Sample viewer

vx.netlux.org/Trojan.DOS.DontRun.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:28.717398519Z 48 PC: 160ec | Get DOS version
2018-12-17T22:50:28.719448209Z 74 PC: 1613c | Reallocate memory
2018-12-17T22:50:28.722137371Z 48 PC: 161a0 | Get DOS version
2018-12-17T22:50:28.723516141Z 53 PC: 161a8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:28.725092984Z 37 PC: 161ba | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:28.7277312Z 68 PC: 1624b | I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:50:28.730118135Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:50:28.739043362Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:50:28.741441116Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:50:28.743238794Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:50:28.745343087Z 53 PC: 14768 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:28.747365006Z 53 PC: 14775 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:50:28.748893538Z 53 PC: 14782 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:28.750467605Z 37 PC: 14797 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:28.754073769Z 37 PC: 1479f | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:50:28.759376592Z 37 PC: 147a7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:28.761093677Z 53 PC: 15226 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:50:28.762686239Z 53 PC: 15233 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:50:28.76482631Z 53 PC: 15242 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:28.766374789Z 37 PC: 1524f | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:50:28.767704487Z 53 PC: 15256 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:50:28.770291126Z 37 PC: 15263 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:50:28.771976954Z 53 PC: 1526f | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:50:28.776963923Z 48 PC: 15331 | Get DOS version
2018-12-17T22:50:28.779962065Z 74 PC: 13433 | Reallocate memory
2018-12-17T22:50:28.782436414Z 74 PC: 13433 | Reallocate memory
2018-12-17T22:50:28.784285468Z 68 PC: 146de | I/O control for devices (Set for = ' ')
2018-12-17T22:50:28.786695996Z 68 PC: 146de | I/O control for devices (Set for = '')
2018-12-17T22:50:28.789303224Z 51 PC: 146fc | Get or set Ctrl-Break
2018-12-17T22:50:28.791008047Z 51 PC: 14708 | Get or set Ctrl-Break
2018-12-17T22:50:28.802572333Z 74 PC: 13433 | Reallocate memory
2018-12-17T22:50:28.804466121Z 51 PC: 14713 | Get or set Ctrl-Break
2018-12-17T22:50:28.805845532Z 53 PC: 12e60 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:50:28.808799772Z 53 PC: 12e6d | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:50:28.81037967Z 53 PC: 12e7a | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:28.811830666Z 37 PC: 12e95 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:50:28.814326745Z 53 PC: 12e9d | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:50:28.82011005Z 37 PC: 12eaa | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:28.821662978Z 53 PC: 12eb1 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:50:28.82717303Z 37 PC: 12ebe | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:50:28.829369396Z 37 PC: 12ec8 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:50:28.830966697Z 37 PC: 12ed3 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:50:28.83260789Z 37 PC: 162fc | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:28.836278796Z 41 PC: 15efb | Parse filename
2018-12-17T22:50:28.838519906Z 41 PC: 15efd | Parse filename
2018-12-17T22:50:28.840627336Z 41 PC: 15f02 | Parse filename
2018-12-17T22:50:28.84296083Z 75 PC: 15f18 | Execute program
2018-12-17T22:50:28.867006914Z 80 PC: 18f99 | Set current PSP
2018-12-17T22:50:28.86822882Z 48 PC: 18f9e | Get DOS version
2018-12-17T22:50:28.871228486Z 99 PC: 1f780 | Get DBCS lead byte table pointer
2018-12-17T22:50:28.874574722Z 101 PC: 19024 | Get extended country info
2018-12-17T22:50:28.876023334Z 99 PC: 1902a | Get DBCS lead byte table pointer
2018-12-17T22:50:28.877862148Z 74 PC: 1908c | Reallocate memory
2018-12-17T22:50:28.879568915Z 25 PC: 190c3 | Get default drive
2018-12-17T22:50:28.880873646Z 37 PC: 18b83 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:50:28.883715294Z 37 PC: 18b8a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:50:28.885355125Z 37 PC: 18b91 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:28.8902015Z 74 PC: 17d2c | Reallocate memory
2018-12-17T22:50:28.892315311Z 72 PC: 17d6d | Allocate memory
2018-12-17T22:50:28.894776023Z 72 PC: 17da5 | Allocate memory
2018-12-17T22:50:28.896662317Z 72 PC: 17dad | Allocate memory