Sample viewer

vx.netlux.org/Virus.DOS.Frodo.Fish

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:03.49083505Z	48	PC: 12c4a \| Get DOS version
2018-12-17T23:09:03.493306636Z	82	PC: 12c57 \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:09:03.49528811Z	82	PC: 12ca9 \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:09:03.504359489Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.506007857Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.508298392Z	75	PC: 1316e \| Execute program
2018-12-17T23:09:03.511707059Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.513848764Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.521836536Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.524063191Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.526623303Z	74	PC: 12d15 \| Reallocate memory
2018-12-17T23:09:03.5363689Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.537828633Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.539500926Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.541608417Z	74	PC: 12d19 \| Reallocate memory
2018-12-17T23:09:03.544298173Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.545620358Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.547785517Z	51	PC: 13a2a \| Get or set Ctrl-Break
2018-12-17T23:09:03.549225784Z	74	PC: 12d7d \| Reallocate memory
2018-12-17T23:09:03.551737685Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.553352069Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.556954099Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.558330446Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:09:03.563195009Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.565153059Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.566517223Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.567915131Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')
2018-12-17T23:09:03.602145166Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.603263237Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.604621039Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.61139454Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:09:03.613465262Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.614563466Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.61699727Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.620721029Z	72	PC: 12174 \| Allocate memory
2018-12-17T23:09:03.623556598Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.624945067Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.62774549Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.629656031Z	72	PC: 1218d \| Allocate memory
2018-12-17T23:09:03.638621852Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.643801918Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.645449435Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.647757352Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:09:03.651392695Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.652920517Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.654764512Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.65718439Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:03.659845632Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.661196982Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.663820553Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.665488788Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:03.667441418Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.668402855Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.67072519Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.673330457Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.675014201Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.677748551Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.67880723Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.680438516Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.68331909Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.68528242Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.687870364Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.69028369Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.691832491Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.693133436Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.695404365Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.698017786Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.699727219Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.70122269Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.703487507Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.70504815Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.707452509Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.709577853Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.71108184Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.712397142Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.714918281Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.717252979Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.718526192Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.720481847Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.722058411Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.723732617Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.726412825Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.72850115Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.73001768Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.731321079Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.733932617Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.736391148Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.737678207Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.740592324Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.742373522Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.743967177Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.74723033Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.748431748Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.749705572Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.750926287Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.75284895Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.756049095Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.757380447Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.759985353Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.761393009Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.763084949Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.766257541Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.767569267Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.769090957Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.771458346Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.773059305Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.776073861Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.777934188Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.779847313Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.781247655Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.78309109Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.78628865Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.787899948Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.789726341Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.79195526Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.793396288Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.798971076Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.805471394Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.807235088Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.809524471Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.815117233Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.818713893Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.820196299Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.82460779Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.826117157Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.827855444Z	62	PC: 122ab \| Close file
2018-12-17T23:09:03.832558984Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.836396066Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:03.838126258Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:03.843444052Z	54	PC: 9f49a \| Get free disk space
2018-12-17T23:09:03.901194333Z	67	PC: 9f49a \| Get or set file attributes
2018-12-17T23:09:03.91111561Z	67	PC: 9f49a \| Get or set file attributes
2018-12-17T23:09:04.255774139Z	61	PC: 9f49a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T23:09:04.263809261Z	67	PC: 9f49a \| Get or set file attributes
2018-12-17T23:09:04.273942947Z	50	PC: 9f49a \| Get disk parameter block for specified drive
2018-12-17T23:09:04.277021523Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.27937693Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.280831925Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.282529705Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.285416191Z	66	PC: 12372 \| Move file pointer
2018-12-17T23:09:04.287211214Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.28804476Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.290028078Z	68	PC: 9f49a \| I/O control for devices (Set for = '�mfyW�Wv W�Wj W�WcW�W�W W5W')
2018-12-17T23:09:04.291310909Z	87	PC: 9f49a \| Get or set file date and time
2018-12-17T23:09:04.292613447Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.294686633Z	63	PC: 12383 \| Read file or device (Read 44693 bytes on handle 5)
2018-12-17T23:09:04.309760224Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.310660967Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.313186594Z	81	PC: 9f49a \| Get current PSP
2018-12-17T23:09:04.315291841Z	87	PC: 9f49a \| Get or set file date and time
2018-12-17T23:09:04.317932734Z	66	PC: 9f49a \| Move file pointer
2018-12-17T23:09:04.320557397Z	63	PC: 9f49a \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:09:04.327090286Z	66	PC: 9f49a \| Move file pointer
2018-12-17T23:09:04.32892306Z	63	PC: 9f49a \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:09:04.332713254Z	66	PC: 9f49a \| Move file pointer
2018-12-17T23:09:04.335046399Z	66	PC: 9f49a \| Move file pointer
2018-12-17T23:09:04.336826024Z	64	PC: 9f49a \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T23:09:04.340366759Z	66	PC: 9f49a \| Move file pointer
2018-12-17T23:09:04.342584517Z	64	PC: 9f49a \| Write file or device (Write 4085 bytes on handle 5)
2018-12-17T23:09:04.353511384Z	87	PC: 9f49a \| Get or set file date and time
2018-12-17T23:09:04.356242176Z	62	PC: 9f49a \| Close file
2018-12-17T23:09:04.364358611Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.367405608Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.369420144Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.370960599Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.372566477Z	99	PC: 98fc7 \| Get DBCS lead byte table pointer
2018-12-17T23:09:04.375183015Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.376693063Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.378176821Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.380558738Z	56	PC: 937e9 \| Get or set country info
2018-12-17T23:09:04.383771527Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.38500757Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.386724006Z	68	PC: 9f49a \| I/O control for devices (Set for = ' %1 mm-dd-yy')
2018-12-17T23:09:04.389239474Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.390809384Z	64	PC: 99238 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:09:04.396977768Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.398674637Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.399944093Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.401592721Z	25	PC: 93852 \| Get default drive
2018-12-17T23:09:04.405208978Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.406498592Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.407989905Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.410718894Z	71	PC: 95acd \| Get current directory
2018-12-17T23:09:04.415884743Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.416891044Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.419251401Z	68	PC: 9f49a \| I/O control for devices (Set for = 'A:\$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$MS DOS Version 6 (C)Copyright 1981-1994 Microsoft Corp Licensed Material - Property of Microsoft All rights reserved ')
2018-12-17T23:09:04.420827834Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.422168874Z	64	PC: 99238 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:09:04.428506415Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.429511525Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.430760883Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.433074281Z	2	PC: 95aa2 \| Character output (Char = '3e')
2018-12-17T23:09:04.436024586Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.43702716Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.44011329Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.441467275Z	93	PC: 93910 \| File sharing functions
2018-12-17T23:09:04.444204961Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.446395448Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.447698697Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.448997969Z	93	PC: 93917 \| File sharing functions
2018-12-17T23:09:04.451652568Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.454172854Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.455699203Z	51	PC: 9f49a \| Get or set Ctrl-Break
2018-12-17T23:09:04.457459692Z	10	PC: 93929 \| Buffered keyboard input