Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Iraq.7299

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:07.92301386Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:07.925242448Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:07.92688094Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:07.928488165Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:07.930347738Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:07.931554187Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:07.932709697Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:07.934242864Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:07.935519278Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:07.936742365Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:07.938668796Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:07.939857147Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:07.941018775Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:07.942822478Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:07.944314737Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:07.945902111Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:07.947783395Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:07.949251536Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:07.950703089Z	53	PC: 142e2 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:07.952420052Z	37	PC: 142f7 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:07.953509266Z	37	PC: 142ff \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:07.954748023Z	37	PC: 14307 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:07.95685115Z	37	PC: 1430f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:07.958652486Z	68	PC: 1467f \| I/O control for devices (Set for = '')
2018-12-17T22:48:08.005371632Z	37	PC: 13d05 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:08.007825045Z	48	PC: 14ddf \| Get DOS version
2018-12-17T22:48:08.009192006Z	44	PC: 14ae9 \| Get time 0x14ae9: mov word ptr [0x5a], cx 0x14aed: mov word ptr [0x5c], dx 0x14af1: retf 0x14af2: mov bx, sp 0x14af4: push ds 0x14af5: les di, ptr ss:[bx + 8] 0x14af9: lds si, ptr ss:[bx + 4] 0x14afd: cld 0x14afe: xor ax, ax 0x14b00: stosw word ptr es:[di], ax 0x14b01: mov ax, 0xd7b0 0x14b04: stosw word ptr es:[di], ax 0x14b05: xor ax, ax 0x14b07: mov cx, 0x16 0x14b0a: rep stosd dword ptr es:[di], eax 0x14b0c: lodsb al, byte ptr [si] 0x14b0d: cmp al, 0x4f 0x14b0f: jbe 0x14b13 0x14b11: mov al, 0x4f 0x14b13: mov cl, al
2018-12-17T22:48:08.011635229Z	61	PC: 14b68 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:08.019533015Z	66	PC: 14d04 \| Move file pointer
2018-12-17T22:48:08.02132258Z	66	PC: 14d12 \| Move file pointer
2018-12-17T22:48:08.022744408Z	66	PC: 14d20 \| Move file pointer
2018-12-17T22:48:08.026716535Z	54	PC: 13848 \| Get free disk space
2018-12-17T22:48:08.036230063Z	66	PC: 14d04 \| Move file pointer
2018-12-17T22:48:08.038252217Z	66	PC: 14d12 \| Move file pointer
2018-12-17T22:48:08.040636102Z	66	PC: 14d20 \| Move file pointer
2018-12-17T22:48:08.044035918Z	60	PC: 14b68 \| Create or truncate file
2018-12-17T22:48:08.061569291Z	66	PC: 14c9a \| Move file pointer
2018-12-17T22:48:08.065080472Z	63	PC: 14c3b \| Read file or device (Read 7299 bytes on handle 5)
2018-12-17T22:48:08.072912037Z	64	PC: 14c3b \| Write file or device (Write 7299 bytes on handle 6)
2018-12-17T22:48:08.081664795Z	63	PC: 14c3b \| Read file or device (Read 7299 bytes on handle 5)
2018-12-17T22:48:08.089887323Z	64	PC: 14c3b \| Write file or device (Write 7299 bytes on handle 6)
2018-12-17T22:48:08.098899848Z	63	PC: 14c3b \| Read file or device (Read 7299 bytes on handle 5)
2018-12-17T22:48:08.106553127Z	64	PC: 14c3b \| Write file or device (Write 7299 bytes on handle 6)
2018-12-17T22:48:08.115298498Z	63	PC: 14c3b \| Read file or device (Read 7299 bytes on handle 5)
2018-12-17T22:48:08.120281217Z	64	PC: 14c3b \| Write file or device (Write 7299 bytes on handle 6)
2018-12-17T22:48:08.1287506Z	63	PC: 14c3b \| Read file or device (Read 7299 bytes on handle 5)
2018-12-17T22:48:08.134558899Z	64	PC: 14c3b \| Write file or device (Write 7299 bytes on handle 6)
2018-12-17T22:48:08.140619559Z	63	PC: 14c3b \| Read file or device (Read 7299 bytes on handle 5)
2018-12-17T22:48:08.146581149Z	64	PC: 14c3b \| Write file or device (Write 7299 bytes on handle 6)
2018-12-17T22:48:08.15509153Z	63	PC: 14c3b \| Read file or device (Read 7299 bytes on handle 5)
2018-12-17T22:48:08.161954774Z	64	PC: 14c3b \| Write file or device (Write 7299 bytes on handle 6)
2018-12-17T22:48:08.168119457Z	63	PC: 14c3b \| Read file or device (Read 7299 bytes on handle 5)
2018-12-17T22:48:08.175196452Z	64	PC: 14c3b \| Write file or device (Write 6237 bytes on handle 6)
2018-12-17T22:48:08.185231423Z	63	PC: 14c3b \| Read file or device (Read 7299 bytes on handle 5)
2018-12-17T22:48:08.187214818Z	62	PC: 14bb8 \| Close file
2018-12-17T22:48:08.190130555Z	62	PC: 14bb8 \| Close file
2018-12-17T22:48:08.196002253Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:08.196871937Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:08.198785243Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:08.199889749Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:08.200990459Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:08.202509374Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:08.204061944Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:08.205295909Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:08.206748027Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:08.207824295Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:08.208776077Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:08.210242458Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:08.211113453Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:08.211922763Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:08.213493597Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:08.214355784Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:08.215142658Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:08.216629555Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:08.217549769Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:08.218586522Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:08.22003988Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:08.22098009Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:08.221874381Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:08.223258619Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:08.224240019Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:08.225140271Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:08.226349001Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:08.227558715Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:08.22860908Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:08.230088003Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:08.231132181Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:08.232264619Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:08.233821961Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:08.234861596Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:08.235852139Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:08.23743942Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:08.238488092Z	53	PC: 139eb \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:08.239465137Z	37	PC: 139f4 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:08.241288119Z	41	PC: 13a8e \| Parse filename
2018-12-17T22:48:08.242495396Z	41	PC: 13a9c \| Parse filename
2018-12-17T22:48:08.243645881Z	75	PC: 13aa7 \| Execute program
2018-12-17T22:48:08.256332013Z	80	PC: 1c579 \| Set current PSP
2018-12-17T22:48:08.257077435Z	48	PC: 1c57e \| Get DOS version
2018-12-17T22:48:08.258242759Z	99	PC: 22d60 \| Get DBCS lead byte table pointer
2018-12-17T22:48:08.260558753Z	101	PC: 1c604 \| Get extended country info
2018-12-17T22:48:08.261359698Z	99	PC: 1c60a \| Get DBCS lead byte table pointer
2018-12-17T22:48:08.262211266Z	74	PC: 1c66c \| Reallocate memory
2018-12-17T22:48:08.263862304Z	25	PC: 1c6a3 \| Get default drive
2018-12-17T22:48:08.265702519Z	37	PC: 1c163 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:48:08.266623203Z	37	PC: 1c16a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:08.268979314Z	37	PC: 1c171 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:08.273438828Z	74	PC: 1b30c \| Reallocate memory
2018-12-17T22:48:08.275895741Z	72	PC: 1b34d \| Allocate memory
2018-12-17T22:48:08.277931577Z	72	PC: 1b385 \| Allocate memory
2018-12-17T22:48:08.27948393Z	72	PC: 1b38d \| Allocate memory