Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Halloween

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:40:39.824434218Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:40:39.827206246Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:40:39.828646823Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:40:39.830062652Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:40:39.838832419Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:39.84021924Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:40:39.841514705Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:40:39.843117807Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:40:39.844802672Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:40:39.846086319Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:40:39.847936141Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:40:39.849303332Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:40:39.850629257Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:40:39.852469647Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:40:39.853963048Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:40:39.855641456Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:40:39.857576318Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:40:39.859475611Z 53 PC: 13ff6 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:40:39.861999973Z 37 PC: 1400b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:40:39.863384148Z 37 PC: 14013 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:40:39.865903582Z 37 PC: 1401b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:39.868227545Z 37 PC: 14023 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:40:39.870966598Z 68 PC: 146cf | I/O control for devices (Set for = '')
2018-12-17T22:40:39.96145733Z 37 PC: 13707 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:40:39.963107605Z 44 PC: 1456b | Get time 0x1456b: mov word ptr [0x38], cx
0x1456f: mov word ptr [0x3a], dx
0x14573: retf
0x14574: mov bx, sp
0x14576: push ds
0x14577: les di, ptr ss:[bx + 8]
0x1457b: lds si, ptr ss:[bx + 4]
0x1457f: cld
0x14580: xor ax, ax
0x14582: stosw word ptr es:[di], ax
0x14583: mov ax, 0xd7b0
0x14586: stosw word ptr es:[di], ax
0x14587: mov ax, 0x80
0x1458a: stosw word ptr es:[di], ax
0x1458b: xor ax, ax
0x1458d: stosw word ptr es:[di], ax
0x1458e: stosw word ptr es:[di], ax
0x1458f: stosw word ptr es:[di], ax
0x14590: lea ax, word ptr [di + 0x74]
0x14593: stosw word ptr es:[di], ax
2018-12-17T22:40:39.965539021Z 67 PC: 13f02 | Get or set file attributes
2018-12-17T22:40:39.971988938Z 67 PC: 13f02 | Get or set file attributes
2018-12-17T22:40:39.976091774Z 25 PC: 14cbe | Get default drive
2018-12-17T22:40:39.977618713Z 71 PC: 14cd1 | Get current directory
2018-12-17T22:40:39.983261431Z 42 PC: 13c97 | Get date 0x13c97: xor ah, ah
0x13c99: les di, ptr [bp + 6]
0x13c9c: stosw word ptr es:[di], ax
0x13c9d: mov al, dl
0x13c9f: les di, ptr [bp + 0xa]
0x13ca2: stosw word ptr es:[di], ax
0x13ca3: mov al, dh
0x13ca5: les di, ptr [bp + 0xe]
0x13ca8: stosw word ptr es:[di], ax
0x13ca9: xchg ax, cx
0x13caa: les di, ptr [bp + 0x12]
0x13cad: stosw word ptr es:[di], ax
0x13cae: pop bp
0x13caf: retf 0x10
0x13cb2: push bp
0x13cb3: mov bp, sp
0x13cb5: mov cx, word ptr [bp + 0xa]
0x13cb8: mov dh, byte ptr [bp + 8]
0x13cbb: mov dl, byte ptr [bp + 6]
0x13cbe: mov ah, 0x2b
2018-12-17T22:40:39.986014461Z 14 PC: 14d17 | Set default drive (Drive = 'A')
2018-12-17T22:40:39.987099617Z 25 PC: 14d1b | Get default drive
2018-12-17T22:40:39.988907732Z 59 PC: 14d85 | Change current directory
2018-12-17T22:40:39.992703811Z 26 PC: 13daf | Set disk transfer address
2018-12-17T22:40:39.994022191Z 78 PC: 13dbb | Find first file
2018-12-17T22:40:40.001930418Z 61 PC: 149f1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:40:40.009378382Z 66 PC: 14b8d | Move file pointer
2018-12-17T22:40:40.011350982Z 66 PC: 14b9b | Move file pointer
2018-12-17T22:40:40.014121549Z 66 PC: 14ba9 | Move file pointer
2018-12-17T22:40:40.019771261Z 62 PC: 14a41 | Close file
2018-12-17T22:40:40.022513616Z 26 PC: 13dd3 | Set disk transfer address
2018-12-17T22:40:40.025006575Z 79 PC: 13dd8 | Find next file
2018-12-17T22:40:40.028494126Z 61 PC: 149f1 | Open file (Filename = 'PRINT.S')
2018-12-17T22:40:40.037116308Z 66 PC: 14b8d | Move file pointer
2018-12-17T22:40:40.039146975Z 66 PC: 14b9b | Move file pointer
2018-12-17T22:40:40.042220949Z 66 PC: 14ba9 | Move file pointer
2018-12-17T22:40:40.045208252Z 62 PC: 14a41 | Close file
2018-12-17T22:40:40.047874149Z 26 PC: 13dd3 | Set disk transfer address
2018-12-17T22:40:40.050258005Z 79 PC: 13dd8 | Find next file
2018-12-17T22:40:40.055644957Z 61 PC: 149f1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:40:40.063904373Z 66 PC: 14b8d | Move file pointer
2018-12-17T22:40:40.066987765Z 66 PC: 14b9b | Move file pointer
2018-12-17T22:40:40.069467692Z 66 PC: 14ba9 | Move file pointer
2018-12-17T22:40:40.070919884Z 62 PC: 14a41 | Close file
2018-12-17T22:40:40.072894664Z 26 PC: 13dd3 | Set disk transfer address
2018-12-17T22:40:40.077324822Z 79 PC: 13dd8 | Find next file
2018-12-17T22:40:40.080912909Z 61 PC: 149f1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:40:40.089467344Z 66 PC: 14b8d | Move file pointer
2018-12-17T22:40:40.092226576Z 66 PC: 14b9b | Move file pointer
2018-12-17T22:40:40.094829585Z 66 PC: 14ba9 | Move file pointer
2018-12-17T22:40:40.097072906Z 62 PC: 14a41 | Close file
2018-12-17T22:40:40.099819513Z 26 PC: 13dd3 | Set disk transfer address
2018-12-17T22:40:40.102122012Z 79 PC: 13dd8 | Find next file
2018-12-17T22:40:40.105700884Z 61 PC: 149f1 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:40:40.115051683Z 66 PC: 14b8d | Move file pointer
2018-12-17T22:40:40.116806373Z 66 PC: 14b9b | Move file pointer
2018-12-17T22:40:40.124137305Z 66 PC: 14ba9 | Move file pointer
2018-12-17T22:40:40.126812192Z 62 PC: 14a41 | Close file
2018-12-17T22:40:40.129220602Z 26 PC: 13dd3 | Set disk transfer address
2018-12-17T22:40:40.130652693Z 79 PC: 13dd8 | Find next file
2018-12-17T22:40:40.133548692Z 61 PC: 149f1 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:40:40.138519092Z 66 PC: 14b8d | Move file pointer
2018-12-17T22:40:40.139764664Z 66 PC: 14b9b | Move file pointer
2018-12-17T22:40:40.141555824Z 66 PC: 14ba9 | Move file pointer
2018-12-17T22:40:40.143086153Z 62 PC: 14a41 | Close file
2018-12-17T22:40:40.144602534Z 26 PC: 13dd3 | Set disk transfer address
2018-12-17T22:40:40.146160364Z 79 PC: 13dd8 | Find next file
2018-12-17T22:40:40.148178097Z 61 PC: 149f1 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:40:40.153335193Z 66 PC: 14b8d | Move file pointer
2018-12-17T22:40:40.155879271Z 66 PC: 14b9b | Move file pointer
2018-12-17T22:40:40.157777604Z 66 PC: 14ba9 | Move file pointer
2018-12-17T22:40:40.159513574Z 62 PC: 14a41 | Close file
2018-12-17T22:40:40.162066124Z 26 PC: 13dd3 | Set disk transfer address
2018-12-17T22:40:40.163413301Z 79 PC: 13dd8 | Find next file
2018-12-17T22:40:40.167345479Z 61 PC: 149f1 | Open file (Filename = 'PAH.COM')
2018-12-17T22:40:40.176316899Z 66 PC: 14b8d | Move file pointer
2018-12-17T22:40:40.178864373Z 66 PC: 14b9b | Move file pointer
2018-12-17T22:40:40.181206953Z 66 PC: 14ba9 | Move file pointer
2018-12-17T22:40:40.184291001Z 62 PC: 14a41 | Close file
2018-12-17T22:40:40.187411807Z 26 PC: 13dd3 | Set disk transfer address
2018-12-17T22:40:40.189300809Z 79 PC: 13dd8 | Find next file
2018-12-17T22:40:40.194243521Z 61 PC: 149f1 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:40:40.203553535Z 66 PC: 14b8d | Move file pointer
2018-12-17T22:40:40.205822873Z 66 PC: 14b9b | Move file pointer
2018-12-17T22:40:40.209213757Z 66 PC: 14ba9 | Move file pointer
2018-12-17T22:40:40.211621112Z 66 PC: 14b23 | Move file pointer
2018-12-17T22:40:40.213961374Z 64 PC: 14a22 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:40:40.229944083Z 62 PC: 14a41 | Close file
2018-12-17T22:40:40.254778265Z 26 PC: 13dd3 | Set disk transfer address
2018-12-17T22:40:40.256550308Z 79 PC: 13dd8 | Find next file
2018-12-17T22:40:42.746850798Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:40:42.750382591Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:40:42.753626189Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:40:42.757521552Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:40:42.771813664Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:40:42.77418702Z 62 PC: 91fc1 | Close file
2018-12-17T22:40:42.77720916Z 75 PC: 91fe0 | Execute program
2018-12-17T22:40:42.796666431Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:40:42.798685837Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:40:42.803968563Z 48 PC: c609 | Get DOS version
2018-12-17T22:40:42.809092044Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:40:42.813487537Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:40:42.81654069Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:40:42.821749542Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:40:42.826638734Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:40:42.83216912Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:40:42.844662979Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:40:42.846983919Z 62 PC: 91fc1 | Close file
2018-12-17T22:40:42.849645082Z 75 PC: 91fe0 | Execute program
2018-12-17T22:40:42.874307533Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:40:42.879847714Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:40:42.881703821Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:40:42.883608906Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:40:42.886211512Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:40:42.887638521Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:40:42.88902803Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:40:42.898602814Z 62 PC: 8f8eb | Close file
2018-12-17T22:40:42.900662425Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.902831273Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.905556971Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.907534074Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.909477427Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.912439239Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.914417182Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.916362277Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.919150887Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.921414218Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.923367217Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.926136311Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.928393025Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.93036003Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.933097Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.935720488Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.937685451Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.940401765Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.942964153Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.944841607Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.946946799Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.949258871Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.951297801Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.95351112Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.956103091Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.95812616Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.960342022Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.963248406Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.966056288Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.968084598Z 62 PC: 8f8f2 | Close file
2018-12-17T22:40:42.973812219Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:40:42.979551507Z 62 PC: 8f90e | Close file
2018-12-17T22:40:42.98191551Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:40:42.985121824Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:40:42.994626844Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:40:43.000102299Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:40:43.002942277Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:40:43.008385546Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:40:43.010645412Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:40:43.013157199Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:40:43.015369223Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:40:43.017418813Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:40:43.020179301Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:40:43.022729604Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:40:43.02476972Z 73 PC: 8fa11 | Release memory
2018-12-17T22:40:43.027628048Z 73 PC: 8efea | Release memory
2018-12-17T22:40:43.029787654Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:40:43.031905771Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:40:43.034859556Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:40:43.036876953Z 73 PC: 8f060 | Release memory
2018-12-17T22:40:43.038378462Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:40:43.04979082Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:40:43.059607559Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:40:43.061246912Z 62 PC: 8f0d1 | Close file
2018-12-17T22:40:43.063907766Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:40:43.085136352Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:40:43.086472807Z 48 PC: 12bee | Get DOS version
2018-12-17T22:40:43.089472851Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:40:43.092013726Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:40:43.093469452Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:40:43.095634152Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:40:43.097554426Z 72 PC: 1355d | Allocate memory
2018-12-17T22:40:43.099612111Z 25 PC: 13596 | Get default drive
2018-12-17T22:40:43.102184356Z 71 PC: 135ad | Get current directory
2018-12-17T22:40:43.105305769Z 59 PC: 135ba | Change current directory
2018-12-17T22:40:43.112172949Z 59 PC: 135c8 | Change current directory
2018-12-17T22:40:43.119378512Z 59 PC: 135d3 | Change current directory
2018-12-17T22:40:43.123698247Z 25 PC: 12d13 | Get default drive
2018-12-17T22:40:43.12551018Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:40:43.12800767Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:40:43.129695065Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:43.13265935Z 80 PC: 1301d | Set current PSP
2018-12-17T22:40:43.134640974Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:40:43.136414519Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:40:43.138247509Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:40:43.14088604Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:40:43.143542113Z 72 PC: 130ec | Allocate memory
2018-12-17T22:40:43.146004205Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:40:43.154116223Z 62 PC: 131ba | Close file
2018-12-17T22:40:43.157190267Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:40:43.158905281Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:40:43.162042135Z 72 PC: 11991 | Allocate memory
2018-12-17T22:40:43.164047154Z 73 PC: 119b2 | Release memory
2018-12-17T22:40:43.165775157Z 72 PC: 119bd | Allocate memory
2018-12-17T22:40:43.168686461Z 73 PC: 119df | Release memory
2018-12-17T22:40:43.170285792Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:40:43.172574123Z 72 PC: 119fd | Allocate memory