Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Peito

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:57.541992442Z 48 PC: 14910 | Get DOS version
2018-12-17T22:45:57.544433797Z 74 PC: 1496f | Reallocate memory
2018-12-17T22:45:57.546382057Z 48 PC: 149d4 | Get DOS version
2018-12-17T22:45:57.547642373Z 53 PC: 149dc | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:57.549972299Z 53 PC: 1e9a2 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:45:57.55141017Z 37 PC: 1e9b2 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:45:57.553017859Z 53 PC: 1e9b7 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:57.557184044Z 37 PC: 1e9c7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:57.561809652Z 53 PC: 1c5b8 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:45:57.563829695Z 53 PC: 1c5b8 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:45:57.566682062Z 53 PC: 1c5b8 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:45:57.568479008Z 53 PC: 1c5b8 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:45:57.570116123Z 53 PC: 1c5b8 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:45:57.572461918Z 53 PC: 1c5b8 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:45:57.574008763Z 53 PC: 1c5b8 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:45:57.575505705Z 53 PC: 1c5b8 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:45:57.577445958Z 53 PC: 1c5b8 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:45:57.580730017Z 53 PC: 1c5b8 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:45:57.582404302Z 53 PC: 1c5b8 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:45:57.584075099Z 37 PC: 1c5e7 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:45:57.586383825Z 37 PC: 1c5e7 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:45:57.588571815Z 37 PC: 1c5e7 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:45:57.590628778Z 37 PC: 1c5e7 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:45:57.592401688Z 37 PC: 1c5e7 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:45:57.594363272Z 37 PC: 1c5e7 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:45:57.596471812Z 37 PC: 1c5e7 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:45:57.603306779Z 37 PC: 1c5e7 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:45:57.604897075Z 37 PC: 1c5ee | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:45:57.607363458Z 37 PC: 1c5f3 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:45:57.609345911Z 68 PC: 14a7c | I/O control for devices (Set for = 'B�F̉V�j�^�Sj� Bjjjj�B�v��Bh��v��Bjj j�Z')
2018-12-17T22:45:57.611232585Z 68 PC: 14a7c | I/O control for devices (Set for = '����')
2018-12-17T22:45:57.614167697Z 68 PC: 14a7c | I/O control for devices (Set for = 'H���E��E')
2018-12-17T22:45:57.616437981Z 68 PC: 14a7c | I/O control for devices (Set for = '_�PQ���}')
2018-12-17T22:45:57.61792845Z 68 PC: 14a7c | I/O control for devices (Set for = '_�PQ���}')
2018-12-17T22:45:57.621054572Z 53 PC: 1c46c | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:57.622455303Z 37 PC: 1c482 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:57.624122424Z 53 PC: 19d0a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:57.6261493Z 53 PC: 19d17 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:45:57.627772599Z 53 PC: 19d24 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:57.629423399Z 37 PC: 19d36 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:57.632131897Z 37 PC: 19d3e | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:45:57.63414623Z 37 PC: 19ecc | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:57.639410847Z 74 PC: 1a883 | Reallocate memory
2018-12-17T22:45:57.64213835Z 74 PC: 1a883 | Reallocate memory
2018-12-17T22:45:57.647316335Z 68 PC: 1965e | I/O control for devices (Set for = ' ')
2018-12-17T22:45:57.648812535Z 68 PC: 1965e | I/O control for devices (Set for = '��r����r ��r�r�s���[��l�G, �t8�U �u �')
2018-12-17T22:45:57.651299957Z 51 PC: 1967b | Get or set Ctrl-Break
2018-12-17T22:45:57.652780668Z 51 PC: 19687 | Get or set Ctrl-Break
2018-12-17T22:45:57.655084765Z 25 PC: 19ca3 | Get default drive
2018-12-17T22:45:57.656868866Z 71 PC: 19cb6 | Get current directory
2018-12-17T22:45:57.663077677Z 14 PC: 1706c | Set default drive (Drive = 'C')
2018-12-17T22:45:57.66440512Z 25 PC: 17070 | Get default drive
2018-12-17T22:45:57.672438809Z 98 PC: 28512 | Get current PSP
2018-12-17T22:45:57.677244564Z 44 PC: 17884 | Get time 0x17884: mov al, 0x3c
0x17886: mul ch
0x17888: xor ch, ch
0x1788a: add ax, cx
0x1788c: mov bx, ax
0x1788e: push dx
0x1788f: call 0x19600
0x17892: pop dx
0x17893: mov ax, 0x3c
0x17896: call 0x178bf
0x17899: mov al, dh
0x1789b: mov ah, 1
0x1789d: call 0x178bf
0x178a0: mov ax, 0x64
0x178a3: call 0x178bf
0x178a6: mov al, dl
0x178a8: mov ah, 1
0x178aa: call 0x178bf
0x178ad: mov ax, 0x264
0x178b0: call 0x178bf
2018-12-17T22:45:57.681696096Z 54 PC: 19b82 | Get free disk space
2018-12-17T22:45:57.692543218Z 61 PC: 19ad6 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:45:57.702782979Z 68 PC: 19a24 | I/O control for devices (Set for = '')
2018-12-17T22:45:57.70495589Z 66 PC: 1980d | Move file pointer
2018-12-17T22:45:57.706778283Z 66 PC: 1980d | Move file pointer
2018-12-17T22:45:57.709419764Z 66 PC: 1980d | Move file pointer
2018-12-17T22:45:57.711440329Z 66 PC: 1980d | Move file pointer
2018-12-17T22:45:57.71361864Z 63 PC: 198ce | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:45:57.722794574Z 63 PC: 198ce | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:45:57.727987367Z 62 PC: 198da | Close file
2018-12-17T22:45:57.734347983Z 54 PC: 19b82 | Get free disk space
2018-12-17T22:45:57.739416552Z 54 PC: 19b82 | Get free disk space
2018-12-17T22:45:57.743399753Z 86 PC: 16b22 | Rename file
2018-12-17T22:45:57.769229716Z 54 PC: 19b82 | Get free disk space
2018-12-17T22:45:57.781427636Z 61 PC: 19ad6 | Open file (Filename = 'A:\TEMP297.EXE')
2018-12-17T22:45:57.791911986Z 68 PC: 19a24 | I/O control for devices (Set for = '')
2018-12-17T22:45:57.794306984Z 54 PC: 19b82 | Get free disk space
2018-12-17T22:45:57.800231181Z 61 PC: 19ad6 | Open file (Filename = '')
2018-12-17T22:45:57.807670673Z 60 PC: 19973 | Create or truncate file
2018-12-17T22:45:57.822554608Z 62 PC: 198da | Close file
2018-12-17T22:45:57.825515148Z 61 PC: 19ad6 | Open file (Filename = '')
2018-12-17T22:45:57.841040015Z 68 PC: 19a24 | I/O control for devices (Set for = '')
2018-12-17T22:45:57.843561792Z 66 PC: 1980d | Move file pointer
2018-12-17T22:45:57.847049212Z 63 PC: 198ce | Read file or device (Read 20000 bytes on handle 5)
2018-12-17T22:45:57.856403901Z 66 PC: 1980d | Move file pointer
2018-12-17T22:45:57.858050965Z 64 PC: 198ce | Write file or device (Write 20000 bytes on handle 6)
2018-12-17T22:45:57.869401393Z 62 PC: 198da | Close file
2018-12-17T22:45:57.872926433Z 62 PC: 198da | Close file
2018-12-17T22:45:57.886587029Z 74 PC: 1a883 | Reallocate memory
2018-12-17T22:45:57.889583998Z 51 PC: 19692 | Get or set Ctrl-Break
2018-12-17T22:45:57.891121786Z 37 PC: 19d7c | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:57.892818493Z 37 PC: 19d86 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:45:57.895325732Z 37 PC: 19d90 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:57.897781384Z 37 PC: 1c603 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:45:57.899420523Z 37 PC: 1c603 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:45:57.901590548Z 37 PC: 1c603 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:45:57.904119538Z 37 PC: 1c603 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:45:57.905784615Z 37 PC: 1c603 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:45:57.908473345Z 37 PC: 1c603 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:45:57.910060777Z 37 PC: 1c603 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:45:57.911637818Z 37 PC: 1c603 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:45:57.913445934Z 37 PC: 1c603 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:45:57.915330724Z 37 PC: 1c603 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:45:57.916693744Z 37 PC: 1c603 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:45:57.917986331Z 37 PC: 1e9d6 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:45:57.919807933Z 37 PC: 14b42 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:57.922188584Z 41 PC: 1c41f | Parse filename
2018-12-17T22:45:57.924087831Z 41 PC: 1c421 | Parse filename
2018-12-17T22:45:57.926539165Z 41 PC: 1c426 | Parse filename
2018-12-17T22:45:57.928225171Z 75 PC: 1c43c | Execute program
2018-12-17T22:45:57.949867489Z 80 PC: 29df9 | Set current PSP
2018-12-17T22:45:57.953775469Z 48 PC: 29dfe | Get DOS version
2018-12-17T22:45:57.955650921Z 99 PC: 305e0 | Get DBCS lead byte table pointer
2018-12-17T22:45:57.958596814Z 101 PC: 29e84 | Get extended country info
2018-12-17T22:45:57.960620675Z 99 PC: 29e8a | Get DBCS lead byte table pointer
2018-12-17T22:45:57.962250025Z 74 PC: 29eec | Reallocate memory
2018-12-17T22:45:57.964375918Z 25 PC: 29f23 | Get default drive
2018-12-17T22:45:57.966320801Z 37 PC: 299e3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:45:57.974166727Z 37 PC: 299ea | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:57.975333979Z 37 PC: 299f1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:57.982774884Z 74 PC: 28b8c | Reallocate memory
2018-12-17T22:45:57.984382774Z 72 PC: 28bcd | Allocate memory
2018-12-17T22:45:57.986479752Z 72 PC: 28c05 | Allocate memory
2018-12-17T22:45:57.989083963Z 72 PC: 28c0d | Allocate memory