Sample viewer

vx.netlux.org/Trojan.DOS.Pcb

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:29.326232307Z 48 PC: 1988c | Get DOS version
2018-12-17T22:52:29.32867689Z 74 PC: 198dc | Reallocate memory
2018-12-17T22:52:29.331105896Z 48 PC: 19940 | Get DOS version
2018-12-17T22:52:29.332834297Z 53 PC: 19948 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:29.338055453Z 37 PC: 1995a | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:29.340505915Z 53 PC: 1c782 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:52:29.342271489Z 37 PC: 1c792 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:52:29.346068988Z 53 PC: 1c797 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:29.347429236Z 37 PC: 1c7a7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:29.348863328Z 53 PC: 1a4d6 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:52:29.350471235Z 53 PC: 1a4d6 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:52:29.352451931Z 53 PC: 1a4d6 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:52:29.354321216Z 53 PC: 1a4d6 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:52:29.356018755Z 53 PC: 1a4d6 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:52:29.360819992Z 53 PC: 1a4d6 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:52:29.36211061Z 53 PC: 1a4d6 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:52:29.363387947Z 53 PC: 1a4d6 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:52:29.365518155Z 53 PC: 1a4d6 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:52:29.367371881Z 53 PC: 1a4d6 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:52:29.368979638Z 53 PC: 1a4d6 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:52:29.37124559Z 37 PC: 1a505 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:52:29.372484897Z 37 PC: 1a505 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:52:29.37347508Z 37 PC: 1a505 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:52:29.375151542Z 37 PC: 1a505 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:52:29.376566186Z 37 PC: 1a505 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:52:29.378386914Z 37 PC: 1a505 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:52:29.38080808Z 37 PC: 1a505 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:52:29.38291926Z 37 PC: 1a505 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:52:29.384427118Z 37 PC: 1a50c | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:52:29.38652105Z 37 PC: 1a511 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:52:29.388579943Z 68 PC: 199eb | I/O control for devices (Set for = '1�LPT2�LPT3�PIPE�')
2018-12-17T22:52:29.390479539Z 68 PC: 199eb | I/O control for devices (Set for = 'o')
2018-12-17T22:52:29.403767319Z 68 PC: 199eb | I/O control for devices (Set for = 'V�~�~�F��N�F��^[Y^_��>')
2018-12-17T22:52:29.405413731Z 68 PC: 199eb | I/O control for devices (Set for = '�^[Y^_��>')
2018-12-17T22:52:29.406869406Z 68 PC: 199eb | I/O control for devices (Set for = '�^[Y^_��>')
2018-12-17T22:52:29.409389897Z 53 PC: 1681a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:29.410953575Z 53 PC: 16827 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:52:29.412717652Z 53 PC: 16834 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:29.414115831Z 37 PC: 16849 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:29.415714505Z 37 PC: 16851 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:52:29.41699129Z 37 PC: 16859 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:29.418522457Z 53 PC: 172d8 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:52:29.420429347Z 53 PC: 172e5 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:52:29.42182644Z 53 PC: 172f4 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:52:29.423302829Z 37 PC: 17301 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:52:29.425158642Z 53 PC: 17308 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:52:29.426857203Z 37 PC: 17315 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:52:29.428446047Z 53 PC: 17321 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:52:29.43365524Z 48 PC: 173e3 | Get DOS version
2018-12-17T22:52:29.43506662Z 74 PC: 154e5 | Reallocate memory
2018-12-17T22:52:29.43685513Z 74 PC: 154e5 | Reallocate memory
2018-12-17T22:52:29.439040961Z 68 PC: 16790 | I/O control for devices (Set for = 'e of installation do you prefer? � ')
2018-12-17T22:52:29.440712849Z 68 PC: 16790 | I/O control for devices (Set for = '')
2018-12-17T22:52:29.442205534Z 51 PC: 167ae | Get or set Ctrl-Break
2018-12-17T22:52:29.443574006Z 51 PC: 167ba | Get or set Ctrl-Break
2018-12-17T22:52:29.445406685Z 44 PC: 195af | Get time 0x195af: mov al, 0x3c
0x195b1: mul ch
0x195b3: xor ch, ch
0x195b5: add ax, cx
0x195b7: mov bx, ax
0x195b9: push dx
0x195ba: call 0x294c4
0x195bd: pop dx
0x195be: mov ax, 0x3c
0x195c1: call 0x195eb
0x195c4: mov al, dh
0x195c6: mov ah, 1
0x195c8: call 0x195eb
0x195cb: mov ax, 0x64
0x195ce: call 0x195eb
0x195d1: mov al, dl
0x195d3: mov ah, 1
0x195d5: call 0x195eb
0x195d8: mov ax, 0x264
0x195db: call 0x195eb
2018-12-17T22:52:29.453755119Z 25 PC: 142a4 | Get default drive
2018-12-17T22:52:29.455991753Z 71 PC: 142b4 | Get current directory
2018-12-17T22:52:29.459880977Z 61 PC: 14886 | Open file (Filename = 'A:\INSTALL.INI')
2018-12-17T22:52:29.467349951Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.47015146Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.472679697Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.474879234Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.477802543Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.480097099Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.482405787Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.485109954Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.487394926Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.489634045Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.49246745Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.494647043Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.496644378Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.49958043Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.50174061Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.503747849Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.506568663Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.50882901Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.510845094Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.513409871Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.515969892Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.518140794Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.520698878Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.522953106Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.524941849Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.526837977Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.529024548Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.530546848Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.53252948Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.534954927Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.53718874Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.540418192Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.543128761Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.545870981Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.549557544Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.552033088Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.554147455Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.556541777Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.558892765Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.561412206Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.563911157Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.566743989Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.569411598Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.572275566Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.575702226Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.578333358Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.580987111Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.583775972Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.586102115Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.587865444Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.589752062Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.591459538Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.593032373Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.595026008Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.596677012Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.59854213Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.600595638Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.602653852Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.604397897Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.606290248Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.60817038Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.610636007Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.613415101Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.615923225Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.618377804Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.621142964Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.623406429Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.625584635Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.628506187Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.630708144Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.633019533Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.635660352Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.637848947Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.640015922Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.642734455Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.645017465Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.647104248Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.649882189Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.652060443Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.654180011Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.656674026Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.658866584Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.66103155Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.663758433Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.665885667Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.667891812Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.670408006Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.672581909Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.675420327Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.678229621Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.680474321Z 6 PC: 16761 | Direct console I/O
2018-12-17T22:52:29.684459533Z 12 PC: 1680a | Flush input buffer and input