Sample viewer

vx.netlux.org/Virus.DOS.HLLW.Runme.10832

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:31:54.007793746Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:31:54.010193826Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:31:54.011925449Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:31:54.013717474Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:54.015854826Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:31:54.018585785Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:31:54.020364941Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:31:54.022150863Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:31:54.024914925Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:31:54.02669353Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:31:54.028933764Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:31:54.031634436Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:31:54.033350491Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:31:54.035274335Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:31:54.038068449Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:31:54.03934087Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:31:54.040429285Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:31:54.042933625Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:31:54.044347403Z	53	PC: 13e8a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:31:54.045806904Z	37	PC: 13e9f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:31:54.047118781Z	37	PC: 13ea7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:31:54.049108332Z	37	PC: 13eaf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:31:54.051059115Z	37	PC: 13eb7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:31:54.053494854Z	68	PC: 14b46 \| I/O control for devices (Set for = '')
2018-12-17T22:31:54.056930273Z	44	PC: 14c7d \| Get time 0x14c7d: mov word ptr [0x242], cx 0x14c81: mov word ptr [0x244], dx 0x14c85: retf 0x14c86: call 0x14ccd 0x14c89: jb 0x14c9a 0x14c8b: mov cx, word ptr es:[di + 4] 0x14c8f: cmp cx, 1 0x14c92: je 0x14c9a 0x14c94: xor bx, bx 0x14c96: push cs 0x14c97: call 0x2480e 0x14c9a: retf 4 0x14c9d: call 0x14ccd 0x14ca0: jb 0x14cb5 0x14ca2: mov ax, cx 0x14ca4: mov dx, bx 0x14ca6: mov cx, word ptr es:[di + 4] 0x14caa: cmp cx, 1 0x14cad: je 0x14cb5 0x14caf: xor bx, bx
2018-12-17T22:31:54.059850664Z	48	PC: 1475c \| Get DOS version
2018-12-17T22:31:54.061865452Z	61	PC: 1459a \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:31:54.071109589Z	63	PC: 1466d \| Read file or device (Read 16384 bytes on handle 5)
2018-12-17T22:31:54.079711858Z	62	PC: 145ea \| Close file
2018-12-17T22:31:54.082566444Z	61	PC: 14b2a \| Open file (Filename = 'c:\dos\msc.dat')
2018-12-17T22:31:54.095132918Z	60	PC: 14b2a \| Create or truncate file
2018-12-17T22:31:54.515775943Z	68	PC: 14b46 \| I/O control for devices (Set for = '')
2018-12-17T22:31:54.51826655Z	64	PC: 14283 \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T22:31:54.528924903Z	62	PC: 142c2 \| Close file
2018-12-17T22:31:54.538945201Z	26	PC: 13c95 \| Set disk transfer address
2018-12-17T22:31:54.541266652Z	78	PC: 13ca1 \| Find first file
2018-12-17T22:31:54.5490422Z	26	PC: 13cb9 \| Set disk transfer address
2018-12-17T22:31:54.551587569Z	79	PC: 13cbe \| Find next file
2018-12-17T22:31:54.555266667Z	26	PC: 13cb9 \| Set disk transfer address
2018-12-17T22:31:54.556789633Z	79	PC: 13cbe \| Find next file
2018-12-17T22:31:54.561233949Z	60	PC: 1459a \| Create or truncate file
2018-12-17T22:31:54.577303214Z	64	PC: 1466d \| Write file or device (Write 10832 bytes on handle 5)
2018-12-17T22:31:54.592536106Z	62	PC: 145ea \| Close file
2018-12-17T22:31:54.602714586Z	26	PC: 13cb9 \| Set disk transfer address
2018-12-17T22:31:54.604336706Z	79	PC: 13cbe \| Find next file
2018-12-17T22:31:54.607852681Z	26	PC: 13cb9 \| Set disk transfer address
2018-12-17T22:31:54.610238488Z	79	PC: 13cbe \| Find next file
2018-12-17T22:31:54.614197617Z	60	PC: 1459a \| Create or truncate file
2018-12-17T22:31:54.628514386Z	64	PC: 1466d \| Write file or device (Write 10832 bytes on handle 5)
2018-12-17T22:31:54.641567183Z	62	PC: 145ea \| Close file
2018-12-17T22:31:54.649923968Z	26	PC: 13cb9 \| Set disk transfer address
2018-12-17T22:31:54.651328345Z	79	PC: 13cbe \| Find next file
2018-12-17T22:31:54.655399347Z	26	PC: 13cb9 \| Set disk transfer address
2018-12-17T22:31:54.656622889Z	79	PC: 13cbe \| Find next file
2018-12-17T22:31:54.65960504Z	26	PC: 13cb9 \| Set disk transfer address
2018-12-17T22:31:54.661204863Z	79	PC: 13cbe \| Find next file
2018-12-17T22:31:54.664683617Z	64	PC: 142a8 \| Write file or device (Write 27 bytes on handle 1)
2018-12-17T22:31:54.67042704Z	64	PC: 142a8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:31:54.672485988Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:31:54.674242252Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:31:54.675554476Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:31:54.676836155Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:54.678682566Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:31:54.680082004Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:31:54.681450727Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:31:54.685363445Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:31:54.686967271Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:31:54.688515404Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:31:54.690801591Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:31:54.69238818Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:31:54.694034444Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:31:54.697268964Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:31:54.699224512Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:31:54.700914249Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:31:54.703600369Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:31:54.706072854Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:31:54.708014099Z	37	PC: 13fe1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:31:54.709912171Z	76	PC: 14020 \| Terminate with return code (Return code = '0')