Sample viewer

vx.netlux.org/Virus.DOS.HLLC.Nazi.4752

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:09:56.21777892Z 53 PC: 12fca | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:56.226596116Z 53 PC: 12fca | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:09:56.227836147Z 53 PC: 12fca | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:09:56.228999184Z 53 PC: 12fca | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:56.231053854Z 53 PC: 12fca | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:09:56.232277226Z 53 PC: 12fca | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:56.2334168Z 53 PC: 12fca | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:09:56.235038491Z 53 PC: 12fca | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:09:56.237797119Z 53 PC: 12fca | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:09:56.239222624Z 53 PC: 12fca | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:09:56.240616523Z 53 PC: 12fca | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:09:56.242781723Z 53 PC: 12fca | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:09:56.244293762Z 53 PC: 12fca | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:09:56.245706142Z 53 PC: 12fca | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:09:56.24773959Z 53 PC: 12fca | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:09:56.249966886Z 53 PC: 12fca | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:09:56.251624587Z 53 PC: 12fca | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:09:56.254037725Z 53 PC: 12fca | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:09:56.25582339Z 53 PC: 12fca | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:09:56.257040693Z 37 PC: 12fdf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:56.258626943Z 37 PC: 12fe7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:09:56.259856802Z 37 PC: 12fef | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:56.26107745Z 37 PC: 12ff7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:09:56.267982933Z 68 PC: 13ab8 | I/O control for devices (Set for = '� �>%�u�%�')
2018-12-17T22:09:56.270449696Z 26 PC: 12dd5 | Set disk transfer address
2018-12-17T22:09:56.27241508Z 78 PC: 12de1 | Find first file
2018-12-17T22:09:56.280981803Z 61 PC: 13690 | Open file (Filename = 'TEST.COM')
2018-12-17T22:09:56.288456942Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:56.290030722Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:56.291631395Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:09:56.300643594Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:09:56.302327165Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:09:56.304022718Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:09:56.313482464Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:56.314705565Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:56.315863464Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:09:56.318353865Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:09:56.31942113Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:56.320443762Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:56.323054772Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:09:56.32455162Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:09:56.326085054Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:09:56.328416435Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:09:56.329560432Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:09:56.330658556Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:09:56.332607874Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:09:56.334143822Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:09:56.335612046Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:09:56.337404947Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:09:56.339519047Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:09:56.341070615Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:09:56.342609079Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:09:56.344576571Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:09:56.346118013Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:09:56.347854532Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:09:56.349907727Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:09:56.351125261Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:09:56.352239091Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:09:56.360877334Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:09:56.362245516Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:09:56.363545592Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:09:56.365639093Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:09:56.367167719Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:09:56.368567754Z 53 PC: 12f44 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:09:56.370851413Z 37 PC: 12f4d | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:09:56.372866876Z 48 PC: 137de | Get DOS version
2018-12-17T22:09:56.374647128Z 41 PC: 12efb | Parse filename
2018-12-17T22:09:56.376898917Z 41 PC: 12f09 | Parse filename
2018-12-17T22:09:56.378462175Z 75 PC: 12f14 | Execute program
2018-12-17T22:09:56.400653525Z 80 PC: 16049 | Set current PSP
2018-12-17T22:09:56.4023433Z 48 PC: 1604e | Get DOS version
2018-12-17T22:09:56.404113585Z 99 PC: 1c830 | Get DBCS lead byte table pointer
2018-12-17T22:09:56.406936945Z 101 PC: 160d4 | Get extended country info
2018-12-17T22:09:56.409270669Z 99 PC: 160da | Get DBCS lead byte table pointer
2018-12-17T22:09:56.411068388Z 74 PC: 1613c | Reallocate memory
2018-12-17T22:09:56.412769946Z 25 PC: 16173 | Get default drive
2018-12-17T22:09:56.414832627Z 37 PC: 15c33 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:09:56.416474593Z 37 PC: 15c3a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:09:56.417834392Z 37 PC: 15c41 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:56.422914276Z 74 PC: 14ddc | Reallocate memory
2018-12-17T22:09:56.424548387Z 72 PC: 14e1d | Allocate memory
2018-12-17T22:09:56.426374383Z 72 PC: 14e55 | Allocate memory
2018-12-17T22:09:56.428542611Z 72 PC: 14e5d | Allocate memory