Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Oeba.7000

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:25.210282476Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:25.213039604Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:25.214885306Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:25.216644209Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:25.218963634Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:25.22067888Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:25.222379348Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:25.224262289Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:25.226489919Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:25.227921246Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:25.229365399Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:25.231569684Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:25.233251686Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:25.234945148Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:25.237750847Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:25.239508862Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:25.241196206Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:25.243852487Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:25.245458335Z	53	PC: 13242 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:25.247098253Z	37	PC: 13257 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:25.249488499Z	37	PC: 1325f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:25.250900647Z	37	PC: 13267 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:25.252239606Z	37	PC: 1326f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:25.254926297Z	68	PC: 135df \| I/O control for devices (Set for = '')
2018-12-17T22:54:25.26830105Z	48	PC: 13e38 \| Get DOS version
2018-12-17T22:54:25.270233156Z	61	PC: 13c5e \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:25.279348384Z	63	PC: 13d31 \| Read file or device (Read 7000 bytes on handle 5)
2018-12-17T22:54:25.28806342Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.290223747Z	44	PC: 13bdf \| Get time 0x13bdf: mov word ptr [0x52], cx 0x13be3: mov word ptr [0x54], dx 0x13be7: retf 0x13be8: mov bx, sp 0x13bea: push ds 0x13beb: les di, ptr ss:[bx + 8] 0x13bef: lds si, ptr ss:[bx + 4] 0x13bf3: cld 0x13bf4: xor ax, ax 0x13bf6: stosw word ptr es:[di], ax 0x13bf7: mov ax, 0xd7b0 0x13bfa: stosw word ptr es:[di], ax 0x13bfb: xor ax, ax 0x13bfd: mov cx, 0x16 0x13c00: rep stosd dword ptr es:[di], eax 0x13c02: lodsb al, byte ptr [si] 0x13c03: cmp al, 0x4f 0x13c05: jbe 0x13c09 0x13c07: mov al, 0x4f 0x13c09: mov cl, al
2018-12-17T22:54:25.293486498Z	54	PC: 130aa \| Get free disk space
2018-12-17T22:54:25.303726164Z	26	PC: 130f9 \| Set disk transfer address
2018-12-17T22:54:25.304966198Z	78	PC: 13105 \| Find first file
2018-12-17T22:54:25.31186889Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.313392752Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.317036313Z	61	PC: 13c5e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:25.324152459Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:25.3264114Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:25.328314369Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:25.32990698Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.332843268Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.333969559Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.337099552Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.339051569Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.341632956Z	61	PC: 13c5e \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:54:25.348978596Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:25.351609551Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:25.354001475Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:25.356422942Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.359546837Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.361258137Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.366423635Z	61	PC: 13c5e \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:54:25.373801608Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:25.376920961Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:25.378891686Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:25.380910564Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.384704842Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.386320768Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.390402515Z	61	PC: 13c5e \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:54:25.398477794Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:25.400159594Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:25.40193285Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:25.404584202Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.40699356Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.408285534Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.419254026Z	61	PC: 13c5e \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:54:25.42657287Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:25.428081775Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:25.430544272Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:25.432575911Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.435302582Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.438216088Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.442282525Z	61	PC: 13c5e \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:54:25.450778646Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:25.453884548Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:25.456251502Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:25.458380738Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.461132852Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.463465005Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.467092818Z	61	PC: 13c5e \| Open file (Filename = 'PAH.COM')
2018-12-17T22:54:25.474842285Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:25.476518572Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:25.478202677Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:25.480460173Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.483003807Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.48414069Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.48745218Z	61	PC: 13c5e \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:54:25.495337064Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:25.497618314Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:25.499668897Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:25.502522489Z	63	PC: 13d31 \| Read file or device (Read 7000 bytes on handle 5)
2018-12-17T22:54:25.511573169Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.514733047Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.517560182Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.52136242Z	26	PC: 130f9 \| Set disk transfer address
2018-12-17T22:54:25.523129928Z	78	PC: 13105 \| Find first file
2018-12-17T22:54:25.532291047Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.533976117Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.537818389Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.540020602Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.543632541Z	26	PC: 1311d \| Set disk transfer address
2018-12-17T22:54:25.544911182Z	79	PC: 13122 \| Find next file
2018-12-17T22:54:25.549207647Z	61	PC: 13c5e \| Open file (Filename = 'c:COMMAND.COM')
2018-12-17T22:54:25.556194881Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:25.558149549Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:25.562143358Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:25.564047603Z	63	PC: 13d31 \| Read file or device (Read 7000 bytes on handle 5)
2018-12-17T22:54:25.572970302Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.576716714Z	61	PC: 13c5e \| Open file (Filename = 'c:COMMAND.COM')
2018-12-17T22:54:25.583876271Z	63	PC: 13d31 \| Read file or device (Read 7000 bytes on handle 5)
2018-12-17T22:54:25.591660834Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.594566443Z	61	PC: 13c5e \| Open file (Filename = 'c:COMMAND.COM')
2018-12-17T22:54:25.602562021Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:25.604260079Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:25.606672057Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:25.615686801Z	66	PC: 13d90 \| Move file pointer
2018-12-17T22:54:25.617386679Z	64	PC: 13d31 \| Write file or device (Write 7000 bytes on handle 5)
2018-12-17T22:54:25.961061333Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.969256377Z	48	PC: 13e38 \| Get DOS version
2018-12-17T22:54:25.970595098Z	61	PC: 13c5e \| Open file (Filename = 'c:COMMAND.COM')
2018-12-17T22:54:25.974972187Z	64	PC: 13d31 \| Write file or device (Write 7000 bytes on handle 5)
2018-12-17T22:54:25.988523004Z	62	PC: 13cae \| Close file
2018-12-17T22:54:25.994312914Z	48	PC: 13e38 \| Get DOS version
2018-12-17T22:54:25.996470456Z	61	PC: 13c5e \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:26.004231693Z	63	PC: 13d31 \| Read file or device (Read 7000 bytes on handle 5)
2018-12-17T22:54:26.012925777Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:26.015078674Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:26.017286224Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:26.019220668Z	66	PC: 13d90 \| Move file pointer
2018-12-17T22:54:26.021693173Z	63	PC: 13d31 \| Read file or device (Read 7000 bytes on handle 5)
2018-12-17T22:54:26.030258236Z	66	PC: 13d90 \| Move file pointer
2018-12-17T22:54:26.031778392Z	64	PC: 13d31 \| Write file or device (Write 7000 bytes on handle 5)
2018-12-17T22:54:26.04676595Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:26.048309459Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:26.04976734Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:26.052053532Z	66	PC: 13d90 \| Move file pointer
2018-12-17T22:54:26.053602737Z	64	PC: 13d31 \| Write file or device (Write 7000 bytes on handle 5)
2018-12-17T22:54:26.062172905Z	62	PC: 13cae \| Close file
2018-12-17T22:54:26.070570164Z	48	PC: 13e38 \| Get DOS version
2018-12-17T22:54:26.072264888Z	48	PC: 13e38 \| Get DOS version
2018-12-17T22:54:26.074454342Z	41	PC: 131b0 \| Parse filename
2018-12-17T22:54:26.07597139Z	41	PC: 131be \| Parse filename
2018-12-17T22:54:26.077481704Z	75	PC: 131c9 \| Execute program
2018-12-17T22:54:26.095160723Z	9	PC: 1af45 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 7400H bytes long ')
2018-12-17T22:54:26.100091406Z	0	PC: 1af49 \| Program terminate
2018-12-17T22:54:26.102292553Z	48	PC: 13e38 \| Get DOS version
2018-12-17T22:54:26.103454696Z	61	PC: 13c5e \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:54:26.108023116Z	63	PC: 13d31 \| Read file or device (Read 7000 bytes on handle 5)
2018-12-17T22:54:26.113125938Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:26.114104748Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:26.11525762Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:26.11654184Z	66	PC: 13d90 \| Move file pointer
2018-12-17T22:54:26.117652782Z	63	PC: 13d31 \| Read file or device (Read 7000 bytes on handle 5)
2018-12-17T22:54:26.122639959Z	66	PC: 13d90 \| Move file pointer
2018-12-17T22:54:26.123960541Z	64	PC: 13d31 \| Write file or device (Write 7000 bytes on handle 5)
2018-12-17T22:54:26.129511866Z	66	PC: 13dfa \| Move file pointer
2018-12-17T22:54:26.130865215Z	66	PC: 13e08 \| Move file pointer
2018-12-17T22:54:26.132508234Z	66	PC: 13e16 \| Move file pointer
2018-12-17T22:54:26.133746811Z	66	PC: 13d90 \| Move file pointer
2018-12-17T22:54:26.135205869Z	64	PC: 13d31 \| Write file or device (Write 7000 bytes on handle 5)
2018-12-17T22:54:26.142760906Z	62	PC: 13cae \| Close file
2018-12-17T22:54:26.15163399Z	64	PC: 136e2 \| Write file or device (Write 33 bytes on handle 1)
2018-12-17T22:54:26.157120587Z	64	PC: 136e2 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:54:26.159324989Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:26.160485905Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:26.16150921Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:26.162902064Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:26.16421817Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:26.165529691Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:26.167022485Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:26.170894138Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:26.172153492Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:26.173599954Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:26.175463919Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:26.177135956Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:26.179786641Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:26.181216895Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:26.182819402Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:26.184938021Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:26.186463992Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:26.187862282Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:26.190256539Z	37	PC: 13356 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:26.191793607Z	76	PC: 13395 \| Terminate with return code (Return code = '0')