Sample viewer

vx.netlux.org/Virus.DOS.Voodoo.3492

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:02.964267108Z 82 PC: 13918 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:47:02.967848526Z 255 PC: 13966 | UNKNOWN!
2018-12-17T22:47:02.969164058Z 72 PC: 136ee | Allocate memory
2018-12-17T22:47:02.97110271Z 73 PC: 136f4 | Release memory
2018-12-17T22:47:02.97268337Z 72 PC: 136fb | Allocate memory
2018-12-17T22:47:02.975531942Z 72 PC: 13703 | Allocate memory
2018-12-17T22:47:02.977725453Z 72 PC: 136ee | Allocate memory
2018-12-17T22:47:02.979574567Z 37 PC: 1372a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:02.982238131Z 67 PC: 1389a | Get or set file attributes
2018-12-17T22:47:02.988015215Z 71 PC: 1375d | Get current directory
2018-12-17T22:47:02.991396207Z 78 PC: 13793 | Find first file
2018-12-17T22:47:02.996913122Z 47 PC: 1389a | Get disk transfer address
2018-12-17T22:47:02.998377934Z 26 PC: 1389a | Set disk transfer address
2018-12-17T22:47:02.999839731Z 78 PC: 1389a | Find first file
2018-12-17T22:47:03.007131891Z 26 PC: 1389a | Set disk transfer address
2018-12-17T22:47:03.009133281Z 47 PC: 1389a | Get disk transfer address
2018-12-17T22:47:03.010687762Z 26 PC: 1389a | Set disk transfer address
2018-12-17T22:47:03.012409707Z 78 PC: 1389a | Find first file
2018-12-17T22:47:03.019466716Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.037871965Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.041461319Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.053222205Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.056419912Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.066872861Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.071027697Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.081549576Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.084692992Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.088553155Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.099425762Z 26 PC: 1389a | Set disk transfer address
2018-12-17T22:47:03.10048379Z 61 PC: 1389a | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:47:03.106140066Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.107765811Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.109088155Z 63 PC: 1389a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:03.118783731Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.120241219Z 64 PC: 1389a | Write file or device (Write 3967 bytes on handle 5)
2018-12-17T22:47:03.13128617Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.132865598Z 64 PC: 1389a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:03.139885958Z 87 PC: 13543 | Get or set file date and time
2018-12-17T22:47:03.141126328Z 87 PC: 13550 | Get or set file date and time
2018-12-17T22:47:03.142675659Z 62 PC: 1389a | Close file
2018-12-17T22:47:03.15125097Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.156082838Z 61 PC: 1389a | Open file (Filename = 'PRINT.COM')
2018-12-17T22:47:03.16373258Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.166018515Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.167329869Z 63 PC: 1389a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:03.175758103Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.177423612Z 64 PC: 1389a | Write file or device (Write 3945 bytes on handle 5)
2018-12-17T22:47:03.184008734Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.185186617Z 64 PC: 1389a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:03.191235612Z 87 PC: 13543 | Get or set file date and time
2018-12-17T22:47:03.192501741Z 87 PC: 13550 | Get or set file date and time
2018-12-17T22:47:03.194080247Z 62 PC: 1389a | Close file
2018-12-17T22:47:03.2032955Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.213508399Z 61 PC: 1389a | Open file (Filename = 'HELLO.COM')
2018-12-17T22:47:03.220665155Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.22347853Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.225202489Z 63 PC: 1389a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:03.234850335Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.236422329Z 64 PC: 1389a | Write file or device (Write 3959 bytes on handle 5)
2018-12-17T22:47:03.245926655Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.247452342Z 64 PC: 1389a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:03.253951392Z 87 PC: 13543 | Get or set file date and time
2018-12-17T22:47:03.256189848Z 87 PC: 13550 | Get or set file date and time
2018-12-17T22:47:03.257823377Z 62 PC: 1389a | Close file
2018-12-17T22:47:03.265903838Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.27127548Z 61 PC: 1389a | Open file (Filename = 'PHANG.COM')
2018-12-17T22:47:03.279342967Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.281232838Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.283460593Z 63 PC: 1389a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:03.292727784Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.294607897Z 64 PC: 1389a | Write file or device (Write 3995 bytes on handle 5)
2018-12-17T22:47:03.305067568Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.306884371Z 64 PC: 1389a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:03.313936561Z 87 PC: 13543 | Get or set file date and time
2018-12-17T22:47:03.315925858Z 87 PC: 13550 | Get or set file date and time
2018-12-17T22:47:03.318399135Z 62 PC: 1389a | Close file
2018-12-17T22:47:03.326926717Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.33722718Z 61 PC: 1389a | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:47:03.342743504Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.344109851Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.345373635Z 63 PC: 1389a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:03.352864268Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.354360109Z 64 PC: 1389a | Write file or device (Write 3927 bytes on handle 5)
2018-12-17T22:47:03.363365728Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.365211516Z 64 PC: 1389a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:03.37223948Z 87 PC: 13543 | Get or set file date and time
2018-12-17T22:47:03.3736235Z 87 PC: 13550 | Get or set file date and time
2018-12-17T22:47:03.375751609Z 62 PC: 1389a | Close file
2018-12-17T22:47:03.383988965Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.388746804Z 59 PC: 13809 | Change current directory
2018-12-17T22:47:03.393243532Z 47 PC: 1389a | Get disk transfer address
2018-12-17T22:47:03.394459807Z 26 PC: 1389a | Set disk transfer address
2018-12-17T22:47:03.395527593Z 78 PC: 1389a | Find first file
2018-12-17T22:47:03.402425794Z 26 PC: 1389a | Set disk transfer address
2018-12-17T22:47:03.403943405Z 47 PC: 1389a | Get disk transfer address
2018-12-17T22:47:03.405389632Z 26 PC: 1389a | Set disk transfer address
2018-12-17T22:47:03.407308247Z 78 PC: 1389a | Find first file
2018-12-17T22:47:03.420591563Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.423588263Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.426368026Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.430232616Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.432867617Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.4354452Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.438638469Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.442150277Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.452112975Z 79 PC: 1389a | Find next file
2018-12-17T22:47:03.455042048Z 26 PC: 1389a | Set disk transfer address
2018-12-17T22:47:03.456431498Z 61 PC: 1389a | Open file (Filename = 'TEST.COM')
2018-12-17T22:47:03.463311625Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.466792485Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.469179079Z 63 PC: 1389a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:03.479702831Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.482040793Z 64 PC: 1389a | Write file or device (Write 3948 bytes on handle 5)
2018-12-17T22:47:03.493302722Z 66 PC: 1389a | Move file pointer
2018-12-17T22:47:03.495153229Z 64 PC: 1389a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:03.49840089Z 87 PC: 13543 | Get or set file date and time
2018-12-17T22:47:03.500825255Z 87 PC: 13550 | Get or set file date and time
2018-12-17T22:47:03.502967119Z 62 PC: 1389a | Close file
2018-12-17T22:47:03.511440439Z 67 PC: 12d52 | Get or set file attributes
2018-12-17T22:47:03.518277494Z 59 PC: 13830 | Change current directory
2018-12-17T22:47:03.520514858Z 42 PC: 1389a | Get date 0x1389a: pop si
0x1389b: ret
0x1389c: mov ah, 0x49
0x1389e: int 0x21
0x138a0: ret
0x138a1: mov al, 3
0x138a3: iret
0x138a4: add byte ptr [bx + si], al
0x138a6: call 0x23877
0x138a9: call 0x2389c
0x138ac: cmp byte ptr cs:[bp + 5], 0
0x138b2: jne 0x138b6
0x138b4: pop ax
0x138b5: pop ax
0x138b6: pop ax
0x138b7: mov word ptr cs:[bp + 0xc5c], ax
0x138bc: cmp byte ptr cs:[bp + 5], 0
0x138c2: je 0x138e4
0x138c4: mov bx, word ptr cs:[bp + 0xc5c]
0x138c9: pop es
2018-12-17T22:47:03.523591408Z 37 PC: 13888 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:03.525847497Z 73 PC: 138a0 | Release memory