Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Doggy.8421

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:43.968312976Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:43.971202095Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:43.972725768Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:43.974296579Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:43.976741994Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:43.979279712Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:43.980849983Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:43.98289249Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:43.984587275Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:43.986129282Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:43.987958028Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:43.993140105Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:43.995052959Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:43.996822814Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:43.999691334Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:44.001404403Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:44.01185013Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:44.020002137Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:44.021802449Z	53	PC: 14c3a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:44.023269736Z	37	PC: 14c4f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:44.030862682Z	37	PC: 14c57 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:44.032556335Z	37	PC: 14c5f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:44.034112068Z	37	PC: 14c67 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:44.037416507Z	68	PC: 15997 \| I/O control for devices (Set for = '��')
2018-12-17T22:48:44.039433026Z	42	PC: 14957 \| Get date 0x14957: xor ah, ah 0x14959: les di, ptr [bp + 6] 0x1495c: stosw word ptr es:[di], ax 0x1495d: mov al, dl 0x1495f: les di, ptr [bp + 0xa] 0x14962: stosw word ptr es:[di], ax 0x14963: mov al, dh 0x14965: les di, ptr [bp + 0xe] 0x14968: stosw word ptr es:[di], ax 0x14969: xchg ax, cx 0x1496a: les di, ptr [bp + 0x12] 0x1496d: stosw word ptr es:[di], ax 0x1496e: pop bp 0x1496f: retf 0x10 0x14972: push bp 0x14973: mov bp, sp 0x14975: mov cx, word ptr [bp + 0xa] 0x14978: mov dh, byte ptr [bp + 8] 0x1497b: mov dl, byte ptr [bp + 6] 0x1497e: mov ah, 0x2b
2018-12-17T22:48:44.042439054Z	48	PC: 154c2 \| Get DOS version
2018-12-17T22:48:44.045336869Z	61	PC: 15300 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:48:44.054293748Z	25	PC: 1554f \| Get default drive
2018-12-17T22:48:44.063024402Z	71	PC: 15562 \| Get current directory
2018-12-17T22:48:44.067950769Z	26	PC: 149e7 \| Set disk transfer address
2018-12-17T22:48:44.075758769Z	78	PC: 149f3 \| Find first file
2018-12-17T22:48:44.083175023Z	61	PC: 15300 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:44.091132405Z	66	PC: 15e99 \| Move file pointer
2018-12-17T22:48:44.098799431Z	66	PC: 15ea7 \| Move file pointer
2018-12-17T22:48:44.100742622Z	66	PC: 15eb5 \| Move file pointer
2018-12-17T22:48:44.10277504Z	66	PC: 15e99 \| Move file pointer
2018-12-17T22:48:44.105001754Z	66	PC: 15ea7 \| Move file pointer
2018-12-17T22:48:44.107019526Z	66	PC: 15eb5 \| Move file pointer
2018-12-17T22:48:44.109154758Z	66	PC: 15e99 \| Move file pointer
2018-12-17T22:48:44.111940452Z	66	PC: 15ea7 \| Move file pointer
2018-12-17T22:48:44.113649783Z	66	PC: 15eb5 \| Move file pointer
2018-12-17T22:48:44.115321625Z	66	PC: 15432 \| Move file pointer
2018-12-17T22:48:44.11777236Z	63	PC: 15392 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:48:44.126066734Z	63	PC: 15392 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:48:44.131874877Z	63	PC: 15392 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:48:44.136436448Z	63	PC: 15392 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:48:44.141112294Z	62	PC: 15350 \| Close file
2018-12-17T22:48:44.14364359Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.146235319Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.154285494Z	26	PC: 149e7 \| Set disk transfer address
2018-12-17T22:48:44.156013021Z	78	PC: 149f3 \| Find first file
2018-12-17T22:48:44.163611307Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.165257099Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.173919716Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.179983149Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.183541434Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.186022787Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.189385726Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.191934735Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.195235267Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.197197724Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.201915879Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.203599141Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.207164981Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.210048409Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.213642973Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.215497868Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.22042157Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.221643586Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.224556479Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.226801808Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.229865143Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.231307994Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.23560054Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.237071343Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.240428721Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.242658772Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.24582978Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.24766083Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.252425613Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.254219493Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.258194351Z	26	PC: 149e7 \| Set disk transfer address
2018-12-17T22:48:44.261006055Z	78	PC: 149f3 \| Find first file
2018-12-17T22:48:44.267969188Z	26	PC: 149e7 \| Set disk transfer address
2018-12-17T22:48:44.269751066Z	78	PC: 149f3 \| Find first file
2018-12-17T22:48:44.277410287Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.279000275Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.282132169Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.284675278Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.288205941Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.289865299Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.294083575Z	26	PC: 149e7 \| Set disk transfer address
2018-12-17T22:48:44.296002871Z	78	PC: 149f3 \| Find first file
2018-12-17T22:48:44.307396058Z	61	PC: 15300 \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:48:44.315830927Z	66	PC: 15e99 \| Move file pointer
2018-12-17T22:48:44.318704927Z	66	PC: 15ea7 \| Move file pointer
2018-12-17T22:48:44.320535616Z	66	PC: 15eb5 \| Move file pointer
2018-12-17T22:48:44.322487714Z	62	PC: 15350 \| Close file
2018-12-17T22:48:44.325767527Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.327210498Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.331259546Z	61	PC: 15300 \| Open file (Filename = 'C:\DOS\CHKDSK.EXE')
2018-12-17T22:48:44.340274875Z	66	PC: 15e99 \| Move file pointer
2018-12-17T22:48:44.342181627Z	66	PC: 15ea7 \| Move file pointer
2018-12-17T22:48:44.344081006Z	66	PC: 15eb5 \| Move file pointer
2018-12-17T22:48:44.347284596Z	62	PC: 15350 \| Close file
2018-12-17T22:48:44.350217246Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.351924514Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.356865728Z	61	PC: 15300 \| Open file (Filename = 'C:\DOS\DEBUG.EXE')
2018-12-17T22:48:44.36486592Z	66	PC: 15e99 \| Move file pointer
2018-12-17T22:48:44.366790706Z	66	PC: 15ea7 \| Move file pointer
2018-12-17T22:48:44.36975698Z	66	PC: 15eb5 \| Move file pointer
2018-12-17T22:48:44.371799768Z	62	PC: 15350 \| Close file
2018-12-17T22:48:44.374035047Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.376776689Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.380728484Z	61	PC: 15300 \| Open file (Filename = 'C:\DOS\EXPAND.EXE')
2018-12-17T22:48:44.389570818Z	66	PC: 15e99 \| Move file pointer
2018-12-17T22:48:44.39224385Z	66	PC: 15ea7 \| Move file pointer
2018-12-17T22:48:44.394189316Z	66	PC: 15eb5 \| Move file pointer
2018-12-17T22:48:44.396231042Z	62	PC: 15350 \| Close file
2018-12-17T22:48:44.399352588Z	26	PC: 14a0b \| Set disk transfer address
2018-12-17T22:48:44.401027545Z	79	PC: 14a10 \| Find next file
2018-12-17T22:48:44.405116367Z	61	PC: 15300 \| Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:48:44.413402617Z	66	PC: 15e99 \| Move file pointer
2018-12-17T22:48:44.415348934Z	66	PC: 15ea7 \| Move file pointer
2018-12-17T22:48:44.417320939Z	66	PC: 15eb5 \| Move file pointer
2018-12-17T22:48:44.420236677Z	66	PC: 15e99 \| Move file pointer
2018-12-17T22:48:44.422283703Z	66	PC: 15ea7 \| Move file pointer
2018-12-17T22:48:44.424337803Z	66	PC: 15eb5 \| Move file pointer
2018-12-17T22:48:44.427292504Z	66	PC: 15e99 \| Move file pointer
2018-12-17T22:48:44.429053263Z	66	PC: 15ea7 \| Move file pointer
2018-12-17T22:48:44.431650032Z	66	PC: 15eb5 \| Move file pointer
2018-12-17T22:48:44.434808737Z	66	PC: 15432 \| Move file pointer
2018-12-17T22:48:44.436843971Z	63	PC: 15392 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:48:44.443954651Z	63	PC: 15392 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:48:44.448284557Z	63	PC: 15392 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:48:44.451722226Z	63	PC: 15392 \| Read file or device (Read 1 bytes on handle 6)
2018-12-17T22:48:44.456098409Z	62	PC: 15350 \| Close file
2018-12-17T22:48:44.460082855Z	26	PC: 14b77 \| Set disk transfer address
2018-12-17T22:48:44.462855064Z	61	PC: 15300 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:44.471121105Z	63	PC: 153d3 \| Read file or device (Read 8417 bytes on handle 6)
2018-12-17T22:48:44.48037924Z	62	PC: 15350 \| Close file
2018-12-17T22:48:44.482544168Z	60	PC: 15300 \| Create or truncate file
2018-12-17T22:48:44.501602748Z	61	PC: 15300 \| Open file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:48:44.511127123Z	64	PC: 153d3 \| Write file or device (Write 8417 bytes on handle 6)
2018-12-17T22:48:44.522746095Z	63	PC: 153d3 \| Read file or device (Read 8417 bytes on handle 7)
2018-12-17T22:48:44.532239061Z	64	PC: 153d3 \| Write file or device (Write 8417 bytes on handle 6)
2018-12-17T22:48:44.544098354Z	63	PC: 153d3 \| Read file or device (Read 8417 bytes on handle 7)
2018-12-17T22:48:44.553340379Z	64	PC: 153d3 \| Write file or device (Write 8417 bytes on handle 6)
2018-12-17T22:48:44.564338924Z	63	PC: 153d3 \| Read file or device (Read 8417 bytes on handle 7)
2018-12-17T22:48:44.57492224Z	64	PC: 153d3 \| Write file or device (Write 8417 bytes on handle 6)
2018-12-17T22:48:44.585583321Z	63	PC: 153d3 \| Read file or device (Read 8417 bytes on handle 7)
2018-12-17T22:48:44.594599952Z	64	PC: 153d3 \| Write file or device (Write 4085 bytes on handle 6)
2018-12-17T22:48:44.606033836Z	63	PC: 153d3 \| Read file or device (Read 8417 bytes on handle 7)
2018-12-17T22:48:44.6084789Z	64	PC: 153d3 \| Write file or device (Write 4 bytes on handle 6)
2018-12-17T22:48:44.611702878Z	62	PC: 15350 \| Close file
2018-12-17T22:48:44.621919073Z	62	PC: 15350 \| Close file
2018-12-17T22:48:44.624370098Z	65	PC: 15449 \| Delete file (Filename = 'C:\DOS\FDISK.EXE')
2018-12-17T22:48:45.309112738Z	86	PC: 1548d \| Rename file
2018-12-17T22:48:45.315971975Z	64	PC: 15058 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:48:45.319501106Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:45.321249852Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:45.322641376Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:45.325363912Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:45.327627245Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:45.329466621Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:45.332727457Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:45.334553158Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:45.336351948Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:45.339187345Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:45.341099629Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:45.342623241Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:45.346061601Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:45.347827149Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:45.349611942Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:45.352316634Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:45.354031235Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:45.355540551Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:45.358333499Z	37	PC: 14d91 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:45.360690178Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.363864933Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.36726971Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.370205626Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.372642034Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.376152961Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.379076574Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.381856137Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.385685101Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.388605398Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.391452788Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.395079813Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.397814331Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.400388959Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.404144585Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.406463392Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.4089801Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.412562601Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.415195058Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.417712939Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.421232221Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.423795758Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.426322185Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.429897342Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.432403932Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.43489381Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.438490688Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.441011094Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.444334749Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.448144998Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.450653692Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.453186811Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.457055039Z	6	PC: 14e18 \| Direct console I/O
2018-12-17T22:48:45.461015531Z	76	PC: 14dd0 \| Terminate with return code (Return code = '17')