Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Duke.16272

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:40:31.035516343Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:40:31.037582677Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:40:31.039097048Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:40:31.040557018Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:40:31.042372813Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:40:31.044867628Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:31.047006386Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:40:31.057683159Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:40:31.05984168Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:40:31.06186392Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:40:31.063851177Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:40:31.067200975Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:40:31.06873077Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:40:31.070289542Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:40:31.072159071Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:40:31.073366816Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:40:31.074554827Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:40:31.084117569Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:40:31.085502636Z	53	PC: 13ada \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:40:31.087370657Z	37	PC: 13aef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:40:31.09102486Z	37	PC: 13af7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:40:31.092135106Z	37	PC: 13aff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:31.093203297Z	37	PC: 13b07 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:40:31.09770207Z	68	PC: 14b7d \| I/O control for devices
2018-12-17T22:40:31.099179409Z	44	PC: 14cb4 \| Get time 0x14cb4: mov word ptr [0x1798], cx 0x14cb8: mov word ptr [0x179a], dx 0x14cbc: retf 0x14cbd: mov cx, di 0x14cbf: mov si, 0xa 0x14cc2: mov bx, dx 0x14cc4: or bx, bx 0x14cc6: jns 0x14cd9 0x14cc8: neg bx 0x14cca: neg ax 0x14ccc: sbb bx, 0 0x14ccf: call 0x14cd9 0x14cd2: dec di 0x14cd3: mov byte ptr es:[di], 0x2d 0x14cd7: inc cx 0x14cd8: ret 0x14cd9: xor dx, dx 0x14cdb: xchg ax, bx 0x14cdc: div si 0x14cde: xchg ax, bx
2018-12-17T22:40:31.101299577Z	25	PC: 14735 \| Get default drive
2018-12-17T22:40:31.102865751Z	71	PC: 14748 \| Get current directory
2018-12-17T22:40:31.106305992Z	14	PC: 12a71 \| Set default drive (Drive = 'A')
2018-12-17T22:40:31.108023969Z	26	PC: 139c5 \| Set disk transfer address
2018-12-17T22:40:31.117444197Z	78	PC: 139d1 \| Find first file
2018-12-17T22:40:31.128153776Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.129364539Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.141060441Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.142189222Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.145555119Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.147132026Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.149972202Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.151327659Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.155438043Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.156908144Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.159740425Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.169880846Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.173270703Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.17416808Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.177027999Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.178897796Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.183434884Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.185920057Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.189689839Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.191255549Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.195076709Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.19626659Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.202120175Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.203859032Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.20780254Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.208929534Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.21370316Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.21533698Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.220295448Z	26	PC: 139e9 \| Set disk transfer address
2018-12-17T22:40:31.221952186Z	79	PC: 139ee \| Find next file
2018-12-17T22:40:31.225309356Z	14	PC: 12a71 \| Set default drive (Drive = 'A')
2018-12-17T22:40:31.227125715Z	14	PC: 1478e \| Set default drive (Drive = 'A')
2018-12-17T22:40:31.229545988Z	25	PC: 14792 \| Get default drive
2018-12-17T22:40:31.23264833Z	64	PC: 1415b \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:40:31.234601881Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:40:31.236321474Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:40:31.252903533Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:40:31.254236279Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:40:31.255593795Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:40:31.281244151Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:31.290257389Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:40:31.292708968Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:40:31.302764232Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:40:31.304488061Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:40:31.306095127Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:40:31.308898534Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:40:31.310510156Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:40:31.312107159Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:40:31.314179797Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:40:31.315644156Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:40:31.322715788Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:40:31.326253068Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:40:31.327550376Z	37	PC: 13c31 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:40:31.328833647Z	76	PC: 13c70 \| Terminate with return code (Return code = '0')