Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Chs.6549

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:48.789655451Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:48.792048379Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:42:48.793458438Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:42:48.794829752Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:48.798972405Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:48.8007917Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:48.802233117Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:42:48.804700232Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:42:48.806406933Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:42:48.808162686Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:42:48.810015386Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:42:48.813305545Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:42:48.815011696Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:42:48.816706257Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:42:48.824079509Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:42:48.825609936Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:42:48.827075304Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:42:48.829602121Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:42:48.83101623Z	53	PC: 1396a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:42:48.832321721Z	37	PC: 1397f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:48.834645951Z	37	PC: 13987 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:48.836349843Z	37	PC: 1398f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:48.838059424Z	37	PC: 13997 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:42:48.840642255Z	68	PC: 148ca \| I/O control for devices (Set for = '')
2018-12-17T22:42:48.968344702Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:42:48.970637312Z	25	PC: 14487 \| Get default drive
2018-12-17T22:42:48.972810226Z	71	PC: 1449a \| Get current directory
2018-12-17T22:42:48.977183734Z	26	PC: 131ff \| Set disk transfer address
2018-12-17T22:42:48.978448917Z	78	PC: 1320b \| Find first file
2018-12-17T22:42:48.987005547Z	61	PC: 14238 \| Open file (Filename = 'A:\SLEEP.COM')
2018-12-17T22:42:48.997666849Z	66	PC: 1436a \| Move file pointer
2018-12-17T22:42:49.002195186Z	63	PC: 1430b \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:42:49.019887167Z	62	PC: 14288 \| Close file
2018-12-17T22:42:49.022634037Z	44	PC: 14a01 \| Get time 0x14a01: mov word ptr [0x40], cx 0x14a05: mov word ptr [0x42], dx 0x14a09: retf 0x14a0a: call 0x14a51 0x14a0d: jb 0x14a1e 0x14a0f: mov cx, word ptr es:[di + 4] 0x14a13: cmp cx, 1 0x14a16: je 0x14a1e 0x14a18: xor bx, bx 0x14a1a: push cs 0x14a1b: call 0x24592 0x14a1e: retf 4 0x14a21: call 0x14a51 0x14a24: jb 0x14a39 0x14a26: mov ax, cx 0x14a28: mov dx, bx 0x14a2a: mov cx, word ptr es:[di + 4] 0x14a2e: cmp cx, 1 0x14a31: je 0x14a39 0x14a33: xor bx, bx
2018-12-17T22:42:49.02514185Z	48	PC: 143fa \| Get DOS version
2018-12-17T22:42:49.026865755Z	61	PC: 14238 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:42:49.035616139Z	63	PC: 1430b \| Read file or device (Read 6549 bytes on handle 5)
2018-12-17T22:42:49.04477525Z	62	PC: 14288 \| Close file
2018-12-17T22:42:49.047484586Z	61	PC: 14238 \| Open file (Filename = 'A:\SLEEP.COM')
2018-12-17T22:42:49.056051556Z	66	PC: 14a6b \| Move file pointer
2018-12-17T22:42:49.057975737Z	66	PC: 14a79 \| Move file pointer
2018-12-17T22:42:49.059983509Z	66	PC: 14a87 \| Move file pointer
2018-12-17T22:42:49.063967064Z	63	PC: 1430b \| Read file or device (Read 407 bytes on handle 5)
2018-12-17T22:42:49.067799402Z	66	PC: 1436a \| Move file pointer
2018-12-17T22:42:49.069893345Z	64	PC: 1430b \| Write file or device (Write 6549 bytes on handle 5)
2018-12-17T22:42:49.087116581Z	64	PC: 1430b \| Write file or device (Write 407 bytes on handle 5)
2018-12-17T22:42:49.097559089Z	87	PC: 131cf \| Get or set file date and time
2018-12-17T22:42:49.099804037Z	62	PC: 14288 \| Close file
2018-12-17T22:42:49.109238352Z	26	PC: 13223 \| Set disk transfer address
2018-12-17T22:42:49.11165686Z	79	PC: 13228 \| Find next file
2018-12-17T22:42:49.115464343Z	26	PC: 13223 \| Set disk transfer address
2018-12-17T22:42:49.117069047Z	79	PC: 13228 \| Find next file
2018-12-17T22:42:49.127742751Z	61	PC: 14238 \| Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:42:49.136264839Z	66	PC: 1436a \| Move file pointer
2018-12-17T22:42:49.13845639Z	63	PC: 1430b \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:42:49.14192827Z	62	PC: 14288 \| Close file
2018-12-17T22:42:49.144379672Z	44	PC: 14a01 \| Get time 0x14a01: mov word ptr [0x40], cx 0x14a05: mov word ptr [0x42], dx 0x14a09: retf 0x14a0a: call 0x14a51 0x14a0d: jb 0x14a1e 0x14a0f: mov cx, word ptr es:[di + 4] 0x14a13: cmp cx, 1 0x14a16: je 0x14a1e 0x14a18: xor bx, bx 0x14a1a: push cs 0x14a1b: call 0x24592 0x14a1e: retf 4 0x14a21: call 0x14a51 0x14a24: jb 0x14a39 0x14a26: mov ax, cx 0x14a28: mov dx, bx 0x14a2a: mov cx, word ptr es:[di + 4] 0x14a2e: cmp cx, 1 0x14a31: je 0x14a39 0x14a33: xor bx, bx
2018-12-17T22:42:49.147921158Z	48	PC: 143fa \| Get DOS version
2018-12-17T22:42:49.154465726Z	61	PC: 14238 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:42:49.16309124Z	63	PC: 1430b \| Read file or device (Read 6549 bytes on handle 5)
2018-12-17T22:42:49.17245352Z	62	PC: 14288 \| Close file
2018-12-17T22:42:49.176546034Z	61	PC: 14238 \| Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:42:49.184812785Z	66	PC: 14a6b \| Move file pointer
2018-12-17T22:42:49.187184598Z	66	PC: 14a79 \| Move file pointer
2018-12-17T22:42:49.190521887Z	66	PC: 14a87 \| Move file pointer
2018-12-17T22:42:49.193034665Z	63	PC: 1430b \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:42:49.20082841Z	66	PC: 1436a \| Move file pointer
2018-12-17T22:42:49.204211872Z	64	PC: 1430b \| Write file or device (Write 6549 bytes on handle 5)
2018-12-17T22:42:49.214749302Z	64	PC: 1430b \| Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:42:49.218173488Z	87	PC: 131cf \| Get or set file date and time
2018-12-17T22:42:49.220841002Z	62	PC: 14288 \| Close file
2018-12-17T22:42:49.230564872Z	42	PC: 130e7 \| Get date 0x130e7: xor ah, ah 0x130e9: les di, ptr [bp + 6] 0x130ec: stosw word ptr es:[di], ax 0x130ed: mov al, dl 0x130ef: les di, ptr [bp + 0xa] 0x130f2: stosw word ptr es:[di], ax 0x130f3: mov al, dh 0x130f5: les di, ptr [bp + 0xe] 0x130f8: stosw word ptr es:[di], ax 0x130f9: xchg ax, cx 0x130fa: les di, ptr [bp + 0x12] 0x130fd: stosw word ptr es:[di], ax 0x130fe: pop bp 0x130ff: retf 0x10 0x13102: push bp 0x13103: mov bp, sp 0x13105: mov cx, word ptr [bp + 0xa] 0x13108: mov dh, byte ptr [bp + 8] 0x1310b: mov dl, byte ptr [bp + 6] 0x1310e: mov ah, 0x2b
2018-12-17T22:42:49.233131541Z	44	PC: 14a01 \| Get time 0x14a01: mov word ptr [0x40], cx 0x14a05: mov word ptr [0x42], dx 0x14a09: retf 0x14a0a: call 0x14a51 0x14a0d: jb 0x14a1e 0x14a0f: mov cx, word ptr es:[di + 4] 0x14a13: cmp cx, 1 0x14a16: je 0x14a1e 0x14a18: xor bx, bx 0x14a1a: push cs 0x14a1b: call 0x24592 0x14a1e: retf 4 0x14a21: call 0x14a51 0x14a24: jb 0x14a39 0x14a26: mov ax, cx 0x14a28: mov dx, bx 0x14a2a: mov cx, word ptr es:[di + 4] 0x14a2e: cmp cx, 1 0x14a31: je 0x14a39 0x14a33: xor bx, bx
2018-12-17T22:42:49.235993622Z	48	PC: 143fa \| Get DOS version
2018-12-17T22:42:49.238437858Z	61	PC: 14238 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:42:49.247108652Z	66	PC: 14a6b \| Move file pointer
2018-12-17T22:42:49.249220687Z	66	PC: 14a79 \| Move file pointer
2018-12-17T22:42:49.251557314Z	66	PC: 14a87 \| Move file pointer
2018-12-17T22:42:49.253691495Z	66	PC: 1436a \| Move file pointer
2018-12-17T22:42:49.25584474Z	63	PC: 1430b \| Read file or device (Read 47845 bytes on handle 5)
2018-12-17T22:42:49.266974204Z	62	PC: 14288 \| Close file
2018-12-17T22:42:49.269267091Z	60	PC: 14238 \| Create or truncate file
2018-12-17T22:42:49.282366679Z	64	PC: 1430b \| Write file or device (Write 47845 bytes on handle 5)
2018-12-17T22:42:49.294955163Z	62	PC: 14288 \| Close file
2018-12-17T22:42:49.304199496Z	67	PC: 13188 \| Get or set file attributes
2018-12-17T22:42:49.317247397Z	41	PC: 132b7 \| Parse filename
2018-12-17T22:42:49.319388787Z	41	PC: 132c5 \| Parse filename
2018-12-17T22:42:49.321500576Z	75	PC: 132d0 \| Execute program
2018-12-17T22:42:49.340356802Z	80	PC: 2c739 \| Set current PSP
2018-12-17T22:42:49.342058341Z	48	PC: 2c73d \| Get DOS version
2018-12-17T22:42:49.34377481Z	2	PC: 2c5ec \| Character output (Char = '49')
2018-12-17T22:42:49.346496999Z	2	PC: 2c5ec \| Character output (Char = '6e')
2018-12-17T22:42:49.349375309Z	2	PC: 2c5ec \| Character output (Char = '63')
2018-12-17T22:42:49.352003326Z	2	PC: 2c5ec \| Character output (Char = '6f')
2018-12-17T22:42:49.354594194Z	2	PC: 2c5ec \| Character output (Char = '72')
2018-12-17T22:42:49.357454369Z	2	PC: 2c5ec \| Character output (Char = '72')
2018-12-17T22:42:49.36049587Z	2	PC: 2c5ec \| Character output (Char = '65')
2018-12-17T22:42:49.362871721Z	2	PC: 2c5ec \| Character output (Char = '63')
2018-12-17T22:42:49.366581068Z	2	PC: 2c5ec \| Character output (Char = '74')
2018-12-17T22:42:49.369237773Z	2	PC: 2c5ec \| Character output (Char = '20')
2018-12-17T22:42:49.371845286Z	2	PC: 2c5ec \| Character output (Char = '44')
2018-12-17T22:42:49.375228962Z	2	PC: 2c5ec \| Character output (Char = '4f')
2018-12-17T22:42:49.377646723Z	2	PC: 2c5ec \| Character output (Char = '53')
2018-12-17T22:42:49.380271528Z	2	PC: 2c5ec \| Character output (Char = '20')
2018-12-17T22:42:49.3842935Z	2	PC: 2c5ec \| Character output (Char = '76')
2018-12-17T22:42:49.387996353Z	2	PC: 2c5ec \| Character output (Char = '65')
2018-12-17T22:42:49.390830049Z	2	PC: 2c5ec \| Character output (Char = '72')
2018-12-17T22:42:49.394653021Z	2	PC: 2c5ec \| Character output (Char = '73')
2018-12-17T22:42:49.397436969Z	2	PC: 2c5ec \| Character output (Char = '69')
2018-12-17T22:42:49.400237834Z	2	PC: 2c5ec \| Character output (Char = '6f')
2018-12-17T22:42:49.403894117Z	2	PC: 2c5ec \| Character output (Char = '6e')
2018-12-17T22:42:49.407067932Z	2	PC: 2c5ec \| Character output (Char = '0d')
2018-12-17T22:42:49.409718805Z	2	PC: 2c5ec \| Character output (Char = '0a')
2018-12-17T22:42:49.417413648Z	65	PC: 14381 \| Delete file (Filename = '��#ZX�=A')
2018-12-17T22:42:49.431859698Z	77	PC: 132ee \| Get program return code
2018-12-17T22:42:49.434267073Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:49.44234052Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:42:49.444148487Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:42:49.445599239Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:49.447845383Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:49.449327788Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:49.450706725Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:42:49.452945333Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:42:49.454345451Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:42:49.455659159Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:42:49.457268231Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:42:49.459418368Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:42:49.460733209Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:42:49.462079209Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:42:49.464942942Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:42:49.466676594Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:42:49.468243278Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:42:49.470637258Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:42:49.471953832Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:42:49.473226594Z	76	PC: 13b00 \| Terminate with return code (Return code = '0')