Sample viewer

vx.netlux.org/Virus.DOS.HLLO.Beta.7360

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:47:56.610337449Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:56.612502672Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:47:56.615119255Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:47:56.616846429Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:56.618620399Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:56.62162449Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:56.623370271Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:47:56.625132525Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:47:56.628614989Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:47:56.632407885Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:47:56.634276955Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:47:56.637043455Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:47:56.639234802Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:47:56.641019977Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:47:56.642774824Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:47:56.64531236Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:47:56.647121934Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:47:56.650172851Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:56.656617201Z	53	PC: 13832 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:47:56.658088478Z	37	PC: 13847 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:56.659443312Z	37	PC: 1384f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:56.66230932Z	37	PC: 13857 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:56.664380286Z	37	PC: 1385f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:56.666289179Z	68	PC: 13bcf \| I/O control for devices (Set for = '')
2018-12-17T22:47:56.775455493Z	37	PC: 13125 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:47:56.777464918Z	48	PC: 142e8 \| Get DOS version
2018-12-17T22:47:56.779067804Z	44	PC: 1411b \| Get time 0x1411b: mov word ptr [0x13e], cx 0x1411f: mov word ptr [0x140], dx 0x14123: retf 0x14124: mov bx, sp 0x14126: push ds 0x14127: les di, ptr ss:[bx + 8] 0x1412b: lds si, ptr ss:[bx + 4] 0x1412f: cld 0x14130: xor ax, ax 0x14132: stosw word ptr es:[di], ax 0x14133: mov ax, 0xd7b0 0x14136: stosw word ptr es:[di], ax 0x14137: xor ax, ax 0x14139: mov cx, 0x16 0x1413c: rep stosd dword ptr es:[di], eax 0x1413e: lodsb al, byte ptr [si] 0x1413f: cmp al, 0x4f 0x14141: jbe 0x14145 0x14143: mov al, 0x4f 0x14145: mov cl, al
2018-12-17T22:47:56.785591523Z	25	PC: 14375 \| Get default drive
2018-12-17T22:47:56.787296079Z	71	PC: 14388 \| Get current directory
2018-12-17T22:47:56.791527252Z	25	PC: 14375 \| Get default drive
2018-12-17T22:47:56.792696287Z	71	PC: 14388 \| Get current directory
2018-12-17T22:47:56.79659937Z	14	PC: 143ce \| Set default drive (Drive = 'A')
2018-12-17T22:47:56.797913946Z	25	PC: 143d2 \| Get default drive
2018-12-17T22:47:56.799060154Z	59	PC: 1443c \| Change current directory
2018-12-17T22:47:56.803217633Z	25	PC: 14375 \| Get default drive
2018-12-17T22:47:56.805469008Z	71	PC: 14388 \| Get current directory
2018-12-17T22:47:56.809340446Z	14	PC: 143ce \| Set default drive (Drive = 'C')
2018-12-17T22:47:56.811263685Z	25	PC: 143d2 \| Get default drive
2018-12-17T22:47:56.813039163Z	59	PC: 1443c \| Change current directory
2018-12-17T22:47:56.819688667Z	14	PC: 143ce \| Set default drive (Drive = 'A')
2018-12-17T22:47:56.8212845Z	25	PC: 143d2 \| Get default drive
2018-12-17T22:47:56.823322553Z	59	PC: 1443c \| Change current directory
2018-12-17T22:47:56.828268086Z	26	PC: 13717 \| Set disk transfer address
2018-12-17T22:47:56.829595385Z	78	PC: 13723 \| Find first file
2018-12-17T22:47:56.832210853Z	26	PC: 13717 \| Set disk transfer address
2018-12-17T22:47:56.83319557Z	78	PC: 13723 \| Find first file
2018-12-17T22:47:56.840266943Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.841431496Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.844913563Z	26	PC: 13717 \| Set disk transfer address
2018-12-17T22:47:56.846038573Z	78	PC: 13723 \| Find first file
2018-12-17T22:47:56.856879111Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.858195956Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.861988078Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.864227334Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.86831996Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.869537853Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.87413092Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.875519667Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.879567224Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.882565816Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.886425149Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.887894944Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.896046367Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.897490714Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.901462363Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.903191885Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.908536516Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.918491509Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.935862796Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.940196609Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.944534854Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.946255711Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.952083662Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.953936574Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.958410425Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.960504779Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.964416265Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.966520042Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.975373078Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.976894898Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.981881504Z	26	PC: 1373b \| Set disk transfer address
2018-12-17T22:47:56.984222137Z	79	PC: 13740 \| Find next file
2018-12-17T22:47:56.988748028Z	67	PC: 136bf \| Get or set file attributes
2018-12-17T22:47:56.996204316Z	61	PC: 1419a \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:47:57.004729729Z	60	PC: 1419a \| Create or truncate file
2018-12-17T22:47:57.339523502Z	63	PC: 1426d \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:47:57.348161198Z	64	PC: 1426d \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T22:47:57.358300271Z	63	PC: 1426d \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:47:57.366830298Z	64	PC: 1426d \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T22:47:57.37703347Z	63	PC: 1426d \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:47:57.385728992Z	64	PC: 1426d \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T22:47:57.394201704Z	63	PC: 1426d \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:47:57.402888338Z	64	PC: 1426d \| Write file or device (Write 1216 bytes on handle 6)
2018-12-17T22:47:57.411711209Z	63	PC: 1426d \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:47:57.415130984Z	62	PC: 141ea \| Close file
2018-12-17T22:47:57.417720166Z	62	PC: 141ea \| Close file
2018-12-17T22:47:57.426535899Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:57.42929511Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:47:57.430689255Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:47:57.432022109Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:57.434372669Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:57.436045243Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:57.437691973Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:47:57.440715337Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:47:57.443274326Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:47:57.444566566Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:47:57.446302597Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:47:57.448775149Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:47:57.450551025Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:47:57.452501517Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:47:57.454442483Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:47:57.456060819Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:47:57.45741562Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:47:57.459280553Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:57.460690744Z	37	PC: 13946 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:47:57.462161319Z	76	PC: 13985 \| Terminate with return code (Return code = '0')