Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Sebek.4303

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:22.990192941Z 53 PC: 131ea | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:22.99235338Z 53 PC: 131ea | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:22.995516813Z 53 PC: 131ea | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:49:22.998212197Z 53 PC: 131ea | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:23.000088973Z 53 PC: 131ea | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:23.003044105Z 53 PC: 131ea | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:23.005658498Z 53 PC: 131ea | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:23.007175738Z 53 PC: 131ea | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:23.009532637Z 53 PC: 131ea | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:23.01148244Z 53 PC: 131ea | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:23.013139483Z 53 PC: 131ea | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:23.015369012Z 53 PC: 131ea | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:23.016863329Z 53 PC: 131ea | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:23.022421091Z 53 PC: 131ea | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:23.024232274Z 53 PC: 131ea | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:23.026439401Z 53 PC: 131ea | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:23.028741466Z 53 PC: 131ea | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:23.031289374Z 53 PC: 131ea | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:23.03474726Z 53 PC: 131ea | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:49:23.040390453Z 37 PC: 131ff | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:23.043088371Z 37 PC: 13207 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:23.04741981Z 37 PC: 1320f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:23.05019291Z 37 PC: 13217 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:23.05384442Z 68 PC: 13bc9 | I/O control for devices (Set for = '3�� �tFV������.��Nr������Ї�^t��Zi������������')
2018-12-17T22:49:23.056374644Z 44 PC: 13d00 | Get time 0x13d00: mov word ptr [0x1f4], cx
0x13d04: mov word ptr [0x1f6], dx
0x13d08: retf
0x13d09: mov bx, sp
0x13d0b: mov dx, ds
0x13d0d: lds si, ptr ss:[bx + 0xa]
0x13d11: les di, ptr ss:[bx + 6]
0x13d15: mov cx, word ptr ss:[bx + 4]
0x13d19: cld
0x13d1a: cmp si, di
0x13d1c: jae 0x13d25
0x13d1e: add si, cx
0x13d20: add di, cx
0x13d22: dec si
0x13d23: dec di
0x13d24: std
0x13d25: rep movsb byte ptr es:[di], byte ptr [si]
0x13d27: cld
0x13d28: mov ds, dx
0x13d2a: retf 0xa
2018-12-17T22:49:23.059216884Z 54 PC: 12d96 | Get free disk space
2018-12-17T22:49:23.077174203Z 26 PC: 12f85 | Set disk transfer address
2018-12-17T22:49:23.080255392Z 78 PC: 12f91 | Find first file
2018-12-17T22:49:23.08880281Z 26 PC: 12f85 | Set disk transfer address
2018-12-17T22:49:23.090896193Z 78 PC: 12f91 | Find first file
2018-12-17T22:49:23.114639152Z 48 PC: 1380e | Get DOS version
2018-12-17T22:49:23.116788862Z 61 PC: 13bad | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:49:23.125767351Z 60 PC: 13bad | Create or truncate file
2018-12-17T22:49:23.147592196Z 68 PC: 13bc9 | I/O control for devices (Set for = '����F=��@t���9=�&�V�!�&�V�#��ޘ�!=&�F �tH��%')
2018-12-17T22:49:23.15060182Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.155403491Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.159922312Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.165198775Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.169612368Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.180761895Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.186010507Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.189096685Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.192098365Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.200624564Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.203647102Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.206986296Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.21128847Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.21903296Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.222343289Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.226060914Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.229293438Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.236766007Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.240018879Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.243456898Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.246406299Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.254727404Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.259439557Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.262374741Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.265258118Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.27433357Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.277635965Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.280767618Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.284483319Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.291911846Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.295111267Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.299283857Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.302393269Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.305850164Z 63 PC: 13556 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:23.3093718Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.314249574Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.317635987Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.320923694Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.325157509Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.336548831Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.339870993Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.344315514Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.347858951Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.35980222Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.364009134Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.367526162Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.371056485Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.38087385Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.384362364Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.388071162Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.391861975Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.401521783Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.404928193Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.409122995Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.41306417Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.421803018Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.425176596Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.429741433Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.433142754Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.44261477Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.446583637Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.44980583Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.452963193Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.46256329Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.466723696Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.470285658Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.474868148Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.483964158Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.487519147Z 64 PC: 13588 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:49:23.491262861Z 62 PC: 135c7 | Close file
2018-12-17T22:49:23.493941223Z 64 PC: 13588 | Write file or device (Write 19 bytes on handle 6)
2018-12-17T22:49:23.496913808Z 62 PC: 135c7 | Close file
2018-12-17T22:49:23.505642398Z 48 PC: 1380e | Get DOS version
2018-12-17T22:49:23.50832064Z 53 PC: 1315c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:23.509600003Z 37 PC: 13165 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:23.510805007Z 53 PC: 1315c | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:23.513240493Z 37 PC: 13165 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:23.514743386Z 53 PC: 1315c | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:49:23.516218869Z 37 PC: 13165 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:49:23.518303525Z 53 PC: 1315c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:23.519720758Z 37 PC: 13165 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:23.520981147Z 53 PC: 1315c | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:23.523297599Z 37 PC: 13165 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:23.524802546Z 53 PC: 1315c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:23.526216142Z 37 PC: 13165 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:23.52777472Z 53 PC: 1315c | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:23.52948284Z 37 PC: 13165 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:23.530765229Z 53 PC: 1315c | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:23.532065372Z 37 PC: 13165 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:23.533706996Z 53 PC: 1315c | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:23.534992992Z 37 PC: 13165 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:23.536250194Z 53 PC: 1315c | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:23.538694326Z 37 PC: 13165 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:23.54063929Z 53 PC: 1315c | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:23.542606346Z 37 PC: 13165 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:23.544998501Z 53 PC: 1315c | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:23.546343989Z 37 PC: 13165 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:23.547573058Z 53 PC: 1315c | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:23.54974061Z 37 PC: 13165 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:23.550989016Z 53 PC: 1315c | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:23.552271315Z 37 PC: 13165 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:23.554700459Z 53 PC: 1315c | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:23.556012023Z 37 PC: 13165 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:23.557253225Z 53 PC: 1315c | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:23.559945954Z 37 PC: 13165 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:23.562157028Z 53 PC: 1315c | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:23.563570594Z 37 PC: 13165 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:23.565806415Z 53 PC: 1315c | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:23.567174155Z 37 PC: 13165 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:23.568501138Z 53 PC: 1315c | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:49:23.570779358Z 37 PC: 13165 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:49:23.572897147Z 41 PC: 130ab | Parse filename
2018-12-17T22:49:23.574775757Z 41 PC: 130b9 | Parse filename
2018-12-17T22:49:23.57719935Z 75 PC: 130c4 | Execute program
2018-12-17T22:49:23.603267808Z 80 PC: 17d59 | Set current PSP
2018-12-17T22:49:23.604203576Z 48 PC: 17d5e | Get DOS version
2018-12-17T22:49:23.606580913Z 99 PC: 1e540 | Get DBCS lead byte table pointer
2018-12-17T22:49:23.608764695Z 101 PC: 17de4 | Get extended country info
2018-12-17T22:49:23.609947959Z 99 PC: 17dea | Get DBCS lead byte table pointer
2018-12-17T22:49:23.612301942Z 74 PC: 17e4c | Reallocate memory
2018-12-17T22:49:23.61503693Z 25 PC: 17e83 | Get default drive
2018-12-17T22:49:23.616536277Z 37 PC: 17943 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:49:23.619045442Z 37 PC: 1794a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:23.620523999Z 37 PC: 17951 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:23.625459061Z 74 PC: 16aec | Reallocate memory
2018-12-17T22:49:23.628525282Z 72 PC: 16b2d | Allocate memory
2018-12-17T22:49:23.630210318Z 72 PC: 16b65 | Allocate memory
2018-12-17T22:49:23.631859797Z 72 PC: 16b6d | Allocate memory