Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Voodoo.6128.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:49.845744597Z 53 PC: 1331a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:49.84825015Z 53 PC: 1331a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:10:49.850209676Z 53 PC: 1331a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:49.852205139Z 53 PC: 1331a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:49.854194521Z 53 PC: 1331a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:49.857586031Z 53 PC: 1331a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:49.859434749Z 53 PC: 1331a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:10:49.861292743Z 53 PC: 1331a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:10:49.864049048Z 53 PC: 1331a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:10:49.866452269Z 53 PC: 1331a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:10:49.870270461Z 53 PC: 1331a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:10:49.87243871Z 53 PC: 1331a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:10:49.874933272Z 53 PC: 1331a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:10:49.877456648Z 53 PC: 1331a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:10:49.880793074Z 53 PC: 1331a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:10:49.882952817Z 53 PC: 1331a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:10:49.885340608Z 53 PC: 1331a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:10:49.887777582Z 53 PC: 1331a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:49.889841134Z 53 PC: 1331a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:10:49.891401269Z 37 PC: 1332f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:49.892790171Z 37 PC: 13337 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:49.895127247Z 37 PC: 1333f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:49.896785797Z 37 PC: 13347 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:49.898903631Z 68 PC: 141ef | I/O control for devices (Set for = '')
2018-12-17T23:10:49.902174814Z 42 PC: 13137 | Get date 0x13137: xor ah, ah
0x13139: les di, ptr [bp + 6]
0x1313c: stosw word ptr es:[di], ax
0x1313d: mov al, dl
0x1313f: les di, ptr [bp + 0xa]
0x13142: stosw word ptr es:[di], ax
0x13143: mov al, dh
0x13145: les di, ptr [bp + 0xe]
0x13148: stosw word ptr es:[di], ax
0x13149: xchg ax, cx
0x1314a: les di, ptr [bp + 0x12]
0x1314d: stosw word ptr es:[di], ax
0x1314e: pop bp
0x1314f: retf 0x10
0x13152: push bp
0x13153: mov bp, sp
0x13155: mov cx, word ptr [bp + 0xa]
0x13158: mov dh, byte ptr [bp + 8]
0x1315b: mov dl, byte ptr [bp + 6]
0x1315e: mov ah, 0x2b
2018-12-17T23:10:49.905205846Z 26 PC: 131c7 | Set disk transfer address
2018-12-17T23:10:49.906845149Z 78 PC: 131d3 | Find first file
2018-12-17T23:10:49.917273375Z 26 PC: 131eb | Set disk transfer address
2018-12-17T23:10:49.918601643Z 79 PC: 131f0 | Find next file
2018-12-17T23:10:49.921783429Z 61 PC: 13c43 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:49.929884327Z 63 PC: 13d16 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:10:49.937006394Z 62 PC: 13c93 | Close file
2018-12-17T23:10:49.939562862Z 48 PC: 13e05 | Get DOS version
2018-12-17T23:10:49.942029772Z 61 PC: 13c43 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:10:49.951413935Z 63 PC: 13d16 | Read file or device (Read 6128 bytes on handle 5)
2018-12-17T23:10:49.960671529Z 62 PC: 13c93 | Close file
2018-12-17T23:10:49.963411903Z 61 PC: 13c43 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:49.972268773Z 66 PC: 142ee | Move file pointer
2018-12-17T23:10:49.974303751Z 66 PC: 142fc | Move file pointer
2018-12-17T23:10:49.977153031Z 66 PC: 1430a | Move file pointer
2018-12-17T23:10:49.979898966Z 63 PC: 13d16 | Read file or device (Read 27 bytes on handle 5)
2018-12-17T23:10:49.983357351Z 66 PC: 13d75 | Move file pointer
2018-12-17T23:10:49.985140235Z 64 PC: 13d16 | Write file or device (Write 6128 bytes on handle 5)
2018-12-17T23:10:50.002136846Z 64 PC: 13d16 | Write file or device (Write 27 bytes on handle 5)
2018-12-17T23:10:50.011494288Z 62 PC: 13c93 | Close file
2018-12-17T23:10:50.021409419Z 48 PC: 13e05 | Get DOS version
2018-12-17T23:10:50.024306258Z 61 PC: 13c43 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:10:50.03209008Z 66 PC: 142ee | Move file pointer
2018-12-17T23:10:50.033748569Z 66 PC: 142fc | Move file pointer
2018-12-17T23:10:50.036555829Z 66 PC: 1430a | Move file pointer
2018-12-17T23:10:50.039160309Z 63 PC: 13d16 | Read file or device (Read 6128 bytes on handle 5)
2018-12-17T23:10:50.04811904Z 63 PC: 13d16 | Read file or device (Read 880 bytes on handle 5)
2018-12-17T23:10:50.057434894Z 62 PC: 13c93 | Close file
2018-12-17T23:10:50.060478479Z 60 PC: 13c43 | Create or truncate file
2018-12-17T23:10:50.076350354Z 64 PC: 13d16 | Write file or device (Write 880 bytes on handle 5)
2018-12-17T23:10:50.08605004Z 62 PC: 13c93 | Close file
2018-12-17T23:10:50.096370062Z 41 PC: 1327f | Parse filename
2018-12-17T23:10:50.098434576Z 41 PC: 1328d | Parse filename
2018-12-17T23:10:50.100518866Z 75 PC: 13298 | Execute program
2018-12-17T23:10:50.111007926Z 65 PC: 13d8c | Delete file (Filename = 'temp.com')
2018-12-17T23:10:50.125120873Z 64 PC: 1399b | Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:10:50.127151172Z 37 PC: 13471 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:50.129314611Z 37 PC: 13471 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:10:50.131033034Z 37 PC: 13471 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:50.132697625Z 37 PC: 13471 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:50.135228536Z 37 PC: 13471 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:50.137194924Z 37 PC: 13471 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:50.138875806Z 37 PC: 13471 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:10:50.141223733Z 37 PC: 13471 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:10:50.143076668Z 37 PC: 13471 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:10:50.144519863Z 37 PC: 13471 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:10:50.146714872Z 37 PC: 13471 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:10:50.148321715Z 37 PC: 13471 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:10:50.149709265Z 37 PC: 13471 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:10:50.151185782Z 37 PC: 13471 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:10:50.15401301Z 37 PC: 13471 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:10:50.155425477Z 37 PC: 13471 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:10:50.156887838Z 37 PC: 13471 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:10:50.159624946Z 37 PC: 13471 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:50.16124852Z 37 PC: 13471 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:10:50.163168021Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.166909038Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.170337296Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.172700141Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.175939895Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.178505391Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.181055648Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.184779954Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.187788613Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.190464657Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.193105154Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.196521861Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.2125978Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.215144871Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.217853316Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.21999293Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.222129349Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.230534299Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.232620152Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.234454773Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.236890795Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.238780059Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.240585966Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.243598623Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.245247915Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.246876479Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.249720659Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.251490638Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.253146473Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.256593407Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.259001637Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.261627045Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.26416536Z 6 PC: 134f8 | Direct console I/O
2018-12-17T23:10:50.266917166Z 76 PC: 134b0 | Terminate with return code (Return code = '103')