Sample viewer

vx.netlux.org/Virus.DOS.HLLO.4240.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:54.090716034Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:54.093257715Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:54.095518489Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:54.09760087Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:54.099304347Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:54.103953561Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:54.105667974Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:54.107366822Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:54.110206934Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:54.11189299Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:54.1135921Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:54.115986399Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:54.118690674Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:54.120411624Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:54.122448801Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:54.124339016Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:54.126351928Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:54.128167125Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:54.13099226Z	53	PC: 12dba \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:54.134381692Z	37	PC: 12dcf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:54.135709676Z	37	PC: 12dd7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:54.140226708Z	37	PC: 12ddf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:54.141776924Z	37	PC: 12de7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:54.14376516Z	68	PC: 138a3 \| I/O control for devices (Set for = '')
2018-12-17T22:43:54.146581241Z	42	PC: 12c77 \| Get date 0x12c77: xor ah, ah 0x12c79: les di, ptr [bp + 6] 0x12c7c: stosw word ptr es:[di], ax 0x12c7d: mov al, dl 0x12c7f: les di, ptr [bp + 0xa] 0x12c82: stosw word ptr es:[di], ax 0x12c83: mov al, dh 0x12c85: les di, ptr [bp + 0xe] 0x12c88: stosw word ptr es:[di], ax 0x12c89: xchg ax, cx 0x12c8a: les di, ptr [bp + 0x12] 0x12c8d: stosw word ptr es:[di], ax 0x12c8e: pop bp 0x12c8f: retf 0x10 0x12c92: push bp 0x12c93: mov bp, sp 0x12c95: mov cx, word ptr [bp + 0xa] 0x12c98: mov dh, byte ptr [bp + 8] 0x12c9b: mov dl, byte ptr [bp + 6] 0x12c9e: mov ah, 0x2b
2018-12-17T22:43:54.149746534Z	26	PC: 12d07 \| Set disk transfer address
2018-12-17T22:43:54.151466413Z	78	PC: 12d13 \| Find first file
2018-12-17T22:43:54.165975866Z	26	PC: 12d2b \| Set disk transfer address
2018-12-17T22:43:54.167414743Z	79	PC: 12d30 \| Find next file
2018-12-17T22:43:54.170372322Z	61	PC: 13480 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:43:54.181300346Z	63	PC: 13553 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:54.184608182Z	62	PC: 134d0 \| Close file
2018-12-17T22:43:54.187252926Z	48	PC: 135ce \| Get DOS version
2018-12-17T22:43:54.189244211Z	61	PC: 13480 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:54.198128434Z	63	PC: 13553 \| Read file or device (Read 4240 bytes on handle 5)
2018-12-17T22:43:54.206881773Z	64	PC: 131d8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:43:54.209260934Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:54.21128644Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:54.212968387Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:54.214613093Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:54.21707923Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:54.218808414Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:54.220315236Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:54.222411793Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:54.223801587Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:54.225147335Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:54.227836832Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:54.230764465Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:54.232426719Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:54.23703808Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:54.238499164Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:54.239872476Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:54.242550721Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:54.246656561Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:54.248046758Z	37	PC: 12f11 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:54.250242113Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.256265442Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.259278676Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.262896498Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.266217004Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.268838744Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.27143391Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.274555081Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.277681545Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.280528503Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.283763224Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.286593494Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.289061431Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.29168016Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.294476108Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.296879099Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.299340811Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.302325633Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.30488287Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.307410395Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.310503746Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.313180982Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.315627898Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.319358159Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.322093536Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.324801779Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.328588059Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.331316519Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.33403056Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.337488206Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.340490892Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.343956026Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.347186068Z	6	PC: 12f98 \| Direct console I/O
2018-12-17T22:43:54.354143048Z	76	PC: 12f50 \| Terminate with return code (Return code = '100')