Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Voodoo.d

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:14:49.343098912Z 53 PC: 133aa | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:14:49.344744701Z 53 PC: 133aa | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:14:49.345805804Z 53 PC: 133aa | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:14:49.346848732Z 53 PC: 133aa | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:14:49.348311156Z 53 PC: 133aa | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:14:49.349481631Z 53 PC: 133aa | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:14:49.351087095Z 53 PC: 133aa | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:14:49.353037201Z 53 PC: 133aa | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:14:49.35456436Z 53 PC: 133aa | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:14:49.35600476Z 53 PC: 133aa | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:14:49.358068557Z 53 PC: 133aa | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:14:49.359369294Z 53 PC: 133aa | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:14:49.360455337Z 53 PC: 133aa | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:14:49.361830548Z 53 PC: 133aa | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:14:49.363697488Z 53 PC: 133aa | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:14:49.36487939Z 53 PC: 133aa | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:14:49.36622063Z 53 PC: 133aa | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:14:49.377997163Z 53 PC: 133aa | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:14:49.379249867Z 53 PC: 133aa | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:14:49.380420425Z 37 PC: 133bf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:14:49.385161073Z 37 PC: 133c7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:14:49.386241846Z 37 PC: 133cf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:14:49.387317258Z 37 PC: 133d7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:14:49.389321693Z 68 PC: 1427f | I/O control for devices (Set for = '')
2018-12-17T22:14:49.390745039Z 42 PC: 131c7 | Get date 0x131c7: xor ah, ah
0x131c9: les di, ptr [bp + 6]
0x131cc: stosw word ptr es:[di], ax
0x131cd: mov al, dl
0x131cf: les di, ptr [bp + 0xa]
0x131d2: stosw word ptr es:[di], ax
0x131d3: mov al, dh
0x131d5: les di, ptr [bp + 0xe]
0x131d8: stosw word ptr es:[di], ax
0x131d9: xchg ax, cx
0x131da: les di, ptr [bp + 0x12]
0x131dd: stosw word ptr es:[di], ax
0x131de: pop bp
0x131df: retf 0x10
0x131e2: push bp
0x131e3: mov bp, sp
0x131e5: mov cx, word ptr [bp + 0xa]
0x131e8: mov dh, byte ptr [bp + 8]
0x131eb: mov dl, byte ptr [bp + 6]
0x131ee: mov ah, 0x2b
2018-12-17T22:14:49.392921855Z 26 PC: 13257 | Set disk transfer address
2018-12-17T22:14:49.394390182Z 78 PC: 13263 | Find first file
2018-12-17T22:14:49.400323072Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:14:49.401701167Z 79 PC: 13280 | Find next file
2018-12-17T22:14:49.409384086Z 61 PC: 13cd3 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:14:49.415831932Z 63 PC: 13da6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:14:49.425672451Z 66 PC: 1437e | Move file pointer
2018-12-17T22:14:49.428577427Z 66 PC: 1438c | Move file pointer
2018-12-17T22:14:49.429918819Z 66 PC: 1439a | Move file pointer
2018-12-17T22:14:49.431316095Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.433694543Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:14:49.434789818Z 79 PC: 13280 | Find next file
2018-12-17T22:14:49.437653161Z 61 PC: 13cd3 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:14:49.446326856Z 63 PC: 13da6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:14:49.452631404Z 66 PC: 1437e | Move file pointer
2018-12-17T22:14:49.45395725Z 66 PC: 1438c | Move file pointer
2018-12-17T22:14:49.45553332Z 66 PC: 1439a | Move file pointer
2018-12-17T22:14:49.457357587Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.459142173Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:14:49.460142129Z 79 PC: 13280 | Find next file
2018-12-17T22:14:49.463497922Z 61 PC: 13cd3 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:14:49.469951203Z 63 PC: 13da6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:14:49.47619239Z 66 PC: 1437e | Move file pointer
2018-12-17T22:14:49.478175985Z 66 PC: 1438c | Move file pointer
2018-12-17T22:14:49.479486702Z 66 PC: 1439a | Move file pointer
2018-12-17T22:14:49.480914536Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.483006693Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:14:49.484142356Z 79 PC: 13280 | Find next file
2018-12-17T22:14:49.487168429Z 61 PC: 13cd3 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:14:49.495491693Z 63 PC: 13da6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:14:49.506972371Z 66 PC: 1437e | Move file pointer
2018-12-17T22:14:49.50845756Z 66 PC: 1438c | Move file pointer
2018-12-17T22:14:49.510722024Z 66 PC: 1439a | Move file pointer
2018-12-17T22:14:49.512212245Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.514731562Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:14:49.517248472Z 79 PC: 13280 | Find next file
2018-12-17T22:14:49.520535409Z 61 PC: 13cd3 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:14:49.52752392Z 63 PC: 13da6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:14:49.534672643Z 66 PC: 1437e | Move file pointer
2018-12-17T22:14:49.53610571Z 66 PC: 1438c | Move file pointer
2018-12-17T22:14:49.53758475Z 66 PC: 1439a | Move file pointer
2018-12-17T22:14:49.539771358Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.54163812Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:14:49.542809588Z 79 PC: 13280 | Find next file
2018-12-17T22:14:49.549174968Z 61 PC: 13cd3 | Open file (Filename = 'PAH.COM')
2018-12-17T22:14:49.555588215Z 63 PC: 13da6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:14:49.562033009Z 66 PC: 1437e | Move file pointer
2018-12-17T22:14:49.564657754Z 66 PC: 1438c | Move file pointer
2018-12-17T22:14:49.56605374Z 66 PC: 1439a | Move file pointer
2018-12-17T22:14:49.567488085Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.569964215Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:14:49.571022743Z 79 PC: 13280 | Find next file
2018-12-17T22:14:49.574081699Z 61 PC: 13cd3 | Open file (Filename = 'PAH.COM')
2018-12-17T22:14:49.581525135Z 63 PC: 13da6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:14:49.584467797Z 66 PC: 1437e | Move file pointer
2018-12-17T22:14:49.586131328Z 66 PC: 1438c | Move file pointer
2018-12-17T22:14:49.588602533Z 66 PC: 1439a | Move file pointer
2018-12-17T22:14:49.590706686Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.593647032Z 26 PC: 13257 | Set disk transfer address
2018-12-17T22:14:49.595790403Z 78 PC: 13263 | Find first file
2018-12-17T22:14:49.602496783Z 26 PC: 1327b | Set disk transfer address
2018-12-17T22:14:49.603849532Z 79 PC: 13280 | Find next file
2018-12-17T22:14:49.606384445Z 61 PC: 13cd3 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:14:49.610509227Z 63 PC: 13da6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:14:49.614486165Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.616430197Z 48 PC: 13e95 | Get DOS version
2018-12-17T22:14:49.617798424Z 61 PC: 13cd3 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:14:49.622036038Z 63 PC: 13da6 | Read file or device (Read 4745 bytes on handle 5)
2018-12-17T22:14:49.631076974Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.633068459Z 61 PC: 13cd3 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:14:49.63960267Z 66 PC: 1437e | Move file pointer
2018-12-17T22:14:49.641208134Z 66 PC: 1438c | Move file pointer
2018-12-17T22:14:49.642821817Z 66 PC: 1439a | Move file pointer
2018-12-17T22:14:49.644181801Z 63 PC: 13da6 | Read file or device (Read 7184 bytes on handle 5)
2018-12-17T22:14:49.651555935Z 66 PC: 13e05 | Move file pointer
2018-12-17T22:14:49.653305167Z 64 PC: 13da6 | Write file or device (Write 4745 bytes on handle 5)
2018-12-17T22:14:49.666923647Z 64 PC: 13da6 | Write file or device (Write 7184 bytes on handle 5)
2018-12-17T22:14:49.676560243Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.685130571Z 48 PC: 13e95 | Get DOS version
2018-12-17T22:14:49.686647161Z 61 PC: 13cd3 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:14:49.693337131Z 66 PC: 1437e | Move file pointer
2018-12-17T22:14:49.695236133Z 66 PC: 1438c | Move file pointer
2018-12-17T22:14:49.696960207Z 66 PC: 1439a | Move file pointer
2018-12-17T22:14:49.698736618Z 63 PC: 13da6 | Read file or device (Read 4745 bytes on handle 5)
2018-12-17T22:14:49.706346626Z 63 PC: 13da6 | Read file or device (Read 7184 bytes on handle 5)
2018-12-17T22:14:49.713491781Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.715061107Z 60 PC: 13cd3 | Create or truncate file
2018-12-17T22:14:49.723106521Z 64 PC: 13da6 | Write file or device (Write 7184 bytes on handle 5)
2018-12-17T22:14:49.730679017Z 62 PC: 13d23 | Close file
2018-12-17T22:14:49.737433748Z 41 PC: 1330f | Parse filename
2018-12-17T22:14:49.738805687Z 41 PC: 1331d | Parse filename
2018-12-17T22:14:49.740009752Z 75 PC: 13328 | Execute program
2018-12-17T22:14:49.745404022Z 65 PC: 13e1c | Delete file (Filename = 'temp.com')
2018-12-17T22:14:49.753691271Z 64 PC: 13a2b | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:14:49.755288467Z 37 PC: 13501 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:14:49.756190241Z 37 PC: 13501 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:14:49.757525993Z 37 PC: 13501 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:14:49.758484318Z 37 PC: 13501 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:14:49.759442128Z 37 PC: 13501 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:14:49.760766698Z 37 PC: 13501 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:14:49.761664548Z 37 PC: 13501 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:14:49.762803035Z 37 PC: 13501 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:14:49.763911431Z 37 PC: 13501 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:14:49.764926261Z 37 PC: 13501 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:14:49.765698342Z 37 PC: 13501 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:14:49.766919975Z 37 PC: 13501 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:14:49.767808963Z 37 PC: 13501 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:14:49.768605087Z 37 PC: 13501 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:14:49.770319629Z 37 PC: 13501 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:14:49.771226091Z 37 PC: 13501 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:14:49.772534471Z 37 PC: 13501 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:14:49.774012419Z 37 PC: 13501 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:14:49.775347299Z 37 PC: 13501 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:14:49.776182326Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.777963417Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.780935974Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.783412154Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.786039745Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.787979577Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.790007636Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.792746282Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.794722736Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.797031372Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.799169644Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.80098522Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.803355341Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.806193688Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.808205063Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.810267153Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.813439665Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.816375603Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.81860991Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.822199841Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.825388887Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.827726219Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.831539352Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.833955988Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.836355794Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.83983292Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.842207016Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.84452081Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.847874022Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.85087218Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.853081951Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.856415364Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.858640435Z 6 PC: 13588 | Direct console I/O
2018-12-17T22:14:49.862456435Z 76 PC: 13540 | Terminate with return code (Return code = '103')