Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Inna.5283

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:33:59.474862338Z 53 PC: 1360a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:59.476140578Z 53 PC: 1360a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:33:59.477537448Z 53 PC: 1360a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:33:59.479148346Z 53 PC: 1360a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:59.480308823Z 53 PC: 1360a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:33:59.48137656Z 53 PC: 1360a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:59.483207928Z 53 PC: 1360a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:33:59.485208551Z 53 PC: 1360a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:33:59.486302536Z 53 PC: 1360a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:33:59.487770393Z 53 PC: 1360a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:33:59.497799425Z 53 PC: 1360a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:33:59.49900443Z 53 PC: 1360a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:33:59.500670195Z 53 PC: 1360a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:33:59.501857833Z 53 PC: 1360a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:33:59.502916241Z 53 PC: 1360a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:33:59.504653358Z 53 PC: 1360a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:33:59.505751746Z 53 PC: 1360a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:33:59.506812691Z 53 PC: 1360a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:33:59.508954018Z 53 PC: 1360a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:33:59.510279195Z 37 PC: 1361f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:59.51116317Z 37 PC: 13627 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:33:59.51233614Z 37 PC: 1362f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:59.527397046Z 37 PC: 13637 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:33:59.528846558Z 68 PC: 1427c | I/O control for devices (Set for = '')
2018-12-17T22:33:59.530202571Z 53 PC: 13380 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:33:59.531784491Z 37 PC: 1339c | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:33:59.532899106Z 48 PC: 13e92 | Get DOS version
2018-12-17T22:33:59.534424445Z 61 PC: 13cd0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:33:59.541966281Z 63 PC: 13da3 | Read file or device (Read 5275 bytes on handle 5)
2018-12-17T22:33:59.549524021Z 62 PC: 13d20 | Close file
2018-12-17T22:33:59.554257867Z 26 PC: 1331f | Set disk transfer address
2018-12-17T22:33:59.556635051Z 78 PC: 1332b | Find first file
2018-12-17T22:33:59.563465385Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.564833274Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.569529291Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.571573649Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.574763818Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.576732325Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.581912627Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.583133334Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.58692187Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.589560282Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.59342519Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.595120011Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.599532356Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.600615301Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.604505928Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.605778864Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.609132985Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.611317891Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.614593043Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.61584318Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.620056464Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.621560983Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.624888271Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.626786687Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.62994563Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.630971023Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.634923392Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.635978537Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.639621796Z 67 PC: 132a8 | Get or set file attributes
2018-12-17T22:33:59.655135119Z 61 PC: 13cd0 | Open file (Filename = '\TEST.EXE')
2018-12-17T22:33:59.661870989Z 66 PC: 13e02 | Move file pointer
2018-12-17T22:33:59.663261346Z 63 PC: 13da3 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:33:59.671880408Z 87 PC: 132ef | Get or set file date and time
2018-12-17T22:33:59.673257599Z 67 PC: 132a8 | Get or set file attributes
2018-12-17T22:33:59.683792311Z 62 PC: 13d20 | Close file
2018-12-17T22:33:59.691409312Z 26 PC: 13343 | Set disk transfer address
2018-12-17T22:33:59.692691708Z 79 PC: 13348 | Find next file
2018-12-17T22:33:59.695285981Z 44 PC: 1323d | Get time 0x1323d: xor ah, ah
0x1323f: mov al, dl
0x13241: les di, ptr [bp + 6]
0x13244: stosw word ptr es:[di], ax
0x13245: mov al, dh
0x13247: les di, ptr [bp + 0xa]
0x1324a: stosw word ptr es:[di], ax
0x1324b: mov al, cl
0x1324d: les di, ptr [bp + 0xe]
0x13250: stosw word ptr es:[di], ax
0x13251: mov al, ch
0x13253: les di, ptr [bp + 0x12]
0x13256: stosw word ptr es:[di], ax
0x13257: pop bp
0x13258: retf 0x10
0x1325b: push bp
0x1325c: mov bp, sp
0x1325e: mov ch, byte ptr [bp + 0xc]
0x13261: mov cl, byte ptr [bp + 0xa]
0x13264: mov dh, byte ptr [bp + 8]
2018-12-17T22:33:59.698432816Z 42 PC: 13207 | Get date 0x13207: xor ah, ah
0x13209: les di, ptr [bp + 6]
0x1320c: stosw word ptr es:[di], ax
0x1320d: mov al, dl
0x1320f: les di, ptr [bp + 0xa]
0x13212: stosw word ptr es:[di], ax
0x13213: mov al, dh
0x13215: les di, ptr [bp + 0xe]
0x13218: stosw word ptr es:[di], ax
0x13219: xchg ax, cx
0x1321a: les di, ptr [bp + 0x12]
0x1321d: stosw word ptr es:[di], ax
0x1321e: pop bp
0x1321f: retf 0x10
0x13222: push bp
0x13223: mov bp, sp
0x13225: mov cx, word ptr [bp + 0xa]
0x13228: mov dh, byte ptr [bp + 8]
0x1322b: mov dl, byte ptr [bp + 6]
0x1322e: mov ah, 0x2b
2018-12-17T22:33:59.700729344Z 37 PC: 1339c | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:33:59.701896349Z 26 PC: 1331f | Set disk transfer address
2018-12-17T22:33:59.703614845Z 78 PC: 1332b | Find first file
2018-12-17T22:33:59.709644326Z 67 PC: 132a8 | Get or set file attributes
2018-12-17T22:33:59.72214954Z 61 PC: 13cd0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:33:59.729011771Z 66 PC: 1437b | Move file pointer
2018-12-17T22:33:59.730293772Z 66 PC: 14389 | Move file pointer
2018-12-17T22:33:59.731554103Z 66 PC: 14397 | Move file pointer
2018-12-17T22:33:59.733716904Z 66 PC: 13e02 | Move file pointer
2018-12-17T22:33:59.735848496Z 63 PC: 13da3 | Read file or device (Read 5275 bytes on handle 5)
2018-12-17T22:33:59.743341642Z 66 PC: 13e02 | Move file pointer
2018-12-17T22:33:59.745474264Z 64 PC: 13d01 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:33:59.753484223Z 66 PC: 13e02 | Move file pointer
2018-12-17T22:33:59.754870532Z 64 PC: 13da3 | Write file or device (Write 5275 bytes on handle 5)
2018-12-17T22:33:59.76416191Z 87 PC: 132ef | Get or set file date and time
2018-12-17T22:33:59.765853427Z 67 PC: 132a8 | Get or set file attributes
2018-12-17T22:33:59.775990013Z 62 PC: 13d20 | Close file
2018-12-17T22:33:59.784524881Z 53 PC: 13585 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:59.785451806Z 37 PC: 1358e | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:59.786636887Z 53 PC: 13585 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:33:59.788220647Z 37 PC: 1358e | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:33:59.789223195Z 53 PC: 13585 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:33:59.791889419Z 37 PC: 1358e | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:33:59.793217919Z 53 PC: 13585 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:59.794526417Z 37 PC: 1358e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:33:59.796660374Z 53 PC: 13585 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:33:59.797956209Z 37 PC: 1358e | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:33:59.799183592Z 53 PC: 13585 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:59.801376732Z 37 PC: 1358e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:59.802681835Z 53 PC: 13585 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:33:59.80386884Z 37 PC: 1358e | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:33:59.806027034Z 53 PC: 13585 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:33:59.807300514Z 37 PC: 1358e | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:33:59.808524233Z 53 PC: 13585 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:33:59.811393235Z 37 PC: 1358e | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:33:59.81266325Z 53 PC: 13585 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:33:59.813973992Z 37 PC: 1358e | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:33:59.816080516Z 53 PC: 13585 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:33:59.817248858Z 37 PC: 1358e | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:33:59.81814169Z 53 PC: 13585 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:33:59.819600442Z 37 PC: 1358e | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:33:59.820918352Z 53 PC: 13585 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:33:59.82219353Z 37 PC: 1358e | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:33:59.824372934Z 53 PC: 13585 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:33:59.825704684Z 37 PC: 1358e | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:33:59.826993229Z 53 PC: 13585 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:33:59.830278032Z 37 PC: 1358e | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:33:59.831559495Z 53 PC: 13585 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:33:59.83283344Z 37 PC: 1358e | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:33:59.835867761Z 53 PC: 13585 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:33:59.837193368Z 37 PC: 1358e | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:33:59.838461029Z 53 PC: 13585 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:33:59.840369286Z 37 PC: 1358e | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:33:59.841681007Z 53 PC: 13585 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:33:59.842998361Z 37 PC: 1358e | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:33:59.845458445Z 41 PC: 134d4 | Parse filename
2018-12-17T22:33:59.847060587Z 41 PC: 134e2 | Parse filename
2018-12-17T22:33:59.848815132Z 75 PC: 134ed | Execute program
2018-12-17T22:33:59.86947639Z 80 PC: 19b59 | Set current PSP
2018-12-17T22:33:59.87054827Z 48 PC: 19b5e | Get DOS version
2018-12-17T22:33:59.872218902Z 99 PC: 20340 | Get DBCS lead byte table pointer
2018-12-17T22:33:59.876427443Z 101 PC: 19be4 | Get extended country info
2018-12-17T22:33:59.87767781Z 99 PC: 19bea | Get DBCS lead byte table pointer
2018-12-17T22:33:59.87894357Z 74 PC: 19c4c | Reallocate memory
2018-12-17T22:33:59.880951094Z 25 PC: 19c83 | Get default drive
2018-12-17T22:33:59.882074203Z 37 PC: 19743 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:33:59.883121041Z 37 PC: 1974a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:33:59.884828007Z 37 PC: 19751 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:59.889085183Z 74 PC: 188ec | Reallocate memory
2018-12-17T22:33:59.890733581Z 72 PC: 1892d | Allocate memory
2018-12-17T22:33:59.89352238Z 72 PC: 18965 | Allocate memory
2018-12-17T22:33:59.895377457Z 72 PC: 1896d | Allocate memory