Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Razborka.5856

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:09.392201063Z 53 PC: 139da | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:09.394762553Z 53 PC: 139da | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:09.396313Z 53 PC: 139da | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:09.39785396Z 53 PC: 139da | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:09.399923825Z 53 PC: 139da | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:09.40129961Z 53 PC: 139da | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:09.402758492Z 53 PC: 139da | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:09.405127166Z 53 PC: 139da | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:09.406502302Z 53 PC: 139da | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:09.407918177Z 53 PC: 139da | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:09.41034706Z 53 PC: 139da | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:09.41205092Z 53 PC: 139da | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:09.413514661Z 53 PC: 139da | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:09.425378874Z 53 PC: 139da | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:09.426902128Z 53 PC: 139da | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:09.428070548Z 53 PC: 139da | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:09.429406481Z 53 PC: 139da | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:09.43119801Z 53 PC: 139da | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:09.432270139Z 53 PC: 139da | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:09.433352912Z 37 PC: 139ef | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:09.434835719Z 37 PC: 139f7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:09.436199977Z 37 PC: 139ff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:09.437245889Z 37 PC: 13a07 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:09.439184731Z 68 PC: 1444e | I/O control for devices (Set for = '')
2018-12-17T22:48:09.440605147Z 44 PC: 14585 | Get time 0x14585: mov word ptr [0x46], cx
0x14589: mov word ptr [0x48], dx
0x1458d: retf
0x1458e: call 0x145d5
0x14591: jb 0x145a2
0x14593: mov cx, word ptr es:[di + 4]
0x14597: cmp cx, 1
0x1459a: je 0x145a2
0x1459c: xor bx, bx
0x1459e: push cs
0x1459f: call 0x24111
0x145a2: retf 4
0x145a5: call 0x145d5
0x145a8: jb 0x145bd
0x145aa: mov ax, cx
0x145ac: mov dx, bx
0x145ae: mov cx, word ptr es:[di + 4]
0x145b2: cmp cx, 1
0x145b5: je 0x145bd
0x145b7: xor bx, bx
2018-12-17T22:48:09.442908593Z 48 PC: 1405f | Get DOS version
2018-12-17T22:48:09.448366849Z 61 PC: 13e9d | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:09.455149387Z 66 PC: 145ef | Move file pointer
2018-12-17T22:48:09.456732806Z 66 PC: 145fd | Move file pointer
2018-12-17T22:48:09.459851585Z 66 PC: 1460b | Move file pointer
2018-12-17T22:48:09.461757935Z 66 PC: 13fcf | Move file pointer
2018-12-17T22:48:09.463149352Z 63 PC: 13f70 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:48:09.46699302Z 63 PC: 13f70 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:48:09.469836958Z 66 PC: 13fcf | Move file pointer
2018-12-17T22:48:09.471639609Z 63 PC: 13f70 | Read file or device (Read 5856 bytes on handle 5)
2018-12-17T22:48:09.480494957Z 62 PC: 13eed | Close file
2018-12-17T22:48:09.482813663Z 61 PC: 13e9d | Open file (Filename = 'C:\SYSTEM.BWA')
2018-12-17T22:48:09.489102046Z 60 PC: 13e9d | Create or truncate file
2018-12-17T22:48:09.835292771Z 64 PC: 13f70 | Write file or device (Write 5856 bytes on handle 5)
2018-12-17T22:48:09.845580016Z 62 PC: 13eed | Close file
2018-12-17T22:48:09.853582302Z 61 PC: 13e9d | Open file (Filename = 'C:\CONFIG.SYS')
2018-12-17T22:48:09.860110345Z 66 PC: 145ef | Move file pointer
2018-12-17T22:48:09.862737364Z 66 PC: 145fd | Move file pointer
2018-12-17T22:48:09.864387167Z 66 PC: 1460b | Move file pointer
2018-12-17T22:48:09.866132536Z 66 PC: 13fcf | Move file pointer
2018-12-17T22:48:09.868861773Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.874616527Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.878641942Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.882480959Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.885545071Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.888775515Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.892515149Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.896203016Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.899604585Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.903741777Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.907388121Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.910606796Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.914955129Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.918128596Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.92127434Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.924556779Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.928297889Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.931360708Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.934370046Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.937771061Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.939624552Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.941594754Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.94396382Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.946951011Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.95089888Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.954344275Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.957021464Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.961335064Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.965067615Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.96827784Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.971267633Z 64 PC: 13f70 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:48:09.975137498Z 62 PC: 13eed | Close file
2018-12-17T22:48:09.982410672Z 53 PC: 1376e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:09.98391769Z 37 PC: 1378a | Set interrupt vector (Interrupt = '228' AKA 'UNKNOWN!')
2018-12-17T22:48:09.985880236Z 37 PC: 1378a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:09.98733845Z 37 PC: 130dc | Set interrupt vector (Interrupt = '227' AKA 'UNKNOWN!')
2018-12-17T22:48:09.988800883Z 98 PC: 130dc | Get current PSP
2018-12-17T22:48:09.991102324Z 49 PC: 130dc | Terminate and stay resident (Return code = '0' | Memory size = '2252')