Sample viewer

vx.netlux.org/Virus.DOS.HLLW.Tworm.26808

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:44.570584959Z 48 PC: 1752c | Get DOS version
2018-12-17T23:01:44.573074256Z 74 PC: 1757c | Reallocate memory
2018-12-17T23:01:44.575139476Z 48 PC: 175e0 | Get DOS version
2018-12-17T23:01:44.576422988Z 53 PC: 175e8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:44.578613354Z 37 PC: 175fa | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:44.580652645Z 53 PC: 19cd2 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:01:44.586486828Z 37 PC: 19ce2 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:01:44.589967097Z 53 PC: 19ce7 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:44.591657584Z 37 PC: 19cf7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:44.593253643Z 53 PC: 17a26 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:01:44.595131722Z 53 PC: 17a26 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:01:44.597873965Z 53 PC: 17a26 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:01:44.600218209Z 53 PC: 17a26 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:01:44.60176186Z 53 PC: 17a26 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:01:44.603915547Z 53 PC: 17a26 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:01:44.605233583Z 53 PC: 17a26 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:01:44.606497258Z 53 PC: 17a26 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:01:44.608608906Z 53 PC: 17a26 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:01:44.6102769Z 53 PC: 17a26 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:01:44.611927612Z 53 PC: 17a26 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:01:44.61424193Z 37 PC: 17a55 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:01:44.615616393Z 37 PC: 17a55 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:01:44.616899824Z 37 PC: 17a55 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:01:44.619061135Z 37 PC: 17a55 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:01:44.620380624Z 37 PC: 17a55 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:01:44.621637716Z 37 PC: 17a55 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:01:44.623682869Z 37 PC: 17a55 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:01:44.624977271Z 37 PC: 17a55 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:01:44.626191473Z 37 PC: 17a5c | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:01:44.627593687Z 37 PC: 17a61 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:01:44.629837724Z 68 PC: 1768b | I/O control for devices (Set for = 'Xþ�9\t �t���u�����PSQRW���T�\�D+�;�t�+')
2018-12-17T23:01:44.63146944Z 68 PC: 1768b | I/O control for devices
2018-12-17T23:01:44.633070498Z 68 PC: 1768b | I/O control for devices (Set for = '')
2018-12-17T23:01:44.635329593Z 68 PC: 1768b | I/O control for devices (Set for = '')
2018-12-17T23:01:44.637207051Z 68 PC: 1768b | I/O control for devices (Set for = '')
2018-12-17T23:01:44.639442812Z 53 PC: 154e6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:44.642153686Z 53 PC: 154f3 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:01:44.643823223Z 53 PC: 15500 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:44.645443287Z 37 PC: 15515 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:44.647848697Z 37 PC: 1551d | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:01:44.649218711Z 37 PC: 15525 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:44.650765999Z 53 PC: 15fa4 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:01:44.653216373Z 53 PC: 15fb1 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:01:44.654635519Z 53 PC: 15fc0 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:01:44.656133254Z 37 PC: 15fcd | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:01:44.657927545Z 53 PC: 15fd4 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:01:44.659592303Z 37 PC: 15fe1 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:01:44.661091009Z 53 PC: 15fed | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:01:44.666224185Z 48 PC: 160af | Get DOS version
2018-12-17T23:01:44.66801035Z 74 PC: 141b1 | Reallocate memory
2018-12-17T23:01:44.67025637Z 74 PC: 141b1 | Reallocate memory
2018-12-17T23:01:44.672265796Z 68 PC: 1545c | I/O control for devices (Set for = ' | copy c:\tworm.exe i:\')
2018-12-17T23:01:44.674382253Z 68 PC: 1545c | I/O control for devices (Set for = '')
2018-12-17T23:01:44.676028837Z 51 PC: 1547a | Get or set Ctrl-Break
2018-12-17T23:01:44.67703622Z 51 PC: 15486 | Get or set Ctrl-Break
2018-12-17T23:01:44.68244874Z 74 PC: 141b1 | Reallocate memory
2018-12-17T23:01:44.684296552Z 51 PC: 15491 | Get or set Ctrl-Break
2018-12-17T23:01:44.685730256Z 37 PC: 15713 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:44.688249239Z 37 PC: 1571d | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:01:44.689770357Z 37 PC: 15727 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:44.69154943Z 53 PC: 13bde | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:01:44.693940453Z 53 PC: 13beb | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:01:44.695271484Z 53 PC: 13bf8 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:01:44.696901046Z 37 PC: 13c13 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:01:44.699107883Z 53 PC: 13c1b | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:01:44.701440786Z 37 PC: 13c28 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:01:44.703598701Z 53 PC: 13c2f | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:01:44.706189289Z 37 PC: 13c3c | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:01:44.707777203Z 37 PC: 13c46 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:01:44.709358804Z 37 PC: 13c51 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:01:44.712137836Z 37 PC: 17a71 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:01:44.713681236Z 37 PC: 17a71 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:01:44.715386591Z 37 PC: 17a71 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:01:44.717631038Z 37 PC: 17a71 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:01:44.719320362Z 37 PC: 17a71 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:01:44.72091596Z 37 PC: 17a71 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:01:44.722953358Z 37 PC: 17a71 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:01:44.724321699Z 37 PC: 17a71 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:01:44.725625509Z 37 PC: 17a71 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:01:44.727631628Z 37 PC: 17a71 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:01:44.729417955Z 37 PC: 17a71 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:01:44.730973027Z 37 PC: 19d06 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:01:44.733287897Z 37 PC: 1773c | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:44.737826956Z 41 PC: 1731d | Parse filename
2018-12-17T23:01:44.739657034Z 41 PC: 1731f | Parse filename
2018-12-17T23:01:44.741669025Z 41 PC: 17324 | Parse filename
2018-12-17T23:01:44.744238864Z 75 PC: 1733a | Execute program
2018-12-17T23:01:44.765969065Z 80 PC: 1cd19 | Set current PSP
2018-12-17T23:01:44.767049855Z 48 PC: 1cd1e | Get DOS version
2018-12-17T23:01:44.769632578Z 99 PC: 23500 | Get DBCS lead byte table pointer
2018-12-17T23:01:44.772450643Z 101 PC: 1cda4 | Get extended country info
2018-12-17T23:01:44.775103438Z 99 PC: 1cdaa | Get DBCS lead byte table pointer
2018-12-17T23:01:44.777683225Z 74 PC: 1ce0c | Reallocate memory
2018-12-17T23:01:44.779324159Z 25 PC: 1ce43 | Get default drive
2018-12-17T23:01:44.781371295Z 37 PC: 1c903 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:01:44.784251497Z 37 PC: 1c90a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:44.785935111Z 37 PC: 1c911 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:44.790781076Z 74 PC: 1baac | Reallocate memory
2018-12-17T23:01:44.793842619Z 72 PC: 1baed | Allocate memory
2018-12-17T23:01:44.795458365Z 72 PC: 1bb25 | Allocate memory
2018-12-17T23:01:44.797182595Z 72 PC: 1bb2d | Allocate memory