10.949741104Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:28:10.952093183Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:28:10.953421628Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:28:10.95476738Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:10.957061019Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:10.958426458Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:10.959762302Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:28:10.961795573Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:28:10.962882061Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:28:10.963817736Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:28:10.965504775Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:28:10.966414477Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:28:10.967327385Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:28:10.969101323Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:28:10.970040853Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:28:10.971121875Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:28:10.972768245Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:28:10.97396198Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:28:10.975205314Z	37	PC: 130a1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:28:10.977406992Z	76	PC: 130e0 \| Terminate with return code (Return code = '0')