Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Kobr.9488

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:43:23.550781191Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:23.552852693Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:23.554732759Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:23.556467408Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:23.558715951Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:23.560455591Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:23.56218041Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:23.564480397Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:23.56646687Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:23.568431129Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:23.584508139Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:23.586521487Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:23.597270383Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:23.599751353Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:23.601926664Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:23.603320843Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:23.604691038Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:23.606455801Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:23.607827235Z 53 PC: 13a8a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:23.609196677Z 37 PC: 13a9f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:23.633981934Z 37 PC: 13aa7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:23.635579632Z 37 PC: 13aaf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:23.637148049Z 37 PC: 13ab7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:23.639763466Z 68 PC: 1497c | I/O control for devices (Set for = 's�g����H3�P��X�=')
2018-12-17T22:43:23.641864698Z 26 PC: 13825 | Set disk transfer address
2018-12-17T22:43:23.643350159Z 78 PC: 13831 | Find first file
2018-12-17T22:43:23.654164172Z 60 PC: 14960 | Create or truncate file
2018-12-17T22:43:23.674964948Z 68 PC: 1497c | I/O control for devices (Set for = 's�g����H3�P��X�=')
2018-12-17T22:43:23.677535765Z 64 PC: 140e6 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:43:23.695314833Z 62 PC: 14125 | Close file
2018-12-17T22:43:23.716306944Z 61 PC: 14960 | Open file (Filename = '06121998.txt')
2018-12-17T22:43:23.724080768Z 63 PC: 140b4 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:43:23.728295166Z 62 PC: 14125 | Close file
2018-12-17T22:43:23.730931587Z 65 PC: 1458d | Delete file (Filename = '06121998.txt')
2018-12-17T22:43:23.74414587Z 26 PC: 13849 | Set disk transfer address
2018-12-17T22:43:23.745985231Z 79 PC: 1384e | Find next file
2018-12-17T22:43:23.749715202Z 26 PC: 13825 | Set disk transfer address
2018-12-17T22:43:23.751307386Z 78 PC: 13831 | Find first file
2018-12-17T22:43:23.759861821Z 26 PC: 13849 | Set disk transfer address
2018-12-17T22:43:23.762030748Z 79 PC: 1384e | Find next file
2018-12-17T22:43:23.778819359Z 26 PC: 13825 | Set disk transfer address
2018-12-17T22:43:23.780443177Z 78 PC: 13831 | Find first file
2018-12-17T22:43:23.788886971Z 61 PC: 14444 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:43:23.796770813Z 60 PC: 14444 | Create or truncate file
2018-12-17T22:43:23.809262392Z 62 PC: 14494 | Close file
2018-12-17T22:43:23.811906125Z 61 PC: 14444 | Open file (Filename = '22121998.txt')
2018-12-17T22:43:23.819851108Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:23.822769259Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:23.825365323Z 63 PC: 14517 | Read file or device (Read 80 bytes on handle 5)
2018-12-17T22:43:23.83311384Z 64 PC: 14517 | Write file or device (Write 80 bytes on handle 6)
2018-12-17T22:43:23.837762456Z 62 PC: 14494 | Close file
2018-12-17T22:43:23.840256331Z 62 PC: 14494 | Close file
2018-12-17T22:43:23.850036406Z 61 PC: 14960 | Open file (Filename = '22121998.txt')
2018-12-17T22:43:23.865452988Z 63 PC: 140b4 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:43:23.870869435Z 62 PC: 14125 | Close file
2018-12-17T22:43:23.878617969Z 65 PC: 1458d | Delete file (Filename = '22121998.txt')
2018-12-17T22:43:23.90763105Z 86 PC: 145d1 | Rename file
2018-12-17T22:43:23.923972258Z 26 PC: 13825 | Set disk transfer address
2018-12-17T22:43:23.925634281Z 78 PC: 13831 | Find first file
2018-12-17T22:43:23.932992425Z 86 PC: 145d1 | Rename file
2018-12-17T22:43:23.950384864Z 61 PC: 14444 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:43:23.958512149Z 60 PC: 14444 | Create or truncate file
2018-12-17T22:43:23.998015144Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.001370126Z 61 PC: 14444 | Open file (Filename = 'kobr98.exe')
2018-12-17T22:43:24.010334616Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.012483566Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.017127042Z 63 PC: 14517 | Read file or device (Read 9488 bytes on handle 5)
2018-12-17T22:43:24.02690102Z 64 PC: 14517 | Write file or device (Write 9488 bytes on handle 6)
2018-12-17T22:43:24.037349643Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.040710981Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.050687969Z 60 PC: 14444 | Create or truncate file
2018-12-17T22:43:24.063279864Z 61 PC: 14444 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:43:24.072843642Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.07559607Z 61 PC: 14444 | Open file (Filename = '30121998.txt')
2018-12-17T22:43:24.083566473Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.086316387Z 66 PC: 14a7b | Move file pointer
2018-12-17T22:43:24.088551569Z 66 PC: 14a89 | Move file pointer
2018-12-17T22:43:24.090461037Z 66 PC: 14a97 | Move file pointer
2018-12-17T22:43:24.09268255Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.095468684Z 66 PC: 14a7b | Move file pointer
2018-12-17T22:43:24.097331695Z 66 PC: 14a89 | Move file pointer
2018-12-17T22:43:24.099229671Z 66 PC: 14a97 | Move file pointer
2018-12-17T22:43:24.102599816Z 63 PC: 14517 | Read file or device (Read 62464 bytes on handle 6)
2018-12-17T22:43:24.114541257Z 64 PC: 14517 | Write file or device (Write 62464 bytes on handle 5)
2018-12-17T22:43:24.127445853Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.130892861Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.14059969Z 65 PC: 1458d | Delete file (Filename = 'TEST.EXE')
2018-12-17T22:43:24.153623699Z 86 PC: 145d1 | Rename file
2018-12-17T22:43:24.17245035Z 61 PC: 14444 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:43:24.180987128Z 61 PC: 14444 | Open file (Filename = 'kobr98.exe')
2018-12-17T22:43:24.194761316Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.197734761Z 66 PC: 14a7b | Move file pointer
2018-12-17T22:43:24.200767039Z 66 PC: 14a89 | Move file pointer
2018-12-17T22:43:24.20309331Z 66 PC: 14a97 | Move file pointer
2018-12-17T22:43:24.206493164Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.208389699Z 66 PC: 14a7b | Move file pointer
2018-12-17T22:43:24.2157178Z 66 PC: 14a89 | Move file pointer
2018-12-17T22:43:24.218647479Z 66 PC: 14a97 | Move file pointer
2018-12-17T22:43:24.220741442Z 63 PC: 14517 | Read file or device (Read 62464 bytes on handle 5)
2018-12-17T22:43:24.231282113Z 64 PC: 14517 | Write file or device (Write 62464 bytes on handle 6)
2018-12-17T22:43:24.247533608Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.250886144Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.260465531Z 65 PC: 1458d | Delete file (Filename = 'TEST.EXE')
2018-12-17T22:43:24.275712446Z 86 PC: 145d1 | Rename file
2018-12-17T22:43:24.289088581Z 61 PC: 14444 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:43:24.300434808Z 60 PC: 14444 | Create or truncate file
2018-12-17T22:43:24.313588486Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.31594453Z 61 PC: 14444 | Open file (Filename = '25121998.txt')
2018-12-17T22:43:24.329763348Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.332488197Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.334805233Z 63 PC: 14517 | Read file or device (Read 1469 bytes on handle 5)
2018-12-17T22:43:24.36613291Z 64 PC: 14517 | Write file or device (Write 1469 bytes on handle 6)
2018-12-17T22:43:24.384103655Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.386389611Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.396599311Z 60 PC: 14960 | Create or truncate file
2018-12-17T22:43:24.410378494Z 68 PC: 1497c | I/O control for devices (Set for = 'W�6h1�PP�� �')
2018-12-17T22:43:24.412771787Z 64 PC: 140e6 | Write file or device (Write 10 bytes on handle 5)
2018-12-17T22:43:24.417570954Z 62 PC: 14125 | Close file
2018-12-17T22:43:24.428155364Z 60 PC: 14960 | Create or truncate file
2018-12-17T22:43:24.440748764Z 68 PC: 1497c | I/O control for devices (Set for = 'W�6h1�PP�� �')
2018-12-17T22:43:24.442914843Z 61 PC: 14960 | Open file (Filename = 'redaktna.txt')
2018-12-17T22:43:24.451755519Z 63 PC: 140b4 | Read file or device (Read 128 bytes on handle 6)
2018-12-17T22:43:24.457117527Z 62 PC: 14125 | Close file
2018-12-17T22:43:24.460215137Z 64 PC: 140e6 | Write file or device (Write 12 bytes on handle 5)
2018-12-17T22:43:24.465229992Z 62 PC: 14125 | Close file
2018-12-17T22:43:24.475203241Z 65 PC: 1458d | Delete file (Filename = 'redaktna.txt')
2018-12-17T22:43:24.488279051Z 61 PC: 14444 | Open file (Filename = 'kobr98v4.job')
2018-12-17T22:43:24.497294408Z 61 PC: 14444 | Open file (Filename = '25121998.txt')
2018-12-17T22:43:24.505279379Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.507332739Z 66 PC: 14a7b | Move file pointer
2018-12-17T22:43:24.509612679Z 66 PC: 14a89 | Move file pointer
2018-12-17T22:43:24.511652872Z 66 PC: 14a97 | Move file pointer
2018-12-17T22:43:24.513709485Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.516774263Z 63 PC: 14517 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:43:24.520238485Z 64 PC: 14517 | Write file or device (Write 8 bytes on handle 6)
2018-12-17T22:43:24.525585309Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.528900807Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.538233587Z 65 PC: 1458d | Delete file (Filename = 'kobr98v4.job')
2018-12-17T22:43:24.551229552Z 61 PC: 14444 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:43:24.559838639Z 61 PC: 14444 | Open file (Filename = '25121998.txt')
2018-12-17T22:43:24.567698102Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.569724957Z 66 PC: 14a7b | Move file pointer
2018-12-17T22:43:24.571983094Z 66 PC: 14a89 | Move file pointer
2018-12-17T22:43:24.574353063Z 66 PC: 14a97 | Move file pointer
2018-12-17T22:43:24.576465134Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.579254524Z 66 PC: 14a7b | Move file pointer
2018-12-17T22:43:24.581362821Z 66 PC: 14a89 | Move file pointer
2018-12-17T22:43:24.583355984Z 66 PC: 14a97 | Move file pointer
2018-12-17T22:43:24.58612395Z 63 PC: 14517 | Read file or device (Read 65520 bytes on handle 5)
2018-12-17T22:43:24.598948667Z 64 PC: 14517 | Write file or device (Write 65520 bytes on handle 6)
2018-12-17T22:43:24.613146853Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.616034794Z 66 PC: 14a7b | Move file pointer
2018-12-17T22:43:24.61830639Z 66 PC: 14a89 | Move file pointer
2018-12-17T22:43:24.620064381Z 66 PC: 14a97 | Move file pointer
2018-12-17T22:43:24.622559355Z 66 PC: 14576 | Move file pointer
2018-12-17T22:43:24.624619511Z 63 PC: 14517 | Read file or device (Read 4955 bytes on handle 5)
2018-12-17T22:43:24.633206779Z 64 PC: 14517 | Write file or device (Write 4955 bytes on handle 6)
2018-12-17T22:43:24.668375826Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.670721629Z 62 PC: 14494 | Close file
2018-12-17T22:43:24.680074522Z 65 PC: 1458d | Delete file (Filename = 'TEST.EXE')
2018-12-17T22:43:24.694030354Z 86 PC: 145d1 | Rename file
2018-12-17T22:43:24.707098486Z 25 PC: 138d6 | Get default drive
2018-12-17T22:43:24.708796285Z 71 PC: 138f5 | Get current directory
2018-12-17T22:43:24.719722649Z 41 PC: 139eb | Parse filename
2018-12-17T22:43:24.721748521Z 41 PC: 139f9 | Parse filename
2018-12-17T22:43:24.723737283Z 75 PC: 13a04 | Execute program
2018-12-17T22:43:24.735644121Z 53 PC: 13886 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:43:24.737344974Z 37 PC: 138a2 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:43:24.739069253Z 49 PC: 13986 | Terminate and stay resident (Return code = '0' | Memory size = '4883')