Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Weed.7072

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:11:40.370655737Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:40.372983721Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:40.374615843Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:40.376374136Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:40.378470995Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:40.380885244Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:40.382587355Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:40.384285957Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:40.387485519Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:40.388903111Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:40.390367896Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:40.393066778Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:40.394559824Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:40.396478702Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:40.398837954Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:40.400717008Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:40.406540375Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:40.409542965Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:40.417988297Z	53	PC: 13532 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:40.41952706Z	37	PC: 13547 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:40.421150759Z	37	PC: 1354f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:40.422986067Z	37	PC: 13557 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:40.42413699Z	37	PC: 1355f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:40.425601293Z	68	PC: 13b32 \| I/O control for devices (Set for = '')
2018-12-17T23:11:40.427433156Z	48	PC: 14292 \| Get DOS version
2018-12-17T23:11:40.428918658Z	25	PC: 1431f \| Get default drive
2018-12-17T23:11:40.429869814Z	71	PC: 14332 \| Get current directory
2018-12-17T23:11:40.434398123Z	61	PC: 1401b \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:11:40.442519751Z	63	PC: 140ee \| Read file or device (Read 7072 bytes on handle 5)
2018-12-17T23:11:40.453113737Z	61	PC: 1401b \| Open file (Filename = 'A:\DOS\MOVE.EXE')
2018-12-17T23:11:40.461338499Z	26	PC: 133ad \| Set disk transfer address
2018-12-17T23:11:40.463353308Z	78	PC: 133b9 \| Find first file
2018-12-17T23:11:40.47096174Z	61	PC: 1401b \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:11:40.480468806Z	66	PC: 1414d \| Move file pointer
2018-12-17T23:11:40.482350587Z	63	PC: 140ee \| Read file or device (Read 2 bytes on handle 6)
2018-12-17T23:11:40.485475531Z	66	PC: 1414d \| Move file pointer
2018-12-17T23:11:40.487814014Z	63	PC: 140ee \| Read file or device (Read 2 bytes on handle 6)
2018-12-17T23:11:40.490813911Z	62	PC: 1406b \| Close file
2018-12-17T23:11:40.493405804Z	26	PC: 133d1 \| Set disk transfer address
2018-12-17T23:11:40.495209243Z	79	PC: 133d6 \| Find next file
2018-12-17T23:11:40.499001089Z	60	PC: 1401b \| Create or truncate file
2018-12-17T23:11:40.51736266Z	66	PC: 141b7 \| Move file pointer
2018-12-17T23:11:40.51913669Z	66	PC: 141c5 \| Move file pointer
2018-12-17T23:11:40.521787254Z	66	PC: 141d3 \| Move file pointer
2018-12-17T23:11:40.524107935Z	66	PC: 1414d \| Move file pointer
2018-12-17T23:11:40.526407744Z	63	PC: 140ee \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:11:40.535999869Z	66	PC: 1414d \| Move file pointer
2018-12-17T23:11:40.538561259Z	66	PC: 141b7 \| Move file pointer
2018-12-17T23:11:40.541115624Z	66	PC: 141c5 \| Move file pointer
2018-12-17T23:11:40.544076618Z	66	PC: 141d3 \| Move file pointer
2018-12-17T23:11:40.55094251Z	63	PC: 140ee \| Read file or device (Read 1048 bytes on handle 5)
2018-12-17T23:11:40.557728591Z	64	PC: 140ee \| Write file or device (Write 1048 bytes on handle 6)
2018-12-17T23:11:40.567791476Z	63	PC: 140ee \| Read file or device (Read 1048 bytes on handle 5)
2018-12-17T23:11:40.579319546Z	64	PC: 140ee \| Write file or device (Write 1048 bytes on handle 6)
2018-12-17T23:11:40.589684729Z	63	PC: 140ee \| Read file or device (Read 1048 bytes on handle 5)
2018-12-17T23:11:40.612027088Z	64	PC: 140ee \| Write file or device (Write 1048 bytes on handle 6)
2018-12-17T23:11:40.622460164Z	63	PC: 140ee \| Read file or device (Read 1048 bytes on handle 5)
2018-12-17T23:11:40.633440988Z	64	PC: 140ee \| Write file or device (Write 1048 bytes on handle 6)
2018-12-17T23:11:40.643581277Z	63	PC: 140ee \| Read file or device (Read 1048 bytes on handle 5)
2018-12-17T23:11:40.655629292Z	64	PC: 140ee \| Write file or device (Write 1048 bytes on handle 6)
2018-12-17T23:11:40.665670768Z	63	PC: 140ee \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:11:40.669120209Z	64	PC: 140ee \| Write file or device (Write 1 bytes on handle 6)
2018-12-17T23:11:40.673891113Z	62	PC: 1406b \| Close file
2018-12-17T23:11:40.676171757Z	62	PC: 1406b \| Close file
2018-12-17T23:11:40.686196518Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:40.68799304Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:40.689868957Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:40.691549774Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:40.694872951Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:40.696780953Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:40.698722117Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:40.700702142Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:40.703293889Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:40.705131046Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:40.707076751Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:40.709633149Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:40.711027237Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:40.712418379Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:40.714627814Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:40.715988708Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:40.717227481Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:40.719164629Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:40.720492453Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:40.721840989Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:40.723654672Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:40.724969557Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:40.726292962Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:40.728909056Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:40.730605662Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:40.732351577Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:40.73497597Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:40.73670852Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:40.738284216Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:40.739908017Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:40.742265843Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:40.743936265Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:40.74507934Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:40.74677767Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:40.747801547Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:40.748813962Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:40.750519471Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:40.751554558Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:40.752663013Z	41	PC: 1349d \| Parse filename
2018-12-17T23:11:40.754475689Z	41	PC: 134ab \| Parse filename
2018-12-17T23:11:40.75565068Z	75	PC: 134b6 \| Execute program
2018-12-17T23:11:40.766319381Z	9	PC: 1b44c \| Display string (String= '��0JWUW��.R�3��!� Sophos Ltd, Oxford sacrificial EXE goat 1400H bytes long ')
2018-12-17T23:11:40.773549211Z	76	PC: 1b451 \| Terminate with return code (Return code = '0')
2018-12-17T23:11:40.776000855Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:40.778206874Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:40.77986415Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:40.781031607Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:40.782079331Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:40.783720578Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:40.78484442Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:40.786034862Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:40.787794903Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:40.788840569Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:40.789867087Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:40.791232147Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:40.793111144Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:40.794546721Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:40.800118419Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:40.802029108Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:40.803762671Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:40.805496763Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:40.808309698Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:40.810034549Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:40.811761503Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:40.814608061Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:40.816325334Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:40.82019525Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:40.82322294Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:40.824727342Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:40.826077159Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:40.828967796Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:40.830497654Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:40.831984823Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:40.834998838Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:40.836758531Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:40.838443561Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:40.850885345Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:40.853380144Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:40.85588141Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:40.85963002Z	53	PC: 13414 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:40.861471427Z	37	PC: 1341d \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:40.863765944Z	60	PC: 1401b \| Create or truncate file
2018-12-17T23:11:40.879969539Z	62	PC: 1406b \| Close file
2018-12-17T23:11:40.883015683Z	65	PC: 141f0 \| Delete file (Filename = '��')
2018-12-17T23:11:40.911002784Z	42	PC: 12d69 \| Get date 0x12d69: mov byte ptr [bp - 2], dh 0x12d6c: mov byte ptr [bp - 3], dl 0x12d6f: cmp byte ptr [bp - 3], 4 0x12d73: mov al, 0 0x12d75: jne 0x12d78 0x12d77: inc ax 0x12d78: mov dl, al 0x12d7a: cmp byte ptr [bp - 2], 7 0x12d7e: mov al, 0 0x12d80: jne 0x12d83 0x12d82: inc ax 0x12d83: and al, dl 0x12d85: mov byte ptr [bp - 1], al 0x12d88: mov al, byte ptr [bp - 1] 0x12d8b: leave 0x12d8c: ret 0x12d8d: add al, byte ptr [bx + si] 0x12d8f: add al, cl 0x12d91: xchg byte ptr [bp + di], al 0x12d93: add ah, al
2018-12-17T23:11:40.91436404Z	64	PC: 13c35 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:11:40.916253033Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:40.917663584Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:40.920242214Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:40.922211252Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:40.923792984Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:40.92510915Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:40.926554638Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:40.927808997Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:40.929419487Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:40.934868644Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:40.937581134Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:40.939670223Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:40.943460767Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:40.94502845Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:40.946696287Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:40.948676935Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:40.951005031Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:40.952367074Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:40.953744374Z	37	PC: 13646 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:40.962093526Z	76	PC: 13685 \| Terminate with return code (Return code = '0')