Sample viewer

vx.netlux.org/Virus.DOS.HLLO.MF.2688

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:49.936571788Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:49.9393474Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:49.940383479Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:49.941457609Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:49.943789503Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:49.944905278Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:49.946027406Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:49.947505537Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:49.948551953Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:49.94983698Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:49.951134969Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:49.952046156Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:49.952810035Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:49.953951374Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:49.954842239Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:49.955628678Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:49.956918314Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:49.957954267Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:49.959105951Z	53	PC: 12cda \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:49.96061394Z	37	PC: 12cef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:49.963239442Z	37	PC: 12cf7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:49.964564461Z	37	PC: 12cff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:49.966011471Z	37	PC: 12d07 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:49.9681293Z	68	PC: 1334e \| I/O control for devices (Set for = '')
2018-12-17T22:44:49.969492207Z	48	PC: 13290 \| Get DOS version
2018-12-17T22:44:49.97094848Z	61	PC: 13142 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:44:49.978330648Z	63	PC: 13215 \| Read file or device (Read 2688 bytes on handle 5)
2018-12-17T22:44:49.985761625Z	62	PC: 13192 \| Close file
2018-12-17T22:44:49.987611188Z	26	PC: 12c27 \| Set disk transfer address
2018-12-17T22:44:49.989341255Z	78	PC: 12c33 \| Find first file
2018-12-17T22:44:49.995371293Z	67	PC: 12bf6 \| Get or set file attributes
2018-12-17T22:44:50.012399051Z	61	PC: 13142 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:44:50.020223722Z	64	PC: 13215 \| Write file or device (Write 2688 bytes on handle 5)
2018-12-17T22:44:50.028326902Z	62	PC: 13192 \| Close file
2018-12-17T22:44:50.036491513Z	26	PC: 12c4b \| Set disk transfer address
2018-12-17T22:44:50.039267038Z	79	PC: 12c50 \| Find next file
2018-12-17T22:44:50.042201847Z	26	PC: 12c27 \| Set disk transfer address
2018-12-17T22:44:50.043415189Z	78	PC: 12c33 \| Find first file
2018-12-17T22:44:50.050332658Z	67	PC: 12bf6 \| Get or set file attributes
2018-12-17T22:44:50.060247377Z	61	PC: 13142 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:44:50.067030156Z	64	PC: 13215 \| Write file or device (Write 2688 bytes on handle 5)
2018-12-17T22:44:50.080056412Z	62	PC: 13192 \| Close file
2018-12-17T22:44:50.089608829Z	26	PC: 12c4b \| Set disk transfer address
2018-12-17T22:44:50.090992329Z	79	PC: 12c50 \| Find next file
2018-12-17T22:44:50.095255281Z	67	PC: 12bf6 \| Get or set file attributes
2018-12-17T22:44:50.105010178Z	61	PC: 13142 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:44:50.111624727Z	64	PC: 13215 \| Write file or device (Write 2688 bytes on handle 5)
2018-12-17T22:44:50.121457702Z	62	PC: 13192 \| Close file
2018-12-17T22:44:50.129499244Z	26	PC: 12c4b \| Set disk transfer address
2018-12-17T22:44:50.130612604Z	79	PC: 12c50 \| Find next file
2018-12-17T22:44:50.135015922Z	67	PC: 12bf6 \| Get or set file attributes
2018-12-17T22:44:50.144967637Z	61	PC: 13142 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:44:50.157008189Z	64	PC: 13215 \| Write file or device (Write 2688 bytes on handle 5)
2018-12-17T22:44:50.166377855Z	62	PC: 13192 \| Close file
2018-12-17T22:44:50.175546463Z	26	PC: 12c4b \| Set disk transfer address
2018-12-17T22:44:50.176892097Z	79	PC: 12c50 \| Find next file
2018-12-17T22:44:50.179843966Z	67	PC: 12bf6 \| Get or set file attributes
2018-12-17T22:44:50.190122326Z	61	PC: 13142 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:44:50.197002431Z	64	PC: 13215 \| Write file or device (Write 2688 bytes on handle 5)
2018-12-17T22:44:50.205756031Z	62	PC: 13192 \| Close file
2018-12-17T22:44:50.215190856Z	26	PC: 12c4b \| Set disk transfer address
2018-12-17T22:44:50.216589255Z	79	PC: 12c50 \| Find next file
2018-12-17T22:44:50.220589226Z	67	PC: 12bf6 \| Get or set file attributes
2018-12-17T22:44:50.232288212Z	61	PC: 13142 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:44:50.239248194Z	64	PC: 13215 \| Write file or device (Write 2688 bytes on handle 5)
2018-12-17T22:44:50.248014419Z	62	PC: 13192 \| Close file
2018-12-17T22:44:50.257550699Z	26	PC: 12c4b \| Set disk transfer address
2018-12-17T22:44:50.258953702Z	79	PC: 12c50 \| Find next file
2018-12-17T22:44:50.262172707Z	67	PC: 12bf6 \| Get or set file attributes
2018-12-17T22:44:50.273065924Z	61	PC: 13142 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:44:50.280083941Z	64	PC: 13215 \| Write file or device (Write 2688 bytes on handle 5)
2018-12-17T22:44:50.289379056Z	62	PC: 13192 \| Close file
2018-12-17T22:44:50.298705201Z	26	PC: 12c4b \| Set disk transfer address
2018-12-17T22:44:50.300561026Z	79	PC: 12c50 \| Find next file
2018-12-17T22:44:50.302808907Z	67	PC: 12bf6 \| Get or set file attributes
2018-12-17T22:44:50.311961887Z	61	PC: 13142 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:44:50.31884861Z	64	PC: 13215 \| Write file or device (Write 2688 bytes on handle 5)
2018-12-17T22:44:50.327568357Z	62	PC: 13192 \| Close file
2018-12-17T22:44:50.336767756Z	26	PC: 12c4b \| Set disk transfer address
2018-12-17T22:44:50.342593298Z	79	PC: 12c50 \| Find next file
2018-12-17T22:44:50.345686576Z	9	PC: 12bb0 \| Display string (Could not find end pointer)
2018-12-17T22:44:50.349421034Z	64	PC: 1309d \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:44:50.351231845Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:50.352345154Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:50.355196633Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:50.356357904Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:50.357562494Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:50.359107215Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:50.361176722Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:50.362534743Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:50.364567063Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:50.366637601Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:50.367993216Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:50.369347387Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:50.371102583Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:50.37220368Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:50.373314943Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:50.375412149Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:50.376990951Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:50.37807499Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:50.380234071Z	37	PC: 12e31 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:50.381591566Z	76	PC: 12e70 \| Terminate with return code (Return code = '0')