Sample viewer

vx.netlux.org/Virus.DOS.HLLP.BlackStar.6880

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:30:25.021240451Z 53 PC: 135ea | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:25.024061961Z 53 PC: 135ea | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:30:25.025898618Z 53 PC: 135ea | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:25.027670143Z 53 PC: 135ea | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:25.030405162Z 53 PC: 135ea | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:25.031962675Z 53 PC: 135ea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:25.033410994Z 53 PC: 135ea | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:30:25.035387786Z 53 PC: 135ea | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:30:25.037445024Z 53 PC: 135ea | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:30:25.039566538Z 53 PC: 135ea | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:30:25.04166583Z 53 PC: 135ea | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:30:25.043679256Z 53 PC: 135ea | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:30:25.04565854Z 53 PC: 135ea | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:30:25.047084096Z 53 PC: 135ea | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:30:25.048165115Z 53 PC: 135ea | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:30:25.049325389Z 53 PC: 135ea | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:30:25.051231953Z 53 PC: 135ea | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:30:25.052621056Z 53 PC: 135ea | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:30:25.054011557Z 53 PC: 135ea | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:30:25.056102897Z 37 PC: 135ff | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:25.057092026Z 37 PC: 13607 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:25.058048922Z 37 PC: 1360f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:25.061141558Z 37 PC: 13617 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:30:25.062589011Z 68 PC: 141b9 | I/O control for devices (Set for = '')
2018-12-17T22:30:25.063940755Z 48 PC: 13dfe | Get DOS version
2018-12-17T22:30:25.066445381Z 61 PC: 13cb0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:30:25.073161012Z 63 PC: 13d83 | Read file or device (Read 6880 bytes on handle 5)
2018-12-17T22:30:25.080978029Z 62 PC: 13d00 | Close file
2018-12-17T22:30:25.084192556Z 25 PC: 13e8b | Get default drive
2018-12-17T22:30:25.085290674Z 71 PC: 13e9e | Get current directory
2018-12-17T22:30:25.088501047Z 26 PC: 133f9 | Set disk transfer address
2018-12-17T22:30:25.090575863Z 78 PC: 13405 | Find first file
2018-12-17T22:30:25.096852475Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.097891532Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.102130727Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.103323472Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.106426137Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.107934469Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.111761621Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.11326545Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.117694635Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.118937369Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.122182085Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.123953853Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.127886916Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.128890681Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.131648034Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.132605823Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.134935242Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.136549256Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.13922163Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.140197732Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.142897327Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.143824858Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.14610934Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.147248846Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.150266003Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.151228208Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.154698033Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.155649138Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.15826547Z 61 PC: 13cb0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:30:25.162609624Z 66 PC: 13de2 | Move file pointer
2018-12-17T22:30:25.164311113Z 63 PC: 13d83 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:30:25.167787767Z 62 PC: 13d00 | Close file
2018-12-17T22:30:25.169848487Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.171123528Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.173664108Z 26 PC: 133f9 | Set disk transfer address
2018-12-17T22:30:25.174846793Z 78 PC: 13405 | Find first file
2018-12-17T22:30:25.180627357Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.181571879Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.184238155Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.185786114Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.18850111Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.18990766Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.192948043Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.194029249Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.196676849Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.19782391Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.200667094Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.201563428Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.204364036Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.205482313Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.208137185Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.209679807Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.212581292Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.213772785Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.216599409Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.217853251Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.221279107Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.222492304Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.225011382Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.226300252Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.230471675Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.231847847Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.234775279Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.236412795Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.239159027Z 26 PC: 1341d | Set disk transfer address
2018-12-17T22:30:25.240421753Z 79 PC: 13422 | Find next file
2018-12-17T22:30:25.243145025Z 26 PC: 133f9 | Set disk transfer address
2018-12-17T22:30:25.244296255Z 78 PC: 13405 | Find first file
2018-12-17T22:30:25.250775699Z 67 PC: 133c8 | Get or set file attributes
2018-12-17T22:30:25.268231904Z 61 PC: 13cb0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:30:25.275308596Z 66 PC: 13de2 | Move file pointer
2018-12-17T22:30:25.277247938Z 63 PC: 13d83 | Read file or device (Read 6880 bytes on handle 5)
2018-12-17T22:30:25.286378241Z 66 PC: 13de2 | Move file pointer
2018-12-17T22:30:25.287931477Z 64 PC: 13ce1 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:30:25.296055235Z 66 PC: 13de2 | Move file pointer
2018-12-17T22:30:25.298671148Z 64 PC: 13d83 | Write file or device (Write 6880 bytes on handle 5)
2018-12-17T22:30:25.30667245Z 67 PC: 133c8 | Get or set file attributes
2018-12-17T22:30:25.317335656Z 62 PC: 13d00 | Close file
2018-12-17T22:30:25.326561204Z 53 PC: 13568 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:25.327796168Z 37 PC: 13571 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:25.328930783Z 53 PC: 13568 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:30:25.330787286Z 37 PC: 13571 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:30:25.331800993Z 53 PC: 13568 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:25.332811814Z 37 PC: 13571 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:25.333955087Z 53 PC: 13568 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:25.335050371Z 37 PC: 13571 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:25.336304002Z 53 PC: 13568 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:25.33781121Z 37 PC: 13571 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:25.338940596Z 53 PC: 13568 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:25.340070938Z 37 PC: 13571 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:25.341435533Z 53 PC: 13568 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:30:25.342879146Z 37 PC: 13571 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:30:25.344185309Z 53 PC: 13568 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:30:25.346118948Z 37 PC: 13571 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:30:25.347374955Z 53 PC: 13568 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:30:25.349238695Z 37 PC: 13571 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:30:25.350494667Z 53 PC: 13568 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:30:25.351755907Z 37 PC: 13571 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:30:25.354166063Z 53 PC: 13568 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:30:25.355789488Z 37 PC: 13571 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:30:25.357065299Z 53 PC: 13568 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:30:25.359102852Z 37 PC: 13571 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:30:25.360291537Z 53 PC: 13568 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:30:25.361867744Z 37 PC: 13571 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:30:25.363718371Z 53 PC: 13568 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:30:25.364670751Z 37 PC: 13571 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:30:25.365740363Z 53 PC: 13568 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:30:25.367268338Z 37 PC: 13571 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:30:25.368921046Z 53 PC: 13568 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:30:25.36984208Z 37 PC: 13571 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:30:25.371239143Z 53 PC: 13568 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:30:25.372608437Z 37 PC: 13571 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:30:25.373850648Z 53 PC: 13568 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:30:25.376145146Z 37 PC: 13571 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:30:25.377138197Z 53 PC: 13568 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:30:25.378232893Z 37 PC: 13571 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:30:25.380908097Z 41 PC: 1351f | Parse filename
2018-12-17T22:30:25.382420983Z 41 PC: 1352d | Parse filename
2018-12-17T22:30:25.383899894Z 75 PC: 13538 | Execute program
2018-12-17T22:30:25.419769946Z 80 PC: 1fce9 | Set current PSP
2018-12-17T22:30:25.42098168Z 48 PC: 1fcee | Get DOS version
2018-12-17T22:30:25.423032507Z 99 PC: 264d0 | Get DBCS lead byte table pointer
2018-12-17T22:30:25.426584197Z 101 PC: 1fd74 | Get extended country info
2018-12-17T22:30:25.427800243Z 99 PC: 1fd7a | Get DBCS lead byte table pointer
2018-12-17T22:30:25.429322634Z 74 PC: 1fddc | Reallocate memory
2018-12-17T22:30:25.431358976Z 25 PC: 1fe13 | Get default drive
2018-12-17T22:30:25.432681576Z 37 PC: 1f8d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:30:25.434256377Z 37 PC: 1f8da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:25.435259886Z 37 PC: 1f8e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:25.437992295Z 74 PC: 1ea7c | Reallocate memory
2018-12-17T22:30:25.439699899Z 72 PC: 1eabd | Allocate memory
2018-12-17T22:30:25.440929535Z 72 PC: 1eaf5 | Allocate memory
2018-12-17T22:30:25.442608303Z 72 PC: 1eafd | Allocate memory