Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Oskal.11004

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:46:24.266725637Z 53 PC: 135fa | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:24.268836286Z 53 PC: 135fa | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:46:24.27030292Z 53 PC: 135fa | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:46:24.271757824Z 53 PC: 135fa | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:24.273794592Z 53 PC: 135fa | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:46:24.27525424Z 53 PC: 135fa | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:24.276633531Z 53 PC: 135fa | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:46:24.279022428Z 53 PC: 135fa | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:46:24.280654105Z 53 PC: 135fa | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:46:24.282398116Z 53 PC: 135fa | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:46:24.284381932Z 53 PC: 135fa | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:46:24.286154728Z 53 PC: 135fa | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:46:24.287867971Z 53 PC: 135fa | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:46:24.289542922Z 53 PC: 135fa | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:46:24.306790938Z 53 PC: 135fa | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:46:24.308468941Z 53 PC: 135fa | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:46:24.310162537Z 53 PC: 135fa | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:46:24.312285308Z 53 PC: 135fa | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:46:24.314008883Z 53 PC: 135fa | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:46:24.316156356Z 37 PC: 1360f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:24.318750393Z 37 PC: 13617 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:46:24.320408153Z 37 PC: 1361f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:24.322068516Z 37 PC: 13627 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:46:24.325451685Z 68 PC: 1426c | I/O control for devices (Set for = '')
2018-12-17T22:46:24.327670652Z 48 PC: 13e82 | Get DOS version
2018-12-17T22:46:24.329730349Z 61 PC: 13cc0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:46:24.338095543Z 63 PC: 13d93 | Read file or device (Read 10996 bytes on handle 5)
2018-12-17T22:46:24.346629829Z 62 PC: 13d10 | Close file
2018-12-17T22:46:24.349451121Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:46:24.351272595Z 78 PC: 133ab | Find first file
2018-12-17T22:46:24.358513266Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.359873893Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.365592647Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.367119347Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.371235016Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.373569601Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.377664124Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.379242387Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.383474323Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.385408132Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.38925461Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.39101417Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.395742862Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.397302548Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.401133572Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.403479253Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.407439285Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.409163523Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.413839039Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.415493078Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.41940448Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.421537096Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.425392266Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.426976017Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.431380947Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.433023498Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.437037018Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.438900629Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.44422629Z 67 PC: 13328 | Get or set file attributes
2018-12-17T22:46:24.461671953Z 61 PC: 13cc0 | Open file (Filename = '\TEST.EXE')
2018-12-17T22:46:24.470536115Z 66 PC: 13df2 | Move file pointer
2018-12-17T22:46:24.472392326Z 63 PC: 13d93 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:46:24.480898119Z 87 PC: 1336f | Get or set file date and time
2018-12-17T22:46:24.483256848Z 67 PC: 13328 | Get or set file attributes
2018-12-17T22:46:24.49490475Z 62 PC: 13d10 | Close file
2018-12-17T22:46:24.502926673Z 26 PC: 133c3 | Set disk transfer address
2018-12-17T22:46:24.504546186Z 79 PC: 133c8 | Find next file
2018-12-17T22:46:24.507733464Z 44 PC: 132bd | Get time 0x132bd: xor ah, ah
0x132bf: mov al, dl
0x132c1: les di, ptr [bp + 6]
0x132c4: stosw word ptr es:[di], ax
0x132c5: mov al, dh
0x132c7: les di, ptr [bp + 0xa]
0x132ca: stosw word ptr es:[di], ax
0x132cb: mov al, cl
0x132cd: les di, ptr [bp + 0xe]
0x132d0: stosw word ptr es:[di], ax
0x132d1: mov al, ch
0x132d3: les di, ptr [bp + 0x12]
0x132d6: stosw word ptr es:[di], ax
0x132d7: pop bp
0x132d8: retf 0x10
0x132db: push bp
0x132dc: mov bp, sp
0x132de: mov ch, byte ptr [bp + 0xc]
0x132e1: mov cl, byte ptr [bp + 0xa]
0x132e4: mov dh, byte ptr [bp + 8]
2018-12-17T22:46:24.510438047Z 26 PC: 1339f | Set disk transfer address
2018-12-17T22:46:24.512291119Z 78 PC: 133ab | Find first file
2018-12-17T22:46:24.520160263Z 67 PC: 13328 | Get or set file attributes
2018-12-17T22:46:24.531151887Z 61 PC: 13cc0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:46:24.53914436Z 66 PC: 1436b | Move file pointer
2018-12-17T22:46:24.541345336Z 66 PC: 14379 | Move file pointer
2018-12-17T22:46:24.543337484Z 66 PC: 14387 | Move file pointer
2018-12-17T22:46:24.545629782Z 66 PC: 13df2 | Move file pointer
2018-12-17T22:46:24.548338804Z 63 PC: 13d93 | Read file or device (Read 10996 bytes on handle 5)
2018-12-17T22:46:24.55702812Z 66 PC: 13df2 | Move file pointer
2018-12-17T22:46:24.559062519Z 64 PC: 13cf1 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:46:24.568619526Z 66 PC: 13df2 | Move file pointer
2018-12-17T22:46:24.570705588Z 64 PC: 13d93 | Write file or device (Write 10996 bytes on handle 5)
2018-12-17T22:46:24.580941005Z 87 PC: 1336f | Get or set file date and time
2018-12-17T22:46:24.584102046Z 67 PC: 13328 | Get or set file attributes
2018-12-17T22:46:24.595962105Z 62 PC: 13d10 | Close file
2018-12-17T22:46:24.604030705Z 53 PC: 13572 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:24.606826182Z 37 PC: 1357b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:24.608538703Z 53 PC: 13572 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:46:24.610333188Z 37 PC: 1357b | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:46:24.613100139Z 53 PC: 13572 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:46:24.617470428Z 37 PC: 1357b | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:46:24.618991429Z 53 PC: 13572 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:24.621641311Z 37 PC: 1357b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:24.623271766Z 53 PC: 13572 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:46:24.624660355Z 37 PC: 1357b | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:46:24.626807847Z 53 PC: 13572 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:24.628222218Z 37 PC: 1357b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:24.629499352Z 53 PC: 13572 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:46:24.631819499Z 37 PC: 1357b | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:46:24.633099291Z 53 PC: 13572 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:46:24.63440231Z 37 PC: 1357b | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:46:24.636420755Z 53 PC: 13572 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:46:24.638694234Z 37 PC: 1357b | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:46:24.639983907Z 53 PC: 13572 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:46:24.642558037Z 37 PC: 1357b | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:46:24.6448421Z 53 PC: 13572 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:46:24.646060894Z 37 PC: 1357b | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:46:24.64739357Z 53 PC: 13572 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:46:24.650188456Z 37 PC: 1357b | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:46:24.651762041Z 53 PC: 13572 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:46:24.6533744Z 37 PC: 1357b | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:46:24.655838925Z 53 PC: 13572 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:46:24.657209258Z 37 PC: 1357b | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:46:24.658506343Z 53 PC: 13572 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:46:24.661328465Z 37 PC: 1357b | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:46:24.662709118Z 53 PC: 13572 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:46:24.664165765Z 37 PC: 1357b | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:46:24.666868172Z 53 PC: 13572 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:46:24.668354717Z 37 PC: 1357b | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:46:24.669624262Z 53 PC: 13572 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:46:24.672607284Z 37 PC: 1357b | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:46:24.674222455Z 53 PC: 13572 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:46:24.675850187Z 37 PC: 1357b | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:46:24.680008156Z 41 PC: 13529 | Parse filename
2018-12-17T22:46:24.682040339Z 41 PC: 13537 | Parse filename
2018-12-17T22:46:24.68399624Z 75 PC: 13542 | Execute program
2018-12-17T22:46:24.706851883Z 80 PC: 1bd29 | Set current PSP
2018-12-17T22:46:24.707968195Z 48 PC: 1bd2e | Get DOS version
2018-12-17T22:46:24.709779242Z 99 PC: 22510 | Get DBCS lead byte table pointer
2018-12-17T22:46:24.713871894Z 101 PC: 1bdb4 | Get extended country info
2018-12-17T22:46:24.715535711Z 99 PC: 1bdba | Get DBCS lead byte table pointer
2018-12-17T22:46:24.717156994Z 74 PC: 1be1c | Reallocate memory
2018-12-17T22:46:24.719994623Z 25 PC: 1be53 | Get default drive
2018-12-17T22:46:24.722211612Z 37 PC: 1b913 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:46:24.723904269Z 37 PC: 1b91a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:46:24.727424405Z 37 PC: 1b921 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:24.732533831Z 74 PC: 1aabc | Reallocate memory
2018-12-17T22:46:24.734173054Z 72 PC: 1aafd | Allocate memory
2018-12-17T22:46:24.736170899Z 72 PC: 1ab35 | Allocate memory
2018-12-17T22:46:24.739669935Z 72 PC: 1ab3d | Allocate memory