Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Light.4879

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:39:17.179357596Z 53 PC: 130ea | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:17.182085045Z 53 PC: 130ea | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:17.187765678Z 53 PC: 130ea | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:17.189458207Z 53 PC: 130ea | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:17.191472081Z 53 PC: 130ea | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:17.193633523Z 53 PC: 130ea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:17.194803568Z 53 PC: 130ea | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:17.196610883Z 53 PC: 130ea | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:17.198906799Z 53 PC: 130ea | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:17.200332305Z 53 PC: 130ea | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:17.201937899Z 53 PC: 130ea | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:17.209882157Z 53 PC: 130ea | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:17.212085629Z 53 PC: 130ea | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:17.214029481Z 53 PC: 130ea | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:17.216307954Z 53 PC: 130ea | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:17.218552573Z 53 PC: 130ea | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:17.220835444Z 53 PC: 130ea | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:39:17.22293513Z 53 PC: 130ea | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:17.22541915Z 53 PC: 130ea | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:39:17.226885042Z 37 PC: 130ff | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:17.228293075Z 37 PC: 13107 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:17.232906277Z 37 PC: 1310f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:17.234605398Z 37 PC: 13117 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:17.236642005Z 68 PC: 1404f | I/O control for devices (Set for = '2������O&�}�\t�\')
2018-12-17T22:39:17.239264676Z 48 PC: 13c65 | Get DOS version
2018-12-17T22:39:17.241252932Z 61 PC: 13aa3 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:39:17.249025667Z 63 PC: 13b76 | Read file or device (Read 4879 bytes on handle 5)
2018-12-17T22:39:17.258864664Z 66 PC: 13bd5 | Move file pointer
2018-12-17T22:39:17.262042231Z 66 PC: 14231 | Move file pointer
2018-12-17T22:39:17.265618529Z 66 PC: 1423f | Move file pointer
2018-12-17T22:39:17.283955527Z 66 PC: 1424d | Move file pointer
2018-12-17T22:39:17.28580372Z 63 PC: 13b76 | Read file or device (Read 1825 bytes on handle 5)
2018-12-17T22:39:17.292680075Z 60 PC: 13aa3 | Create or truncate file
2018-12-17T22:39:17.310810775Z 64 PC: 13b76 | Write file or device (Write 1825 bytes on handle 6)
2018-12-17T22:39:17.321554617Z 62 PC: 13af3 | Close file
2018-12-17T22:39:17.334287497Z 62 PC: 13af3 | Close file
2018-12-17T22:39:17.343997662Z 53 PC: 13066 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:17.346202626Z 37 PC: 1306f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:17.347801729Z 53 PC: 13066 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:17.34941072Z 37 PC: 1306f | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:17.352142667Z 53 PC: 13066 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:17.353813786Z 37 PC: 1306f | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:17.355418299Z 53 PC: 13066 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:17.358231339Z 37 PC: 1306f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:17.359562297Z 53 PC: 13066 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:17.360890148Z 37 PC: 1306f | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:17.362996056Z 53 PC: 13066 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:17.365203044Z 37 PC: 1306f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:17.367375507Z 53 PC: 13066 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:17.369169257Z 37 PC: 1306f | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:17.371093462Z 53 PC: 13066 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:17.372431433Z 37 PC: 1306f | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:17.375028236Z 53 PC: 13066 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:17.377301609Z 37 PC: 1306f | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:17.379255099Z 53 PC: 13066 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:17.381109423Z 37 PC: 1306f | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:17.383309428Z 53 PC: 13066 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:17.384949859Z 37 PC: 1306f | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:17.386408848Z 53 PC: 13066 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:17.388698602Z 37 PC: 1306f | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:17.390166307Z 53 PC: 13066 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:17.392188927Z 37 PC: 1306f | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:17.394226957Z 53 PC: 13066 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:17.396236975Z 37 PC: 1306f | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:17.397744996Z 53 PC: 13066 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:17.401166081Z 37 PC: 1306f | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:17.402711002Z 53 PC: 13066 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:17.405503974Z 37 PC: 1306f | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:17.408047597Z 53 PC: 13066 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:39:17.410645602Z 37 PC: 1306f | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:39:17.412168992Z 53 PC: 13066 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:17.413771351Z 37 PC: 1306f | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:17.416031839Z 53 PC: 13066 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:39:17.417789391Z 37 PC: 1306f | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:39:17.41982673Z 41 PC: 1301d | Parse filename
2018-12-17T22:39:17.423164909Z 41 PC: 1302b | Parse filename
2018-12-17T22:39:17.425456016Z 75 PC: 13036 | Execute program