Sample viewer

vx.netlux.org/Virus.DOS.HLLP.VsW.5063

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:48.207876758Z 53 PC: 1362a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:48.209957808Z 53 PC: 1362a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:48.21182155Z 53 PC: 1362a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:48.213156227Z 53 PC: 1362a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:48.214536Z 53 PC: 1362a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:48.217065212Z 53 PC: 1362a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:48.218715894Z 53 PC: 1362a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:48.220325278Z 53 PC: 1362a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:48.223325314Z 53 PC: 1362a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:48.232451962Z 53 PC: 1362a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:48.23410047Z 53 PC: 1362a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:48.236257833Z 53 PC: 1362a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:48.238335738Z 53 PC: 1362a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:48.239900437Z 53 PC: 1362a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:48.241990594Z 53 PC: 1362a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:48.243819591Z 53 PC: 1362a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:48.245396344Z 53 PC: 1362a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:48.24717713Z 53 PC: 1362a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:48.249516235Z 53 PC: 1362a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:48.251685401Z 37 PC: 1363f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:48.253920039Z 37 PC: 13647 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:48.255551234Z 37 PC: 1364f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:48.257583733Z 37 PC: 13657 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:48.260199528Z 68 PC: 14332 | I/O control for devices (Set for = '�Z[X.�.I�
2018-12-17T22:48:48.262790997Z 42 PC: 13400 | Get date 0x13400: xor ah, ah
0x13402: les di, ptr [bp + 6]
0x13405: stosw word ptr es:[di], ax
0x13406: mov al, dl
0x13408: les di, ptr [bp + 0xa]
0x1340b: stosw word ptr es:[di], ax
0x1340c: mov al, dh
0x1340e: les di, ptr [bp + 0xe]
0x13411: stosw word ptr es:[di], ax
0x13412: xchg ax, cx
0x13413: les di, ptr [bp + 0x12]
0x13416: stosw word ptr es:[di], ax
0x13417: pop bp
0x13418: retf 0x10
0x1341b: push bp
0x1341c: mov bp, sp
0x1341e: push ds
0x1341f: lds dx, ptr [bp + 6]
0x13422: mov ah, 0x1a
0x13424: int 0x21
2018-12-17T22:48:48.266530473Z 60 PC: 14316 | Create or truncate file
2018-12-17T22:48:48.285516957Z 68 PC: 14332 | I/O control for devices (Set for = '�Z[X.�.I�
2018-12-17T22:48:48.287379196Z 64 PC: 13a23 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:48:48.29065984Z 62 PC: 13a62 | Close file
2018-12-17T22:48:48.298926091Z 65 PC: 13eca | Delete file (Filename = '���.���')
2018-12-17T22:48:48.311277078Z 26 PC: 13426 | Set disk transfer address
2018-12-17T22:48:48.313810759Z 78 PC: 133f7 | Find first file
2018-12-17T22:48:48.321048698Z 48 PC: 13f43 | Get DOS version
2018-12-17T22:48:48.324487589Z 26 PC: 13448 | Set disk transfer address
2018-12-17T22:48:48.327257063Z 79 PC: 1344d | Find next file
2018-12-17T22:48:48.330868679Z 48 PC: 13f43 | Get DOS version
2018-12-17T22:48:48.332617886Z 61 PC: 13d81 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:48.340856275Z 66 PC: 144d3 | Move file pointer
2018-12-17T22:48:48.342984464Z 66 PC: 144e1 | Move file pointer
2018-12-17T22:48:48.345072677Z 66 PC: 144ef | Move file pointer
2018-12-17T22:48:48.347330119Z 62 PC: 13dd1 | Close file
2018-12-17T22:48:48.35095016Z 48 PC: 13f43 | Get DOS version
2018-12-17T22:48:48.35304201Z 61 PC: 13d81 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:48.366458639Z 66 PC: 13eb3 | Move file pointer
2018-12-17T22:48:48.369532996Z 60 PC: 13d81 | Create or truncate file
2018-12-17T22:48:48.382297679Z 63 PC: 13e54 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:48:48.390796478Z 64 PC: 13e54 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T22:48:48.399783664Z 63 PC: 13e54 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:48:48.407198336Z 64 PC: 13e54 | Write file or device (Write 538 bytes on handle 6)
2018-12-17T22:48:48.416293024Z 63 PC: 13e54 | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T22:48:48.419677032Z 62 PC: 13dd1 | Close file
2018-12-17T22:48:48.422170387Z 62 PC: 13dd1 | Close file
2018-12-17T22:48:48.432541914Z 41 PC: 13593 | Parse filename
2018-12-17T22:48:48.434701792Z 41 PC: 135a1 | Parse filename
2018-12-17T22:48:48.437816474Z 75 PC: 135ac | Execute program
2018-12-17T22:48:48.459655308Z 80 PC: 1aaf9 | Set current PSP
2018-12-17T22:48:48.46117837Z 48 PC: 1aafe | Get DOS version
2018-12-17T22:48:48.463530108Z 99 PC: 212e0 | Get DBCS lead byte table pointer
2018-12-17T22:48:48.466930177Z 101 PC: 1ab84 | Get extended country info
2018-12-17T22:48:48.468725089Z 99 PC: 1ab8a | Get DBCS lead byte table pointer
2018-12-17T22:48:48.471200049Z 74 PC: 1abec | Reallocate memory
2018-12-17T22:48:48.472973561Z 25 PC: 1ac23 | Get default drive
2018-12-17T22:48:48.474412565Z 37 PC: 1a6e3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:48:48.476873008Z 37 PC: 1a6ea | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:48.478252711Z 37 PC: 1a6f1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:48.483104207Z 74 PC: 1988c | Reallocate memory
2018-12-17T22:48:48.48546913Z 72 PC: 198cd | Allocate memory
2018-12-17T22:48:48.488238594Z 72 PC: 19905 | Allocate memory
2018-12-17T22:48:48.490758538Z 72 PC: 1990d | Allocate memory