Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Agent.6500

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:20.757972888Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:20.760018359Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:45:20.761221479Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:45:20.762519026Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:20.764258984Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:20.765461814Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:20.766566067Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:45:20.778047301Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:45:20.780321803Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:45:20.782614679Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:45:20.786029803Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:45:20.788616912Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:45:20.790602071Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:45:20.792144127Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:45:20.794724342Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:45:20.796419787Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:45:20.797976771Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:45:20.80010044Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:45:20.802082452Z	53	PC: 13a8a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:45:20.803750645Z	37	PC: 13a9f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:20.806272902Z	37	PC: 13aa7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:20.807654778Z	37	PC: 13aaf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:20.80934956Z	37	PC: 13ab7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:45:20.812189735Z	68	PC: 14701 \| I/O control for devices (Set for = '')
2018-12-17T22:45:20.914978778Z	37	PC: 134b1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:45:20.917118898Z	48	PC: 14312 \| Get DOS version
2018-12-17T22:45:20.919994579Z	61	PC: 14150 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:20.927804066Z	63	PC: 14223 \| Read file or device (Read 6499 bytes on handle 5)
2018-12-17T22:45:20.936487885Z	62	PC: 141a0 \| Close file
2018-12-17T22:45:20.939436443Z	44	PC: 14838 \| Get time 0x14838: mov word ptr [0x3e], cx 0x1483c: mov word ptr [0x40], dx 0x14840: retf 0x14841: call 0x14888 0x14844: jb 0x14855 0x14846: mov cx, word ptr es:[di + 4] 0x1484a: cmp cx, 1 0x1484d: je 0x14855 0x1484f: xor bx, bx 0x14851: push cs 0x14852: call 0x243c4 0x14855: retf 4 0x14858: call 0x14888 0x1485b: jb 0x14870 0x1485d: mov ax, cx 0x1485f: mov dx, bx 0x14861: mov cx, word ptr es:[di + 4] 0x14865: cmp cx, 1 0x14868: je 0x14870 0x1486a: xor bx, bx
2018-12-17T22:45:20.942708889Z	60	PC: 14150 \| Create or truncate file
2018-12-17T22:45:20.961255512Z	65	PC: 14299 \| Delete file (Filename = '$$$$$$$$.$$$')
2018-12-17T22:45:20.973326563Z	26	PC: 13209 \| Set disk transfer address
2018-12-17T22:45:20.975980198Z	78	PC: 13215 \| Find first file
2018-12-17T22:45:20.984355277Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:20.986081559Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:20.991673412Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:20.992995284Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:20.996749205Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:20.9995315Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.003664473Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.005290206Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.009735536Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.011146045Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.014639696Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.01610082Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.020128535Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.021363374Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.024807513Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.027108424Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.030759912Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.032307008Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.036851613Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.038595018Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.042759108Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.04518259Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.049231705Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.05110894Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.055879961Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.057677718Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.064500712Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.068358728Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.072348702Z	54	PC: 131ba \| Get free disk space
2018-12-17T22:45:21.082797967Z	61	PC: 14150 \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:45:21.091014619Z	66	PC: 14282 \| Move file pointer
2018-12-17T22:45:21.096025781Z	63	PC: 14223 \| Read file or device (Read 5 bytes on handle 6)
2018-12-17T22:45:21.099641021Z	62	PC: 141a0 \| Close file
2018-12-17T22:45:21.102338988Z	61	PC: 14150 \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:45:21.110678581Z	66	PC: 14282 \| Move file pointer
2018-12-17T22:45:21.113724722Z	63	PC: 14223 \| Read file or device (Read 13 bytes on handle 6)
2018-12-17T22:45:21.122145678Z	66	PC: 14282 \| Move file pointer
2018-12-17T22:45:21.12546428Z	64	PC: 14223 \| Write file or device (Write 13 bytes on handle 6)
2018-12-17T22:45:21.128900755Z	66	PC: 14282 \| Move file pointer
2018-12-17T22:45:21.130853543Z	63	PC: 14223 \| Read file or device (Read 6499 bytes on handle 6)
2018-12-17T22:45:21.142263031Z	66	PC: 14282 \| Move file pointer
2018-12-17T22:45:21.144287994Z	64	PC: 14223 \| Write file or device (Write 6499 bytes on handle 6)
2018-12-17T22:45:21.153355084Z	66	PC: 148a2 \| Move file pointer
2018-12-17T22:45:21.156347554Z	66	PC: 148b0 \| Move file pointer
2018-12-17T22:45:21.158195835Z	66	PC: 148be \| Move file pointer
2018-12-17T22:45:21.160123816Z	66	PC: 14282 \| Move file pointer
2018-12-17T22:45:21.163176419Z	64	PC: 14223 \| Write file or device (Write 6499 bytes on handle 6)
2018-12-17T22:45:21.174248053Z	64	PC: 14223 \| Write file or device (Write 1 bytes on handle 6)
2018-12-17T22:45:21.177918958Z	62	PC: 141a0 \| Close file
2018-12-17T22:45:21.189147818Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.191365483Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.195423394Z	26	PC: 13209 \| Set disk transfer address
2018-12-17T22:45:21.198537563Z	78	PC: 13215 \| Find first file
2018-12-17T22:45:21.206574387Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.208290471Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.211457339Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.213545941Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.217599624Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.219111464Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.222983036Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.224420525Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.227605948Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.229927728Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.233638688Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.235169724Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.239008754Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.240409424Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.243882558Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.246533908Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.249645211Z	26	PC: 1322d \| Set disk transfer address
2018-12-17T22:45:21.251133245Z	79	PC: 13232 \| Find next file
2018-12-17T22:45:21.254925508Z	61	PC: 14150 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:21.262280231Z	66	PC: 148a2 \| Move file pointer
2018-12-17T22:45:21.264045116Z	66	PC: 148b0 \| Move file pointer
2018-12-17T22:45:21.266416009Z	66	PC: 148be \| Move file pointer
2018-12-17T22:45:21.267741618Z	66	PC: 14282 \| Move file pointer
2018-12-17T22:45:21.269032092Z	63	PC: 14223 \| Read file or device (Read 6499 bytes on handle 6)
2018-12-17T22:45:21.275793681Z	66	PC: 148a2 \| Move file pointer
2018-12-17T22:45:21.277010707Z	66	PC: 148b0 \| Move file pointer
2018-12-17T22:45:21.278310348Z	66	PC: 148be \| Move file pointer
2018-12-17T22:45:21.280160804Z	66	PC: 14282 \| Move file pointer
2018-12-17T22:45:21.281415931Z	64	PC: 14181 \| Write file or device (Write 0 bytes on handle 6)
2018-12-17T22:45:21.287460894Z	66	PC: 14282 \| Move file pointer
2018-12-17T22:45:21.289292584Z	64	PC: 14223 \| Write file or device (Write 6499 bytes on handle 6)
2018-12-17T22:45:21.296013307Z	66	PC: 14282 \| Move file pointer
2018-12-17T22:45:21.297310383Z	63	PC: 14223 \| Read file or device (Read 13 bytes on handle 6)
2018-12-17T22:45:21.303465303Z	66	PC: 14282 \| Move file pointer
2018-12-17T22:45:21.304841177Z	64	PC: 14223 \| Write file or device (Write 13 bytes on handle 6)
2018-12-17T22:45:21.307075303Z	62	PC: 141a0 \| Close file
2018-12-17T22:45:21.314241592Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:21.315399847Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:21.316559546Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:45:21.318312368Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:45:21.319475613Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:45:21.320665597Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:45:21.322372273Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:21.323426342Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:21.324884932Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:21.326778508Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:21.327909873Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:21.329097083Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:21.330832122Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:45:21.331977192Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:45:21.333094661Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:45:21.334863012Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:45:21.335999937Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:45:21.337122175Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:45:21.338845371Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:45:21.339992646Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:45:21.341261379Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:45:21.343053976Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:45:21.344172216Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:45:21.345286198Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:45:21.346989387Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:45:21.34811981Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:45:21.349270141Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:45:21.351040636Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:45:21.352396863Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:45:21.353504844Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:45:21.35532898Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:45:21.35650576Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:45:21.357636965Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:45:21.359660525Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:45:21.360822488Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:45:21.361983007Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:45:21.363688541Z	53	PC: 133dc \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:45:21.364826157Z	37	PC: 133e5 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:45:21.366227379Z	48	PC: 14312 \| Get DOS version
2018-12-17T22:45:21.368269204Z	41	PC: 13393 \| Parse filename
2018-12-17T22:45:21.369584935Z	41	PC: 133a1 \| Parse filename
2018-12-17T22:45:21.370868445Z	75	PC: 133ac \| Execute program
2018-12-17T22:45:21.387323501Z	80	PC: 1a199 \| Set current PSP
2018-12-17T22:45:21.388450337Z	48	PC: 1a19e \| Get DOS version
2018-12-17T22:45:21.389813568Z	99	PC: 20980 \| Get DBCS lead byte table pointer
2018-12-17T22:45:21.39250906Z	101	PC: 1a224 \| Get extended country info
2018-12-17T22:45:21.394075301Z	99	PC: 1a22a \| Get DBCS lead byte table pointer
2018-12-17T22:45:21.39598557Z	74	PC: 1a28c \| Reallocate memory
2018-12-17T22:45:21.398149253Z	25	PC: 1a2c3 \| Get default drive
2018-12-17T22:45:21.399256834Z	37	PC: 19d83 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:45:21.400390202Z	37	PC: 19d8a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:21.402180544Z	37	PC: 19d91 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:21.405292038Z	74	PC: 18f2c \| Reallocate memory
2018-12-17T22:45:21.406935144Z	72	PC: 18f6d \| Allocate memory
2018-12-17T22:45:21.408927627Z	72	PC: 18fa5 \| Allocate memory
2018-12-17T22:45:21.410426552Z	72	PC: 18fad \| Allocate memory