Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Bishop.15706.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:28.234636896Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:28.240708114Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:28.241523896Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:28.242323991Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:28.243827797Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:28.24467189Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:28.245495885Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:28.249465549Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:28.250321017Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:28.251089254Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:28.252350637Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:28.253659763Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:28.254656304Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:28.255950916Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:28.256817109Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:28.257640244Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:28.258993784Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:28.259883588Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:28.260758792Z	53	PC: 14f5a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:28.262195039Z	37	PC: 14f6f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:28.263460169Z	37	PC: 14f77 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:28.264261372Z	37	PC: 14f7f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:28.265780915Z	37	PC: 14f87 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:28.266934118Z	68	PC: 15d47 \| I/O control for devices (Set for = '')
2018-12-17T22:41:28.327001538Z	37	PC: 14981 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:28.34131857Z	48	PC: 15872 \| Get DOS version
2018-12-17T22:41:28.342733758Z	25	PC: 158ff \| Get default drive
2018-12-17T22:41:28.34380276Z	71	PC: 15912 \| Get current directory
2018-12-17T22:41:28.347631559Z	44	PC: 144fd \| Get time 0x144fd: xor ah, ah 0x144ff: mov al, dl 0x14501: les di, ptr [bp + 6] 0x14504: stosw word ptr es:[di], ax 0x14505: mov al, dh 0x14507: les di, ptr [bp + 0xa] 0x1450a: stosw word ptr es:[di], ax 0x1450b: mov al, cl 0x1450d: les di, ptr [bp + 0xe] 0x14510: stosw word ptr es:[di], ax 0x14511: mov al, ch 0x14513: les di, ptr [bp + 0x12] 0x14516: stosw word ptr es:[di], ax 0x14517: pop bp 0x14518: retf 0x10 0x1451b: push bp 0x1451c: mov bp, sp 0x1451e: mov ch, byte ptr [bp + 0xc] 0x14521: mov cl, byte ptr [bp + 0xa] 0x14524: mov dh, byte ptr [bp + 8]
2018-12-17T22:41:28.349977527Z	61	PC: 156b0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:41:28.356628232Z	66	PC: 157e2 \| Move file pointer
2018-12-17T22:41:28.35863699Z	63	PC: 15783 \| Read file or device (Read 15701 bytes on handle 5)
2018-12-17T22:41:28.365752866Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:28.36745218Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:28.369430779Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:28.370653131Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:28.372215941Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:28.374128306Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:28.375360025Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:28.376696746Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:28.378751469Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:28.379848549Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:28.380982226Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:28.382542937Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:28.383640008Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:28.386888533Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:28.388571125Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:28.389834292Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:28.390869631Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:28.392326125Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:28.393499592Z	37	PC: 150b1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:28.394921093Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.39790896Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.399932161Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.4018809Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.404459712Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.406504365Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.408517898Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.41114631Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.413176219Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.415939676Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.418762546Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.420753947Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.422712731Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.426518924Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.428931911Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.431348446Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.434593326Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.436614348Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.438511512Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.440811637Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.443012424Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.445275509Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.448115376Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.450470174Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.45258714Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.455496236Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.457723404Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.459724777Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.462458239Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.464541837Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.466475091Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.46932201Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.471197258Z	6	PC: 15138 \| Direct console I/O
2018-12-17T22:41:28.472992696Z	76	PC: 150f0 \| Terminate with return code (Return code = '100')