Sample viewer

vx.netlux.org/Virus.DOS.HLLP.4809

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:37.379441476Z	53	PC: 135da \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:37.385317672Z	53	PC: 135da \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:37.38639523Z	53	PC: 135da \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:37.387449668Z	53	PC: 135da \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:37.388805724Z	53	PC: 135da \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:37.390316652Z	53	PC: 135da \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:37.391456212Z	53	PC: 135da \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:37.392879443Z	53	PC: 135da \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:37.393993943Z	53	PC: 135da \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:37.39502016Z	53	PC: 135da \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:37.396886138Z	53	PC: 135da \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:37.398227854Z	53	PC: 135da \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:37.399439086Z	53	PC: 135da \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:37.401885627Z	53	PC: 135da \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:37.403139088Z	53	PC: 135da \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:37.404378775Z	53	PC: 135da \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:37.405844935Z	53	PC: 135da \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:37.407113259Z	53	PC: 135da \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:37.408356556Z	53	PC: 135da \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:37.409890584Z	37	PC: 135ef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:37.411059588Z	37	PC: 135f7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:37.412087602Z	37	PC: 135ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:37.413440096Z	37	PC: 13607 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:37.414873131Z	68	PC: 13f7f \| I/O control for devices (Set for = '')
2018-12-17T22:43:37.416223751Z	42	PC: 13247 \| Get date 0x13247: xor ah, ah 0x13249: les di, ptr [bp + 6] 0x1324c: stosw word ptr es:[di], ax 0x1324d: mov al, dl 0x1324f: les di, ptr [bp + 0xa] 0x13252: stosw word ptr es:[di], ax 0x13253: mov al, dh 0x13255: les di, ptr [bp + 0xe] 0x13258: stosw word ptr es:[di], ax 0x13259: xchg ax, cx 0x1325a: les di, ptr [bp + 0x12] 0x1325d: stosw word ptr es:[di], ax 0x1325e: pop bp 0x1325f: retf 0x10 0x13262: push bp 0x13263: mov bp, sp 0x13265: mov cx, word ptr [bp + 0xa] 0x13268: mov dh, byte ptr [bp + 8] 0x1326b: mov dl, byte ptr [bp + 6] 0x1326e: mov ah, 0x2b
2018-12-17T22:43:37.418420649Z	48	PC: 13b90 \| Get DOS version
2018-12-17T22:43:37.419930401Z	61	PC: 13a42 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:37.426393496Z	66	PC: 13b74 \| Move file pointer
2018-12-17T22:43:37.427811771Z	63	PC: 13b15 \| Read file or device (Read 4809 bytes on handle 5)
2018-12-17T22:43:37.434900653Z	66	PC: 1407e \| Move file pointer
2018-12-17T22:43:37.436031248Z	66	PC: 1408c \| Move file pointer
2018-12-17T22:43:37.437280545Z	66	PC: 1409a \| Move file pointer
2018-12-17T22:43:37.438489474Z	66	PC: 13b74 \| Move file pointer
2018-12-17T22:43:37.439700707Z	63	PC: 13b15 \| Read file or device (Read 4809 bytes on handle 5)
2018-12-17T22:43:37.447009013Z	66	PC: 13b74 \| Move file pointer
2018-12-17T22:43:37.448223909Z	64	PC: 13b15 \| Write file or device (Write 4809 bytes on handle 5)
2018-12-17T22:43:37.466716779Z	62	PC: 13a92 \| Close file
2018-12-17T22:43:37.472411272Z	61	PC: 13a42 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:37.476727997Z	87	PC: 1332f \| Get or set file date and time
2018-12-17T22:43:37.478240409Z	62	PC: 13a92 \| Close file
2018-12-17T22:43:37.485540547Z	26	PC: 1335f \| Set disk transfer address
2018-12-17T22:43:37.486639163Z	78	PC: 1336b \| Find first file
2018-12-17T22:43:37.492784642Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.494441988Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.497443497Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.498537951Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.502026279Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.502943137Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.505211123Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.507105993Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.509063613Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.509914604Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.519207597Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.52038022Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.522495997Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.524050995Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.526047377Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.527300675Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.530552829Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.532020297Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.5345003Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.536785984Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.538895956Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.539817058Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.542898248Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.543988368Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.546170319Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.547535032Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.549762051Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.550762962Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.553313251Z	26	PC: 13383 \| Set disk transfer address
2018-12-17T22:43:37.554517682Z	79	PC: 13388 \| Find next file
2018-12-17T22:43:37.556164094Z	61	PC: 13a42 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:37.561873212Z	62	PC: 13a92 \| Close file
2018-12-17T22:43:37.563186571Z	61	PC: 13a42 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:37.567874237Z	87	PC: 1332f \| Get or set file date and time
2018-12-17T22:43:37.569852704Z	62	PC: 13a92 \| Close file
2018-12-17T22:43:37.575520324Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:37.576669827Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:37.578374229Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:37.579921316Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:37.581253287Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:37.583399027Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:37.584507906Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:37.585656938Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:37.587620261Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:37.588761045Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:37.589843122Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:37.591515664Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:37.592668163Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:37.593819135Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:37.595616498Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:37.596744096Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:37.597830484Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:37.59925497Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:37.600282999Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:37.602901568Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:37.604421728Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:37.605914928Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:37.607738665Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:37.608780343Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:37.609818144Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:37.611439624Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:37.612441567Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:37.613362386Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:37.615186921Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:37.61622793Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:37.617137686Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:37.619295351Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:37.620291709Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:37.621981188Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:37.623891002Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:37.62507852Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:37.626327468Z	53	PC: 1354a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:37.628463936Z	37	PC: 13553 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:37.630691699Z	41	PC: 13501 \| Parse filename
2018-12-17T22:43:37.632177875Z	41	PC: 1350f \| Parse filename
2018-12-17T22:43:37.63447314Z	75	PC: 1351a \| Execute program
2018-12-17T22:43:37.656615388Z	80	PC: 1cfa9 \| Set current PSP
2018-12-17T22:43:37.657550273Z	48	PC: 1cfae \| Get DOS version
2018-12-17T22:43:37.660163107Z	99	PC: 23790 \| Get DBCS lead byte table pointer
2018-12-17T22:43:37.662768189Z	101	PC: 1d034 \| Get extended country info
2018-12-17T22:43:37.664339456Z	99	PC: 1d03a \| Get DBCS lead byte table pointer
2018-12-17T22:43:37.667210354Z	74	PC: 1d09c \| Reallocate memory
2018-12-17T22:43:37.669118061Z	25	PC: 1d0d3 \| Get default drive
2018-12-17T22:43:37.670729598Z	37	PC: 1cb93 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:43:37.673536592Z	37	PC: 1cb9a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:37.675143Z	37	PC: 1cba1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:37.687689324Z	74	PC: 1bd3c \| Reallocate memory
2018-12-17T22:43:37.691233539Z	72	PC: 1bd7d \| Allocate memory
2018-12-17T22:43:37.692974363Z	72	PC: 1bdb5 \| Allocate memory
2018-12-17T22:43:37.694684226Z	72	PC: 1bdbd \| Allocate memory