Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Brian.4075

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:34.955902483Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:34.95708482Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:47:34.958947099Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:47:34.961126177Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:34.962306147Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:34.963570066Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:34.965314642Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:47:34.966985409Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:47:34.96941914Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:47:34.971977892Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:47:34.97381272Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:47:34.9750702Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:47:34.985615073Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:47:34.987171296Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:47:34.98861262Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:47:35.001375248Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:47:35.002304993Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:47:35.003128627Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:35.00415385Z 53 PC: 134c2 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:47:35.005369753Z 37 PC: 134d7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:35.006381464Z 37 PC: 134df | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:35.007851089Z 37 PC: 134e7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:35.009053848Z 37 PC: 134ef | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:35.010662642Z 68 PC: 1380c | I/O control for devices (Set for = '')
2018-12-17T22:47:35.012868139Z 48 PC: 13ea1 | Get DOS version
2018-12-17T22:47:35.014921534Z 26 PC: 1325d | Set disk transfer address
2018-12-17T22:47:35.016812733Z 78 PC: 13269 | Find first file
2018-12-17T22:47:35.025546177Z 61 PC: 13c61 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:47:35.032198361Z 87 PC: 13200 | Get or set file date and time
2018-12-17T22:47:35.034855326Z 26 PC: 1325d | Set disk transfer address
2018-12-17T22:47:35.036786213Z 78 PC: 13269 | Find first file
2018-12-17T22:47:35.043346829Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.044720129Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.048217908Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.04981336Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.053529685Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.05471632Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.058594055Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.059567918Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.062879185Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.064311089Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.067088183Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.068235866Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.07135909Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.072463182Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.075726285Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.077386487Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.080568797Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.082317427Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.085199702Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.086023617Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.088672311Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.090118634Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.093326443Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.094492077Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.097377437Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.09848691Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.101360234Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.102898681Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.106377869Z 61 PC: 13c61 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:47:35.112916518Z 63 PC: 13d34 | Read file or device (Read 4075 bytes on handle 6)
2018-12-17T22:47:35.120287657Z 66 PC: 13dfd | Move file pointer
2018-12-17T22:47:35.13762211Z 66 PC: 13e0b | Move file pointer
2018-12-17T22:47:35.139697098Z 66 PC: 13e19 | Move file pointer
2018-12-17T22:47:35.141621989Z 66 PC: 13d93 | Move file pointer
2018-12-17T22:47:35.143114436Z 64 PC: 13d34 | Write file or device (Write 4075 bytes on handle 6)
2018-12-17T22:47:35.204343109Z 66 PC: 13d93 | Move file pointer
2018-12-17T22:47:35.20653785Z 63 PC: 13d34 | Read file or device (Read 4075 bytes on handle 5)
2018-12-17T22:47:35.214225879Z 66 PC: 13d93 | Move file pointer
2018-12-17T22:47:35.216719567Z 64 PC: 13d34 | Write file or device (Write 4075 bytes on handle 6)
2018-12-17T22:47:35.22456866Z 87 PC: 1322d | Get or set file date and time
2018-12-17T22:47:35.226094975Z 62 PC: 13cb1 | Close file
2018-12-17T22:47:35.234592935Z 26 PC: 13281 | Set disk transfer address
2018-12-17T22:47:35.236054093Z 79 PC: 13286 | Find next file
2018-12-17T22:47:35.238411773Z 66 PC: 13dfd | Move file pointer
2018-12-17T22:47:35.239608776Z 66 PC: 13e0b | Move file pointer
2018-12-17T22:47:35.241937075Z 66 PC: 13e19 | Move file pointer
2018-12-17T22:47:35.243232454Z 66 PC: 13d93 | Move file pointer
2018-12-17T22:47:35.245716498Z 63 PC: 13d34 | Read file or device (Read 4075 bytes on handle 5)
2018-12-17T22:47:35.253259367Z 66 PC: 13d93 | Move file pointer
2018-12-17T22:47:35.254529985Z 63 PC: 13d34 | Read file or device (Read 4075 bytes on handle 5)
2018-12-17T22:47:35.26208128Z 66 PC: 13d93 | Move file pointer
2018-12-17T22:47:35.263595905Z 64 PC: 13d34 | Write file or device (Write 4075 bytes on handle 5)
2018-12-17T22:47:35.271800573Z 66 PC: 13d93 | Move file pointer
2018-12-17T22:47:35.273515329Z 64 PC: 13d34 | Write file or device (Write 4075 bytes on handle 5)
2018-12-17T22:47:35.283950373Z 87 PC: 1322d | Get or set file date and time
2018-12-17T22:47:35.285872949Z 62 PC: 13cb1 | Close file
2018-12-17T22:47:35.293956434Z 53 PC: 13340 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:35.296375448Z 37 PC: 13349 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:35.297772649Z 53 PC: 13340 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:47:35.29918479Z 37 PC: 13349 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:47:35.301511541Z 53 PC: 13340 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:47:35.302904403Z 37 PC: 13349 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:47:35.304277489Z 53 PC: 13340 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:35.306506606Z 37 PC: 13349 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:35.308308626Z 53 PC: 13340 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:35.309685661Z 37 PC: 13349 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:35.311550572Z 53 PC: 13340 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:35.31282637Z 37 PC: 13349 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:35.313789087Z 53 PC: 13340 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:47:35.315374745Z 37 PC: 13349 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:47:35.316418684Z 53 PC: 13340 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:47:35.318107282Z 37 PC: 13349 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:47:35.31937939Z 53 PC: 13340 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:47:35.320353349Z 37 PC: 13349 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:47:35.321459429Z 53 PC: 13340 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:47:35.322714674Z 37 PC: 13349 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:47:35.323640873Z 53 PC: 13340 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:47:35.325014087Z 37 PC: 13349 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:47:35.325908424Z 53 PC: 13340 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:47:35.326825177Z 37 PC: 13349 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:47:35.327914482Z 53 PC: 13340 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:47:35.329410733Z 37 PC: 13349 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:47:35.330326434Z 53 PC: 13340 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:47:35.331730586Z 37 PC: 13349 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:47:35.33266961Z 53 PC: 13340 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:47:35.333629264Z 37 PC: 13349 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:47:35.335094982Z 53 PC: 13340 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:47:35.33618855Z 37 PC: 13349 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:47:35.337065838Z 53 PC: 13340 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:47:35.338266154Z 37 PC: 13349 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:47:35.339184865Z 53 PC: 13340 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:35.340084297Z 37 PC: 13349 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:35.341376193Z 53 PC: 13340 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:47:35.342254065Z 37 PC: 13349 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:47:35.343451113Z 41 PC: 133c9 | Parse filename
2018-12-17T22:47:35.345277784Z 41 PC: 133d7 | Parse filename
2018-12-17T22:47:35.346580387Z 75 PC: 133e2 | Execute program