Sample viewer

vx.netlux.org/Virus.DOS.HLLC.XFiles.5953

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:28:57.668599039Z 53 PC: 135ea | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:28:57.671224806Z 53 PC: 135ea | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:28:57.674591859Z 53 PC: 135ea | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:28:57.676409516Z 53 PC: 135ea | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:57.678775921Z 53 PC: 135ea | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:57.681303561Z 53 PC: 135ea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:57.683925566Z 53 PC: 135ea | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:28:57.686710937Z 53 PC: 135ea | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:28:57.688439152Z 53 PC: 135ea | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:28:57.690074715Z 53 PC: 135ea | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:28:57.691687955Z 53 PC: 135ea | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:28:57.693850717Z 53 PC: 135ea | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:28:57.695489895Z 53 PC: 135ea | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:28:57.69712749Z 53 PC: 135ea | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:28:57.699359495Z 53 PC: 135ea | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:28:57.701043369Z 53 PC: 135ea | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:28:57.702719382Z 53 PC: 135ea | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:28:57.704851739Z 53 PC: 135ea | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:28:57.706464532Z 53 PC: 135ea | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:28:57.70806404Z 37 PC: 135ff | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:28:57.710266685Z 37 PC: 13607 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:57.711458142Z 37 PC: 1360f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:57.712724439Z 37 PC: 13617 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:28:57.714916845Z 68 PC: 14486 | I/O control for devices (Set for = '')
2018-12-17T22:28:57.75394672Z 37 PC: 12de1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:28:57.755692504Z 44 PC: 1339d | Get time 0x1339d: xor ah, ah
0x1339f: mov al, dl
0x133a1: les di, ptr [bp + 6]
0x133a4: stosw word ptr es:[di], ax
0x133a5: mov al, dh
0x133a7: les di, ptr [bp + 0xa]
0x133aa: stosw word ptr es:[di], ax
0x133ab: mov al, cl
0x133ad: les di, ptr [bp + 0xe]
0x133b0: stosw word ptr es:[di], ax
0x133b1: mov al, ch
0x133b3: les di, ptr [bp + 0x12]
0x133b6: stosw word ptr es:[di], ax
0x133b7: pop bp
0x133b8: retf 0x10
0x133bb: push bp
0x133bc: mov bp, sp
0x133be: mov ch, byte ptr [bp + 0xc]
0x133c1: mov cl, byte ptr [bp + 0xa]
0x133c4: mov dh, byte ptr [bp + 8]
2018-12-17T22:28:57.765290866Z 48 PC: 14097 | Get DOS version
2018-12-17T22:28:57.772053137Z 61 PC: 13f49 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:28:57.779596943Z 66 PC: 14585 | Move file pointer
2018-12-17T22:28:57.782796407Z 66 PC: 14593 | Move file pointer
2018-12-17T22:28:57.786304257Z 66 PC: 145a1 | Move file pointer
2018-12-17T22:28:57.789747741Z 63 PC: 1401c | Read file or device (Read 5953 bytes on handle 5)
2018-12-17T22:28:57.797896441Z 62 PC: 13f99 | Close file
2018-12-17T22:28:57.804495062Z 26 PC: 133f7 | Set disk transfer address
2018-12-17T22:28:57.806481565Z 78 PC: 13403 | Find first file
2018-12-17T22:28:57.826742546Z 60 PC: 13f49 | Create or truncate file
2018-12-17T22:28:57.848660172Z 64 PC: 1401c | Write file or device (Write 5953 bytes on handle 5)
2018-12-17T22:28:57.858503204Z 62 PC: 13f99 | Close file
2018-12-17T22:28:57.868211029Z 26 PC: 1341b | Set disk transfer address
2018-12-17T22:28:57.870719287Z 79 PC: 13420 | Find next file
2018-12-17T22:28:57.878165801Z 48 PC: 14097 | Get DOS version
2018-12-17T22:28:57.879735419Z 48 PC: 14097 | Get DOS version
2018-12-17T22:28:57.882312584Z 53 PC: 13566 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:28:57.883686753Z 37 PC: 1356f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:28:57.884995864Z 53 PC: 13566 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:28:57.896844324Z 37 PC: 1356f | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:28:57.898363949Z 53 PC: 13566 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:28:57.900173794Z 37 PC: 1356f | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:28:57.901810531Z 53 PC: 13566 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:57.904597611Z 37 PC: 1356f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:57.906258151Z 53 PC: 13566 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:57.910653025Z 37 PC: 1356f | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:57.912648535Z 53 PC: 13566 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:57.914082329Z 37 PC: 1356f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:57.915538801Z 53 PC: 13566 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:28:57.918723629Z 37 PC: 1356f | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:28:57.920711579Z 53 PC: 13566 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:28:57.922757004Z 37 PC: 1356f | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:28:57.925281243Z 53 PC: 13566 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:28:57.927169005Z 37 PC: 1356f | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:28:57.929111567Z 53 PC: 13566 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:28:57.931566949Z 37 PC: 1356f | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:28:57.933263175Z 53 PC: 13566 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:28:57.934872565Z 37 PC: 1356f | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:28:57.937269102Z 53 PC: 13566 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:28:57.938626502Z 37 PC: 1356f | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:28:57.939942883Z 53 PC: 13566 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:28:57.941483088Z 37 PC: 1356f | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:28:57.943645363Z 53 PC: 13566 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:28:57.945499513Z 37 PC: 1356f | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:28:57.947359957Z 53 PC: 13566 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:28:57.949647032Z 37 PC: 1356f | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:28:57.951485838Z 53 PC: 13566 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:28:57.953403271Z 37 PC: 1356f | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:28:57.958543743Z 53 PC: 13566 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:28:57.960028642Z 37 PC: 1356f | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:28:57.961442613Z 53 PC: 13566 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:28:57.963245235Z 37 PC: 1356f | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:28:57.964918654Z 53 PC: 13566 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:28:57.966112055Z 37 PC: 1356f | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:28:57.968768335Z 41 PC: 1351d | Parse filename
2018-12-17T22:28:57.970690009Z 41 PC: 1352b | Parse filename
2018-12-17T22:28:57.972536123Z 75 PC: 13536 | Execute program
2018-12-17T22:28:57.996773973Z 80 PC: 60789 | Set current PSP
2018-12-17T22:28:57.99777116Z 48 PC: 6078e | Get DOS version
2018-12-17T22:28:57.999739385Z 99 PC: 66f70 | Get DBCS lead byte table pointer
2018-12-17T22:28:58.003397802Z 101 PC: 60814 | Get extended country info
2018-12-17T22:28:58.005612805Z 99 PC: 6081a | Get DBCS lead byte table pointer
2018-12-17T22:28:58.007574929Z 74 PC: 6087c | Reallocate memory
2018-12-17T22:28:58.009736816Z 25 PC: 608b3 | Get default drive
2018-12-17T22:28:58.011780024Z 37 PC: 60373 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:28:58.013234413Z 37 PC: 6037a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:28:58.015501Z 37 PC: 60381 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:28:58.021738736Z 74 PC: 5f51c | Reallocate memory
2018-12-17T22:28:58.023914819Z 72 PC: 5f55d | Allocate memory
2018-12-17T22:28:58.026317079Z 72 PC: 5f595 | Allocate memory
2018-12-17T22:28:58.029596448Z 72 PC: 5f59d | Allocate memory