Sample viewer

vx.netlux.org/Virus.DOS.Nolz.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:03.93543944Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:03.93704447Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:03.938135523Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:03.939144007Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:03.948878882Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:03.953193023Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:03.954155962Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:03.955689021Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:03.956884685Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:03.958047925Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:03.960654577Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:03.96183652Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:03.962949755Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:03.964487235Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:03.965969777Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:03.967261908Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:03.968328577Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:03.970006446Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:03.971090829Z	53	PC: 131aa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:03.97215506Z	37	PC: 131bf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:03.974021195Z	37	PC: 131c7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:03.974957558Z	37	PC: 131cf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:03.975932711Z	37	PC: 131d7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:03.986113007Z	68	PC: 13d28 \| I/O control for devices (Set for = '')
2018-12-17T22:43:03.988017687Z	64	PC: 135c8 \| Write file or device (Write 10 bytes on handle 1)
2018-12-17T22:43:03.99278562Z	26	PC: 130f5 \| Set disk transfer address
2018-12-17T22:43:03.994362089Z	78	PC: 13101 \| Find first file
2018-12-17T22:43:04.000541195Z	64	PC: 135c8 \| Write file or device (Write 10 bytes on handle 1)
2018-12-17T22:43:04.005226794Z	48	PC: 13a4e \| Get DOS version
2018-12-17T22:43:04.007232784Z	61	PC: 13900 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:04.013940527Z	61	PC: 13900 \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:43:04.02067565Z	64	PC: 135c8 \| Write file or device (Write 5 bytes on handle 1)
2018-12-17T22:43:04.025539518Z	64	PC: 135c8 \| Write file or device (Write 11 bytes on handle 1)
2018-12-17T22:43:04.03039605Z	63	PC: 139d3 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:43:04.033817183Z	63	PC: 139d3 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:43:04.041167727Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.043235024Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.045327756Z	64	PC: 135c8 \| Write file or device (Write 23 bytes on handle 1)
2018-12-17T22:43:04.052255707Z	26	PC: 13119 \| Set disk transfer address
2018-12-17T22:43:04.053313428Z	79	PC: 1311e \| Find next file
2018-12-17T22:43:04.05595995Z	26	PC: 130f5 \| Set disk transfer address
2018-12-17T22:43:04.057721388Z	78	PC: 13101 \| Find first file
2018-12-17T22:43:04.06370493Z	64	PC: 135c8 \| Write file or device (Write 10 bytes on handle 1)
2018-12-17T22:43:04.068308284Z	26	PC: 130f5 \| Set disk transfer address
2018-12-17T22:43:04.069728202Z	78	PC: 13101 \| Find first file
2018-12-17T22:43:04.076311169Z	64	PC: 135c8 \| Write file or device (Write 11 bytes on handle 1)
2018-12-17T22:43:04.081186649Z	48	PC: 13a4e \| Get DOS version
2018-12-17T22:43:04.083091343Z	61	PC: 13900 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:04.089633514Z	61	PC: 13900 \| Open file (Filename = '\SLEEP.COM')
2018-12-17T22:43:04.097272477Z	64	PC: 135c8 \| Write file or device (Write 5 bytes on handle 1)
2018-12-17T22:43:04.100619359Z	64	PC: 135c8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:43:04.103868954Z	63	PC: 139d3 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:43:04.107068103Z	63	PC: 139d3 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:43:04.117072776Z	64	PC: 135c8 \| Write file or device (Write 20 bytes on handle 1)
2018-12-17T22:43:04.120271868Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.121490671Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.123401233Z	64	PC: 135c8 \| Write file or device (Write 23 bytes on handle 1)
2018-12-17T22:43:04.129672714Z	48	PC: 13a4e \| Get DOS version
2018-12-17T22:43:04.131008295Z	61	PC: 13900 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:04.139567353Z	64	PC: 135c8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:43:04.144294466Z	61	PC: 13900 \| Open file (Filename = '\SLEEP.COM')
2018-12-17T22:43:04.150693662Z	63	PC: 139d3 \| Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:43:04.158604255Z	64	PC: 139d3 \| Write file or device (Write 5488 bytes on handle 6)
2018-12-17T22:43:04.201554546Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.203651404Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.213891656Z	64	PC: 135c8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:43:04.216866219Z	26	PC: 13119 \| Set disk transfer address
2018-12-17T22:43:04.217912888Z	79	PC: 1311e \| Find next file
2018-12-17T22:43:04.220211385Z	64	PC: 135c8 \| Write file or device (Write 11 bytes on handle 1)
2018-12-17T22:43:04.226552756Z	48	PC: 13a4e \| Get DOS version
2018-12-17T22:43:04.228573644Z	61	PC: 13900 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:04.235595429Z	61	PC: 13900 \| Open file (Filename = '\PRINT.COM')
2018-12-17T22:43:04.242979254Z	64	PC: 135c8 \| Write file or device (Write 5 bytes on handle 1)
2018-12-17T22:43:04.24633507Z	64	PC: 135c8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:43:04.251188741Z	63	PC: 139d3 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:43:04.254507072Z	63	PC: 139d3 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:43:04.261068931Z	64	PC: 135c8 \| Write file or device (Write 20 bytes on handle 1)
2018-12-17T22:43:04.268000873Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.270098801Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.272138484Z	64	PC: 135c8 \| Write file or device (Write 23 bytes on handle 1)
2018-12-17T22:43:04.277001785Z	48	PC: 13a4e \| Get DOS version
2018-12-17T22:43:04.27882638Z	61	PC: 13900 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:04.287376403Z	64	PC: 135c8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:43:04.29275831Z	61	PC: 13900 \| Open file (Filename = '\PRINT.COM')
2018-12-17T22:43:04.300426452Z	63	PC: 139d3 \| Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:43:04.3078928Z	64	PC: 139d3 \| Write file or device (Write 5488 bytes on handle 6)
2018-12-17T22:43:04.3163213Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.31872254Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.327926347Z	64	PC: 135c8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:43:04.332436069Z	26	PC: 13119 \| Set disk transfer address
2018-12-17T22:43:04.334814299Z	79	PC: 1311e \| Find next file
2018-12-17T22:43:04.337807119Z	64	PC: 135c8 \| Write file or device (Write 11 bytes on handle 1)
2018-12-17T22:43:04.343631942Z	48	PC: 13a4e \| Get DOS version
2018-12-17T22:43:04.345415568Z	61	PC: 13900 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:04.352701144Z	61	PC: 13900 \| Open file (Filename = '\HELLO.COM')
2018-12-17T22:43:04.359559542Z	64	PC: 135c8 \| Write file or device (Write 5 bytes on handle 1)
2018-12-17T22:43:04.363175589Z	64	PC: 135c8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:43:04.367630333Z	63	PC: 139d3 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:43:04.370262729Z	63	PC: 139d3 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:43:04.377245349Z	64	PC: 135c8 \| Write file or device (Write 20 bytes on handle 1)
2018-12-17T22:43:04.382305137Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.38405174Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.386277703Z	64	PC: 135c8 \| Write file or device (Write 23 bytes on handle 1)
2018-12-17T22:43:04.391261831Z	48	PC: 13a4e \| Get DOS version
2018-12-17T22:43:04.393347342Z	61	PC: 13900 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:04.400532966Z	64	PC: 135c8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:43:04.406265041Z	61	PC: 13900 \| Open file (Filename = '\HELLO.COM')
2018-12-17T22:43:04.414470066Z	63	PC: 139d3 \| Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:43:04.422154749Z	64	PC: 139d3 \| Write file or device (Write 5488 bytes on handle 6)
2018-12-17T22:43:04.430689153Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.432448802Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.441025267Z	64	PC: 135c8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:43:04.445286525Z	26	PC: 13119 \| Set disk transfer address
2018-12-17T22:43:04.446325533Z	79	PC: 1311e \| Find next file
2018-12-17T22:43:04.449875923Z	64	PC: 135c8 \| Write file or device (Write 11 bytes on handle 1)
2018-12-17T22:43:04.455260279Z	48	PC: 13a4e \| Get DOS version
2018-12-17T22:43:04.456792065Z	61	PC: 13900 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:04.464661438Z	61	PC: 13900 \| Open file (Filename = '\PHANG.COM')
2018-12-17T22:43:04.471346168Z	64	PC: 135c8 \| Write file or device (Write 5 bytes on handle 1)
2018-12-17T22:43:04.474257708Z	64	PC: 135c8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:43:04.479234999Z	63	PC: 139d3 \| Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:43:04.481771304Z	63	PC: 139d3 \| Read file or device (Read 25 bytes on handle 6)
2018-12-17T22:43:04.488131493Z	64	PC: 135c8 \| Write file or device (Write 20 bytes on handle 1)
2018-12-17T22:43:04.493201545Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.494981602Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.497003359Z	64	PC: 135c8 \| Write file or device (Write 23 bytes on handle 1)
2018-12-17T22:43:04.503515917Z	48	PC: 13a4e \| Get DOS version
2018-12-17T22:43:04.5050463Z	61	PC: 13900 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:43:04.512080039Z	64	PC: 135c8 \| Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:43:04.518071152Z	61	PC: 13900 \| Open file (Filename = '\PHANG.COM')
2018-12-17T22:43:04.525955375Z	63	PC: 139d3 \| Read file or device (Read 5488 bytes on handle 5)
2018-12-17T22:43:04.533308312Z	64	PC: 139d3 \| Write file or device (Write 5488 bytes on handle 6)
2018-12-17T22:43:04.54064024Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.541928789Z	62	PC: 13950 \| Close file
2018-12-17T22:43:04.547232322Z	64	PC: 135c8 \| Write file or device (Write 34 bytes on handle 1)
2018-12-17T22:43:04.551304988Z	64	PC: 135c8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:43:04.552755968Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:04.554349504Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:04.555694007Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:04.556515611Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:04.557354365Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:04.559295634Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:04.560735533Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:04.565162253Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:04.567206809Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:04.568916697Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:04.570326699Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:04.572198319Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:04.573369165Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:04.574422861Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:04.57586766Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:04.576849503Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:04.577835178Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:04.579169636Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:04.580103391Z	37	PC: 13301 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:04.580930519Z	76	PC: 13340 \| Terminate with return code (Return code = '0')