Sample viewer

vx.netlux.org/Trojan.DOS.Shadow98

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:03.604969982Z	48	PC: 16e2c \| Get DOS version
2018-12-17T22:53:03.60747052Z	74	PC: 16e7c \| Reallocate memory
2018-12-17T22:53:03.609499982Z	48	PC: 16ee0 \| Get DOS version
2018-12-17T22:53:03.610842965Z	53	PC: 16ee8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:03.612922822Z	37	PC: 16efa \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:03.615260884Z	68	PC: 16f8b \| I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:53:03.616969503Z	68	PC: 16f8b \| I/O control for devices
2018-12-17T22:53:03.626706513Z	68	PC: 16f8b \| I/O control for devices
2018-12-17T22:53:03.629322037Z	68	PC: 16f8b \| I/O control for devices
2018-12-17T22:53:03.631158557Z	68	PC: 16f8b \| I/O control for devices
2018-12-17T22:53:03.633531645Z	53	PC: 15418 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:03.636139262Z	53	PC: 15425 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:53:03.638449322Z	53	PC: 15432 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:03.640716801Z	37	PC: 15447 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:03.644243075Z	37	PC: 1544f \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:53:03.645707316Z	37	PC: 15457 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:03.648439718Z	53	PC: 15ed6 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:03.651775595Z	53	PC: 15ee3 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:03.653585144Z	53	PC: 15ef2 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:53:03.658458178Z	37	PC: 15eff \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:03.66130746Z	53	PC: 15f06 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:03.663957117Z	37	PC: 15f13 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:03.665945513Z	53	PC: 15f1f \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:03.67356211Z	48	PC: 15fe1 \| Get DOS version
2018-12-17T22:53:03.675358214Z	74	PC: 140e3 \| Reallocate memory
2018-12-17T22:53:03.677581059Z	74	PC: 140e3 \| Reallocate memory
2018-12-17T22:53:03.679999292Z	68	PC: 1538e \| I/O control for devices (Set for = 'trib -S -H -R -A c:\IO.SYS')
2018-12-17T22:53:03.683272981Z	68	PC: 1538e \| I/O control for devices (Set for = '')
2018-12-17T22:53:03.684909475Z	51	PC: 153ac \| Get or set Ctrl-Break
2018-12-17T22:53:03.686024149Z	51	PC: 153b8 \| Get or set Ctrl-Break
2018-12-17T22:53:03.690651952Z	25	PC: 12ea2 \| Get default drive
2018-12-17T22:53:03.692101535Z	71	PC: 12eb2 \| Get current directory
2018-12-17T22:53:03.696296104Z	61	PC: 13484 \| Open file (Filename = 'A:\REVENGE.BAT')
2018-12-17T22:53:03.704376573Z	60	PC: 13349 \| Create or truncate file
2018-12-17T22:53:03.720906584Z	62	PC: 132b7 \| Close file
2018-12-17T22:53:03.723687368Z	61	PC: 13484 \| Open file (Filename = 'A:\REVENGE.BAT')
2018-12-17T22:53:03.740762603Z	68	PC: 133dd \| I/O control for devices (Set for = 'ree c:\win95\system')
2018-12-17T22:53:03.743915776Z	64	PC: 132a6 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:53:03.746386678Z	64	PC: 132a6 \| Write file or device (Write 350 bytes on handle 5)
2018-12-17T22:53:03.752165392Z	66	PC: 13059 \| Move file pointer
2018-12-17T22:53:03.75461788Z	62	PC: 132b7 \| Close file
2018-12-17T22:53:03.765640335Z	74	PC: 140e3 \| Reallocate memory
2018-12-17T22:53:03.768507351Z	51	PC: 153c3 \| Get or set Ctrl-Break
2018-12-17T22:53:03.77216448Z	37	PC: 15645 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:03.78223116Z	37	PC: 1564f \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:53:03.791959474Z	37	PC: 15659 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:03.794029522Z	53	PC: 13b10 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:03.795949238Z	53	PC: 13b1d \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:03.797758237Z	53	PC: 13b2a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:53:03.800536245Z	37	PC: 13b45 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:03.803548684Z	53	PC: 13b4d \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:03.805253436Z	37	PC: 13b5a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:53:03.807811922Z	53	PC: 13b61 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:03.809783486Z	37	PC: 13b6e \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:03.811435659Z	37	PC: 13b78 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:03.813982564Z	37	PC: 13b83 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:03.815586436Z	37	PC: 1703c \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:03.820338483Z	41	PC: 16c1b \| Parse filename
2018-12-17T22:53:03.822660635Z	41	PC: 16c1d \| Parse filename
2018-12-17T22:53:03.825433925Z	41	PC: 16c22 \| Parse filename
2018-12-17T22:53:03.82729484Z	75	PC: 16c38 \| Execute program
2018-12-17T22:53:03.851799481Z	80	PC: 19fb9 \| Set current PSP
2018-12-17T22:53:03.854097407Z	48	PC: 19fbe \| Get DOS version
2018-12-17T22:53:03.855885296Z	99	PC: 207a0 \| Get DBCS lead byte table pointer
2018-12-17T22:53:03.858690776Z	101	PC: 1a044 \| Get extended country info
2018-12-17T22:53:03.86109386Z	99	PC: 1a04a \| Get DBCS lead byte table pointer
2018-12-17T22:53:03.86290384Z	74	PC: 1a0ac \| Reallocate memory
2018-12-17T22:53:03.864843163Z	25	PC: 1a0e3 \| Get default drive
2018-12-17T22:53:03.868421545Z	37	PC: 19ba3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:53:03.87024479Z	37	PC: 19baa \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:03.871946877Z	37	PC: 19bb1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:03.878077042Z	74	PC: 18d4c \| Reallocate memory
2018-12-17T22:53:03.880128115Z	72	PC: 18d8d \| Allocate memory
2018-12-17T22:53:03.882149853Z	72	PC: 18dc5 \| Allocate memory
2018-12-17T22:53:03.884005298Z	72	PC: 18dcd \| Allocate memory