Sample viewer

vx.netlux.org/Virus.DOS.HLLO.4816

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:33:44.672941884Z 53 PC: 12fda | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:44.675398826Z 53 PC: 12fda | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:33:44.676946144Z 53 PC: 12fda | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:33:44.679815157Z 53 PC: 12fda | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:44.681477085Z 53 PC: 12fda | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:33:44.683109201Z 53 PC: 12fda | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:44.684991118Z 53 PC: 12fda | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:33:44.6957763Z 53 PC: 12fda | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:33:44.697576172Z 53 PC: 12fda | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:33:44.699348063Z 53 PC: 12fda | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:33:44.702035591Z 53 PC: 12fda | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:33:44.704402892Z 53 PC: 12fda | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:33:44.706547743Z 53 PC: 12fda | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:33:44.708921125Z 53 PC: 12fda | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:33:44.711222067Z 53 PC: 12fda | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:33:44.713022697Z 53 PC: 12fda | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:33:44.718166818Z 53 PC: 12fda | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:33:44.719961216Z 53 PC: 12fda | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:33:44.721716399Z 53 PC: 12fda | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:33:44.723695873Z 37 PC: 12fef | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:44.725353903Z 37 PC: 12ff7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:33:44.727018732Z 37 PC: 12fff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:44.746463452Z 37 PC: 13007 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:33:44.748584397Z 68 PC: 13ac3 | I/O control for devices (Set for = '')
2018-12-17T22:33:44.751099461Z 26 PC: 12f25 | Set disk transfer address
2018-12-17T22:33:44.753783544Z 78 PC: 12f31 | Find first file
2018-12-17T22:33:44.761373182Z 48 PC: 137ee | Get DOS version
2018-12-17T22:33:44.763396298Z 61 PC: 136a0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:33:44.772245263Z 61 PC: 136a0 | Open file (Filename = '\TEST.EXE')
2018-12-17T22:33:44.780570862Z 63 PC: 13773 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:33:44.784067535Z 63 PC: 13773 | Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:33:44.787642776Z 62 PC: 136f0 | Close file
2018-12-17T22:33:44.806538587Z 62 PC: 136f0 | Close file
2018-12-17T22:33:44.809006404Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:44.810683452Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:44.815777229Z 26 PC: 12f25 | Set disk transfer address
2018-12-17T22:33:44.832834316Z 78 PC: 12f31 | Find first file
2018-12-17T22:33:44.854791188Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:44.857344077Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:44.861064137Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:44.862402501Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:44.866210285Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:44.86750311Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:44.879482451Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:44.882643522Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:44.88575333Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:44.887178361Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:44.891038373Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:44.89256808Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:44.895613986Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:44.897318518Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:44.900462242Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:44.901917218Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:44.905356794Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:44.906919843Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:44.910082799Z 26 PC: 12f25 | Set disk transfer address
2018-12-17T22:33:44.911373146Z 78 PC: 12f31 | Find first file
2018-12-17T22:33:44.919842316Z 48 PC: 137ee | Get DOS version
2018-12-17T22:33:44.922293971Z 61 PC: 136a0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:33:44.930442977Z 61 PC: 136a0 | Open file (Filename = '\SLEEP.COM')
2018-12-17T22:33:44.939576456Z 63 PC: 13773 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:33:44.943449307Z 63 PC: 13773 | Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:33:44.951594707Z 62 PC: 136f0 | Close file
2018-12-17T22:33:44.954817036Z 62 PC: 136f0 | Close file
2018-12-17T22:33:44.959523122Z 48 PC: 137ee | Get DOS version
2018-12-17T22:33:44.961933864Z 61 PC: 136a0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:33:44.971666223Z 61 PC: 136a0 | Open file (Filename = '\SLEEP.COM')
2018-12-17T22:33:44.979721024Z 63 PC: 13773 | Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:33:44.98787478Z 64 PC: 13773 | Write file or device (Write 5120 bytes on handle 6)
2018-12-17T22:33:45.006294477Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.008794858Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.021392098Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:45.023812802Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:45.028666275Z 48 PC: 137ee | Get DOS version
2018-12-17T22:33:45.030732231Z 61 PC: 136a0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:33:45.039132795Z 61 PC: 136a0 | Open file (Filename = '\PRINT.COM')
2018-12-17T22:33:45.047659168Z 63 PC: 13773 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:33:45.053360995Z 63 PC: 13773 | Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:33:45.068151241Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.071201298Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.074000691Z 48 PC: 137ee | Get DOS version
2018-12-17T22:33:45.076101922Z 61 PC: 136a0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:33:45.084786754Z 61 PC: 136a0 | Open file (Filename = '\PRINT.COM')
2018-12-17T22:33:45.093626925Z 63 PC: 13773 | Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:33:45.100997567Z 64 PC: 13773 | Write file or device (Write 5120 bytes on handle 6)
2018-12-17T22:33:45.130143171Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.133249099Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.156770692Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:45.159658592Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:45.163640035Z 48 PC: 137ee | Get DOS version
2018-12-17T22:33:45.165589629Z 61 PC: 136a0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:33:45.181178422Z 61 PC: 136a0 | Open file (Filename = '\HELLO.COM')
2018-12-17T22:33:45.194324053Z 63 PC: 13773 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:33:45.199390847Z 63 PC: 13773 | Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:33:45.208598307Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.211620551Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.214180357Z 48 PC: 137ee | Get DOS version
2018-12-17T22:33:45.222537961Z 61 PC: 136a0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:33:45.247479189Z 61 PC: 136a0 | Open file (Filename = '\HELLO.COM')
2018-12-17T22:33:45.25571562Z 63 PC: 13773 | Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:33:45.264425307Z 64 PC: 13773 | Write file or device (Write 5120 bytes on handle 6)
2018-12-17T22:33:45.27598583Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.278776933Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.292218648Z 26 PC: 12f49 | Set disk transfer address
2018-12-17T22:33:45.295216807Z 79 PC: 12f4e | Find next file
2018-12-17T22:33:45.299400535Z 48 PC: 137ee | Get DOS version
2018-12-17T22:33:45.301725158Z 61 PC: 136a0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:33:45.309230032Z 61 PC: 136a0 | Open file (Filename = '\PHANG.COM')
2018-12-17T22:33:45.316776116Z 63 PC: 13773 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:33:45.32064551Z 63 PC: 13773 | Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:33:45.32811472Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.331027943Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.333706835Z 48 PC: 137ee | Get DOS version
2018-12-17T22:33:45.336137774Z 61 PC: 136a0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:33:45.345518451Z 61 PC: 136a0 | Open file (Filename = '\PHANG.COM')
2018-12-17T22:33:45.354658904Z 63 PC: 13773 | Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:33:45.362931696Z 64 PC: 13773 | Write file or device (Write 5120 bytes on handle 6)
2018-12-17T22:33:45.373185691Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.375730618Z 62 PC: 136f0 | Close file
2018-12-17T22:33:45.385185627Z 64 PC: 133f8 | Write file or device (Write 34 bytes on handle 1)
2018-12-17T22:33:45.391907916Z 64 PC: 133f8 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:33:45.394521821Z 37 PC: 13131 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:45.396586974Z 37 PC: 13131 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:33:45.399299085Z 37 PC: 13131 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:33:45.401898219Z 37 PC: 13131 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:45.403748362Z 37 PC: 13131 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:33:45.406982627Z 37 PC: 13131 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:45.408741782Z 37 PC: 13131 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:33:45.410499495Z 37 PC: 13131 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:33:45.412308337Z 37 PC: 13131 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:33:45.414616108Z 37 PC: 13131 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:33:45.41635189Z 37 PC: 13131 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:33:45.418523875Z 37 PC: 13131 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:33:45.421287101Z 37 PC: 13131 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:33:45.423246399Z 37 PC: 13131 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:33:45.425174347Z 37 PC: 13131 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:33:45.427881224Z 37 PC: 13131 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:33:45.429682866Z 37 PC: 13131 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:33:45.431628067Z 37 PC: 13131 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:33:45.434607603Z 37 PC: 13131 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:33:45.436360065Z 76 PC: 13170 | Terminate with return code (Return code = '0')