Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Sara.6672.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:11.078613312Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:11.079954626Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:11.081201261Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:49:11.082374019Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:11.083517864Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:11.085059671Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:11.086227547Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:11.087376675Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:11.089106051Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:11.090271174Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:11.091421978Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:11.09310606Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:11.094310412Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:11.095461459Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:11.097093841Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:11.098690096Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:11.100078124Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:11.101626884Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:11.103048671Z	53	PC: 133b6 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:49:11.104218146Z	37	PC: 133cb \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:11.105311044Z	37	PC: 133d2 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:11.106768414Z	37	PC: 133d9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:11.1080179Z	37	PC: 133e0 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:11.109995825Z	68	PC: 1371a \| I/O control for devices (Set for = '')
2018-12-17T22:49:11.128772312Z	44	PC: 13af0 \| Get time 0x13af0: mov word ptr [0x62], cx 0x13af4: mov word ptr [0x64], dx 0x13af8: retf 0x13af9: xchg bx, bx 0x13afb: nop 0x13afc: call 0x23ab4 0x13aff: mov bx, sp 0x13b01: mov cx, dx 0x13b03: mov bx, word ptr ss:[bx + 4] 0x13b07: mul bx 0x13b09: xchg ax, dx 0x13b0a: xchg ax, cx 0x13b0b: mul bx 0x13b0d: add ax, cx 0x13b0f: adc dx, 0 0x13b12: xchg ax, dx 0x13b13: retf 2 0x13b16: xchg bx, bx 0x13b18: mov bx, sp 0x13b1a: push ds
2018-12-17T22:49:11.131202953Z	48	PC: 13d43 \| Get DOS version
2018-12-17T22:49:11.133058133Z	67	PC: 1310f \| Get or set file attributes
2018-12-17T22:49:11.139791978Z	67	PC: 13136 \| Get or set file attributes
2018-12-17T22:49:11.152994016Z	61	PC: 13b9f \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:49:11.157312349Z	63	PC: 13c31 \| Read file or device (Read 6672 bytes on handle 5)
2018-12-17T22:49:11.162691946Z	64	PC: 13820 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:49:11.164128623Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:11.165156194Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:11.16661477Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:49:11.16762477Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:11.168569339Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:11.169941939Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:11.170975703Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:11.171971944Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:11.17337374Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:11.174392717Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:11.175544101Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:11.176868741Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:11.178390779Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:11.17949971Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:11.180603247Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:11.183003499Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:11.184620258Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:11.186232279Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:11.188181176Z	37	PC: 134dc \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:49:11.18944585Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.191766985Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.194401476Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.196680381Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.198844183Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.201427305Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.204536625Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.206811323Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.209472285Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.212287291Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.214660503Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.217903102Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.220264252Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.222528837Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.225277816Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.227515832Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.229661512Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.232732366Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.234913208Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.23703605Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.239326308Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.241799124Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.244004431Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.246197715Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.24931823Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.251532698Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.253612376Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.255966841Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.258024629Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.260063289Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.262661789Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.264938318Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.267060862Z	6	PC: 1355b \| Direct console I/O
2018-12-17T22:49:11.271649991Z	76	PC: 1351b \| Terminate with return code (Return code = '100')