Sample viewer

vx.netlux.org/Virus.DOS.Tadpole.2792

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:14.566892493Z 53 PC: 12e1c | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:10:14.569124817Z 37 PC: 12e2c | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:10:14.570602175Z 53 PC: 12e31 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:14.574220726Z 37 PC: 12e41 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:14.576161934Z 73 PC: 12aa8 | Release memory
2018-12-17T23:10:14.579484271Z 49 PC: 12aa8 | Terminate and stay resident (Return code = '147' | Memory size = '199')
2018-12-17T23:10:14.5817799Z 48 PC: 12aa8 | Get DOS version
2018-12-17T23:10:14.583060433Z 53 PC: 12aa8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:14.587456898Z 37 PC: 12aa8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:14.589068784Z 53 PC: 12aa8 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:14.590636861Z 37 PC: 12aa8 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:14.593299783Z 72 PC: 12aa8 | Allocate memory
2018-12-17T23:10:14.600287993Z 67 PC: 12aa8 | Get or set file attributes
2018-12-17T23:10:14.62274881Z 67 PC: 12aa8 | Get or set file attributes
2018-12-17T23:10:14.639273902Z 61 PC: 12aa8 | Open file (Filename = '�.�� .�&� ���'�۴%� ')
2018-12-17T23:10:14.647505611Z 87 PC: 12aa8 | Get or set file date and time
2018-12-17T23:10:14.651885649Z 66 PC: 12aa8 | Move file pointer
2018-12-17T23:10:14.654603611Z 63 PC: 12aa8 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T23:10:14.659137758Z 66 PC: 12aa8 | Move file pointer
2018-12-17T23:10:14.661771838Z 66 PC: 12aa8 | Move file pointer
2018-12-17T23:10:14.663987787Z 66 PC: 12aa8 | Move file pointer
2018-12-17T23:10:14.667171217Z 63 PC: 12aa8 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T23:10:14.670462445Z 87 PC: 12aa8 | Get or set file date and time
2018-12-17T23:10:14.672895052Z 62 PC: 12aa8 | Close file
2018-12-17T23:10:14.685554652Z 67 PC: 12aa8 | Get or set file attributes
2018-12-17T23:10:14.696574717Z 73 PC: 12aa8 | Release memory
2018-12-17T23:10:14.698706012Z 37 PC: 12aa8 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:14.70134038Z 37 PC: 12aa8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:14.703130824Z 75 PC: 134be | Execute program
2018-12-17T23:10:14.722208073Z 9 PC: 13717 | Display string (String= 'Tadpole virus loaded. ')
2018-12-17T23:10:14.729082375Z 76 PC: 1371b | Terminate with return code (Return code = '36')
2018-12-17T23:10:14.732729097Z 42 PC: 12aa8 | Get date 0x12aa8: pop bp
0x12aa9: ret
0x12aaa: mov ah, 0x40
0x12aac: call 0x22a95
0x12aaf: pushf
0x12ab0: push cx
0x12ab1: push si
0x12ab2: mov si, 0
0x12ab5: mov cx, 0x20
0x12ab8: mov byte ptr cs:[si], al
0x12abb: inc si
0x12abc: loop 0x12ab8
0x12abe: pop si
0x12abf: pop cx
0x12ac0: popf
0x12ac1: jb 0x12ac7
0x12ac3: cmp ax, cx
0x12ac5: jae 0x12ae1
0x12ac7: pop ax
0x12ac8: push cs
2018-12-17T23:10:14.735282225Z 77 PC: 12aa8 | Get program return code