Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Cyb.8197

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:36.61705488Z	74	PC: 14122 \| Reallocate memory
2018-12-17T22:42:36.622514718Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:36.638336874Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:42:36.639841581Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:42:36.641524775Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:36.643169914Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:36.644515418Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:36.646025432Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:42:36.661626709Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:42:36.663164783Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:42:36.664732338Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:42:36.667401248Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:42:36.66860254Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:42:36.670019566Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:42:36.677805512Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:42:36.679314139Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:42:36.680787781Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:42:36.683316273Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:42:36.684795982Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:42:36.68624404Z	53	PC: 13b7a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:42:36.688706562Z	37	PC: 13b8f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:36.690109186Z	37	PC: 13b97 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:36.691474737Z	37	PC: 13b9f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:36.692814344Z	37	PC: 13ba7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:42:36.695639814Z	68	PC: 1477d \| I/O control for devices (Set for = '')
2018-12-17T22:42:36.697452065Z	53	PC: 1381e \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:42:36.698972073Z	37	PC: 1383a \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:42:36.701270424Z	53	PC: 1381e \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:42:36.702499837Z	37	PC: 1383a \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:42:36.70369501Z	44	PC: 148b4 \| Get time 0x148b4: mov word ptr [0x3e], cx 0x148b8: mov word ptr [0x40], dx 0x148bc: retf 0x148bd: call 0x14904 0x148c0: jb 0x148d1 0x148c2: mov cx, word ptr es:[di + 4] 0x148c6: cmp cx, 1 0x148c9: je 0x148d1 0x148cb: xor bx, bx 0x148cd: push cs 0x148ce: call 0x24440 0x148d1: retf 4 0x148d4: call 0x14904 0x148d7: jb 0x148ec 0x148d9: mov ax, cx 0x148db: mov dx, bx 0x148dd: mov cx, word ptr es:[di + 4] 0x148e1: cmp cx, 1 0x148e4: je 0x148ec 0x148e6: xor bx, bx
2018-12-17T22:42:36.721476706Z	48	PC: 1438e \| Get DOS version
2018-12-17T22:42:36.725142132Z	48	PC: 1438e \| Get DOS version
2018-12-17T22:42:36.726858099Z	67	PC: 1386b \| Get or set file attributes
2018-12-17T22:42:36.736513846Z	26	PC: 137bd \| Set disk transfer address
2018-12-17T22:42:36.73792457Z	78	PC: 137c9 \| Find first file
2018-12-17T22:42:36.744146556Z	67	PC: 13746 \| Get or set file attributes
2018-12-17T22:42:36.774320316Z	61	PC: 14240 \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:42:36.781178509Z	63	PC: 14313 \| Read file or device (Read 5917 bytes on handle 5)
2018-12-17T22:42:36.790268945Z	62	PC: 14290 \| Close file
2018-12-17T22:42:36.793516258Z	26	PC: 137bd \| Set disk transfer address
2018-12-17T22:42:36.795280241Z	78	PC: 137c9 \| Find first file
2018-12-17T22:42:36.801146498Z	26	PC: 137bd \| Set disk transfer address
2018-12-17T22:42:36.803162231Z	78	PC: 137c9 \| Find first file
2018-12-17T22:42:36.809263807Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.810551097Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.814546167Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.816060157Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.819473473Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.820994781Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.824318526Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.825233852Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.828254822Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.829662845Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.832748957Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.834029148Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.837704967Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.8388312Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.84198157Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.844040591Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.846607255Z	26	PC: 137bd \| Set disk transfer address
2018-12-17T22:42:36.847800233Z	78	PC: 137c9 \| Find first file
2018-12-17T22:42:36.854369102Z	26	PC: 137bd \| Set disk transfer address
2018-12-17T22:42:36.8557126Z	78	PC: 137c9 \| Find first file
2018-12-17T22:42:36.861234349Z	26	PC: 137bd \| Set disk transfer address
2018-12-17T22:42:36.863146503Z	78	PC: 137c9 \| Find first file
2018-12-17T22:42:36.869628038Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.870937038Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.874654031Z	26	PC: 137bd \| Set disk transfer address
2018-12-17T22:42:36.875740802Z	78	PC: 137c9 \| Find first file
2018-12-17T22:42:36.883802855Z	26	PC: 137bd \| Set disk transfer address
2018-12-17T22:42:36.894635319Z	78	PC: 137c9 \| Find first file
2018-12-17T22:42:36.901014037Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.902343062Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.906069722Z	26	PC: 137bd \| Set disk transfer address
2018-12-17T22:42:36.907405986Z	78	PC: 137c9 \| Find first file
2018-12-17T22:42:36.916773649Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.918336854Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.921995072Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:36.923319582Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:36.928317006Z	67	PC: 13746 \| Get or set file attributes
2018-12-17T22:42:37.278385519Z	61	PC: 14240 \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:42:37.285711614Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.289552139Z	63	PC: 14313 \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:42:37.295822984Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.29763105Z	63	PC: 14313 \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:42:37.303853996Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.305082796Z	63	PC: 14313 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:37.307345914Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.309222735Z	63	PC: 14313 \| Read file or device (Read 5917 bytes on handle 5)
2018-12-17T22:42:37.315309539Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.317608988Z	64	PC: 14313 \| Write file or device (Write 5917 bytes on handle 5)
2018-12-17T22:42:37.333035324Z	64	PC: 14313 \| Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:42:37.339078571Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.340952087Z	64	PC: 14313 \| Write file or device (Write 5917 bytes on handle 5)
2018-12-17T22:42:37.347881316Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.350782793Z	64	PC: 14313 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:42:37.357018298Z	87	PC: 1378d \| Get or set file date and time
2018-12-17T22:42:37.359784189Z	62	PC: 14290 \| Close file
2018-12-17T22:42:37.367083429Z	67	PC: 13746 \| Get or set file attributes
2018-12-17T22:42:37.377038708Z	26	PC: 137e1 \| Set disk transfer address
2018-12-17T22:42:37.379294045Z	79	PC: 137e6 \| Find next file
2018-12-17T22:42:37.383998355Z	67	PC: 13746 \| Get or set file attributes
2018-12-17T22:42:37.393984999Z	61	PC: 14240 \| Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T22:42:37.402152241Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.404878146Z	63	PC: 14313 \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:42:37.411051261Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.412770319Z	63	PC: 14313 \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:42:37.421067573Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.422542125Z	63	PC: 14313 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:37.425743704Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.428378112Z	63	PC: 14313 \| Read file or device (Read 5917 bytes on handle 5)
2018-12-17T22:42:37.436507607Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.438373646Z	64	PC: 14313 \| Write file or device (Write 5917 bytes on handle 5)
2018-12-17T22:42:37.452077762Z	64	PC: 14313 \| Write file or device (Write 1210 bytes on handle 5)
2018-12-17T22:42:37.460074479Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.461925112Z	64	PC: 14313 \| Write file or device (Write 5917 bytes on handle 5)
2018-12-17T22:42:37.470795384Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.473213223Z	64	PC: 14313 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:42:37.479775954Z	87	PC: 1378d \| Get or set file date and time
2018-12-17T22:42:37.482648834Z	62	PC: 14290 \| Close file
2018-12-17T22:42:37.491119855Z	67	PC: 13746 \| Get or set file attributes
2018-12-17T22:42:37.501271276Z	61	PC: 14240 \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:42:37.512153079Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.514649407Z	63	PC: 14313 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:42:37.521637098Z	66	PC: 1491e \| Move file pointer
2018-12-17T22:42:37.524191691Z	66	PC: 1492c \| Move file pointer
2018-12-17T22:42:37.52632107Z	66	PC: 1493a \| Move file pointer
2018-12-17T22:42:37.528214081Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.530953174Z	63	PC: 14313 \| Read file or device (Read 5917 bytes on handle 5)
2018-12-17T22:42:37.539855026Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.541708577Z	64	PC: 14313 \| Write file or device (Write 5917 bytes on handle 5)
2018-12-17T22:42:37.550742826Z	66	PC: 14372 \| Move file pointer
2018-12-17T22:42:37.553499473Z	64	PC: 14271 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:42:37.563048714Z	87	PC: 1378d \| Get or set file date and time
2018-12-17T22:42:37.564942957Z	62	PC: 14290 \| Close file
2018-12-17T22:42:37.573291458Z	67	PC: 13746 \| Get or set file attributes
2018-12-17T22:42:37.583278762Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:37.58480346Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:37.587533707Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:42:37.589079059Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:42:37.590563904Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:42:37.593197173Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:42:37.594719704Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:37.596252348Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:37.598544037Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:37.600504152Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:37.605857892Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:37.608018237Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:37.609776534Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:42:37.611248021Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:42:37.613516303Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:42:37.615293595Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:42:37.616764538Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:42:37.618983873Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:42:37.620812202Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:42:37.622334258Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:42:37.624005131Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:42:37.626385933Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:42:37.627841019Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:42:37.629336543Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:42:37.631858834Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:42:37.633367166Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:42:37.634824053Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:42:37.637842473Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:42:37.640010945Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:42:37.641503786Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:42:37.644416529Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:42:37.645904336Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:42:37.647352295Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:42:37.649869958Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:42:37.651318843Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:42:37.652796364Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:42:37.654878332Z	53	PC: 13aed \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:42:37.65605508Z	37	PC: 13af6 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:42:37.657781082Z	41	PC: 13aa4 \| Parse filename
2018-12-17T22:42:37.659946129Z	41	PC: 13ab2 \| Parse filename
2018-12-17T22:42:37.661345907Z	75	PC: 13abd \| Execute program
2018-12-17T22:42:37.683096491Z	80	PC: 1da89 \| Set current PSP
2018-12-17T22:42:37.685697005Z	48	PC: 1da8e \| Get DOS version
2018-12-17T22:42:37.687573774Z	99	PC: 24270 \| Get DBCS lead byte table pointer
2018-12-17T22:42:37.690445077Z	101	PC: 1db14 \| Get extended country info
2018-12-17T22:42:37.693161779Z	99	PC: 1db1a \| Get DBCS lead byte table pointer
2018-12-17T22:42:37.694776763Z	74	PC: 1db7c \| Reallocate memory
2018-12-17T22:42:37.69650087Z	25	PC: 1dbb3 \| Get default drive
2018-12-17T22:42:37.699043683Z	37	PC: 1d673 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:42:37.700500352Z	37	PC: 1d67a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:37.701937664Z	37	PC: 1d681 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:37.707534121Z	74	PC: 1c81c \| Reallocate memory
2018-12-17T22:42:37.709332532Z	72	PC: 1c85d \| Allocate memory
2018-12-17T22:42:37.710992997Z	72	PC: 1c895 \| Allocate memory
2018-12-17T22:42:37.713494159Z	72	PC: 1c89d \| Allocate memory