Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Teterin.7528

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:58:30.202245821Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:58:30.212023776Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:58:30.215156862Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:58:30.216431071Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:58:30.219143841Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:58:30.220473386Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:58:30.222134947Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:58:30.237275704Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:58:30.238799315Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:58:30.240000024Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:58:30.242654561Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:58:30.243933624Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:58:30.24553822Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:58:30.247086991Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:58:30.249033308Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:58:30.250651887Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:58:30.252357854Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:58:30.254185961Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:58:30.255339184Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:58:30.256605442Z	37	PC: 13bdf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:58:30.258421218Z	37	PC: 13be7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:58:30.259885757Z	37	PC: 13bef \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:58:30.261328996Z	37	PC: 13bf7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:58:30.264918813Z	68	PC: 14b16 \| I/O control for devices (Set for = '��>s')
2018-12-17T21:58:30.266582916Z	44	PC: 14fae \| Get time 0x14fae: mov word ptr [0x46], cx 0x14fb2: mov word ptr [0x48], dx 0x14fb6: retf 0x14fb7: call 0x14ffe 0x14fba: jb 0x14fcb 0x14fbc: mov cx, word ptr es:[di + 4] 0x14fc0: cmp cx, 1 0x14fc3: je 0x14fcb 0x14fc5: xor bx, bx 0x14fc7: push cs 0x14fc8: call 0x247d9 0x14fcb: retf 4 0x14fce: call 0x14ffe 0x14fd1: jb 0x14fe6 0x14fd3: mov ax, cx 0x14fd5: mov dx, bx 0x14fd7: mov cx, word ptr es:[di + 4] 0x14fdb: cmp cx, 1 0x14fde: je 0x14fe6 0x14fe0: xor bx, bx
2018-12-17T21:58:30.269714044Z	48	PC: 14641 \| Get DOS version
2018-12-17T21:58:30.272101688Z	61	PC: 144f3 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:58:30.278884321Z	66	PC: 14625 \| Move file pointer
2018-12-17T21:58:30.280347325Z	63	PC: 145c6 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:30.283719908Z	62	PC: 14543 \| Close file
2018-12-17T21:58:30.285891739Z	25	PC: 146ce \| Get default drive
2018-12-17T21:58:30.28712221Z	71	PC: 146e1 \| Get current directory
2018-12-17T21:58:30.291473528Z	26	PC: 139df \| Set disk transfer address
2018-12-17T21:58:30.292780728Z	78	PC: 139eb \| Find first file
2018-12-17T21:58:30.29948951Z	48	PC: 14641 \| Get DOS version
2018-12-17T21:58:30.302860499Z	61	PC: 144f3 \| Open file (Filename = 'TEST.EXE')
2018-12-17T21:58:30.310331962Z	66	PC: 14625 \| Move file pointer
2018-12-17T21:58:30.312344321Z	63	PC: 145c6 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T21:58:30.316295514Z	62	PC: 14543 \| Close file
2018-12-17T21:58:30.318371479Z	26	PC: 13a03 \| Set disk transfer address
2018-12-17T21:58:30.319413386Z	79	PC: 13a08 \| Find next file
2018-12-17T21:58:30.325617073Z	59	PC: 14795 \| Change current directory
2018-12-17T21:58:30.330128176Z	14	PC: 14727 \| Set default drive (Drive = 'A')
2018-12-17T21:58:30.331462707Z	25	PC: 1472b \| Get default drive
2018-12-17T21:58:30.333549233Z	59	PC: 14795 \| Change current directory
2018-12-17T21:58:30.337727565Z	48	PC: 14641 \| Get DOS version
2018-12-17T21:58:30.339163903Z	67	PC: 13941 \| Get or set file attributes
2018-12-17T21:58:30.345655241Z	67	PC: 13968 \| Get or set file attributes
2018-12-17T21:58:30.362089677Z	61	PC: 144f3 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:58:30.36812493Z	66	PC: 14625 \| Move file pointer
2018-12-17T21:58:30.36987787Z	63	PC: 145c6 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T21:58:30.372617697Z	66	PC: 15018 \| Move file pointer
2018-12-17T21:58:30.374755671Z	66	PC: 15026 \| Move file pointer
2018-12-17T21:58:30.377599337Z	66	PC: 15034 \| Move file pointer
2018-12-17T21:58:30.37949681Z	62	PC: 14543 \| Close file
2018-12-17T21:58:30.381442887Z	67	PC: 13968 \| Get or set file attributes
2018-12-17T21:58:30.393655644Z	42	PC: 138c7 \| Get date 0x138c7: xor ah, ah 0x138c9: les di, ptr [bp + 6] 0x138cc: stosw word ptr es:[di], ax 0x138cd: mov al, dl 0x138cf: les di, ptr [bp + 0xa] 0x138d2: stosw word ptr es:[di], ax 0x138d3: mov al, dh 0x138d5: les di, ptr [bp + 0xe] 0x138d8: stosw word ptr es:[di], ax 0x138d9: xchg ax, cx 0x138da: les di, ptr [bp + 0x12] 0x138dd: stosw word ptr es:[di], ax 0x138de: pop bp 0x138df: retf 0x10 0x138e2: push bp 0x138e3: mov bp, sp 0x138e5: mov cx, word ptr [bp + 0xa] 0x138e8: mov dh, byte ptr [bp + 8] 0x138eb: mov dl, byte ptr [bp + 6] 0x138ee: mov ah, 0x2b
2018-12-17T21:58:30.39645871Z	44	PC: 138fd \| Get time 0x138fd: xor ah, ah 0x138ff: mov al, dl 0x13901: les di, ptr [bp + 6] 0x13904: stosw word ptr es:[di], ax 0x13905: mov al, dh 0x13907: les di, ptr [bp + 0xa] 0x1390a: stosw word ptr es:[di], ax 0x1390b: mov al, cl 0x1390d: les di, ptr [bp + 0xe] 0x13910: stosw word ptr es:[di], ax 0x13911: mov al, ch 0x13913: les di, ptr [bp + 0x12] 0x13916: stosw word ptr es:[di], ax 0x13917: pop bp 0x13918: retf 0x10 0x1391b: push bp 0x1391c: mov bp, sp 0x1391e: mov ch, byte ptr [bp + 0xc] 0x13921: mov cl, byte ptr [bp + 0xa] 0x13924: mov dh, byte ptr [bp + 8]
2018-12-17T21:58:30.399868385Z	64	PC: 1424b \| Write file or device (Write 46 bytes on handle 1)
2018-12-17T21:58:30.405212598Z	64	PC: 1424b \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T21:58:30.407733118Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:58:30.409166086Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:58:30.410778043Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:58:30.412157756Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:58:30.413500739Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:58:30.415016133Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:58:30.416362136Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:58:30.417438578Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:58:30.418790674Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:58:30.420458073Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:58:30.421937689Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:58:30.423606449Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:58:30.426641172Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:58:30.427959865Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:58:30.429239808Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:58:30.430618299Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:58:30.431773779Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:58:30.433092667Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:58:30.435631018Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:58:30.436615943Z	76	PC: 13d60 \| Terminate with return code (Return code = '0')