Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Satyricon.7824

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:34:24.566630463Z 53 PC: 135ea | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:34:24.576926552Z 53 PC: 135ea | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:34:24.578158405Z 53 PC: 135ea | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:34:24.579484827Z 53 PC: 135ea | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:24.581579403Z 53 PC: 135ea | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:34:24.582980464Z 53 PC: 135ea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:24.584532706Z 53 PC: 135ea | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:34:24.587142247Z 53 PC: 135ea | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:34:24.588437077Z 53 PC: 135ea | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:34:24.589866498Z 53 PC: 135ea | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:34:24.594951923Z 53 PC: 135ea | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:34:24.597413074Z 53 PC: 135ea | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:34:24.600053343Z 53 PC: 135ea | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:34:24.60187776Z 53 PC: 135ea | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:34:24.603957482Z 53 PC: 135ea | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:34:24.605265891Z 53 PC: 135ea | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:34:24.606483569Z 53 PC: 135ea | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:34:24.608755319Z 53 PC: 135ea | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:34:24.610273184Z 53 PC: 135ea | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:34:24.611838089Z 37 PC: 135ff | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:34:24.613987591Z 37 PC: 13607 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:34:24.615467592Z 37 PC: 1360f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:24.616863635Z 37 PC: 13617 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:34:24.619991629Z 68 PC: 14421 | I/O control for devices (Set for = '�c��!r;�t�m')
2018-12-17T22:34:24.621937376Z 48 PC: 13ed2 | Get DOS version
2018-12-17T22:34:24.623533394Z 67 PC: 13318 | Get or set file attributes
2018-12-17T22:34:24.630744008Z 87 PC: 13359 | Get or set file date and time
2018-12-17T22:34:24.632396528Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:34:24.639182234Z 63 PC: 13de3 | Read file or device (Read 7824 bytes on handle 5)
2018-12-17T22:34:24.652936398Z 62 PC: 13d60 | Close file
2018-12-17T22:34:24.655341394Z 44 PC: 14558 | Get time 0x14558: mov word ptr [0x4e], cx
0x1455c: mov word ptr [0x50], dx
0x14560: retf
0x14561: call 0x145a8
0x14564: jb 0x14575
0x14566: mov cx, word ptr es:[di + 4]
0x1456a: cmp cx, 1
0x1456d: je 0x14575
0x1456f: xor bx, bx
0x14571: push cs
0x14572: call 0x23f84
0x14575: retf 4
0x14578: call 0x145a8
0x1457b: jb 0x14590
0x1457d: mov ax, cx
0x1457f: mov dx, bx
0x14581: mov cx, word ptr es:[di + 4]
0x14585: cmp cx, 1
0x14588: je 0x14590
0x1458a: xor bx, bx
2018-12-17T22:34:24.657768366Z 48 PC: 132d4 | Get DOS version
2018-12-17T22:34:24.659670005Z 54 PC: 132df | Get free disk space
2018-12-17T22:34:24.697988419Z 60 PC: 13d10 | Create or truncate file
2018-12-17T22:34:25.34948405Z 62 PC: 13d60 | Close file
2018-12-17T22:34:25.352490037Z 65 PC: 13e59 | Delete file (Filename = 'C:\TMP.TMP')
2018-12-17T22:34:25.362615297Z 54 PC: 132df | Get free disk space
2018-12-17T22:34:25.364983857Z 54 PC: 132df | Get free disk space
2018-12-17T22:34:25.3675946Z 54 PC: 132df | Get free disk space
2018-12-17T22:34:25.369962023Z 54 PC: 132df | Get free disk space
2018-12-17T22:34:25.371823492Z 54 PC: 132df | Get free disk space
2018-12-17T22:34:25.373898105Z 54 PC: 132df | Get free disk space
2018-12-17T22:34:25.376780399Z 54 PC: 132df | Get free disk space
2018-12-17T22:34:25.379109484Z 26 PC: 133b6 | Set disk transfer address
2018-12-17T22:34:25.381006614Z 78 PC: 133c2 | Find first file
2018-12-17T22:34:25.387804972Z 26 PC: 133b6 | Set disk transfer address
2018-12-17T22:34:25.389325492Z 78 PC: 133c2 | Find first file
2018-12-17T22:34:25.395802997Z 26 PC: 133da | Set disk transfer address
2018-12-17T22:34:25.398289589Z 79 PC: 133df | Find next file
2018-12-17T22:34:25.400929767Z 26 PC: 133da | Set disk transfer address
2018-12-17T22:34:25.402038885Z 79 PC: 133df | Find next file
2018-12-17T22:34:25.405701527Z 26 PC: 133da | Set disk transfer address
2018-12-17T22:34:25.406789425Z 79 PC: 133df | Find next file
2018-12-17T22:34:25.410078957Z 26 PC: 133b6 | Set disk transfer address
2018-12-17T22:34:25.41195189Z 78 PC: 133c2 | Find first file
2018-12-17T22:34:25.421307605Z 26 PC: 133da | Set disk transfer address
2018-12-17T22:34:25.422714132Z 79 PC: 133df | Find next file
2018-12-17T22:34:25.426878207Z 26 PC: 133da | Set disk transfer address
2018-12-17T22:34:25.428277337Z 79 PC: 133df | Find next file
2018-12-17T22:34:25.431758788Z 26 PC: 133da | Set disk transfer address
2018-12-17T22:34:25.433835012Z 79 PC: 133df | Find next file
2018-12-17T22:34:25.436999942Z 26 PC: 133da | Set disk transfer address
2018-12-17T22:34:25.438290432Z 79 PC: 133df | Find next file
2018-12-17T22:34:25.442696991Z 26 PC: 133da | Set disk transfer address
2018-12-17T22:34:25.4444137Z 79 PC: 133df | Find next file
2018-12-17T22:34:25.448257599Z 61 PC: 13d10 | Open file (Filename = 'C:\DOS\MEM.EXE')
2018-12-17T22:34:25.455739528Z 63 PC: 13de3 | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:34:25.461750528Z 62 PC: 13d60 | Close file
2018-12-17T22:34:25.46432307Z 26 PC: 13527 | Set disk transfer address
2018-12-17T22:34:25.466660223Z 61 PC: 13d10 | Open file (Filename = 'C:\DOS\MEM.EXE')
2018-12-17T22:34:25.474613117Z 63 PC: 13de3 | Read file or device (Read 7824 bytes on handle 5)
2018-12-17T22:34:25.482268092Z 66 PC: 13e42 | Move file pointer
2018-12-17T22:34:25.484625087Z 64 PC: 13de3 | Write file or device (Write 7824 bytes on handle 5)
2018-12-17T22:34:25.492397826Z 66 PC: 145c2 | Move file pointer
2018-12-17T22:34:25.494081128Z 66 PC: 145d0 | Move file pointer
2018-12-17T22:34:25.496399739Z 66 PC: 145de | Move file pointer
2018-12-17T22:34:25.49816672Z 66 PC: 13e42 | Move file pointer
2018-12-17T22:34:25.499907954Z 64 PC: 13de3 | Write file or device (Write 7824 bytes on handle 5)
2018-12-17T22:34:25.511777675Z 62 PC: 13d60 | Close file
2018-12-17T22:34:25.519614774Z 87 PC: 13386 | Get or set file date and time
2018-12-17T22:34:25.521400516Z 67 PC: 1333f | Get or set file attributes
2018-12-17T22:34:25.540723558Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:34:25.550841781Z 66 PC: 145c2 | Move file pointer
2018-12-17T22:34:25.55222748Z 66 PC: 145d0 | Move file pointer
2018-12-17T22:34:25.554539247Z 66 PC: 145de | Move file pointer
2018-12-17T22:34:25.555991372Z 66 PC: 13e42 | Move file pointer
2018-12-17T22:34:25.557392803Z 63 PC: 13de3 | Read file or device (Read 7824 bytes on handle 5)
2018-12-17T22:34:25.565544138Z 66 PC: 13e42 | Move file pointer
2018-12-17T22:34:25.567163457Z 64 PC: 13de3 | Write file or device (Write 7824 bytes on handle 5)
2018-12-17T22:34:25.582155435Z 62 PC: 13d60 | Close file
2018-12-17T22:34:25.590655354Z 53 PC: 13564 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:34:25.592833028Z 37 PC: 1356d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:34:25.594215828Z 53 PC: 13564 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:34:25.595589867Z 37 PC: 1356d | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:34:25.597895845Z 53 PC: 13564 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:34:25.599233132Z 37 PC: 1356d | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:34:25.600619097Z 53 PC: 13564 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:25.603027603Z 37 PC: 1356d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:25.604410132Z 53 PC: 13564 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:34:25.606335597Z 37 PC: 1356d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:34:25.608651476Z 53 PC: 13564 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:25.61009043Z 37 PC: 1356d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:25.612149268Z 53 PC: 13564 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:34:25.61433369Z 37 PC: 1356d | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:34:25.616031944Z 53 PC: 13564 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:34:25.617450106Z 37 PC: 1356d | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:34:25.619360385Z 53 PC: 13564 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:34:25.622014124Z 37 PC: 1356d | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:34:25.623476111Z 53 PC: 13564 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:34:25.625765207Z 37 PC: 1356d | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:34:25.626930111Z 53 PC: 13564 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:34:25.628093405Z 37 PC: 1356d | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:34:25.629904646Z 53 PC: 13564 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:34:25.631072717Z 37 PC: 1356d | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:34:25.632170587Z 53 PC: 13564 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:34:25.633979413Z 37 PC: 1356d | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:34:25.635116755Z 53 PC: 13564 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:34:25.636215203Z 37 PC: 1356d | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:34:25.638370017Z 53 PC: 13564 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:34:25.639597467Z 37 PC: 1356d | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:34:25.640667434Z 53 PC: 13564 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:34:25.642937499Z 37 PC: 1356d | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:34:25.644584287Z 53 PC: 13564 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:34:25.646062459Z 37 PC: 1356d | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:34:25.648228625Z 53 PC: 13564 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:34:25.649740738Z 37 PC: 1356d | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:34:25.651164058Z 53 PC: 13564 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:34:25.653609177Z 37 PC: 1356d | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:34:25.655332762Z 41 PC: 134b3 | Parse filename
2018-12-17T22:34:25.656761761Z 41 PC: 134c1 | Parse filename
2018-12-17T22:34:25.659116057Z 75 PC: 134cc | Execute program
2018-12-17T22:34:25.676550864Z 9 PC: 1a126 | Display string (Could not find end pointer)
2018-12-17T22:34:25.682178696Z 48 PC: 1a12f | Get DOS version
2018-12-17T22:34:25.684123663Z 61 PC: 1a1fc | Open file (Filename = '')
2018-12-17T22:34:25.690741165Z 93 PC: 1a19e | File sharing functions
2018-12-17T22:34:25.692504465Z 9 PC: 1a126 | Display string (String= 'Size change=1E90h/07824d. ')
2018-12-17T22:34:25.698504621Z 76 PC: 1a183 | Terminate with return code (Return code = '1')
2018-12-17T22:34:25.701417361Z 53 PC: 13564 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:34:25.702827224Z 37 PC: 1356d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:34:25.705335878Z 53 PC: 13564 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:34:25.706677135Z 37 PC: 1356d | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:34:25.707977484Z 53 PC: 13564 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:34:25.710192625Z 37 PC: 1356d | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:34:25.711424121Z 53 PC: 13564 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:25.712868738Z 37 PC: 1356d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:25.714817496Z 53 PC: 13564 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:34:25.716059758Z 37 PC: 1356d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:34:25.720035215Z 53 PC: 13564 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:25.721854394Z 37 PC: 1356d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:25.723153807Z 53 PC: 13564 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:34:25.725641557Z 37 PC: 1356d | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:34:25.727283172Z 53 PC: 13564 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:34:25.728805735Z 37 PC: 1356d | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:34:25.731220003Z 53 PC: 13564 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:34:25.732563697Z 37 PC: 1356d | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:34:25.733850041Z 53 PC: 13564 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:34:25.736397219Z 37 PC: 1356d | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:34:25.737636158Z 53 PC: 13564 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:34:25.738948057Z 37 PC: 1356d | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:34:25.741758456Z 53 PC: 13564 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:34:25.74407251Z 37 PC: 1356d | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:34:25.745445696Z 53 PC: 13564 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:34:25.747357713Z 37 PC: 1356d | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:34:25.748659009Z 53 PC: 13564 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:34:25.749961832Z 37 PC: 1356d | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:34:25.752262454Z 53 PC: 13564 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:34:25.754403491Z 37 PC: 1356d | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:34:25.75598596Z 53 PC: 13564 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:34:25.758812892Z 37 PC: 1356d | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:34:25.760457064Z 53 PC: 13564 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:34:25.771543376Z 37 PC: 1356d | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:34:25.773491479Z 53 PC: 13564 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:34:25.774933844Z 37 PC: 1356d | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:34:25.776252662Z 53 PC: 13564 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:34:25.778353887Z 37 PC: 1356d | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:34:25.780248035Z 61 PC: 13d10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:34:25.787238041Z 64 PC: 13de3 | Write file or device (Write 7824 bytes on handle 5)
2018-12-17T22:34:25.797419202Z 62 PC: 13d60 | Close file
2018-12-17T22:34:25.802851956Z 67 PC: 1333f | Get or set file attributes
2018-12-17T22:34:25.813727106Z 87 PC: 13386 | Get or set file date and time
2018-12-17T22:34:25.816697696Z 37 PC: 13433 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:34:25.817934856Z 37 PC: 13433 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:34:25.819431346Z 37 PC: 13433 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:34:25.820845398Z 53 PC: 13417 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:34:25.821997024Z 37 PC: 13433 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:34:25.823533879Z 49 PC: 1344e | Terminate and stay resident (Return code = '0' | Memory size = '1892')