Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Banshee.4349

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:51.075052686Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:51.077515793Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:51.078867187Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:51.080094849Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:51.081866775Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:51.095954221Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:51.09770474Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:51.099780655Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:51.102743286Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:51.104513106Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:51.106348875Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:51.108502231Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:51.109835153Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:51.112804513Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:51.114499907Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:51.116019499Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:51.117281687Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:51.119063467Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:51.120543739Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:51.122112529Z	37	PC: 1323f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:51.124104952Z	37	PC: 13247 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:51.125409366Z	37	PC: 1324f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:51.126626001Z	37	PC: 13257 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:51.128493255Z	68	PC: 13c3e \| I/O control for devices (Set for = '')
2018-12-17T22:41:51.130395858Z	48	PC: 13854 \| Get DOS version
2018-12-17T22:41:51.132261277Z	26	PC: 1306d \| Set disk transfer address
2018-12-17T22:41:51.133532263Z	78	PC: 13079 \| Find first file
2018-12-17T22:41:51.146830928Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.147964183Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.152038805Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.154417439Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.158064783Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.15916114Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.165518442Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.166685582Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.170177822Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.171932807Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.176885469Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.1781708Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.182501926Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.184099519Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.188441789Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.18991424Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.195716139Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.196863295Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.201316789Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.20334247Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.207358521Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.208441354Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.212367105Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.213870443Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.217478895Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.219643402Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.223614138Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.225066575Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.231744752Z	61	PC: 13692 \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:41:51.237413799Z	66	PC: 13ddf \| Move file pointer
2018-12-17T22:41:51.239115531Z	66	PC: 13ded \| Move file pointer
2018-12-17T22:41:51.241060224Z	66	PC: 13dfb \| Move file pointer
2018-12-17T22:41:51.242743369Z	66	PC: 137c4 \| Move file pointer
2018-12-17T22:41:51.244331653Z	63	PC: 13724 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:41:51.247696701Z	62	PC: 136e2 \| Close file
2018-12-17T22:41:51.24996032Z	26	PC: 13091 \| Set disk transfer address
2018-12-17T22:41:51.251083108Z	79	PC: 13096 \| Find next file
2018-12-17T22:41:51.254822246Z	67	PC: 12fcf \| Get or set file attributes
2018-12-17T22:41:51.262502109Z	67	PC: 12ff6 \| Get or set file attributes
2018-12-17T22:41:51.27995387Z	61	PC: 13692 \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:41:51.287296851Z	87	PC: 13010 \| Get or set file date and time
2018-12-17T22:41:51.290347685Z	66	PC: 13ddf \| Move file pointer
2018-12-17T22:41:51.292061675Z	66	PC: 13ded \| Move file pointer
2018-12-17T22:41:51.293821514Z	66	PC: 13dfb \| Move file pointer
2018-12-17T22:41:51.296698958Z	63	PC: 13765 \| Read file or device (Read 4348 bytes on handle 5)
2018-12-17T22:41:51.305375723Z	61	PC: 13692 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:41:51.313061424Z	63	PC: 13765 \| Read file or device (Read 4348 bytes on handle 6)
2018-12-17T22:41:51.322111649Z	62	PC: 136e2 \| Close file
2018-12-17T22:41:51.324029868Z	60	PC: 13692 \| Create or truncate file
2018-12-17T22:41:51.338169042Z	64	PC: 13765 \| Write file or device (Write 4348 bytes on handle 5)
2018-12-17T22:41:51.347751809Z	64	PC: 13765 \| Write file or device (Write 4348 bytes on handle 5)
2018-12-17T22:41:51.358107858Z	64	PC: 13765 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:41:51.361105958Z	87	PC: 1303d \| Get or set file date and time
2018-12-17T22:41:51.362768564Z	62	PC: 136e2 \| Close file
2018-12-17T22:41:51.371765381Z	62	PC: 136e2 \| Close file
2018-12-17T22:41:51.374228422Z	67	PC: 12ff6 \| Get or set file attributes
2018-12-17T22:41:51.385447033Z	61	PC: 13692 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:41:51.394319544Z	60	PC: 13692 \| Create or truncate file
2018-12-17T22:41:51.40620833Z	66	PC: 137c4 \| Move file pointer
2018-12-17T22:41:51.407883868Z	66	PC: 13ddf \| Move file pointer
2018-12-17T22:41:51.410243145Z	66	PC: 13ded \| Move file pointer
2018-12-17T22:41:51.411789416Z	66	PC: 13dfb \| Move file pointer
2018-12-17T22:41:51.413668024Z	63	PC: 13765 \| Read file or device (Read 4349 bytes on handle 5)
2018-12-17T22:41:51.422621944Z	64	PC: 13765 \| Write file or device (Write 4348 bytes on handle 6)
2018-12-17T22:41:51.431396822Z	62	PC: 136e2 \| Close file
2018-12-17T22:41:51.440107855Z	62	PC: 136e2 \| Close file
2018-12-17T22:41:51.442418965Z	41	PC: 13125 \| Parse filename
2018-12-17T22:41:51.444210989Z	41	PC: 13133 \| Parse filename
2018-12-17T22:41:51.445655906Z	75	PC: 1313e \| Execute program
2018-12-17T22:41:51.465934555Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:51.467973217Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:51.469496243Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:51.470999245Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:51.473719772Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:51.475261234Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:51.476758435Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:51.479222819Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:51.481305286Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:51.482757027Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:51.484960487Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:51.486635751Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:51.488593598Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:51.490390968Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:51.491808451Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:51.493000714Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:51.494264536Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:51.495411623Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:51.496545572Z	53	PC: 24cea \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:51.497864057Z	37	PC: 24cff \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:51.499720598Z	37	PC: 24d07 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:51.500819223Z	37	PC: 24d0f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:51.501966232Z	37	PC: 24d17 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:51.503906389Z	68	PC: 256fe \| I/O control for devices (Set for = '')
2018-12-17T22:41:51.505611928Z	48	PC: 25314 \| Get DOS version
2018-12-17T22:41:51.507547447Z	26	PC: 24b2d \| Set disk transfer address
2018-12-17T22:41:51.509404623Z	78	PC: 24b39 \| Find first file
2018-12-17T22:41:51.516832976Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.518023843Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.523140135Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.524802654Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.528592376Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.530177628Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.533587012Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.5346895Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.541440601Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.542695499Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.546482935Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.548544249Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.554085597Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.556212318Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.560927649Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.562050658Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.566663998Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.56862734Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.572313525Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.573258692Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.577480707Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.579110909Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.583475402Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.586091555Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.590183523Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.591777462Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.596926939Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.598653349Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.602662883Z	61	PC: 25152 \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:41:51.610966657Z	66	PC: 2589f \| Move file pointer
2018-12-17T22:41:51.613373159Z	66	PC: 258ad \| Move file pointer
2018-12-17T22:41:51.615392557Z	66	PC: 258bb \| Move file pointer
2018-12-17T22:41:51.617923252Z	66	PC: 25284 \| Move file pointer
2018-12-17T22:41:51.620105439Z	63	PC: 251e4 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:41:51.624298644Z	62	PC: 251a2 \| Close file
2018-12-17T22:41:51.628542341Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.636299981Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.640469145Z	61	PC: 25152 \| Open file (Filename = '\~BANSHEE.EXE')
2018-12-17T22:41:51.648661202Z	66	PC: 2589f \| Move file pointer
2018-12-17T22:41:51.650571003Z	66	PC: 258ad \| Move file pointer
2018-12-17T22:41:51.652454309Z	66	PC: 258bb \| Move file pointer
2018-12-17T22:41:51.654574745Z	66	PC: 25284 \| Move file pointer
2018-12-17T22:41:51.657296509Z	63	PC: 251e4 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:41:51.659679663Z	62	PC: 251a2 \| Close file
2018-12-17T22:41:51.662131577Z	26	PC: 24b51 \| Set disk transfer address
2018-12-17T22:41:51.66331037Z	79	PC: 24b56 \| Find next file
2018-12-17T22:41:51.670916956Z	67	PC: 24a8f \| Get or set file attributes
2018-12-17T22:41:51.677731369Z	67	PC: 24ab6 \| Get or set file attributes
2018-12-17T22:41:51.688711501Z	61	PC: 25152 \| Open file (Filename = '\~BANSHEE.EXE')
2018-12-17T22:41:51.697721251Z	87	PC: 24ad0 \| Get or set file date and time
2018-12-17T22:41:51.715987835Z	66	PC: 2589f \| Move file pointer
2018-12-17T22:41:51.718424231Z	66	PC: 258ad \| Move file pointer
2018-12-17T22:41:51.720413698Z	66	PC: 258bb \| Move file pointer
2018-12-17T22:41:51.723225888Z	63	PC: 25225 \| Read file or device (Read 4348 bytes on handle 5)
2018-12-17T22:41:51.731330457Z	61	PC: 25152 \| Open file (Filename = '~BANSHEE.EXE')
2018-12-17T22:41:51.744249646Z	63	PC: 25225 \| Read file or device (Read 4348 bytes on handle 6)
2018-12-17T22:41:51.75441665Z	62	PC: 251a2 \| Close file
2018-12-17T22:41:51.756448808Z	60	PC: 25152 \| Create or truncate file
2018-12-17T22:41:51.770400558Z	64	PC: 25225 \| Write file or device (Write 4348 bytes on handle 5)
2018-12-17T22:41:51.781170622Z	64	PC: 25225 \| Write file or device (Write 4348 bytes on handle 5)
2018-12-17T22:41:51.790949283Z	64	PC: 25225 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:41:51.794496425Z	87	PC: 24afd \| Get or set file date and time
2018-12-17T22:41:51.797435177Z	62	PC: 251a2 \| Close file
2018-12-17T22:41:51.806307959Z	62	PC: 251a2 \| Close file
2018-12-17T22:41:51.808336915Z	67	PC: 24ab6 \| Get or set file attributes
2018-12-17T22:41:51.819997696Z	61	PC: 25152 \| Open file (Filename = '~BANSHEE.EXE')
2018-12-17T22:41:51.827608978Z	60	PC: 25152 \| Create or truncate file
2018-12-17T22:41:51.842250752Z	66	PC: 25284 \| Move file pointer
2018-12-17T22:41:51.844814369Z	66	PC: 2589f \| Move file pointer
2018-12-17T22:41:51.84690282Z	66	PC: 258ad \| Move file pointer
2018-12-17T22:41:51.848843557Z	66	PC: 258bb \| Move file pointer
2018-12-17T22:41:51.853471585Z	63	PC: 25225 \| Read file or device (Read 4349 bytes on handle 5)
2018-12-17T22:41:51.857058155Z	64	PC: 25225 \| Write file or device (Write 4348 bytes on handle 6)
2018-12-17T22:41:51.866961207Z	62	PC: 251a2 \| Close file
2018-12-17T22:41:51.876886332Z	62	PC: 251a2 \| Close file
2018-12-17T22:41:51.879610416Z	41	PC: 24be5 \| Parse filename
2018-12-17T22:41:51.881328396Z	41	PC: 24bf3 \| Parse filename
2018-12-17T22:41:51.882984201Z	75	PC: 24bfe \| Execute program