Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Nazi.5984

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:53.23036817Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:53.232531787Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:53.233863921Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:53.235168152Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:53.237213095Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:53.239175574Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:53.240634666Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:53.242008879Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:53.244826344Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:53.246967599Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:53.24908056Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:53.251957658Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:53.253388717Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:53.254848892Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:53.262958353Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:53.264790998Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:53.266529706Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:53.269215945Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:53.271234459Z	53	PC: 131b2 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:53.273141043Z	37	PC: 131c7 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:53.274923142Z	37	PC: 131cf \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:53.28126957Z	37	PC: 131d7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:53.28314786Z	37	PC: 131df \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:53.284883442Z	68	PC: 1375f \| I/O control for devices (Set for = '')
2018-12-17T22:58:53.287477067Z	42	PC: 12fd7 \| Get date 0x12fd7: xor ah, ah 0x12fd9: les di, ptr [bp + 6] 0x12fdc: stosw word ptr es:[di], ax 0x12fdd: mov al, dl 0x12fdf: les di, ptr [bp + 0xa] 0x12fe2: stosw word ptr es:[di], ax 0x12fe3: mov al, dh 0x12fe5: les di, ptr [bp + 0xe] 0x12fe8: stosw word ptr es:[di], ax 0x12fe9: xchg ax, cx 0x12fea: les di, ptr [bp + 0x12] 0x12fed: stosw word ptr es:[di], ax 0x12fee: pop bp 0x12fef: retf 0x10 0x12ff2: push bp 0x12ff3: mov bp, sp 0x12ff5: mov cx, word ptr [bp + 0xa] 0x12ff8: mov dh, byte ptr [bp + 8] 0x12ffb: mov dl, byte ptr [bp + 6] 0x12ffe: mov ah, 0x2b
2018-12-17T22:58:53.289518404Z	26	PC: 13067 \| Set disk transfer address
2018-12-17T22:58:53.290695226Z	78	PC: 13073 \| Find first file
2018-12-17T22:58:53.296298016Z	26	PC: 1308b \| Set disk transfer address
2018-12-17T22:58:53.297371303Z	79	PC: 13090 \| Find next file
2018-12-17T22:58:53.299679201Z	61	PC: 13d4a \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:53.305982618Z	63	PC: 13e1d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:53.311291526Z	62	PC: 13d9a \| Close file
2018-12-17T22:58:53.313186638Z	48	PC: 13f8a \| Get DOS version
2018-12-17T22:58:53.315359913Z	61	PC: 13d4a \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:53.321550327Z	63	PC: 13e1d \| Read file or device (Read 5984 bytes on handle 5)
2018-12-17T22:58:53.331699603Z	62	PC: 13d9a \| Close file
2018-12-17T22:58:53.334684894Z	61	PC: 13d4a \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:53.343351132Z	66	PC: 13ee6 \| Move file pointer
2018-12-17T22:58:53.344993779Z	66	PC: 13ef4 \| Move file pointer
2018-12-17T22:58:53.346907636Z	66	PC: 13f02 \| Move file pointer
2018-12-17T22:58:53.34993158Z	63	PC: 13e1d \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:58:53.353367788Z	66	PC: 13e7c \| Move file pointer
2018-12-17T22:58:53.355498342Z	64	PC: 13e1d \| Write file or device (Write 5984 bytes on handle 5)
2018-12-17T22:58:53.372305922Z	64	PC: 13e1d \| Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:58:53.375738393Z	62	PC: 13d9a \| Close file
2018-12-17T22:58:53.385183576Z	48	PC: 13f8a \| Get DOS version
2018-12-17T22:58:53.388328277Z	61	PC: 13d4a \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:58:53.396034671Z	66	PC: 13ee6 \| Move file pointer
2018-12-17T22:58:53.397980017Z	66	PC: 13ef4 \| Move file pointer
2018-12-17T22:58:53.400763178Z	66	PC: 13f02 \| Move file pointer
2018-12-17T22:58:53.402954928Z	63	PC: 13e1d \| Read file or device (Read 5984 bytes on handle 5)
2018-12-17T22:58:53.412317004Z	62	PC: 13d9a \| Close file
2018-12-17T22:58:53.416027988Z	60	PC: 13d4a \| Create or truncate file
2018-12-17T22:58:53.428477247Z	62	PC: 13d9a \| Close file
2018-12-17T22:58:53.431303408Z	41	PC: 1311e \| Parse filename
2018-12-17T22:58:53.433477845Z	41	PC: 1312c \| Parse filename
2018-12-17T22:58:53.436713807Z	75	PC: 13137 \| Execute program
2018-12-17T22:58:53.446554793Z	65	PC: 13f1f \| Delete file (Filename = 'temp.com')
2018-12-17T22:58:53.458983373Z	64	PC: 13862 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:58:53.462161696Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:53.463757876Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:53.465323569Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:53.467711176Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:53.470317335Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:53.472185977Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:53.47479495Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:53.476519542Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:53.478121623Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:53.481235054Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:53.483173468Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:53.484862703Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:53.487432663Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:53.488620425Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:53.48971881Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:53.495559978Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:53.497356655Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:53.498601635Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:53.499830354Z	37	PC: 132c6 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:53.502036811Z	76	PC: 13305 \| Terminate with return code (Return code = '0')