Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Doggy.8308

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:28.964855378Z 53 PC: 14aca | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:28.967928151Z 53 PC: 14aca | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:47:28.971883972Z 53 PC: 14aca | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:47:28.973695366Z 53 PC: 14aca | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:28.975643065Z 53 PC: 14aca | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:28.977791862Z 53 PC: 14aca | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:28.979566406Z 53 PC: 14aca | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:47:28.981264967Z 53 PC: 14aca | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:47:28.989081782Z 53 PC: 14aca | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:47:28.990729708Z 53 PC: 14aca | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:47:28.992319075Z 53 PC: 14aca | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:47:28.994740574Z 53 PC: 14aca | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:47:28.996079389Z 53 PC: 14aca | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:47:28.997367419Z 53 PC: 14aca | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:47:28.999728235Z 53 PC: 14aca | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:47:29.001026734Z 53 PC: 14aca | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:47:29.002403741Z 53 PC: 14aca | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:47:29.010038104Z 53 PC: 14aca | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:29.012167254Z 53 PC: 14aca | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:47:29.014295232Z 37 PC: 14adf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:29.017542783Z 37 PC: 14ae7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:29.019700788Z 37 PC: 14aef | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:29.021780475Z 37 PC: 14af7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:29.025283936Z 68 PC: 15827 | I/O control for devices (Set for = '��')
2018-12-17T22:47:29.027827315Z 42 PC: 147e7 | Get date 0x147e7: xor ah, ah
0x147e9: les di, ptr [bp + 6]
0x147ec: stosw word ptr es:[di], ax
0x147ed: mov al, dl
0x147ef: les di, ptr [bp + 0xa]
0x147f2: stosw word ptr es:[di], ax
0x147f3: mov al, dh
0x147f5: les di, ptr [bp + 0xe]
0x147f8: stosw word ptr es:[di], ax
0x147f9: xchg ax, cx
0x147fa: les di, ptr [bp + 0x12]
0x147fd: stosw word ptr es:[di], ax
0x147fe: pop bp
0x147ff: retf 0x10
0x14802: push bp
0x14803: mov bp, sp
0x14805: mov cx, word ptr [bp + 0xa]
0x14808: mov dh, byte ptr [bp + 8]
0x1480b: mov dl, byte ptr [bp + 6]
0x1480e: mov ah, 0x2b
2018-12-17T22:47:29.031025614Z 48 PC: 15352 | Get DOS version
2018-12-17T22:47:29.033595161Z 61 PC: 15190 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:47:29.042943594Z 25 PC: 153df | Get default drive
2018-12-17T22:47:29.045480931Z 71 PC: 153f2 | Get current directory
2018-12-17T22:47:29.053248986Z 26 PC: 14877 | Set disk transfer address
2018-12-17T22:47:29.055333382Z 78 PC: 14883 | Find first file
2018-12-17T22:47:29.062036815Z 61 PC: 15190 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:47:29.069231192Z 66 PC: 15d29 | Move file pointer
2018-12-17T22:47:29.071524711Z 66 PC: 15d37 | Move file pointer
2018-12-17T22:47:29.073364587Z 66 PC: 15d45 | Move file pointer
2018-12-17T22:47:29.075236875Z 62 PC: 151e0 | Close file
2018-12-17T22:47:29.078162581Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.079592497Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.082724411Z 26 PC: 14877 | Set disk transfer address
2018-12-17T22:47:29.085197868Z 78 PC: 14883 | Find first file
2018-12-17T22:47:29.09195849Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.093482263Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.097230414Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.098634322Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.101719588Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.103388534Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.107506701Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.108950283Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.112007286Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.114454865Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.117495266Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.119754671Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.123661571Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.1255289Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.128605901Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.130792408Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.134229345Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.135664511Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.138916982Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.140723195Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.143704376Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.144966908Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.148590987Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.15005612Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.153142598Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.158183759Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.161259097Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.162704042Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.166622463Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.168296047Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.171639318Z 26 PC: 14877 | Set disk transfer address
2018-12-17T22:47:29.173861102Z 78 PC: 14883 | Find first file
2018-12-17T22:47:29.180435384Z 26 PC: 14877 | Set disk transfer address
2018-12-17T22:47:29.181881811Z 78 PC: 14883 | Find first file
2018-12-17T22:47:29.188004825Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.190505102Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.19365521Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.195131353Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.200646295Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.202119803Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.205712693Z 26 PC: 14877 | Set disk transfer address
2018-12-17T22:47:29.207961548Z 78 PC: 14883 | Find first file
2018-12-17T22:47:29.218388307Z 61 PC: 15190 | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:47:29.22600688Z 66 PC: 15d29 | Move file pointer
2018-12-17T22:47:29.22852433Z 66 PC: 15d37 | Move file pointer
2018-12-17T22:47:29.230689768Z 66 PC: 15d45 | Move file pointer
2018-12-17T22:47:29.232557627Z 62 PC: 151e0 | Close file
2018-12-17T22:47:29.234994335Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.236964517Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.241022391Z 61 PC: 15190 | Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T22:47:29.24862335Z 66 PC: 15d29 | Move file pointer
2018-12-17T22:47:29.251456964Z 66 PC: 15d37 | Move file pointer
2018-12-17T22:47:29.253220016Z 66 PC: 15d45 | Move file pointer
2018-12-17T22:47:29.25509538Z 62 PC: 151e0 | Close file
2018-12-17T22:47:29.258089685Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.259873085Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.263823397Z 61 PC: 15190 | Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T22:47:29.273029804Z 66 PC: 15d29 | Move file pointer
2018-12-17T22:47:29.275166267Z 66 PC: 15d37 | Move file pointer
2018-12-17T22:47:29.276924681Z 66 PC: 15d45 | Move file pointer
2018-12-17T22:47:29.279076233Z 62 PC: 151e0 | Close file
2018-12-17T22:47:29.282081399Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.283374688Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.287167434Z 61 PC: 15190 | Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T22:47:29.29553809Z 66 PC: 15d29 | Move file pointer
2018-12-17T22:47:29.297051363Z 66 PC: 15d37 | Move file pointer
2018-12-17T22:47:29.298555118Z 66 PC: 15d45 | Move file pointer
2018-12-17T22:47:29.300744622Z 62 PC: 151e0 | Close file
2018-12-17T22:47:29.303313919Z 26 PC: 1489b | Set disk transfer address
2018-12-17T22:47:29.304796274Z 79 PC: 148a0 | Find next file
2018-12-17T22:47:29.309849428Z 61 PC: 15190 | Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:47:29.31754752Z 66 PC: 15d29 | Move file pointer
2018-12-17T22:47:29.319313688Z 66 PC: 15d37 | Move file pointer
2018-12-17T22:47:29.321919754Z 66 PC: 15d45 | Move file pointer
2018-12-17T22:47:29.323899634Z 66 PC: 15d29 | Move file pointer
2018-12-17T22:47:29.325675991Z 66 PC: 15d37 | Move file pointer
2018-12-17T22:47:29.342003506Z 66 PC: 15d45 | Move file pointer
2018-12-17T22:47:29.343902073Z 66 PC: 15d29 | Move file pointer
2018-12-17T22:47:29.345710691Z 66 PC: 15d37 | Move file pointer
2018-12-17T22:47:29.348236587Z 66 PC: 15d45 | Move file pointer
2018-12-17T22:47:29.350503866Z 66 PC: 152c2 | Move file pointer
2018-12-17T22:47:29.352346087Z 63 PC: 15222 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:47:29.359379962Z 63 PC: 15222 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:47:29.363736717Z 63 PC: 15222 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:47:29.367145131Z 63 PC: 15222 | Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:47:29.375350856Z 62 PC: 151e0 | Close file
2018-12-17T22:47:29.378841905Z 26 PC: 14a07 | Set disk transfer address
2018-12-17T22:47:29.381598544Z 61 PC: 15190 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:47:29.389263114Z 63 PC: 15263 | Read file or device (Read 8304 bytes on handle 6)
2018-12-17T22:47:29.398679996Z 62 PC: 151e0 | Close file
2018-12-17T22:47:29.401219417Z 60 PC: 15190 | Create or truncate file
2018-12-17T22:47:29.420859635Z 61 PC: 15190 | Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:47:29.429965021Z 64 PC: 15263 | Write file or device (Write 8304 bytes on handle 6)
2018-12-17T22:47:29.440957955Z 63 PC: 15263 | Read file or device (Read 8304 bytes on handle 7)
2018-12-17T22:47:29.449572168Z 64 PC: 15263 | Write file or device (Write 8304 bytes on handle 6)
2018-12-17T22:47:29.459977678Z 63 PC: 15263 | Read file or device (Read 8304 bytes on handle 7)
2018-12-17T22:47:29.468784934Z 64 PC: 15263 | Write file or device (Write 8304 bytes on handle 6)
2018-12-17T22:47:29.478846627Z 63 PC: 15263 | Read file or device (Read 8304 bytes on handle 7)
2018-12-17T22:47:29.488168059Z 64 PC: 15263 | Write file or device (Write 8304 bytes on handle 6)
2018-12-17T22:47:29.501854252Z 63 PC: 15263 | Read file or device (Read 8304 bytes on handle 7)
2018-12-17T22:47:29.516462668Z 64 PC: 15263 | Write file or device (Write 4424 bytes on handle 6)
2018-12-17T22:47:29.52655597Z 63 PC: 15263 | Read file or device (Read 8304 bytes on handle 7)
2018-12-17T22:47:29.530018856Z 64 PC: 15263 | Write file or device (Write 4 bytes on handle 6)
2018-12-17T22:47:29.533233245Z 62 PC: 151e0 | Close file
2018-12-17T22:47:29.542339833Z 62 PC: 151e0 | Close file
2018-12-17T22:47:29.545683956Z 65 PC: 152d9 | Delete file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:47:29.890113324Z 86 PC: 1531d | Rename file
2018-12-17T22:47:29.896303083Z 64 PC: 14ee8 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:47:29.900372389Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:29.901954882Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:47:29.903509663Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:47:29.906321896Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:29.908113432Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:29.909895309Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:29.912666436Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:47:29.914475444Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:47:29.916251481Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:47:29.919005224Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:47:29.920759059Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:47:29.922531639Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:47:29.925351267Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:47:29.926984235Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:47:29.928368095Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:47:29.930666302Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:47:29.932222236Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:47:29.933781054Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:29.936197965Z 37 PC: 14c21 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:47:29.937776561Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.940313226Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.944100251Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.946721526Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.94933735Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.952405214Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.955238517Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.957825127Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.960379155Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.963591981Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.966005525Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.968320645Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.971733938Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.974048566Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.976350781Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.979810561Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.982108638Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.984380827Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.988046424Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.991126521Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.99331901Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.997065729Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:29.999605961Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:30.002140904Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:30.005608559Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:30.007870538Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:30.010170509Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:30.013450821Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:30.01602635Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:30.019037798Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:30.023017175Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:30.02590503Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:30.028508231Z 6 PC: 14ca8 | Direct console I/O
2018-12-17T22:47:30.032736624Z 76 PC: 14c60 | Terminate with return code (Return code = '17')