Sample viewer

vx.netlux.org/Worm.DOS.Ternop.2551

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:40.041955723Z	53	PC: 12a6d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:40.043483673Z	37	PC: 12a7d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:40.046566222Z	61	PC: 12ae4 \| Open file (Filename = 'c:\windows\command\sys.bat')
2018-12-17T22:44:40.058114081Z	61	PC: 12ae4 \| Open file (Filename = 'd:\windows\command\sys.bat')
2018-12-17T22:44:40.060906886Z	61	PC: 12ae4 \| Open file (Filename = 'e:\windows\command\sys.bat')
2018-12-17T22:44:40.064588571Z	61	PC: 12ae4 \| Open file (Filename = 'f:\windows\command\sys.bat')
2018-12-17T22:44:40.067628711Z	61	PC: 12ae4 \| Open file (Filename = 'g:\windows\command\sys.bat')
2018-12-17T22:44:40.070480978Z	61	PC: 12ae4 \| Open file (Filename = 'h:\windows\command\sys.bat')
2018-12-17T22:44:40.077593597Z	61	PC: 12ae4 \| Open file (Filename = 'i:\windows\command\sys.bat')
2018-12-17T22:44:40.080574234Z	61	PC: 12ae4 \| Open file (Filename = 'j:\windows\command\sys.bat')
2018-12-17T22:44:40.08309566Z	61	PC: 12ae4 \| Open file (Filename = 'k:\windows\command\sys.bat')
2018-12-17T22:44:40.085988844Z	61	PC: 12ae4 \| Open file (Filename = 'l:\windows\command\sys.bat')
2018-12-17T22:44:40.088967489Z	61	PC: 12ae4 \| Open file (Filename = 'm:\windows\command\sys.bat')
2018-12-17T22:44:40.091969316Z	61	PC: 12ae4 \| Open file (Filename = 'n:\windows\command\sys.bat')
2018-12-17T22:44:40.09498497Z	61	PC: 12ae4 \| Open file (Filename = 'o:\windows\command\sys.bat')
2018-12-17T22:44:40.098378253Z	61	PC: 12ae4 \| Open file (Filename = 'p:\windows\command\sys.bat')
2018-12-17T22:44:40.101410328Z	61	PC: 12ae4 \| Open file (Filename = 'q:\windows\command\sys.bat')
2018-12-17T22:44:40.105306786Z	61	PC: 12ae4 \| Open file (Filename = 'r:\windows\command\sys.bat')
2018-12-17T22:44:40.108683879Z	61	PC: 12ae4 \| Open file (Filename = 's:\windows\command\sys.bat')
2018-12-17T22:44:40.111940425Z	61	PC: 12ae4 \| Open file (Filename = 't:\windows\command\sys.bat')
2018-12-17T22:44:40.114966288Z	61	PC: 12ae4 \| Open file (Filename = 'u:\windows\command\sys.bat')
2018-12-17T22:44:40.118202265Z	61	PC: 12ae4 \| Open file (Filename = 'v:\windows\command\sys.bat')
2018-12-17T22:44:40.122292558Z	61	PC: 12ae4 \| Open file (Filename = 'w:\windows\command\sys.bat')
2018-12-17T22:44:40.124899183Z	61	PC: 12ae4 \| Open file (Filename = 'x:\windows\command\sys.bat')
2018-12-17T22:44:40.127432411Z	61	PC: 12ae4 \| Open file (Filename = 'y:\windows\command\sys.bat')
2018-12-17T22:44:40.130401077Z	61	PC: 12ae4 \| Open file (Filename = 'z:\windows\command\sys.bat')
2018-12-17T22:44:40.133788399Z	61	PC: 12ae4 \| Open file (Filename = '{:\windows\command\sys.bat')
2018-12-17T22:44:40.136822036Z	61	PC: 12ae4 \| Open file (Filename = '\|:\windows\command\sys.bat')
2018-12-17T22:44:40.140131512Z	61	PC: 12ae4 \| Open file (Filename = '}:\windows\command\sys.bat')
2018-12-17T22:44:40.143561354Z	61	PC: 12ae4 \| Open file (Filename = '~:\windows\command\sys.bat')
2018-12-17T22:44:40.146618385Z	61	PC: 12ae4 \| Open file (Filename = ':\windows\command\sys.bat')
2018-12-17T22:44:40.149681178Z	61	PC: 12ae4 \| Open file (Filename = '�:\windows\command\sys.bat')
2018-12-17T22:44:40.153738328Z	61	PC: 12ae4 \| Open file (Filename = '�:\windows\command\sys.bat')
2018-12-17T22:44:40.156612937Z	61	PC: 12ae4 \| Open file (Filename = '�:\windows\command\sys.bat')
2018-12-17T22:44:40.159401895Z	61	PC: 12ae4 \| Open file (Filename = '�:\windows\command\sys.bat')
2018-12-17T22:44:40.162783376Z	61	PC: 12b7a \| Open file (Filename = 'c:\autoexec.bat')
2018-12-17T22:44:40.169283494Z	63	PC: 12b87 \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T22:44:40.172015525Z	62	PC: 12b8b \| Close file
2018-12-17T22:44:40.175253567Z	71	PC: 12d3a \| Get current directory
2018-12-17T22:44:40.178399896Z	59	PC: 12d41 \| Change current directory
2018-12-17T22:44:40.182611396Z	47	PC: 12d9a \| Get disk transfer address
2018-12-17T22:44:40.188141502Z	26	PC: 12da7 \| Set disk transfer address
2018-12-17T22:44:40.189741527Z	78	PC: 12db1 \| Find first file
2018-12-17T22:44:40.19624956Z	26	PC: 12ddc \| Set disk transfer address
2018-12-17T22:44:40.197951076Z	26	PC: 12d5f \| Set disk transfer address
2018-12-17T22:44:40.199388476Z	78	PC: 12d69 \| Find first file
2018-12-17T22:44:40.205589693Z	59	PC: 12d78 \| Change current directory
2018-12-17T22:44:40.211760162Z	26	PC: 12d84 \| Set disk transfer address
2018-12-17T22:44:40.214137126Z	79	PC: 12d88 \| Find next file
2018-12-17T22:44:40.217151798Z	59	PC: 12d78 \| Change current directory
2018-12-17T22:44:40.223671453Z	26	PC: 12d84 \| Set disk transfer address
2018-12-17T22:44:40.225428082Z	79	PC: 12d88 \| Find next file
2018-12-17T22:44:40.232459338Z	59	PC: 12d78 \| Change current directory
2018-12-17T22:44:40.238802031Z	26	PC: 12d84 \| Set disk transfer address
2018-12-17T22:44:40.241082073Z	79	PC: 12d88 \| Find next file
2018-12-17T22:44:40.24405173Z	59	PC: 12d78 \| Change current directory
2018-12-17T22:44:40.250352695Z	26	PC: 12d84 \| Set disk transfer address
2018-12-17T22:44:40.25290069Z	79	PC: 12d88 \| Find next file
2018-12-17T22:44:40.255559604Z	59	PC: 12d78 \| Change current directory
2018-12-17T22:44:40.262327074Z	26	PC: 12d84 \| Set disk transfer address
2018-12-17T22:44:40.264155789Z	79	PC: 12d88 \| Find next file
2018-12-17T22:44:40.26755878Z	59	PC: 12d78 \| Change current directory
2018-12-17T22:44:40.273964672Z	26	PC: 12d84 \| Set disk transfer address
2018-12-17T22:44:40.275506617Z	79	PC: 12d88 \| Find next file
2018-12-17T22:44:40.279541175Z	59	PC: 12d78 \| Change current directory
2018-12-17T22:44:40.286054488Z	26	PC: 12d84 \| Set disk transfer address
2018-12-17T22:44:40.287298264Z	79	PC: 12d88 \| Find next file
2018-12-17T22:44:40.290811152Z	59	PC: 12d78 \| Change current directory
2018-12-17T22:44:40.296917781Z	26	PC: 12d84 \| Set disk transfer address
2018-12-17T22:44:40.298252227Z	79	PC: 12d88 \| Find next file
2018-12-17T22:44:40.302013842Z	59	PC: 12d78 \| Change current directory
2018-12-17T22:44:40.308065137Z	26	PC: 12d84 \| Set disk transfer address
2018-12-17T22:44:40.309342116Z	79	PC: 12d88 \| Find next file
2018-12-17T22:44:40.312451135Z	59	PC: 12d91 \| Change current directory
2018-12-17T22:44:40.316774415Z	59	PC: 12d4b \| Change current directory
2018-12-17T22:44:40.318687548Z	37	PC: 12a90 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')