Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Nazi.6128

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:14:55.680933742Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:14:55.68247724Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:14:55.683983515Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:14:55.685442854Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:14:55.68728109Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:14:55.688582455Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:14:55.689687416Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:14:55.691228428Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:14:55.692495606Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:14:55.693725998Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:14:55.695388895Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:14:55.696516789Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:14:55.69763387Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:14:55.69919595Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:14:55.70041796Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:14:55.701469574Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:14:55.702468417Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:14:55.703725077Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:14:55.704710422Z	53	PC: 13232 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:14:55.705708437Z	37	PC: 13247 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:14:55.707338821Z	37	PC: 1324f \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:14:55.708367746Z	37	PC: 13257 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:14:55.709298621Z	37	PC: 1325f \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:14:55.711491427Z	68	PC: 137df \| I/O control for devices (Set for = '')
2018-12-17T22:14:55.712964975Z	42	PC: 13057 \| Get date 0x13057: xor ah, ah 0x13059: les di, ptr [bp + 6] 0x1305c: stosw word ptr es:[di], ax 0x1305d: mov al, dl 0x1305f: les di, ptr [bp + 0xa] 0x13062: stosw word ptr es:[di], ax 0x13063: mov al, dh 0x13065: les di, ptr [bp + 0xe] 0x13068: stosw word ptr es:[di], ax 0x13069: xchg ax, cx 0x1306a: les di, ptr [bp + 0x12] 0x1306d: stosw word ptr es:[di], ax 0x1306e: pop bp 0x1306f: retf 0x10 0x13072: push bp 0x13073: mov bp, sp 0x13075: mov cx, word ptr [bp + 0xa] 0x13078: mov dh, byte ptr [bp + 8] 0x1307b: mov dl, byte ptr [bp + 6] 0x1307e: mov ah, 0x2b
2018-12-17T22:14:55.715245729Z	26	PC: 130e7 \| Set disk transfer address
2018-12-17T22:14:55.717490683Z	78	PC: 130f3 \| Find first file
2018-12-17T22:14:55.723430373Z	26	PC: 1310b \| Set disk transfer address
2018-12-17T22:14:55.72450198Z	79	PC: 13110 \| Find next file
2018-12-17T22:14:55.728126624Z	61	PC: 13dca \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:14:55.735155974Z	63	PC: 13e9d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:14:55.74129696Z	62	PC: 13e1a \| Close file
2018-12-17T22:14:55.74401738Z	48	PC: 1400a \| Get DOS version
2018-12-17T22:14:55.745369012Z	61	PC: 13dca \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:14:55.751895075Z	63	PC: 13e9d \| Read file or device (Read 6128 bytes on handle 5)
2018-12-17T22:14:55.762529408Z	62	PC: 13e1a \| Close file
2018-12-17T22:14:55.764330139Z	61	PC: 13dca \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:14:55.770720357Z	66	PC: 13f66 \| Move file pointer
2018-12-17T22:14:55.77236228Z	66	PC: 13f74 \| Move file pointer
2018-12-17T22:14:55.773598884Z	66	PC: 13f82 \| Move file pointer
2018-12-17T22:14:55.774899271Z	63	PC: 13e9d \| Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:14:55.777815096Z	66	PC: 13efc \| Move file pointer
2018-12-17T22:14:55.779224568Z	64	PC: 13e9d \| Write file or device (Write 6128 bytes on handle 5)
2018-12-17T22:14:55.794210935Z	64	PC: 13e9d \| Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:14:55.808487944Z	62	PC: 13e1a \| Close file
2018-12-17T22:14:55.814388208Z	48	PC: 1400a \| Get DOS version
2018-12-17T22:14:55.815372771Z	61	PC: 13dca \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:14:55.820382025Z	66	PC: 13f66 \| Move file pointer
2018-12-17T22:14:55.821449597Z	66	PC: 13f74 \| Move file pointer
2018-12-17T22:14:55.822721375Z	66	PC: 13f82 \| Move file pointer
2018-12-17T22:14:55.830043703Z	63	PC: 13e9d \| Read file or device (Read 6128 bytes on handle 5)
2018-12-17T22:14:55.837247583Z	62	PC: 13e1a \| Close file
2018-12-17T22:14:55.839273468Z	60	PC: 13dca \| Create or truncate file
2018-12-17T22:14:55.850737769Z	62	PC: 13e1a \| Close file
2018-12-17T22:14:55.854259245Z	41	PC: 1319e \| Parse filename
2018-12-17T22:14:55.855871167Z	41	PC: 131ac \| Parse filename
2018-12-17T22:14:55.857498224Z	75	PC: 131b7 \| Execute program
2018-12-17T22:14:55.867648182Z	65	PC: 13f9f \| Delete file (Filename = 'temp.com')
2018-12-17T22:14:55.878312543Z	64	PC: 138e2 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:14:55.879994305Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:14:55.882356599Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:14:55.88329309Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:14:55.884292294Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:14:55.885964124Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:14:55.887926308Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:14:55.889078357Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:14:55.890613623Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:14:55.891710436Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:14:55.892819289Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:14:55.894953605Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:14:55.896490754Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:14:55.897877887Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:14:55.900800203Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:14:55.901868755Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:14:55.902977143Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:14:55.904635376Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:14:55.905715468Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:14:55.90677527Z	37	PC: 13346 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:14:55.908462781Z	76	PC: 13385 \| Terminate with return code (Return code = '0')