Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Bishkek.4170

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:12:33.460481929Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:12:33.462093348Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:12:33.463171582Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:12:33.464242949Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:12:33.467122856Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:12:33.468305629Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:12:33.469421781Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:12:33.471462563Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:12:33.472767949Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:12:33.473969241Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:12:33.47577424Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:12:33.477380394Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:12:33.479621842Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:12:33.481450484Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:12:33.483462708Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:12:33.4849117Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:12:33.486350062Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:12:33.488092136Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:12:33.489291922Z 53 PC: 131a2 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:12:33.490560312Z 37 PC: 131b7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:12:33.492681254Z 37 PC: 131bf | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:12:33.493742563Z 37 PC: 131c7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:12:33.494946049Z 37 PC: 131cf | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:12:33.497467416Z 68 PC: 134ec | I/O control for devices (Set for = '')
2018-12-17T22:12:33.499849257Z 25 PC: 13c3c | Get default drive
2018-12-17T22:12:33.501606798Z 71 PC: 13c4f | Get current directory
2018-12-17T22:12:33.505456192Z 48 PC: 13baf | Get DOS version
2018-12-17T22:12:33.507461388Z 61 PC: 139d5 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:12:33.523554472Z 87 PC: 12fa0 | Get or set file date and time
2018-12-17T22:12:33.525961779Z 63 PC: 13aa8 | Read file or device (Read 4170 bytes on handle 5)
2018-12-17T22:12:33.536444178Z 66 PC: 13b71 | Move file pointer
2018-12-17T22:12:33.538422919Z 66 PC: 13b7f | Move file pointer
2018-12-17T22:12:33.540410271Z 66 PC: 13b8d | Move file pointer
2018-12-17T22:12:33.541892033Z 66 PC: 13b07 | Move file pointer
2018-12-17T22:12:33.543363975Z 63 PC: 13aa8 | Read file or device (Read 4170 bytes on handle 5)
2018-12-17T22:12:33.55165174Z 66 PC: 13b07 | Move file pointer
2018-12-17T22:12:33.553072679Z 64 PC: 13aa8 | Write file or device (Write 4170 bytes on handle 5)
2018-12-17T22:12:33.568520391Z 66 PC: 13b07 | Move file pointer
2018-12-17T22:12:33.570829076Z 64 PC: 13a06 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:12:33.579145347Z 87 PC: 12fcd | Get or set file date and time
2018-12-17T22:12:33.580602658Z 62 PC: 13a25 | Close file
2018-12-17T22:12:33.588034937Z 48 PC: 13baf | Get DOS version
2018-12-17T22:12:33.589562901Z 41 PC: 130b4 | Parse filename
2018-12-17T22:12:33.590936931Z 41 PC: 130c2 | Parse filename
2018-12-17T22:12:33.593297079Z 75 PC: 130cd | Execute program
2018-12-17T22:12:33.604618683Z 9 PC: 18925 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:12:33.608101091Z 0 PC: 18929 | Program terminate
2018-12-17T22:12:33.612695506Z 26 PC: 12ffd | Set disk transfer address
2018-12-17T22:12:33.614440328Z 78 PC: 13009 | Find first file
2018-12-17T22:12:33.621025624Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.623103442Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.626984509Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.62802728Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.63175453Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.633288701Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.637101237Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.639196161Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.642791585Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.644188418Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.649037422Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.650186585Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.653520964Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.655289294Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.658468697Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.659380379Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.663300959Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.664684375Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.667655805Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.668893131Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.672597188Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.673657062Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.676872237Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.67878118Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.681960378Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.682977103Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.687207653Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.688354023Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.691565002Z 67 PC: 12f86 | Get or set file attributes
2018-12-17T22:12:33.702228333Z 61 PC: 139d5 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:12:33.713399645Z 87 PC: 12fa0 | Get or set file date and time
2018-12-17T22:12:33.714920495Z 63 PC: 13aa8 | Read file or device (Read 4170 bytes on handle 5)
2018-12-17T22:12:33.723382878Z 66 PC: 13b07 | Move file pointer
2018-12-17T22:12:33.725044687Z 64 PC: 13aa8 | Write file or device (Write 4170 bytes on handle 5)
2018-12-17T22:12:33.7330486Z 66 PC: 13b71 | Move file pointer
2018-12-17T22:12:33.735469337Z 66 PC: 13b7f | Move file pointer
2018-12-17T22:12:33.737753157Z 66 PC: 13b8d | Move file pointer
2018-12-17T22:12:33.739659105Z 66 PC: 13b07 | Move file pointer
2018-12-17T22:12:33.745256134Z 64 PC: 13aa8 | Write file or device (Write 4170 bytes on handle 5)
2018-12-17T22:12:33.753710695Z 87 PC: 12fcd | Get or set file date and time
2018-12-17T22:12:33.755226389Z 62 PC: 13a25 | Close file
2018-12-17T22:12:33.764115409Z 67 PC: 12f86 | Get or set file attributes
2018-12-17T22:12:33.774173433Z 26 PC: 13021 | Set disk transfer address
2018-12-17T22:12:33.775602681Z 79 PC: 13026 | Find next file
2018-12-17T22:12:33.779443022Z 44 PC: 13956 | Get time 0x13956: mov word ptr [0x68], cx
0x1395a: mov word ptr [0x6a], dx
0x1395e: retf
0x1395f: mov bx, sp
0x13961: push ds
0x13962: les di, ptr ss:[bx + 8]
0x13966: lds si, ptr ss:[bx + 4]
0x1396a: cld
0x1396b: xor ax, ax
0x1396d: stosw word ptr es:[di], ax
0x1396e: mov ax, 0xd7b0
0x13971: stosw word ptr es:[di], ax
0x13972: xor ax, ax
0x13974: mov cx, 0x16
0x13977: rep stosd dword ptr es:[di], eax
0x13979: lodsb al, byte ptr [si]
0x1397a: cmp al, 0x4f
0x1397c: jbe 0x13980
0x1397e: mov al, 0x4f
0x13980: mov cl, al
2018-12-17T22:12:33.782091621Z 64 PC: 135ef | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:12:33.783825092Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:12:33.785722634Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:12:33.786852632Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:12:33.787941418Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:12:33.79005888Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:12:33.791164022Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:12:33.792259336Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:12:33.794946461Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:12:33.796137169Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:12:33.797216632Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:12:33.799340464Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:12:33.800548227Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:12:33.801712429Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:12:33.803792882Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:12:33.804940472Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:12:33.806739294Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:12:33.80923532Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:12:33.810425134Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:12:33.811553604Z 37 PC: 132b6 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:12:33.813484518Z 76 PC: 132f5 | Terminate with return code (Return code = '0')