Sample viewer

vx.netlux.org/Virus.DOS.HLLO.3520.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:38:34.231682154Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:38:34.233400099Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:38:34.235972353Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:38:34.237668587Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:38:34.239357156Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:38:34.250007762Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:38:34.251660144Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:38:34.253316814Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:38:34.255937299Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:38:34.258085013Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:38:34.260155752Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:38:34.264199717Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:38:34.266296956Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:38:34.26804583Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:38:34.269886285Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:38:34.282801716Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:38:34.284369288Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:38:34.285901384Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:38:34.288197217Z	53	PC: 12e2e \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:38:34.289597343Z	37	PC: 12e43 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:38:34.291216362Z	37	PC: 12e4a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:38:34.293171964Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:38:34.295118039Z	37	PC: 12e58 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:38:34.297815118Z	68	PC: 13139 \| I/O control for devices (Set for = '��V"�K�r��]')
2018-12-17T22:38:34.300851796Z	48	PC: 13587 \| Get DOS version
2018-12-17T22:38:34.302859777Z	61	PC: 1342d \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:38:34.310517587Z	63	PC: 1350c \| Read file or device (Read 3520 bytes on handle 5)
2018-12-17T22:38:34.319081474Z	62	PC: 1347f \| Close file
2018-12-17T22:38:34.321359885Z	25	PC: 13619 \| Get default drive
2018-12-17T22:38:34.32280164Z	71	PC: 1362c \| Get current directory
2018-12-17T22:38:34.332484172Z	14	PC: 13678 \| Set default drive (Drive = 'C')
2018-12-17T22:38:34.339258298Z	25	PC: 1367c \| Get default drive
2018-12-17T22:38:34.341755521Z	59	PC: 136e8 \| Change current directory
2018-12-17T22:38:34.34830826Z	44	PC: 12cef \| Get time 0x12cef: xor ah, ah 0x12cf1: mov al, dl 0x12cf3: les di, ptr [bp + 6] 0x12cf6: stosw word ptr es:[di], ax 0x12cf7: mov al, dh 0x12cf9: les di, ptr [bp + 0xa] 0x12cfc: stosw word ptr es:[di], ax 0x12cfd: mov al, cl 0x12cff: les di, ptr [bp + 0xe] 0x12d02: stosw word ptr es:[di], ax 0x12d03: mov al, ch 0x12d05: les di, ptr [bp + 0x12] 0x12d08: stosw word ptr es:[di], ax 0x12d09: pop bp 0x12d0a: retf 0x10 0x12d0d: xchg bx, bx 0x12d0f: nop 0x12d10: push bp 0x12d11: mov bp, sp 0x12d13: mov ch, byte ptr [bp + 0xc]
2018-12-17T22:38:34.352335825Z	64	PC: 13384 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:38:34.354275387Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:38:34.355562401Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:38:34.357737046Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:38:34.359384568Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:38:34.360969262Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:38:34.363505017Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:38:34.365934552Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:38:34.367967871Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:38:34.377905865Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:38:34.37973025Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:38:34.381651117Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:38:34.384442955Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:38:34.386177291Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:38:34.387792452Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:38:34.390458563Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:38:34.391769572Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:38:34.39295306Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:38:34.39495503Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:38:34.39655841Z	37	PC: 12f97 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:38:34.39820999Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.400787323Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.403631609Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.405869403Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.408280042Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.411743203Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.413882261Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.415992856Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.422514447Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.425499047Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.429150633Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.432976387Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.436125988Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.438971857Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.442343326Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.44563276Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.4484154Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.451513183Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.454586982Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.457349454Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.459732361Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.463242201Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.465639164Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.468567458Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.472156006Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.475109267Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.477721295Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.481125666Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.483826752Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.486448099Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.489672261Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.4923376Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.494618365Z	6	PC: 13016 \| Direct console I/O
2018-12-17T22:38:34.498650387Z	76	PC: 12fd6 \| Terminate with return code (Return code = '200')