Sample viewer

vx.netlux.org/Virus.DOS.HLLP.Nazi.8600

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:08.183545912Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:08.185664824Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:08.192346826Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:08.194852146Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:08.196922483Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:08.199932997Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:08.204825555Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:08.206768592Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:08.210946512Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:08.213545501Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:08.216299568Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:08.218852256Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:08.220236727Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:08.221624016Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:08.227681203Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:08.229373851Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:08.230946422Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:08.234201174Z 53 PC: 14db6 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:08.236034029Z 37 PC: 14dcb | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:08.237770186Z 37 PC: 14dd3 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:08.239803349Z 37 PC: 14ddb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:08.243746475Z 37 PC: 14de3 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:08.24602149Z 68 PC: 154d5 | I/O control for devices (Set for = '')
2018-12-17T22:48:08.318840486Z 37 PC: 14477 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:08.320858573Z 48 PC: 15a4c | Get DOS version
2018-12-17T22:48:08.322325043Z 53 PC: 14c0c | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:08.323487889Z 37 PC: 14c28 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:08.325060428Z 53 PC: 14c0c | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:08.326349957Z 37 PC: 14c28 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:08.327508461Z 51 PC: 14afb | Get or set Ctrl-Break
2018-12-17T22:48:08.328967625Z 53 PC: 14c0c | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:48:08.330453582Z 37 PC: 14c28 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:48:08.331817026Z 60 PC: 15898 | Create or truncate file
2018-12-17T22:48:08.351587998Z 65 PC: 159e1 | Delete file (Filename = '\�')
2018-12-17T22:48:08.363596403Z 48 PC: 15a4c | Get DOS version
2018-12-17T22:48:08.365330571Z 61 PC: 15898 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:08.373322199Z 66 PC: 159ca | Move file pointer
2018-12-17T22:48:08.375153175Z 63 PC: 1596b | Read file or device (Read 4 bytes on handle 6)
2018-12-17T22:48:08.378530816Z 62 PC: 158e8 | Close file
2018-12-17T22:48:08.381658542Z 48 PC: 15a4c | Get DOS version
2018-12-17T22:48:08.385092292Z 61 PC: 15898 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:08.392654778Z 63 PC: 1596b | Read file or device (Read 8600 bytes on handle 6)
2018-12-17T22:48:08.401319914Z 62 PC: 158e8 | Close file
2018-12-17T22:48:08.40458061Z 26 PC: 14bac | Set disk transfer address
2018-12-17T22:48:08.405762532Z 78 PC: 14bb8 | Find first file
2018-12-17T22:48:08.414001743Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.416401717Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.420348811Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.421489169Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.426051702Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.427329376Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.43081918Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.432463471Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.436778354Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.438181954Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.442313837Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.443586518Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.447373291Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.448500297Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.452265195Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.453420515Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.4570454Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.459133928Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.462650848Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.463815577Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.467779989Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.469447091Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.47355231Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.4758685Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.479774303Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.481246441Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.487418537Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.489063952Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.49366116Z 61 PC: 15898 | Open file (Filename = '\TEST.EXE')
2018-12-17T22:48:08.499706727Z 66 PC: 159ca | Move file pointer
2018-12-17T22:48:08.501257531Z 63 PC: 1596b | Read file or device (Read 4 bytes on handle 6)
2018-12-17T22:48:08.503306768Z 62 PC: 158e8 | Close file
2018-12-17T22:48:08.504813925Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.506280184Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.50826356Z 26 PC: 14bac | Set disk transfer address
2018-12-17T22:48:08.509227578Z 78 PC: 14bb8 | Find first file
2018-12-17T22:48:08.514131798Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.515173815Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.517132047Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.518752678Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.520804401Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.521739161Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.524319418Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.525399462Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.527436611Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.52914042Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.531150501Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.532107023Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.534897514Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.535882616Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.539146262Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.540502117Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.54345635Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.544954976Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.546853469Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.548720899Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.550779027Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.551788041Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.554746669Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.556059895Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.558321469Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.560526995Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.56263078Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.563758789Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.566500798Z 26 PC: 14bd0 | Set disk transfer address
2018-12-17T22:48:08.567603486Z 79 PC: 14bd5 | Find next file
2018-12-17T22:48:08.569603516Z 44 PC: 14aa9 | Get time 0x14aa9: xor ah, ah
0x14aab: mov al, dl
0x14aad: les di, ptr [bp + 6]
0x14ab0: stosw word ptr es:[di], ax
0x14ab1: mov al, dh
0x14ab3: les di, ptr [bp + 0xa]
0x14ab6: stosw word ptr es:[di], ax
0x14ab7: mov al, cl
0x14ab9: les di, ptr [bp + 0xe]
0x14abc: stosw word ptr es:[di], ax
0x14abd: mov al, ch
0x14abf: les di, ptr [bp + 0x12]
0x14ac2: stosw word ptr es:[di], ax
0x14ac3: pop bp
0x14ac4: retf 0x10
0x14ac7: push bp
0x14ac8: mov bp, sp
0x14aca: mov ch, byte ptr [bp + 0xc]
0x14acd: mov cl, byte ptr [bp + 0xa]
0x14ad0: mov dh, byte ptr [bp + 8]
2018-12-17T22:48:08.577162803Z 42 PC: 14a73 | Get date 0x14a73: xor ah, ah
0x14a75: les di, ptr [bp + 6]
0x14a78: stosw word ptr es:[di], ax
0x14a79: mov al, dl
0x14a7b: les di, ptr [bp + 0xa]
0x14a7e: stosw word ptr es:[di], ax
0x14a7f: mov al, dh
0x14a81: les di, ptr [bp + 0xe]
0x14a84: stosw word ptr es:[di], ax
0x14a85: xchg ax, cx
0x14a86: les di, ptr [bp + 0x12]
0x14a89: stosw word ptr es:[di], ax
0x14a8a: pop bp
0x14a8b: retf 0x10
0x14a8e: push bp
0x14a8f: mov bp, sp
0x14a91: mov cx, word ptr [bp + 0xa]
0x14a94: mov dh, byte ptr [bp + 8]
0x14a97: mov dl, byte ptr [bp + 6]
0x14a9a: mov ah, 0x2b
2018-12-17T22:48:08.579070964Z 48 PC: 15a4c | Get DOS version
2018-12-17T22:48:08.580263938Z 26 PC: 14bac | Set disk transfer address
2018-12-17T22:48:08.582030046Z 78 PC: 14bb8 | Find first file
2018-12-17T22:48:08.586992323Z 48 PC: 15a4c | Get DOS version
2018-12-17T22:48:08.58845831Z 67 PC: 14b35 | Get or set file attributes
2018-12-17T22:48:08.782213939Z 61 PC: 15898 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:48:08.790735519Z 66 PC: 159ca | Move file pointer
2018-12-17T22:48:08.793369357Z 63 PC: 1596b | Read file or device (Read 8600 bytes on handle 6)
2018-12-17T22:48:08.803031462Z 66 PC: 159ca | Move file pointer
2018-12-17T22:48:08.805262811Z 64 PC: 158c9 | Write file or device (Write 0 bytes on handle 6)
2018-12-17T22:48:08.903492966Z 66 PC: 159ca | Move file pointer
2018-12-17T22:48:08.9053658Z 64 PC: 1596b | Write file or device (Write 8600 bytes on handle 6)
2018-12-17T22:48:08.916511169Z 87 PC: 14b7c | Get or set file date and time
2018-12-17T22:48:08.918081357Z 67 PC: 14b35 | Get or set file attributes
2018-12-17T22:48:08.925942593Z 62 PC: 158e8 | Close file
2018-12-17T22:48:08.931986515Z 37 PC: 14c28 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:48:08.933641924Z 37 PC: 14c28 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:08.935332694Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:08.937493924Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:08.938833213Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:08.940159409Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:08.942322622Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:08.943751055Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:08.945153815Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:08.947276371Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:08.94857841Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:08.949918836Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:08.951890743Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:08.953489539Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:08.955037417Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:08.958070667Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:08.959375476Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:08.960688322Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:08.962697368Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:08.963997615Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:08.965261674Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:08.968111647Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:08.969973455Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:08.971582904Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:08.974054328Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:08.975240496Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:08.9763887Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:08.978678439Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:08.980279946Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:08.981902221Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:08.984105921Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:08.985806613Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:08.987424908Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:08.989635919Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:08.991332612Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:08.993070767Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:08.994926882Z 53 PC: 14c3e | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:08.99683283Z 37 PC: 14c47 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:08.998799689Z 41 PC: 14cc6 | Parse filename
2018-12-17T22:48:09.001342441Z 41 PC: 14cd4 | Parse filename
2018-12-17T22:48:09.004057123Z 75 PC: 14cdf | Execute program
2018-12-17T22:48:09.028819971Z 80 PC: 1c709 | Set current PSP
2018-12-17T22:48:09.030608765Z 48 PC: 1c70e | Get DOS version
2018-12-17T22:48:09.032501497Z 99 PC: 22ef0 | Get DBCS lead byte table pointer
2018-12-17T22:48:09.036264955Z 101 PC: 1c794 | Get extended country info
2018-12-17T22:48:09.03853882Z 99 PC: 1c79a | Get DBCS lead byte table pointer
2018-12-17T22:48:09.041154722Z 74 PC: 1c7fc | Reallocate memory
2018-12-17T22:48:09.045615546Z 25 PC: 1c833 | Get default drive
2018-12-17T22:48:09.047411728Z 37 PC: 1c2f3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:48:09.048576722Z 37 PC: 1c2fa | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:09.049726379Z 37 PC: 1c301 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:09.055197344Z 74 PC: 1b49c | Reallocate memory
2018-12-17T22:48:09.056843971Z 72 PC: 1b4dd | Allocate memory
2018-12-17T22:48:09.058589436Z 72 PC: 1b515 | Allocate memory
2018-12-17T22:48:09.061365486Z 72 PC: 1b51d | Allocate memory