Sample viewer

vx.netlux.org/Trojan.DOS.Filipino

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:53:43.272149063Z 48 PC: 165bc | Get DOS version
2018-12-17T22:53:43.275668744Z 74 PC: 1660c | Reallocate memory
2018-12-17T22:53:43.278154363Z 48 PC: 16670 | Get DOS version
2018-12-17T22:53:43.279386267Z 53 PC: 16678 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:43.281395692Z 37 PC: 1668a | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:43.2830504Z 68 PC: 1671b | I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:53:43.2846365Z 68 PC: 1671b | I/O control for devices
2018-12-17T22:53:43.286336232Z 68 PC: 1671b | I/O control for devices
2018-12-17T22:53:43.288337191Z 68 PC: 1671b | I/O control for devices
2018-12-17T22:53:43.290177468Z 68 PC: 1671b | I/O control for devices
2018-12-17T22:53:43.292392779Z 53 PC: 14982 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:43.295163253Z 53 PC: 1498f | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:53:43.296763218Z 53 PC: 1499c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:43.29904796Z 37 PC: 149b1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:43.301324757Z 37 PC: 149b9 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:53:43.303065146Z 37 PC: 149c1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:43.305583807Z 53 PC: 15440 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:43.308217965Z 53 PC: 1544d | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:43.310709606Z 53 PC: 1545c | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:53:43.313409297Z 37 PC: 15469 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:43.316441122Z 53 PC: 15470 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:43.317835331Z 37 PC: 1547d | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:43.319183904Z 53 PC: 15489 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:43.324987406Z 48 PC: 1554b | Get DOS version
2018-12-17T22:53:43.327418222Z 74 PC: 1364d | Reallocate memory
2018-12-17T22:53:43.329485615Z 74 PC: 1364d | Reallocate memory
2018-12-17T22:53:43.331296446Z 68 PC: 148f8 | I/O control for devices (Set for = 'You haved been infected!0')
2018-12-17T22:53:43.333449941Z 68 PC: 148f8 | I/O control for devices (Set for = '')
2018-12-17T22:53:43.335106583Z 51 PC: 14916 | Get or set Ctrl-Break
2018-12-17T22:53:43.336202241Z 51 PC: 14922 | Get or set Ctrl-Break
2018-12-17T22:53:43.349430128Z 74 PC: 1364d | Reallocate memory
2018-12-17T22:53:43.351132997Z 51 PC: 1492d | Get or set Ctrl-Break
2018-12-17T22:53:43.352308295Z 53 PC: 1307a | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:43.354538635Z 53 PC: 13087 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:43.357489988Z 53 PC: 13094 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:53:43.359416427Z 37 PC: 130af | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:53:43.363097943Z 53 PC: 130b7 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:43.364696485Z 37 PC: 130c4 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:53:43.366237831Z 53 PC: 130cb | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:43.369091702Z 37 PC: 130d8 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:43.370604964Z 37 PC: 130e2 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:53:43.371962935Z 37 PC: 130ed | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:53:43.374644682Z 37 PC: 167cc | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:43.376877727Z 41 PC: 163d1 | Parse filename
2018-12-17T22:53:43.378537986Z 41 PC: 163d3 | Parse filename
2018-12-17T22:53:43.384329765Z 41 PC: 163d8 | Parse filename
2018-12-17T22:53:43.386301148Z 75 PC: 163ee | Execute program
2018-12-17T22:53:43.409019092Z 80 PC: 19979 | Set current PSP
2018-12-17T22:53:43.4100137Z 48 PC: 1997e | Get DOS version
2018-12-17T22:53:43.412266301Z 99 PC: 20160 | Get DBCS lead byte table pointer
2018-12-17T22:53:43.415010927Z 101 PC: 19a04 | Get extended country info
2018-12-17T22:53:43.416378216Z 99 PC: 19a0a | Get DBCS lead byte table pointer
2018-12-17T22:53:43.418890044Z 74 PC: 19a6c | Reallocate memory
2018-12-17T22:53:43.420411712Z 25 PC: 19aa3 | Get default drive
2018-12-17T22:53:43.421978896Z 37 PC: 19563 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:53:43.424432094Z 37 PC: 1956a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:43.425613283Z 37 PC: 19571 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:43.430107144Z 74 PC: 1870c | Reallocate memory
2018-12-17T22:53:43.432703902Z 72 PC: 1874d | Allocate memory
2018-12-17T22:53:43.434824816Z 72 PC: 18785 | Allocate memory
2018-12-17T22:53:43.43715352Z 72 PC: 1878d | Allocate memory