Sample viewer

vx.netlux.org/Virus.DOS.HLLP.7424

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:26.973075432Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:26.975134438Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:26.976529879Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:26.977690966Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:26.979276221Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:26.980708775Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:26.982646713Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:26.984515264Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:26.985520323Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:26.986549872Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:26.988087671Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:26.989318738Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:26.990468165Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:26.991875602Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:26.993943372Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:26.99593972Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:26.997248757Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:26.999130975Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:27.00051817Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:27.001882342Z	37	PC: 1353f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:27.003623538Z	37	PC: 13547 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:27.004936157Z	37	PC: 1354f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:27.00623837Z	37	PC: 13557 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:27.00948813Z	68	PC: 142f6 \| I/O control for devices (Set for = '�1��')
2018-12-17T22:44:27.011476363Z	25	PC: 13e9f \| Get default drive
2018-12-17T22:44:27.012971592Z	71	PC: 13eb2 \| Get current directory
2018-12-17T22:44:27.017265647Z	48	PC: 13e12 \| Get DOS version
2018-12-17T22:44:27.019392245Z	61	PC: 13c50 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:44:27.026203914Z	63	PC: 13d23 \| Read file or device (Read 7424 bytes on handle 5)
2018-12-17T22:44:27.049167502Z	66	PC: 13d82 \| Move file pointer
2018-12-17T22:44:27.051315381Z	66	PC: 143f5 \| Move file pointer
2018-12-17T22:44:27.053140871Z	66	PC: 14403 \| Move file pointer
2018-12-17T22:44:27.061479669Z	66	PC: 14411 \| Move file pointer
2018-12-17T22:44:27.063761711Z	63	PC: 13d23 \| Read file or device (Read 5120 bytes on handle 5)
2018-12-17T22:44:27.071670614Z	60	PC: 13c50 \| Create or truncate file
2018-12-17T22:44:27.08949905Z	64	PC: 13d23 \| Write file or device (Write 5120 bytes on handle 6)
2018-12-17T22:44:27.098319869Z	62	PC: 13ca0 \| Close file
2018-12-17T22:44:27.100949514Z	62	PC: 13ca0 \| Close file
2018-12-17T22:44:27.109780965Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:27.110984196Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:27.112288574Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:27.113906082Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:27.115993257Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:27.117407474Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:27.118786292Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:27.120616046Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:27.122439417Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:27.123572197Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:27.12520675Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:27.126794548Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:27.128264928Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:27.130346123Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:27.132115158Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:27.133535682Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:27.135625235Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:27.136768496Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:27.137881615Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:27.139374794Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:27.140671978Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:27.142195522Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:27.144249008Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:27.145613038Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:27.146987528Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:27.148987009Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:27.150405246Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:27.151847101Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:27.153854977Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:27.155056665Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:27.156165879Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:27.15778007Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:27.158982696Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:27.160290899Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:27.162331701Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:27.163833124Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:27.165291506Z	53	PC: 134a8 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:27.167059751Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:27.168734292Z	41	PC: 1345f \| Parse filename
2018-12-17T22:44:27.170289051Z	41	PC: 1346d \| Parse filename
2018-12-17T22:44:27.172025998Z	75	PC: 13478 \| Execute program
2018-12-17T22:44:27.184405982Z	80	PC: 61dd9 \| Set current PSP
2018-12-17T22:44:27.185124715Z	48	PC: 61dde \| Get DOS version
2018-12-17T22:44:27.186917762Z	99	PC: 685c0 \| Get DBCS lead byte table pointer
2018-12-17T22:44:27.188657492Z	101	PC: 61e64 \| Get extended country info
2018-12-17T22:44:27.189634328Z	99	PC: 61e6a \| Get DBCS lead byte table pointer
2018-12-17T22:44:27.191300992Z	74	PC: 61ecc \| Reallocate memory
2018-12-17T22:44:27.192319995Z	25	PC: 61f03 \| Get default drive
2018-12-17T22:44:27.193174135Z	37	PC: 619c3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:44:27.194527384Z	37	PC: 619ca \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:27.195390943Z	37	PC: 619d1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:27.198016074Z	74	PC: 60b6c \| Reallocate memory
2018-12-17T22:44:27.199672538Z	72	PC: 60bad \| Allocate memory
2018-12-17T22:44:27.200814055Z	72	PC: 60be5 \| Allocate memory
2018-12-17T22:44:27.202038353Z	72	PC: 60bed \| Allocate memory