Sample viewer

vx.netlux.org/Virus.DOS.HLLP.ArchVir.7136

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:50.583585452Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:50.585660068Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:50.589713742Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:50.591070611Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:50.592434783Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:50.594725765Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:50.59659743Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:50.598489023Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:50.601251983Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:50.602999705Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:50.604637892Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:50.612335039Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:50.61399162Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:50.615574553Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:50.618167432Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:50.619751768Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:50.621309614Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:50.62336788Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:50.625028949Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:50.626496496Z	37	PC: 134af \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:50.628150012Z	37	PC: 134b7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:50.629786395Z	37	PC: 134bf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:50.631444629Z	37	PC: 134c7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:50.633418657Z	68	PC: 141f7 \| I/O control for devices (Set for = '�2�� ')
2018-12-17T22:43:50.635375261Z	25	PC: 13db4 \| Get default drive
2018-12-17T22:43:50.636698727Z	71	PC: 13dc7 \| Get current directory
2018-12-17T22:43:50.640391794Z	48	PC: 13d27 \| Get DOS version
2018-12-17T22:43:50.643617382Z	61	PC: 13b65 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:50.653340153Z	63	PC: 13c38 \| Read file or device (Read 7136 bytes on handle 5)
2018-12-17T22:43:50.66141559Z	66	PC: 13c97 \| Move file pointer
2018-12-17T22:43:50.66424331Z	66	PC: 142f6 \| Move file pointer
2018-12-17T22:43:50.666765828Z	66	PC: 14304 \| Move file pointer
2018-12-17T22:43:50.669071769Z	66	PC: 14312 \| Move file pointer
2018-12-17T22:43:50.672450565Z	63	PC: 13c38 \| Read file or device (Read 65488 bytes on handle 5)
2018-12-17T22:43:50.674969727Z	60	PC: 13b65 \| Create or truncate file
2018-12-17T22:43:50.694171991Z	64	PC: 13c38 \| Write file or device (Write 65488 bytes on handle 6)
2018-12-17T22:43:50.707720157Z	62	PC: 13bb5 \| Close file
2018-12-17T22:43:50.710727215Z	62	PC: 13bb5 \| Close file
2018-12-17T22:43:50.7209421Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:50.722547405Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:50.725032132Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:50.726792568Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:50.728250126Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:50.731158248Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:50.732546174Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:50.733820277Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:50.736170842Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:50.737614815Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:50.738902683Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:50.740971348Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:50.74255354Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:50.744506789Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:50.746036091Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:50.747950527Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:50.749459781Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:50.751000515Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:50.755261688Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:50.756560077Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:50.757840722Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:50.765634901Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:50.767379948Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:50.769823678Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:50.772242561Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:50.773692193Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:50.775064992Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:50.794201844Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:50.796583768Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:50.798314338Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:50.800862263Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:50.802574549Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:50.804198109Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:50.806904993Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:50.808585579Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:50.810235117Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:50.812351793Z	53	PC: 13418 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:50.814149419Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:50.816190542Z	41	PC: 133cf \| Parse filename
2018-12-17T22:43:50.817798412Z	41	PC: 133dd \| Parse filename
2018-12-17T22:43:50.819958038Z	75	PC: 133e8 \| Execute program
2018-12-17T22:43:50.842949039Z	80	PC: 61c29 \| Set current PSP
2018-12-17T22:43:50.844234564Z	48	PC: 61c2e \| Get DOS version
2018-12-17T22:43:50.849118206Z	99	PC: 68410 \| Get DBCS lead byte table pointer
2018-12-17T22:43:50.852103813Z	101	PC: 61cb4 \| Get extended country info
2018-12-17T22:43:50.853745196Z	99	PC: 61cba \| Get DBCS lead byte table pointer
2018-12-17T22:43:50.855865849Z	74	PC: 61d1c \| Reallocate memory
2018-12-17T22:43:50.857240611Z	25	PC: 61d53 \| Get default drive
2018-12-17T22:43:50.858372427Z	37	PC: 61813 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:43:50.860651797Z	37	PC: 6181a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:50.861868042Z	37	PC: 61821 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:50.865115201Z	74	PC: 609bc \| Reallocate memory
2018-12-17T22:43:50.867612581Z	72	PC: 609fd \| Allocate memory
2018-12-17T22:43:50.869152163Z	72	PC: 60a35 \| Allocate memory
2018-12-17T22:43:50.870753681Z	72	PC: 60a3d \| Allocate memory