Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Buka.6998

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:34.637492416Z 53 PC: 1410a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:34.640179606Z 53 PC: 1410a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:34.643565297Z 53 PC: 1410a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:34.645331345Z 53 PC: 1410a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:34.647130165Z 53 PC: 1410a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:34.650128018Z 53 PC: 1410a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:34.651878297Z 53 PC: 1410a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:34.653663932Z 53 PC: 1410a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:34.657498837Z 53 PC: 1410a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:34.659285063Z 53 PC: 1410a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:34.661054017Z 53 PC: 1410a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:34.664498279Z 53 PC: 1410a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:34.667231184Z 53 PC: 1410a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:34.669811562Z 53 PC: 1410a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:34.680272658Z 53 PC: 1410a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:34.681748281Z 53 PC: 1410a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:34.683198506Z 53 PC: 1410a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:34.686318989Z 53 PC: 1410a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:34.688769834Z 53 PC: 1410a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:34.691352597Z 37 PC: 1411f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:34.694122481Z 37 PC: 14127 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:34.696593063Z 37 PC: 1412f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:34.69802792Z 37 PC: 14137 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:34.699686286Z 68 PC: 14d52 | I/O control for devices (Set for = '')
2018-12-17T22:48:34.811929886Z 37 PC: 13841 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:34.814308665Z 60 PC: 147d0 | Create or truncate file
2018-12-17T22:48:34.831046615Z 65 PC: 14919 | Delete file (Filename = '\�')
2018-12-17T22:48:34.840595017Z 53 PC: 13f4f | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:34.842910718Z 37 PC: 13f6b | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:34.844240787Z 51 PC: 13e4f | Get or set Ctrl-Break
2018-12-17T22:48:34.846718662Z 48 PC: 14992 | Get DOS version
2018-12-17T22:48:34.850391564Z 61 PC: 147d0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:34.859233737Z 63 PC: 148a3 | Read file or device (Read 6998 bytes on handle 6)
2018-12-17T22:48:34.868695937Z 62 PC: 14820 | Close file
2018-12-17T22:48:34.87164071Z 26 PC: 13eee | Set disk transfer address
2018-12-17T22:48:34.873055688Z 78 PC: 13efa | Find first file
2018-12-17T22:48:34.882150698Z 61 PC: 147d0 | Open file (Filename = '\TEST.EXE')
2018-12-17T22:48:34.891134638Z 66 PC: 14902 | Move file pointer
2018-12-17T22:48:34.893320335Z 63 PC: 148a3 | Read file or device (Read 4 bytes on handle 6)
2018-12-17T22:48:34.896855537Z 62 PC: 14820 | Close file
2018-12-17T22:48:34.90278581Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.904180901Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.907335298Z 26 PC: 13eee | Set disk transfer address
2018-12-17T22:48:34.915907335Z 78 PC: 13efa | Find first file
2018-12-17T22:48:34.922917466Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.92470742Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.929498793Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.931252458Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.934629193Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.937413634Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.940808052Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.942529777Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.946852119Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.948425294Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.951505392Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.95292018Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.957098491Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.958896409Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.962389232Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.964845677Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.969307912Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.97121225Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.975735049Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.977674863Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.980898941Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.983148898Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.986205251Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.987794087Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.991901294Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.993460033Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:34.996800289Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:34.999311627Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:35.002212669Z 26 PC: 13f12 | Set disk transfer address
2018-12-17T22:48:35.00340556Z 79 PC: 13f17 | Find next file
2018-12-17T22:48:35.006342499Z 44 PC: 13dfd | Get time 0x13dfd: xor ah, ah
0x13dff: mov al, dl
0x13e01: les di, ptr [bp + 6]
0x13e04: stosw word ptr es:[di], ax
0x13e05: mov al, dh
0x13e07: les di, ptr [bp + 0xa]
0x13e0a: stosw word ptr es:[di], ax
0x13e0b: mov al, cl
0x13e0d: les di, ptr [bp + 0xe]
0x13e10: stosw word ptr es:[di], ax
0x13e11: mov al, ch
0x13e13: les di, ptr [bp + 0x12]
0x13e16: stosw word ptr es:[di], ax
0x13e17: pop bp
0x13e18: retf 0x10
0x13e1b: push bp
0x13e1c: mov bp, sp
0x13e1e: mov ch, byte ptr [bp + 0xc]
0x13e21: mov cl, byte ptr [bp + 0xa]
0x13e24: mov dh, byte ptr [bp + 8]
2018-12-17T22:48:35.009500913Z 42 PC: 13dc7 | Get date 0x13dc7: xor ah, ah
0x13dc9: les di, ptr [bp + 6]
0x13dcc: stosw word ptr es:[di], ax
0x13dcd: mov al, dl
0x13dcf: les di, ptr [bp + 0xa]
0x13dd2: stosw word ptr es:[di], ax
0x13dd3: mov al, dh
0x13dd5: les di, ptr [bp + 0xe]
0x13dd8: stosw word ptr es:[di], ax
0x13dd9: xchg ax, cx
0x13dda: les di, ptr [bp + 0x12]
0x13ddd: stosw word ptr es:[di], ax
0x13dde: pop bp
0x13ddf: retf 0x10
0x13de2: push bp
0x13de3: mov bp, sp
0x13de5: mov cx, word ptr [bp + 0xa]
0x13de8: mov dh, byte ptr [bp + 8]
0x13deb: mov dl, byte ptr [bp + 6]
0x13dee: mov ah, 0x2b
2018-12-17T22:48:35.012223599Z 48 PC: 14992 | Get DOS version
2018-12-17T22:48:35.014042887Z 26 PC: 13eee | Set disk transfer address
2018-12-17T22:48:35.016163041Z 78 PC: 13efa | Find first file
2018-12-17T22:48:35.023073365Z 48 PC: 14992 | Get DOS version
2018-12-17T22:48:35.025192075Z 61 PC: 147d0 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:35.033031686Z 66 PC: 14902 | Move file pointer
2018-12-17T22:48:35.034993953Z 63 PC: 148a3 | Read file or device (Read 6998 bytes on handle 6)
2018-12-17T22:48:35.043636852Z 66 PC: 14902 | Move file pointer
2018-12-17T22:48:35.0467861Z 64 PC: 14801 | Write file or device (Write 0 bytes on handle 6)
2018-12-17T22:48:35.05583888Z 66 PC: 14902 | Move file pointer
2018-12-17T22:48:35.057589018Z 64 PC: 148a3 | Write file or device (Write 6998 bytes on handle 6)
2018-12-17T22:48:35.068360136Z 62 PC: 14820 | Close file
2018-12-17T22:48:35.077913296Z 37 PC: 13f6b | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:35.079441708Z 53 PC: 14088 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:35.081709269Z 37 PC: 14091 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:35.083214958Z 53 PC: 14088 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:35.084795037Z 37 PC: 14091 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:35.087227998Z 53 PC: 14088 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:35.088731754Z 37 PC: 14091 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:35.090184684Z 53 PC: 14088 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:35.092711251Z 37 PC: 14091 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:35.094167357Z 53 PC: 14088 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:35.095604528Z 37 PC: 14091 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:35.096906965Z 53 PC: 14088 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:35.098366267Z 37 PC: 14091 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:35.099680486Z 53 PC: 14088 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:35.10103462Z 37 PC: 14091 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:35.103314474Z 53 PC: 14088 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:35.104570143Z 37 PC: 14091 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:35.106028514Z 53 PC: 14088 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:35.109013953Z 37 PC: 14091 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:35.110614611Z 53 PC: 14088 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:35.112164773Z 37 PC: 14091 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:35.114773254Z 53 PC: 14088 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:35.116558929Z 37 PC: 14091 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:35.118089014Z 53 PC: 14088 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:35.120443088Z 37 PC: 14091 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:35.122021223Z 53 PC: 14088 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:35.123752516Z 37 PC: 14091 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:35.126203852Z 53 PC: 14088 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:35.127740369Z 37 PC: 14091 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:35.129250436Z 53 PC: 14088 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:35.131743581Z 37 PC: 14091 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:35.133075684Z 53 PC: 14088 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:35.134419599Z 37 PC: 14091 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:35.136497303Z 53 PC: 14088 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:35.137864943Z 37 PC: 14091 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:35.13921018Z 53 PC: 14088 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:35.141629617Z 37 PC: 14091 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:35.143204596Z 53 PC: 14088 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:35.144829509Z 37 PC: 14091 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:35.149235046Z 41 PC: 1403f | Parse filename
2018-12-17T22:48:35.151645566Z 41 PC: 1404d | Parse filename
2018-12-17T22:48:35.153470315Z 75 PC: 14058 | Execute program
2018-12-17T22:48:35.177863247Z 80 PC: 1c169 | Set current PSP
2018-12-17T22:48:35.179223583Z 48 PC: 1c16e | Get DOS version
2018-12-17T22:48:35.180963813Z 99 PC: 22950 | Get DBCS lead byte table pointer
2018-12-17T22:48:35.184930968Z 101 PC: 1c1f4 | Get extended country info
2018-12-17T22:48:35.187297063Z 99 PC: 1c1fa | Get DBCS lead byte table pointer
2018-12-17T22:48:35.188842326Z 74 PC: 1c25c | Reallocate memory
2018-12-17T22:48:35.190941701Z 25 PC: 1c293 | Get default drive
2018-12-17T22:48:35.192503856Z 37 PC: 1bd53 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:48:35.193760468Z 37 PC: 1bd5a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:35.195678982Z 37 PC: 1bd61 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:35.200308661Z 74 PC: 1aefc | Reallocate memory
2018-12-17T22:48:35.201971986Z 72 PC: 1af3d | Allocate memory
2018-12-17T22:48:35.20395383Z 72 PC: 1af75 | Allocate memory
2018-12-17T22:48:35.206454298Z 72 PC: 1af7d | Allocate memory