Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Worwin.7000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:55:19.667253997Z 53 PC: 1370a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:55:19.668804705Z 53 PC: 1370a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:55:19.669834837Z 53 PC: 1370a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:55:19.670795671Z 53 PC: 1370a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:55:19.672228046Z 53 PC: 1370a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:55:19.673290168Z 53 PC: 1370a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:19.6743128Z 53 PC: 1370a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:55:19.675797215Z 53 PC: 1370a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:55:19.676986335Z 53 PC: 1370a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:55:19.677983446Z 53 PC: 1370a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:55:19.679282952Z 53 PC: 1370a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:55:19.680300751Z 53 PC: 1370a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:55:19.68127935Z 53 PC: 1370a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:55:19.682471236Z 53 PC: 1370a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:55:19.683483322Z 53 PC: 1370a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:55:19.684465487Z 53 PC: 1370a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:55:19.685372219Z 53 PC: 1370a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:55:19.686961303Z 53 PC: 1370a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:55:19.688016272Z 53 PC: 1370a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:55:19.689164467Z 37 PC: 1371f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:55:19.698474192Z 37 PC: 13727 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:55:19.699538548Z 37 PC: 1372f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:19.700597004Z 37 PC: 13737 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:55:19.703016212Z 68 PC: 1414f | I/O control for devices (Set for = '')
2018-12-17T21:55:19.704468849Z 44 PC: 14286 | Get time 0x14286: mov word ptr [0x3e], cx
0x1428a: mov word ptr [0x40], dx
0x1428e: retf
0x1428f: mov di, 0x50
0x14292: push ds
0x14293: pop es
0x14294: mov cx, 0x31ec
0x14297: sub cx, di
0x14299: shr cx, 1
0x1429b: xor ax, ax
0x1429d: cld
0x1429e: rep stosd dword ptr es:[di], eax
0x142a0: ret
0x142a1: add byte ptr [bx + si], al
0x142a3: add byte ptr [bx + si], al
0x142a5: add byte ptr [bx + si], al
0x142a7: add byte ptr [bx + si], al
0x142a9: add byte ptr [bx + si], al
0x142ab: add byte ptr [bx + si], al
0x142ad: add byte ptr [bx + si], al
2018-12-17T21:55:19.706830383Z 26 PC: 1347d | Set disk transfer address
2018-12-17T21:55:19.708246757Z 78 PC: 13489 | Find first file
2018-12-17T21:55:19.714279875Z 67 PC: 133df | Get or set file attributes
2018-12-17T21:55:19.717732794Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:19.836847302Z 61 PC: 13bcd | Open file (Filename = 'TEST.EXE')
2018-12-17T21:55:19.842061526Z 63 PC: 13ca0 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T21:55:19.849077879Z 63 PC: 13ca0 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T21:55:19.852987381Z 62 PC: 13c1d | Close file
2018-12-17T21:55:19.855042575Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:19.865454649Z 26 PC: 134a1 | Set disk transfer address
2018-12-17T21:55:19.867706293Z 79 PC: 134a6 | Find next file
2018-12-17T21:55:19.86962758Z 26 PC: 1347d | Set disk transfer address
2018-12-17T21:55:19.870666092Z 78 PC: 13489 | Find first file
2018-12-17T21:55:19.875291401Z 67 PC: 133df | Get or set file attributes
2018-12-17T21:55:19.879597474Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:19.8883085Z 61 PC: 13bcd | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:55:19.896014572Z 63 PC: 13ca0 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T21:55:19.903086766Z 63 PC: 13ca0 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T21:55:19.905910447Z 62 PC: 13c1d | Close file
2018-12-17T21:55:19.907852168Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:19.920056893Z 25 PC: 13503 | Get default drive
2018-12-17T21:55:19.921010455Z 71 PC: 13522 | Get current directory
2018-12-17T21:55:19.929195016Z 48 PC: 13d8f | Get DOS version
2018-12-17T21:55:19.930938546Z 67 PC: 133df | Get or set file attributes
2018-12-17T21:55:19.937021011Z 67 PC: 133df | Get or set file attributes
2018-12-17T21:55:19.941025128Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:19.948497294Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:19.958648117Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:19.962588664Z 61 PC: 13bcd | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:55:19.970098942Z 61 PC: 13bcd | Open file (Filename = 'A:\SLEEP.COM')
2018-12-17T21:55:19.977845126Z 60 PC: 13bcd | Create or truncate file
2018-12-17T21:55:19.986694295Z 63 PC: 13ca0 | Read file or device (Read 7000 bytes on handle 5)
2018-12-17T21:55:19.993022596Z 64 PC: 13ca0 | Write file or device (Write 7000 bytes on handle 7)
2018-12-17T21:55:20.000423332Z 66 PC: 13cff | Move file pointer
2018-12-17T21:55:20.003130626Z 64 PC: 13ca0 | Write file or device (Write 4 bytes on handle 7)
2018-12-17T21:55:20.012050099Z 66 PC: 13cff | Move file pointer
2018-12-17T21:55:20.013962127Z 63 PC: 13ca0 | Read file or device (Read 7000 bytes on handle 6)
2018-12-17T21:55:20.023233776Z 64 PC: 13ca0 | Write file or device (Write 407 bytes on handle 7)
2018-12-17T21:55:20.032492648Z 63 PC: 13ca0 | Read file or device (Read 7000 bytes on handle 6)
2018-12-17T21:55:20.036128319Z 66 PC: 13cff | Move file pointer
2018-12-17T21:55:20.037971406Z 66 PC: 13cff | Move file pointer
2018-12-17T21:55:20.040548058Z 87 PC: 13420 | Get or set file date and time
2018-12-17T21:55:20.042823858Z 63 PC: 13ca0 | Read file or device (Read 7000 bytes on handle 7)
2018-12-17T21:55:20.050700975Z 64 PC: 13ca0 | Write file or device (Write 7000 bytes on handle 6)
2018-12-17T21:55:20.061719579Z 63 PC: 13ca0 | Read file or device (Read 7000 bytes on handle 7)
2018-12-17T21:55:20.0651908Z 64 PC: 13ca0 | Write file or device (Write 407 bytes on handle 6)
2018-12-17T21:55:20.073414132Z 63 PC: 13ca0 | Read file or device (Read 7000 bytes on handle 7)
2018-12-17T21:55:20.076071207Z 87 PC: 1344d | Get or set file date and time
2018-12-17T21:55:20.078041099Z 62 PC: 13c1d | Close file
2018-12-17T21:55:20.086056491Z 62 PC: 13c1d | Close file
2018-12-17T21:55:20.093761507Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:20.104023066Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:20.113745985Z 65 PC: 13d16 | Delete file (Filename = 'temp.@@@')
2018-12-17T21:55:20.128807559Z 48 PC: 13d8f | Get DOS version
2018-12-17T21:55:20.130849263Z 67 PC: 133df | Get or set file attributes
2018-12-17T21:55:20.13531207Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:20.141692237Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:20.147721551Z 61 PC: 13bcd | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:55:20.155239625Z 60 PC: 13bcd | Create or truncate file
2018-12-17T21:55:20.169354684Z 66 PC: 13cff | Move file pointer
2018-12-17T21:55:20.171226405Z 63 PC: 13ca0 | Read file or device (Read 4 bytes on handle 6)
2018-12-17T21:55:20.178175632Z 66 PC: 13cff | Move file pointer
2018-12-17T21:55:20.180130408Z 63 PC: 13ca0 | Read file or device (Read 7000 bytes on handle 6)
2018-12-17T21:55:20.183300779Z 62 PC: 13c1d | Close file
2018-12-17T21:55:20.185074698Z 62 PC: 13c1d | Close file
2018-12-17T21:55:20.186959241Z 67 PC: 13406 | Get or set file attributes
2018-12-17T21:55:20.198720993Z 41 PC: 1366c | Parse filename
2018-12-17T21:55:20.200139898Z 41 PC: 1367a | Parse filename
2018-12-17T21:55:20.201508792Z 75 PC: 13685 | Execute program
2018-12-17T21:55:20.210709676Z 65 PC: 13d16 | Delete file (Filename = '��')
2018-12-17T21:55:20.221067912Z 64 PC: 13b28 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T21:55:20.223007228Z 37 PC: 13861 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:55:20.22481646Z 37 PC: 13861 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:55:20.226082914Z 37 PC: 13861 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:55:20.227094216Z 37 PC: 13861 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:55:20.229113819Z 37 PC: 13861 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:55:20.230496639Z 37 PC: 13861 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:20.231547621Z 37 PC: 13861 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:55:20.233167148Z 37 PC: 13861 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:55:20.234298105Z 37 PC: 13861 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:55:20.235547718Z 37 PC: 13861 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:55:20.237236951Z 37 PC: 13861 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:55:20.238885794Z 37 PC: 13861 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:55:20.239957237Z 37 PC: 13861 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:55:20.241771099Z 37 PC: 13861 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:55:20.242705627Z 37 PC: 13861 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:55:20.243590452Z 37 PC: 13861 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:55:20.244970674Z 37 PC: 13861 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:55:20.245871615Z 37 PC: 13861 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:55:20.246749958Z 37 PC: 13861 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:55:20.248132186Z 76 PC: 138a0 | Terminate with return code (Return code = '0')