Sample viewer

vx.netlux.org/Virus.DOS.HLLW.Runme.5008

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:54:49.641866442Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:49.652165381Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:54:49.653317729Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:54:49.654408936Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:49.656271702Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:49.657894571Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:49.659448022Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:54:49.661300725Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:54:49.663717205Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:54:49.665771448Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:54:49.667730625Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:54:49.670628876Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:54:49.672052892Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:54:49.673462126Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:54:49.675976784Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:54:49.677213551Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:54:49.681884292Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:54:49.684519779Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:49.686768845Z	53	PC: 12e4a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:54:49.689969387Z	37	PC: 12e5f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:49.692743774Z	37	PC: 12e67 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:49.694159489Z	37	PC: 12e6f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:49.695400738Z	37	PC: 12e77 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:49.698273244Z	68	PC: 13933 \| I/O control for devices (Set for = '')
2018-12-17T21:54:49.700434872Z	44	PC: 13a6a \| Get time 0x13a6a: mov word ptr [0x200], cx 0x13a6e: mov word ptr [0x202], dx 0x13a72: retf 0x13a73: mov di, 0x214 0x13a76: push ds 0x13a77: pop es 0x13a78: mov cx, 0x296a 0x13a7b: sub cx, di 0x13a7d: shr cx, 1 0x13a7f: xor ax, ax 0x13a81: cld 0x13a82: rep stosd dword ptr es:[di], eax 0x13a84: ret 0x13a85: add byte ptr [bx + si], al 0x13a87: add byte ptr [bx + si], al 0x13a89: add byte ptr [bx + si], al 0x13a8b: add byte ptr [bx + si], al 0x13a8d: add byte ptr [bx + si], al 0x13a8f: add byte ptr [bx + si], al 0x13a91: add byte ptr [di], al
2018-12-17T21:54:49.703204933Z	61	PC: 13917 \| Open file (Filename = 'c:\dos\msc.dat')
2018-12-17T21:54:49.713923862Z	64	PC: 13268 \| Write file or device (Write 23 bytes on handle 1)
2018-12-17T21:54:49.719424341Z	48	PC: 1365e \| Get DOS version
2018-12-17T21:54:49.721647144Z	61	PC: 13510 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:54:49.730500493Z	63	PC: 135e3 \| Read file or device (Read 8192 bytes on handle 5)
2018-12-17T21:54:49.739600079Z	62	PC: 13560 \| Close file
2018-12-17T21:54:49.741823675Z	26	PC: 12d95 \| Set disk transfer address
2018-12-17T21:54:49.743169319Z	78	PC: 12da1 \| Find first file
2018-12-17T21:54:49.749976927Z	26	PC: 12db9 \| Set disk transfer address
2018-12-17T21:54:49.751183739Z	79	PC: 12dbe \| Find next file
2018-12-17T21:54:49.754027603Z	26	PC: 12db9 \| Set disk transfer address
2018-12-17T21:54:49.757322433Z	79	PC: 12dbe \| Find next file
2018-12-17T21:54:49.760628649Z	60	PC: 13510 \| Create or truncate file
2018-12-17T21:54:50.115720343Z	64	PC: 135e3 \| Write file or device (Write 5008 bytes on handle 5)
2018-12-17T21:54:50.134275085Z	62	PC: 13560 \| Close file
2018-12-17T21:54:50.158246933Z	26	PC: 12db9 \| Set disk transfer address
2018-12-17T21:54:50.159356848Z	79	PC: 12dbe \| Find next file
2018-12-17T21:54:50.162695606Z	26	PC: 12db9 \| Set disk transfer address
2018-12-17T21:54:50.163845132Z	79	PC: 12dbe \| Find next file
2018-12-17T21:54:50.166574088Z	60	PC: 13510 \| Create or truncate file
2018-12-17T21:54:50.176702899Z	64	PC: 135e3 \| Write file or device (Write 5008 bytes on handle 5)
2018-12-17T21:54:50.187371115Z	62	PC: 13560 \| Close file
2018-12-17T21:54:50.193710786Z	26	PC: 12db9 \| Set disk transfer address
2018-12-17T21:54:50.195882982Z	79	PC: 12dbe \| Find next file
2018-12-17T21:54:50.198896144Z	26	PC: 12db9 \| Set disk transfer address
2018-12-17T21:54:50.201043325Z	79	PC: 12dbe \| Find next file
2018-12-17T21:54:50.204306438Z	26	PC: 12db9 \| Set disk transfer address
2018-12-17T21:54:50.206643249Z	79	PC: 12dbe \| Find next file
2018-12-17T21:54:50.210113615Z	60	PC: 13917 \| Create or truncate file
2018-12-17T21:54:50.222118213Z	68	PC: 13933 \| I/O control for devices (Set for = 't��f')
2018-12-17T21:54:50.225366217Z	64	PC: 13243 \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T21:54:50.229362278Z	62	PC: 13282 \| Close file
2018-12-17T21:54:50.237502518Z	64	PC: 13268 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T21:54:50.239908459Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:54:50.241918955Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:54:50.243406267Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:54:50.246845923Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:54:50.248326917Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:54:50.25008169Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:50.25243137Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:54:50.253601595Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:54:50.25485549Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:54:50.256225623Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:54:50.257592481Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:54:50.258552036Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:54:50.260057995Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:54:50.261305164Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:54:50.26284972Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:54:50.264584274Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:54:50.2656121Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:54:50.266499399Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:54:50.267618724Z	37	PC: 12fa1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:54:50.269159353Z	76	PC: 12fe0 \| Terminate with return code (Return code = '0')