Sample viewer

vx.netlux.org/Virus.DOS.Tapeworm.1927

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:31.665285723Z 170 PC: 12ab7 | UNKNOWN!
2018-12-17T23:08:31.667518206Z 53 PC: 12afb | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:31.669371268Z 37 PC: 12b08 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:31.672156066Z 26 PC: 12b6c | Set disk transfer address
2018-12-17T23:08:31.673799673Z 78 PC: 12b76 | Find first file
2018-12-17T23:08:31.682429661Z 61 PC: 12b87 | Open file (Filename = 'ZYv�')
2018-12-17T23:08:31.690211234Z 66 PC: 12b93 | Move file pointer
2018-12-17T23:08:31.691715062Z 66 PC: 12ba0 | Move file pointer
2018-12-17T23:08:31.694263791Z 63 PC: 12baa | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:08:31.697836403Z 66 PC: 12bbe | Move file pointer
2018-12-17T23:08:31.699757042Z 64 PC: 12bcf | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:08:31.703668725Z 66 PC: 12b93 | Move file pointer
2018-12-17T23:08:31.705563705Z 66 PC: 12ba0 | Move file pointer
2018-12-17T23:08:31.707432751Z 63 PC: 12baa | Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:08:31.710914479Z 66 PC: 12be8 | Move file pointer
2018-12-17T23:08:31.712425346Z 66 PC: 12bf5 | Move file pointer
2018-12-17T23:08:31.71379407Z 64 PC: 12c04 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:08:31.717269731Z 62 PC: 12c08 | Close file
2018-12-17T23:08:32.051889616Z 67 PC: 12f51 | Get or set file attributes
2018-12-17T23:08:32.057521381Z 42 PC: 12c0f | Get date 0x12c0f: cmp dh, 0xa
0x12c12: je 0x12c16
0x12c14: jmp 0x12c34
0x12c16: cmp dl, 0x15
0x12c19: je 0x12c1d
0x12c1b: jmp 0x12c34
0x12c1d: mov ax, 6
0x12c20: int 0x10
0x12c22: mov ax, 0xe07
0x12c25: int 0x10
0x12c27: push cs
0x12c28: pop ds
0x12c29: mov ah, 9
0x12c2b: mov dx, 0x704
0x12c2e: int 0x21
0x12c30: mov ah, 0
0x12c32: int 0x16
0x12c34: push cs
0x12c35: pop ds
0x12c36: mov ah, 0x43
2018-12-17T23:08:32.061112859Z 67 PC: 12c3f | Get or set file attributes
2018-12-17T23:08:32.067709131Z 67 PC: 12c50 | Get or set file attributes
2018-12-17T23:08:32.084832384Z 61 PC: 12c59 | Open file (Filename = ' �������� � - ����� TAPEWORM ! � �������� ������ ��� ��������� ������� �᫨ �� ����蠥� ��� �������, �� ����� ��������� �� ����� FAT'�� � ����� �_��_� ������ ���������� !!! �।�⢠ �� ����⮢ (Tapeworm'��) ��� �� ������� !!!')
2018-12-17T23:08:32.09311347Z 63 PC: 12c6e | Read file or device (Read 22 bytes on handle 5)
2018-12-17T23:08:32.101016259Z 66 PC: 12ce8 | Move file pointer
2018-12-17T23:08:32.103094956Z 64 PC: 12d29 | Write file or device (Write 16 bytes on handle 5)
2018-12-17T23:08:32.106451324Z 66 PC: 12d32 | Move file pointer
2018-12-17T23:08:32.109563925Z 64 PC: 12d70 | Write file or device (Write 1911 bytes on handle 5)
2018-12-17T23:08:32.118971252Z 66 PC: 12d84 | Move file pointer
2018-12-17T23:08:32.120427784Z 64 PC: 12d9b | Write file or device (Write 22 bytes on handle 5)
2018-12-17T23:08:32.128244383Z 62 PC: 12da4 | Close file
2018-12-17T23:08:32.137422784Z 67 PC: 12f51 | Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16225,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:54.781619329Z 170 PC: 12ab7 | UNKNOWN!
2018-12-25T12:45:54.782640105Z 53 PC: 12afb | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:54.783458754Z 37 PC: 12b08 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:54.784617773Z 26 PC: 12b6c | Set disk transfer address
2018-12-25T12:45:54.785642674Z 78 PC: 12b76 | Find first file
2018-12-25T12:45:54.789246719Z 61 PC: 12b87 | Open file (Filename = 'ZYv�')
2018-12-25T12:45:54.792867016Z 66 PC: 12b93 | Move file pointer
2018-12-25T12:45:54.794110049Z 66 PC: 12ba0 | Move file pointer
2018-12-25T12:45:54.795012449Z 63 PC: 12baa | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:45:54.796780968Z 66 PC: 12bbe | Move file pointer
2018-12-25T12:45:54.798015782Z 64 PC: 12bcf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:54.799761841Z 66 PC: 12b93 | Move file pointer (See above)
2018-12-25T12:45:54.800873782Z 66 PC: 12ba0 | Move file pointer (See above)
2018-12-25T12:45:54.80239159Z 63 PC: 12baa | Read file or device (See above)
2018-12-25T12:45:54.804642096Z 66 PC: 12be8 | Move file pointer
2018-12-25T12:45:54.805810064Z 66 PC: 12bf5 | Move file pointer
2018-12-25T12:45:54.807346915Z 64 PC: 12c04 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:54.809034691Z 62 PC: 12c08 | Close file
2018-12-25T12:45:55.146932465Z 67 PC: 12f51 | Get or set file attributes
2018-12-25T12:45:55.150746002Z 42 PC: 12c0f | Get date 0x12c0f: cmp dh, 0xa
0x12c12: je 0x12c16
0x12c14: jmp 0x12c34
0x12c16: cmp dl, 0x15
0x12c19: je 0x12c1d
0x12c1b: jmp 0x12c34
0x12c1d: mov ax, 6
0x12c20: int 0x10
0x12c22: mov ax, 0xe07
0x12c25: int 0x10
0x12c27: push cs
0x12c28: pop ds
0x12c29: mov ah, 9
0x12c2b: mov dx, 0x704
0x12c2e: int 0x21
0x12c30: mov ah, 0
0x12c32: int 0x16
0x12c34: push cs
0x12c35: pop ds
0x12c36: mov ah, 0x43
2018-12-25T12:45:55.152939279Z 67 PC: 12c3f | Get or set file attributes
2018-12-25T12:45:55.15840675Z 67 PC: 12c50 | Get or set file attributes
2018-12-25T12:45:55.173061653Z 61 PC: 12c59 | Open file (Filename = ' �������� � - ����� TAPEWORM ! � �������� ������ ��� ��������� ������� �᫨ �� ����蠥� ��� �������, �� ����� ��������� �� ����� FAT'�� � ����� �_��_� ������ ���������� !!! �।�⢠ �� ����⮢ (Tapeworm'��) ��� �� ������� !!!')
2018-12-25T12:45:55.180105672Z 63 PC: 12c6e | Read file or device (Read 22 bytes on handle 5)
2018-12-25T12:45:55.186306331Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:45:55.187567815Z 64 PC: 12d29 | Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:45:55.190557477Z 66 PC: 12d32 | Move file pointer
2018-12-25T12:45:55.191924758Z 64 PC: 12d70 | Write file or device (Write 1911 bytes on handle 5)
2018-12-25T12:45:55.20027656Z 66 PC: 12d84 | Move file pointer
2018-12-25T12:45:55.201878215Z 64 PC: 12d9b | Write file or device (Write 22 bytes on handle 5)
2018-12-25T12:45:55.208084681Z 62 PC: 12da4 | Close file
2018-12-25T12:45:55.216125003Z 67 PC: 12f51 | Get or set file attributes (See above)

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16225,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:55.502292032Z 170 PC: 12ab7 | UNKNOWN!
2018-12-25T12:45:55.503297922Z 53 PC: 12afb | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:55.50429867Z 37 PC: 12b08 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:55.505980206Z 26 PC: 12b6c | Set disk transfer address
2018-12-25T12:45:55.50712425Z 78 PC: 12b76 | Find first file
2018-12-25T12:45:55.512714582Z 61 PC: 12b87 | Open file (Filename = 'ZYv�')
2018-12-25T12:45:55.518511759Z 66 PC: 12b93 | Move file pointer
2018-12-25T12:45:55.519996249Z 66 PC: 12ba0 | Move file pointer
2018-12-25T12:45:55.521146016Z 63 PC: 12baa | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:45:55.524476949Z 66 PC: 12bbe | Move file pointer
2018-12-25T12:45:55.525977652Z 64 PC: 12bcf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:55.528454975Z 66 PC: 12b93 | Move file pointer (See above)
2018-12-25T12:45:55.529617515Z 66 PC: 12ba0 | Move file pointer (See above)
2018-12-25T12:45:55.531204457Z 63 PC: 12baa | Read file or device (See above)
2018-12-25T12:45:55.533462559Z 66 PC: 12be8 | Move file pointer
2018-12-25T12:45:55.534617857Z 66 PC: 12bf5 | Move file pointer
2018-12-25T12:45:55.535872429Z 64 PC: 12c04 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:55.537660149Z 62 PC: 12c08 | Close file
2018-12-25T12:45:56.192224926Z 67 PC: 12f51 | Get or set file attributes
2018-12-25T12:45:56.196952947Z 42 PC: 12c0f | Get date 0x12c0f: cmp dh, 0xa
0x12c12: je 0x12c16
0x12c14: jmp 0x12c34
0x12c16: cmp dl, 0x15
0x12c19: je 0x12c1d
0x12c1b: jmp 0x12c34
0x12c1d: mov ax, 6
0x12c20: int 0x10
0x12c22: mov ax, 0xe07
0x12c25: int 0x10
0x12c27: push cs
0x12c28: pop ds
0x12c29: mov ah, 9
0x12c2b: mov dx, 0x704
0x12c2e: int 0x21
0x12c30: mov ah, 0
0x12c32: int 0x16
0x12c34: push cs
0x12c35: pop ds
0x12c36: mov ah, 0x43
2018-12-25T12:45:56.199149867Z 67 PC: 12c3f | Get or set file attributes
2018-12-25T12:45:56.204534394Z 67 PC: 12c50 | Get or set file attributes
2018-12-25T12:45:56.219672833Z 61 PC: 12c59 | Open file (Filename = ' �������� � - ����� TAPEWORM ! � �������� ������ ��� ��������� ������� �᫨ �� ����蠥� ��� �������, �� ����� ��������� �� ����� FAT'�� � ����� �_��_� ������ ���������� !!! �।�⢠ �� ����⮢ (Tapeworm'��) ��� �� ������� !!!')
2018-12-25T12:45:56.226107492Z 63 PC: 12c6e | Read file or device (Read 22 bytes on handle 5)
2018-12-25T12:45:56.23217984Z 66 PC: 12ce8 | Move file pointer
2018-12-25T12:45:56.23356515Z 64 PC: 12d29 | Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:45:56.236312946Z 66 PC: 12d32 | Move file pointer
2018-12-25T12:45:56.2377399Z 64 PC: 12d70 | Write file or device (Write 1911 bytes on handle 5)
2018-12-25T12:45:56.246597382Z 66 PC: 12d84 | Move file pointer
2018-12-25T12:45:56.248283371Z 64 PC: 12d9b | Write file or device (Write 22 bytes on handle 5)
2018-12-25T12:45:56.254922595Z 62 PC: 12da4 | Close file
2018-12-25T12:45:56.263052366Z 67 PC: 12f51 | Get or set file attributes (See above)

{"DateBased":true,"Day":21,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16225,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:55.728165244Z 170 PC: 12ab7 | UNKNOWN!
2018-12-25T12:45:55.729315087Z 53 PC: 12afb | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:55.730441121Z 37 PC: 12b08 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:55.732154377Z 26 PC: 12b6c | Set disk transfer address
2018-12-25T12:45:55.733755018Z 78 PC: 12b76 | Find first file
2018-12-25T12:45:55.739433106Z 61 PC: 12b87 | Open file (Filename = 'ZYv�')
2018-12-25T12:45:55.745287531Z 66 PC: 12b93 | Move file pointer
2018-12-25T12:45:55.746761905Z 66 PC: 12ba0 | Move file pointer
2018-12-25T12:45:55.748007408Z 63 PC: 12baa | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:45:55.750668901Z 66 PC: 12bbe | Move file pointer
2018-12-25T12:45:55.752328936Z 64 PC: 12bcf | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:55.75484055Z 66 PC: 12b93 | Move file pointer (See above)
2018-12-25T12:45:55.756026797Z 66 PC: 12ba0 | Move file pointer (See above)
2018-12-25T12:45:55.757538056Z 63 PC: 12baa | Read file or device (See above)
2018-12-25T12:45:55.7598177Z 66 PC: 12be8 | Move file pointer
2018-12-25T12:45:55.761023938Z 66 PC: 12bf5 | Move file pointer
2018-12-25T12:45:55.762572532Z 64 PC: 12c04 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:45:55.765165568Z 62 PC: 12c08 | Close file
2018-12-25T12:45:56.192234942Z 67 PC: 12f51 | Get or set file attributes
2018-12-25T12:45:56.197326187Z 42 PC: 12c0f | Get date 0x12c0f: cmp dh, 0xa
0x12c12: je 0x12c16
0x12c14: jmp 0x12c34
0x12c16: cmp dl, 0x15
0x12c19: je 0x12c1d
0x12c1b: jmp 0x12c34
0x12c1d: mov ax, 6
0x12c20: int 0x10
0x12c22: mov ax, 0xe07
0x12c25: int 0x10
0x12c27: push cs
0x12c28: pop ds
0x12c29: mov ah, 9
0x12c2b: mov dx, 0x704
0x12c2e: int 0x21
0x12c30: mov ah, 0
0x12c32: int 0x16
0x12c34: push cs
0x12c35: pop ds
0x12c36: mov ah, 0x43
2018-12-25T12:45:56.206612392Z 9 PC: 12c30 | Display string (Could not find end pointer)