Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Uri.39196

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:34.322158692Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:34.32493808Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:29:34.327040222Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:34.329152149Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:34.353813748Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:34.355304801Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:34.356710843Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:29:34.358439088Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:29:34.360054736Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:29:34.361441497Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:29:34.363171581Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:29:34.376170201Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:29:34.382066622Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:29:34.383695451Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:29:34.386253121Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:29:34.387952873Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:29:34.389596349Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:29:34.398599529Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:34.400627755Z	53	PC: 1b4ea \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:29:34.402594695Z	37	PC: 1b4ff \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:34.405779945Z	37	PC: 1b507 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:34.407215369Z	37	PC: 1b50f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:34.408618153Z	37	PC: 1b517 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:34.412007426Z	68	PC: 1c4c2 \| I/O control for devices (Set for = '')
2018-12-17T22:29:34.491016337Z	37	PC: 1ac51 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:34.493076035Z	48	PC: 1bfd5 \| Get DOS version
2018-12-17T22:29:34.495047293Z	61	PC: 1be13 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:29:34.502776232Z	66	PC: 1ce37 \| Move file pointer
2018-12-17T22:29:34.504331625Z	66	PC: 1ce45 \| Move file pointer
2018-12-17T22:29:34.505723764Z	66	PC: 1ce53 \| Move file pointer
2018-12-17T22:29:34.508142317Z	62	PC: 1be63 \| Close file
2018-12-17T22:29:34.510563446Z	25	PC: 1b429 \| Get default drive
2018-12-17T22:29:34.512210517Z	44	PC: 1cdcd \| Get time 0x1cdcd: mov word ptr [0x588], cx 0x1cdd1: mov word ptr [0x58a], dx 0x1cdd5: retf 0x1cdd6: call 0x1ce1d 0x1cdd9: jb 0x1cdea 0x1cddb: mov cx, word ptr es:[di + 4] 0x1cddf: cmp cx, 1 0x1cde2: je 0x1cdea 0x1cde4: xor bx, bx 0x1cde6: push cs 0x1cde7: call 0x2c185 0x1cdea: retf 4 0x1cded: call 0x1ce1d 0x1cdf0: jb 0x1ce05 0x1cdf2: mov ax, cx 0x1cdf4: mov dx, bx 0x1cdf6: mov cx, word ptr es:[di + 4] 0x1cdfa: cmp cx, 1 0x1cdfd: je 0x1ce05 0x1cdff: xor bx, bx
2018-12-17T22:29:34.515381141Z	26	PC: 1b2fd \| Set disk transfer address
2018-12-17T22:29:34.516869576Z	78	PC: 1b309 \| Find first file
2018-12-17T22:29:34.523801698Z	61	PC: 1be13 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:29:34.531652403Z	67	PC: 1b286 \| Get or set file attributes
2018-12-17T22:29:34.562555381Z	62	PC: 1be63 \| Close file
2018-12-17T22:29:34.565548147Z	26	PC: 1b321 \| Set disk transfer address
2018-12-17T22:29:34.567738946Z	79	PC: 1b326 \| Find next file
2018-12-17T22:29:34.570895391Z	14	PC: 1b429 \| Set default drive (Drive = 'A')
2018-12-17T22:29:34.572725525Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:34.574430921Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:34.575676404Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:29:34.576877482Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:29:34.578779083Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:34.580005007Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:34.581518192Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:34.583403057Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:34.585029731Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:34.586335872Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:34.587727523Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:34.589231437Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:34.590484925Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:29:34.591753886Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:29:34.593282543Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:29:34.594646771Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:29:34.596085329Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:29:34.598017877Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:29:34.599342554Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:29:34.60062714Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:29:34.602291177Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:29:34.603293117Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:29:34.604185176Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:29:34.605716701Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:29:34.606614499Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:29:34.607537694Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:29:34.609296296Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:29:34.610675699Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:29:34.611924183Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:29:34.613664112Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:29:34.615242326Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:29:34.616941121Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:29:34.619765774Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:29:34.621037421Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:29:34.622370679Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:34.623940275Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:34.625570701Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:29:34.62723241Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:29:34.62941281Z	48	PC: 1bfd5 \| Get DOS version
2018-12-17T22:29:34.631247363Z	48	PC: 1bfd5 \| Get DOS version
2018-12-17T22:29:34.633394771Z	41	PC: 1b3b5 \| Parse filename
2018-12-17T22:29:34.635899737Z	41	PC: 1b3c3 \| Parse filename
2018-12-17T22:29:34.637683135Z	75	PC: 1b3ce \| Execute program
2018-12-17T22:29:34.64510797Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:34.647005635Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:34.648167465Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:29:34.64919621Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:29:34.650706498Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:34.651685535Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:34.652672302Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:34.654312583Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:34.655343555Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:34.65636546Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:34.657950381Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:34.658917953Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:34.659915399Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:29:34.661603402Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:29:34.662656675Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:29:34.663673835Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:29:34.664856686Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:29:34.66616816Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:29:34.667159205Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:29:34.668346546Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:29:34.669686108Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:29:34.670707244Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:29:34.672037501Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:29:34.673414067Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:29:34.674524652Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:29:34.675753216Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:29:34.677232759Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:29:34.678271011Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:29:34.679447119Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:29:34.680781613Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:29:34.681793501Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:29:34.682996271Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:29:34.684512027Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:29:34.685621509Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:29:34.686890842Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:34.688381187Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:34.689449142Z	53	PC: 1b466 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:29:34.690712464Z	37	PC: 1b46f \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:29:34.694644401Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:34.695642959Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:29:34.696990923Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:34.698462858Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:34.699480942Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:34.700671533Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:34.701959529Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:29:34.702944549Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:29:34.704141753Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:29:34.705601914Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:29:34.706594902Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:29:34.707762703Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:29:34.709045011Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:29:34.710036098Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:29:34.71119825Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:29:34.71248283Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:29:34.713467204Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:29:34.7146218Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:34.716486489Z	37	PC: 1b641 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:29:34.726149933Z	76	PC: 1b680 \| Terminate with return code (Return code = '0')