Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Combat.4278

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:36:03.768211851Z 53 PC: 1321a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:36:03.769526146Z 53 PC: 1321a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:36:03.770357555Z 53 PC: 1321a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:36:03.771140063Z 53 PC: 1321a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:36:03.772215349Z 53 PC: 1321a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:36:03.77307423Z 53 PC: 1321a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:36:03.773978687Z 53 PC: 1321a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:36:03.775020941Z 53 PC: 1321a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:36:03.775829117Z 53 PC: 1321a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:36:03.776605663Z 53 PC: 1321a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:36:03.777368915Z 53 PC: 1321a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:36:03.778408064Z 53 PC: 1321a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:36:03.779169672Z 53 PC: 1321a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:36:03.779902356Z 53 PC: 1321a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:36:03.781075657Z 53 PC: 1321a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:36:03.781838317Z 53 PC: 1321a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:36:03.782576221Z 53 PC: 1321a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:36:03.783679049Z 53 PC: 1321a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:36:03.784969419Z 53 PC: 1321a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:36:03.785751005Z 37 PC: 1322f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:36:03.786874632Z 37 PC: 13237 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:36:03.787649445Z 37 PC: 1323f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:36:03.788372692Z 37 PC: 13247 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:36:03.789726561Z 68 PC: 13e18 | I/O control for devices (Set for = '')
2018-12-17T22:36:03.790890263Z 64 PC: 13638 | Write file or device (Write 9 bytes on handle 1)
2018-12-17T22:36:03.793717215Z 26 PC: 13025 | Set disk transfer address
2018-12-17T22:36:03.794893151Z 78 PC: 13031 | Find first file
2018-12-17T22:36:03.799004421Z 61 PC: 138e0 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:36:03.803163601Z 63 PC: 139b3 | Read file or device (Read 4278 bytes on handle 5)
2018-12-17T22:36:03.808347373Z 62 PC: 13930 | Close file
2018-12-17T22:36:03.809570988Z 48 PC: 13a2e | Get DOS version
2018-12-17T22:36:03.810543362Z 61 PC: 138e0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:36:03.814882069Z 63 PC: 139b3 | Read file or device (Read 4278 bytes on handle 5)
2018-12-17T22:36:03.819711336Z 62 PC: 13930 | Close file
2018-12-17T22:36:03.821047231Z 64 PC: 13638 | Write file or device (Write 13 bytes on handle 1)
2018-12-17T22:36:03.82374468Z 48 PC: 13a2e | Get DOS version
2018-12-17T22:36:03.824812653Z 61 PC: 138e0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:36:03.829032608Z 66 PC: 13f17 | Move file pointer
2018-12-17T22:36:03.829940911Z 66 PC: 13f25 | Move file pointer
2018-12-17T22:36:03.831232744Z 66 PC: 13f33 | Move file pointer
2018-12-17T22:36:03.832183878Z 66 PC: 13a12 | Move file pointer
2018-12-17T22:36:03.833046495Z 63 PC: 139b3 | Read file or device (Read 5120 bytes on handle 5)
2018-12-17T22:36:03.838374989Z 62 PC: 13930 | Close file
2018-12-17T22:36:03.839837201Z 60 PC: 138e0 | Create or truncate file
2018-12-17T22:36:05.72664489Z 66 PC: 13a12 | Move file pointer
2018-12-17T22:36:05.728714251Z 64 PC: 139b3 | Write file or device (Write 51200 bytes on handle 5)
2018-12-17T22:36:05.903609729Z 62 PC: 13930 | Close file
2018-12-17T22:36:05.917973698Z 53 PC: 13194 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:36:05.919282733Z 37 PC: 1319d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:36:05.920092672Z 53 PC: 13194 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:36:05.920836728Z 37 PC: 1319d | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:36:05.921981364Z 53 PC: 13194 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:36:05.922824716Z 37 PC: 1319d | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:36:05.923585242Z 53 PC: 13194 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:36:05.924582673Z 37 PC: 1319d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:36:05.925484655Z 53 PC: 13194 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:36:05.926286989Z 37 PC: 1319d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:36:05.927095936Z 53 PC: 13194 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:36:05.927958294Z 37 PC: 1319d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:36:05.92872395Z 53 PC: 13194 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:36:05.929513971Z 37 PC: 1319d | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:36:05.930464143Z 53 PC: 13194 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:36:05.931299009Z 37 PC: 1319d | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:36:05.93209369Z 53 PC: 13194 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:36:05.93338405Z 37 PC: 1319d | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:36:05.934175043Z 53 PC: 13194 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:36:05.934876218Z 37 PC: 1319d | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:36:05.935872617Z 53 PC: 13194 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:36:05.936659803Z 37 PC: 1319d | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:36:05.937321083Z 53 PC: 13194 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:36:05.938612175Z 37 PC: 1319d | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:36:05.939369445Z 53 PC: 13194 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:36:05.940120774Z 37 PC: 1319d | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:36:05.941120128Z 53 PC: 13194 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:36:05.941938072Z 37 PC: 1319d | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:36:05.94271016Z 53 PC: 13194 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:36:05.943825602Z 37 PC: 1319d | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:36:05.944599844Z 53 PC: 13194 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:36:05.945275812Z 37 PC: 1319d | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:36:05.946495459Z 53 PC: 13194 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:36:05.947327199Z 37 PC: 1319d | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:36:05.948097634Z 53 PC: 13194 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:36:05.949286614Z 37 PC: 1319d | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:36:05.950099639Z 53 PC: 13194 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:36:05.950785986Z 37 PC: 1319d | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:36:05.952335582Z 41 PC: 1314b | Parse filename
2018-12-17T22:36:05.953381885Z 41 PC: 13159 | Parse filename
2018-12-17T22:36:05.954328259Z 75 PC: 13164 | Execute program
2018-12-17T22:36:05.968800091Z 80 PC: 26359 | Set current PSP
2018-12-17T22:36:05.969476189Z 48 PC: 2635e | Get DOS version
2018-12-17T22:36:05.970507493Z 99 PC: 2cb40 | Get DBCS lead byte table pointer
2018-12-17T22:36:05.972631476Z 101 PC: 263e4 | Get extended country info
2018-12-17T22:36:05.973525503Z 99 PC: 263ea | Get DBCS lead byte table pointer
2018-12-17T22:36:05.97435063Z 74 PC: 2644c | Reallocate memory
2018-12-17T22:36:05.975613218Z 25 PC: 26483 | Get default drive
2018-12-17T22:36:05.976457502Z 37 PC: 25f43 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:36:05.977216084Z 37 PC: 25f4a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:36:05.978064015Z 37 PC: 25f51 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:36:05.981006333Z 74 PC: 250ec | Reallocate memory
2018-12-17T22:36:05.981981953Z 72 PC: 2512d | Allocate memory
2018-12-17T22:36:05.983152618Z 72 PC: 25165 | Allocate memory
2018-12-17T22:36:05.984446635Z 72 PC: 2516d | Allocate memory