Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Nazi.8000.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:31.928399088Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:31.931511783Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:10:31.932921435Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:31.934281954Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:31.93963813Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:31.956853726Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:10:31.960426217Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:10:31.963854065Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:10:31.970041484Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:10:31.972700887Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:10:31.975478713Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:10:31.979347Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:10:31.981082745Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:10:31.982862283Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:10:31.985179933Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:10:31.991910765Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:10:31.995144748Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:32.001858027Z 53 PC: 14ab6 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:10:32.011241339Z 37 PC: 14acb | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:32.014047267Z 37 PC: 14ad3 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:32.019324415Z 37 PC: 14adb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:32.021278531Z 37 PC: 14ae3 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:32.024108996Z 68 PC: 15141 | I/O control for devices (Set for = '')
2018-12-17T23:10:32.121767989Z 37 PC: 14177 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:32.128933008Z 48 PC: 156b8 | Get DOS version
2018-12-17T23:10:32.130862066Z 53 PC: 1490c | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:10:32.132563507Z 37 PC: 14928 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:10:32.140440205Z 53 PC: 1490c | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:10:32.142162726Z 37 PC: 14928 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:10:32.143801358Z 53 PC: 1490c | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:32.14652925Z 37 PC: 14928 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:32.148356106Z 51 PC: 147fb | Get or set Ctrl-Break
2018-12-17T23:10:32.150058549Z 60 PC: 15504 | Create or truncate file
2018-12-17T23:10:32.171106323Z 65 PC: 1564d | Delete file (Filename = '\�')
2018-12-17T23:10:32.182776237Z 48 PC: 156b8 | Get DOS version
2018-12-17T23:10:32.184305403Z 61 PC: 15504 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:10:32.19223483Z 66 PC: 15636 | Move file pointer
2018-12-17T23:10:32.194087615Z 63 PC: 155d7 | Read file or device (Read 4 bytes on handle 6)
2018-12-17T23:10:32.197401169Z 62 PC: 15554 | Close file
2018-12-17T23:10:32.200778682Z 48 PC: 156b8 | Get DOS version
2018-12-17T23:10:32.203107443Z 61 PC: 15504 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:10:32.210458682Z 63 PC: 155d7 | Read file or device (Read 8000 bytes on handle 6)
2018-12-17T23:10:32.22011635Z 62 PC: 15554 | Close file
2018-12-17T23:10:32.224053707Z 26 PC: 148ac | Set disk transfer address
2018-12-17T23:10:32.225399719Z 78 PC: 148b8 | Find first file
2018-12-17T23:10:32.232168953Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.234416651Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.238462893Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.239961722Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.243916953Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.245595561Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.249102337Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.25104951Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.254303441Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.255594861Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.259664036Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.26108064Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.264897611Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.267106968Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.270623673Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.271761504Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.274836719Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.276703761Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.279698334Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.281064294Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.285555663Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.287133671Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.291854672Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.29423526Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.298776233Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.300273499Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.305175381Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.306844531Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.310242072Z 61 PC: 15504 | Open file (Filename = '\TEST.EXE')
2018-12-17T23:10:32.316397722Z 66 PC: 15636 | Move file pointer
2018-12-17T23:10:32.318297266Z 63 PC: 155d7 | Read file or device (Read 4 bytes on handle 6)
2018-12-17T23:10:32.320723199Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.322029466Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.32501348Z 26 PC: 148ac | Set disk transfer address
2018-12-17T23:10:32.326121885Z 78 PC: 148b8 | Find first file
2018-12-17T23:10:32.331235294Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.332777295Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.335090727Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.336313757Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.339394433Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.340618986Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.343577221Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.345940438Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.349510143Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.351010535Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.354993107Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.356783846Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.359935224Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.361636013Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.365522705Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.367027415Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.370992063Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.373064592Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.376192977Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.377716173Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.381928948Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.383439469Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.386580168Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.388857462Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.392455771Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.393610774Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.397262904Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.398924259Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.402223395Z 26 PC: 148d0 | Set disk transfer address
2018-12-17T23:10:32.403574878Z 79 PC: 148d5 | Find next file
2018-12-17T23:10:32.406310564Z 44 PC: 147a9 | Get time 0x147a9: xor ah, ah
0x147ab: mov al, dl
0x147ad: les di, ptr [bp + 6]
0x147b0: stosw word ptr es:[di], ax
0x147b1: mov al, dh
0x147b3: les di, ptr [bp + 0xa]
0x147b6: stosw word ptr es:[di], ax
0x147b7: mov al, cl
0x147b9: les di, ptr [bp + 0xe]
0x147bc: stosw word ptr es:[di], ax
0x147bd: mov al, ch
0x147bf: les di, ptr [bp + 0x12]
0x147c2: stosw word ptr es:[di], ax
0x147c3: pop bp
0x147c4: retf 0x10
0x147c7: push bp
0x147c8: mov bp, sp
0x147ca: mov ch, byte ptr [bp + 0xc]
0x147cd: mov cl, byte ptr [bp + 0xa]
0x147d0: mov dh, byte ptr [bp + 8]
2018-12-17T23:10:32.408311919Z 42 PC: 14773 | Get date 0x14773: xor ah, ah
0x14775: les di, ptr [bp + 6]
0x14778: stosw word ptr es:[di], ax
0x14779: mov al, dl
0x1477b: les di, ptr [bp + 0xa]
0x1477e: stosw word ptr es:[di], ax
0x1477f: mov al, dh
0x14781: les di, ptr [bp + 0xe]
0x14784: stosw word ptr es:[di], ax
0x14785: xchg ax, cx
0x14786: les di, ptr [bp + 0x12]
0x14789: stosw word ptr es:[di], ax
0x1478a: pop bp
0x1478b: retf 0x10
0x1478e: push bp
0x1478f: mov bp, sp
0x14791: mov cx, word ptr [bp + 0xa]
0x14794: mov dh, byte ptr [bp + 8]
0x14797: mov dl, byte ptr [bp + 6]
0x1479a: mov ah, 0x2b
2018-12-17T23:10:32.410506277Z 48 PC: 156b8 | Get DOS version
2018-12-17T23:10:32.412165298Z 26 PC: 148ac | Set disk transfer address
2018-12-17T23:10:32.413221695Z 78 PC: 148b8 | Find first file
2018-12-17T23:10:32.418985978Z 48 PC: 156b8 | Get DOS version
2018-12-17T23:10:32.421773602Z 67 PC: 14835 | Get or set file attributes
2018-12-17T23:10:32.433756154Z 61 PC: 15504 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:10:32.442304104Z 66 PC: 15636 | Move file pointer
2018-12-17T23:10:32.445401771Z 63 PC: 155d7 | Read file or device (Read 8000 bytes on handle 7)
2018-12-17T23:10:32.454349834Z 66 PC: 15636 | Move file pointer
2018-12-17T23:10:32.456238237Z 64 PC: 15535 | Write file or device (Write 0 bytes on handle 7)
2018-12-17T23:10:32.464256009Z 66 PC: 15636 | Move file pointer
2018-12-17T23:10:32.466260169Z 64 PC: 155d7 | Write file or device (Write 8000 bytes on handle 7)
2018-12-17T23:10:32.475680832Z 87 PC: 1487c | Get or set file date and time
2018-12-17T23:10:32.478618488Z 67 PC: 14835 | Get or set file attributes
2018-12-17T23:10:32.490555834Z 62 PC: 15554 | Close file
2018-12-17T23:10:32.49863362Z 37 PC: 14928 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:10:32.501221558Z 37 PC: 14928 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:10:32.502957283Z 37 PC: 14928 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:32.504634669Z 53 PC: 1493e | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:32.507066423Z 37 PC: 14947 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:32.50882914Z 53 PC: 1493e | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:10:32.510596064Z 37 PC: 14947 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:10:32.512327641Z 53 PC: 1493e | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:32.515012131Z 37 PC: 14947 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:32.517532753Z 53 PC: 1493e | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:32.519494824Z 37 PC: 14947 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:32.522571702Z 53 PC: 1493e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:32.524243867Z 37 PC: 14947 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:32.525868373Z 53 PC: 1493e | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:10:32.528276754Z 37 PC: 14947 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:10:32.529406219Z 53 PC: 1493e | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:10:32.53053394Z 37 PC: 14947 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:10:32.532322134Z 53 PC: 1493e | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:10:32.53349501Z 37 PC: 14947 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:10:32.534768616Z 53 PC: 1493e | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:10:32.537285671Z 37 PC: 14947 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:10:32.538936497Z 53 PC: 1493e | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:10:32.540635913Z 37 PC: 14947 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:10:32.543267584Z 53 PC: 1493e | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:10:32.544743991Z 37 PC: 14947 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:10:32.548477555Z 53 PC: 1493e | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:10:32.551125186Z 37 PC: 14947 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:10:32.552729484Z 53 PC: 1493e | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:10:32.554547644Z 37 PC: 14947 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:10:32.556963489Z 53 PC: 1493e | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:10:32.559033513Z 37 PC: 14947 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:10:32.560411054Z 53 PC: 1493e | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:10:32.563203818Z 37 PC: 14947 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:10:32.565212687Z 53 PC: 1493e | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:10:32.566642136Z 37 PC: 14947 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:10:32.568332045Z 53 PC: 1493e | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:32.570544206Z 37 PC: 14947 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:32.571946334Z 53 PC: 1493e | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:10:32.573378889Z 37 PC: 14947 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:10:32.576853966Z 41 PC: 149c6 | Parse filename
2018-12-17T23:10:32.578470768Z 41 PC: 149d4 | Parse filename
2018-12-17T23:10:32.581704851Z 75 PC: 149df | Execute program
2018-12-17T23:10:32.610719263Z 80 PC: 1bc59 | Set current PSP
2018-12-17T23:10:32.612000172Z 48 PC: 1bc5e | Get DOS version
2018-12-17T23:10:32.614089944Z 99 PC: 22440 | Get DBCS lead byte table pointer
2018-12-17T23:10:32.617976395Z 101 PC: 1bce4 | Get extended country info
2018-12-17T23:10:32.619843156Z 99 PC: 1bcea | Get DBCS lead byte table pointer
2018-12-17T23:10:32.621384315Z 74 PC: 1bd4c | Reallocate memory
2018-12-17T23:10:32.623827281Z 25 PC: 1bd83 | Get default drive
2018-12-17T23:10:32.62697901Z 37 PC: 1b843 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:10:32.628380336Z 37 PC: 1b84a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:32.630669853Z 37 PC: 1b851 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:32.635617982Z 74 PC: 1a9ec | Reallocate memory
2018-12-17T23:10:32.637874457Z 72 PC: 1aa2d | Allocate memory
2018-12-17T23:10:32.640900099Z 72 PC: 1aa65 | Allocate memory
2018-12-17T23:10:32.642973098Z 72 PC: 1aa6d | Allocate memory