Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Spar.11086

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:55:50.813430948Z 53 PC: 1593a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:55:50.816048536Z 53 PC: 1593a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:55:50.817809509Z 53 PC: 1593a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:55:50.819268466Z 53 PC: 1593a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:55:50.821793119Z 53 PC: 1593a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:55:50.823404145Z 53 PC: 1593a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:50.824789924Z 53 PC: 1593a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:55:50.826710391Z 53 PC: 1593a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:55:50.827953801Z 53 PC: 1593a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:55:50.828990707Z 53 PC: 1593a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:55:50.832219691Z 53 PC: 1593a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:55:50.833325877Z 53 PC: 1593a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:55:50.834397439Z 53 PC: 1593a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:55:50.835798675Z 53 PC: 1593a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:55:50.838555441Z 53 PC: 1593a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:55:50.839634491Z 53 PC: 1593a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:55:50.845629758Z 53 PC: 1593a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:55:50.846621098Z 53 PC: 1593a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:55:50.84755903Z 53 PC: 1593a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:55:50.84894546Z 37 PC: 1594f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:55:50.849985097Z 37 PC: 15957 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:55:50.851029927Z 37 PC: 1595f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:50.852980355Z 37 PC: 15967 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:55:50.8546475Z 68 PC: 165bd | I/O control for devices (Set for = '')
2018-12-17T21:55:50.898036898Z 37 PC: 15021 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:55:50.901294295Z 44 PC: 166f4 | Get time 0x166f4: mov word ptr [0x136], cx
0x166f8: mov word ptr [0x138], dx
0x166fc: retf
0x166fd: mov cx, di
0x166ff: mov si, 0xa
0x16702: mov bx, dx
0x16704: or bx, bx
0x16706: jns 0x16719
0x16708: neg bx
0x1670a: neg ax
0x1670c: sbb bx, 0
0x1670f: call 0x16719
0x16712: dec di
0x16713: mov byte ptr es:[di], 0x2d
0x16717: inc cx
0x16718: ret
0x16719: xor dx, dx
0x1671b: xchg ax, bx
0x1671c: div si
0x1671e: xchg ax, bx
2018-12-17T21:55:50.903759104Z 53 PC: 15777 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T21:55:50.905260058Z 37 PC: 15793 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T21:55:50.906961524Z 53 PC: 15777 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T21:55:50.909304281Z 37 PC: 15793 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T21:55:50.910720187Z 53 PC: 15777 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:55:50.912233657Z 37 PC: 15793 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:55:50.914020368Z 51 PC: 1562f | Get or set Ctrl-Break
2018-12-17T21:55:50.914853901Z 48 PC: 162e3 | Get DOS version
2018-12-17T21:55:50.916486183Z 67 PC: 15642 | Get or set file attributes
2018-12-17T21:55:50.923150164Z 67 PC: 15669 | Get or set file attributes
2018-12-17T21:55:50.938643297Z 61 PC: 16121 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:55:50.946983311Z 63 PC: 161f4 | Read file or device (Read 11035 bytes on handle 5)
2018-12-17T21:55:50.959235394Z 67 PC: 15669 | Get or set file attributes
2018-12-17T21:55:50.971763076Z 62 PC: 16171 | Close file
2018-12-17T21:55:50.974127646Z 48 PC: 162e3 | Get DOS version
2018-12-17T21:55:50.977421025Z 26 PC: 1569a | Set disk transfer address
2018-12-17T21:55:50.978606694Z 78 PC: 156a6 | Find first file
2018-12-17T21:55:50.984927624Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:50.987121166Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:50.990347238Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:50.991800634Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:50.995821063Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:50.99756354Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.000616762Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.005497898Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.008587879Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.009915861Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.013558266Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.01489359Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.017937341Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.020237258Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.023895352Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.024959449Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.028771456Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.029903525Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.03259635Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.033854379Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.037068492Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.038113962Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.040770252Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.04287458Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.045896498Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.047258814Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.05155028Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.052974462Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.056209799Z 26 PC: 156be | Set disk transfer address
2018-12-17T21:55:51.05854118Z 79 PC: 156c3 | Find next file
2018-12-17T21:55:51.064874457Z 44 PC: 155dd | Get time 0x155dd: xor ah, ah
0x155df: mov al, dl
0x155e1: les di, ptr [bp + 6]
0x155e4: stosw word ptr es:[di], ax
0x155e5: mov al, dh
0x155e7: les di, ptr [bp + 0xa]
0x155ea: stosw word ptr es:[di], ax
0x155eb: mov al, cl
0x155ed: les di, ptr [bp + 0xe]
0x155f0: stosw word ptr es:[di], ax
0x155f1: mov al, ch
0x155f3: les di, ptr [bp + 0x12]
0x155f6: stosw word ptr es:[di], ax
0x155f7: pop bp
0x155f8: retf 0x10
0x155fb: push bp
0x155fc: mov bp, sp
0x155fe: mov ch, byte ptr [bp + 0xc]
0x15601: mov cl, byte ptr [bp + 0xa]
0x15604: mov dh, byte ptr [bp + 8]
2018-12-17T21:55:51.07694336Z 48 PC: 162e3 | Get DOS version
2018-12-17T21:55:51.080259277Z 48 PC: 162e3 | Get DOS version
2018-12-17T21:55:51.082080886Z 26 PC: 1569a | Set disk transfer address
2018-12-17T21:55:51.083462868Z 78 PC: 156a6 | Find first file
2018-12-17T21:55:51.091618703Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:55:51.09322045Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:55:51.094759913Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:55:51.097405411Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:55:51.098946028Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:55:51.100484146Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:55:51.102825088Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:55:51.105421392Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:55:51.106874969Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:55:51.109384369Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:55:51.11429708Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:51.115457885Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:51.117484326Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:55:51.118891089Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:55:51.120370891Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:55:51.12264068Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:55:51.124443275Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:55:51.125931111Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:55:51.127586386Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:55:51.129931364Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:55:51.131366938Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:55:51.132829814Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:55:51.135314918Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:55:51.136762451Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:55:51.138197805Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:55:51.14113775Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:55:51.142581484Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:55:51.143901679Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:55:51.146262738Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:55:51.147661917Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:55:51.149008192Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:55:51.15103459Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:55:51.152173353Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:55:51.153295717Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:55:51.155386686Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:55:51.156538863Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:55:51.157685075Z 53 PC: 158b0 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:55:51.159583671Z 37 PC: 158b9 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:55:51.161561689Z 41 PC: 15867 | Parse filename
2018-12-17T21:55:51.16292436Z 41 PC: 15875 | Parse filename
2018-12-17T21:55:51.16575648Z 75 PC: 15880 | Execute program
2018-12-17T21:55:51.186482868Z 80 PC: 46b29 | Set current PSP
2018-12-17T21:55:51.187635323Z 48 PC: 46b2e | Get DOS version
2018-12-17T21:55:51.190105981Z 99 PC: 4d310 | Get DBCS lead byte table pointer
2018-12-17T21:55:51.193728503Z 101 PC: 46bb4 | Get extended country info
2018-12-17T21:55:51.195288733Z 99 PC: 46bba | Get DBCS lead byte table pointer
2018-12-17T21:55:51.197464981Z 74 PC: 46c1c | Reallocate memory
2018-12-17T21:55:51.199138524Z 25 PC: 46c53 | Get default drive
2018-12-17T21:55:51.20050207Z 37 PC: 46713 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T21:55:51.210638478Z 37 PC: 4671a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:55:51.212133221Z 37 PC: 46721 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:51.216666784Z 74 PC: 458bc | Reallocate memory
2018-12-17T21:55:51.219344314Z 72 PC: 458fd | Allocate memory
2018-12-17T21:55:51.221208226Z 72 PC: 45935 | Allocate memory
2018-12-17T21:55:51.223172247Z 72 PC: 4593d | Allocate memory