Sample viewer

vx.netlux.org/Trojan.DOS.Spreadout

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:08.813346474Z 48 PC: 1666c | Get DOS version
2018-12-17T22:54:08.815426023Z 74 PC: 166bc | Reallocate memory
2018-12-17T22:54:08.817550681Z 48 PC: 16720 | Get DOS version
2018-12-17T22:54:08.818962446Z 53 PC: 16728 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:08.829067317Z 37 PC: 1673a | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:08.830577694Z 68 PC: 167cb | I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:54:08.832158679Z 68 PC: 167cb | I/O control for devices
2018-12-17T22:54:08.83667637Z 68 PC: 167cb | I/O control for devices
2018-12-17T22:54:08.838465674Z 68 PC: 167cb | I/O control for devices
2018-12-17T22:54:08.840075277Z 68 PC: 167cb | I/O control for devices
2018-12-17T22:54:08.842081273Z 53 PC: 149ec | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:08.843681256Z 53 PC: 149f9 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:54:08.845199508Z 53 PC: 14a06 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:08.846722426Z 37 PC: 14a1b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:08.848535215Z 37 PC: 14a23 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:54:08.849836035Z 37 PC: 14a2b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:08.851403238Z 53 PC: 154aa | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:54:08.866365253Z 53 PC: 154b7 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:54:08.868186042Z 53 PC: 154c6 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:54:08.869931804Z 37 PC: 154d3 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:54:08.872088406Z 53 PC: 154da | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:54:08.873760369Z 37 PC: 154e7 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:54:08.875336105Z 53 PC: 154f3 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:54:08.887481324Z 48 PC: 155b5 | Get DOS version
2018-12-17T22:54:08.888923473Z 74 PC: 136b7 | Reallocate memory
2018-12-17T22:54:08.89089086Z 74 PC: 136b7 | Reallocate memory
2018-12-17T22:54:08.892863579Z 68 PC: 14962 | I/O control for devices (Set for = 'st c:\windows\command\fdisk.exe md c:\svc-w�P')
2018-12-17T22:54:08.895242236Z 68 PC: 14962 | I/O control for devices (Set for = '')
2018-12-17T22:54:08.897163761Z 51 PC: 14980 | Get or set Ctrl-Break
2018-12-17T22:54:08.898501051Z 51 PC: 1498c | Get or set Ctrl-Break
2018-12-17T22:54:08.909637407Z 74 PC: 136b7 | Reallocate memory
2018-12-17T22:54:08.911515033Z 51 PC: 14997 | Get or set Ctrl-Break
2018-12-17T22:54:08.912685382Z 53 PC: 130e4 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:54:08.915101605Z 53 PC: 130f1 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:54:08.917767531Z 53 PC: 130fe | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:54:08.927524654Z 37 PC: 13119 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:54:08.929696561Z 53 PC: 13121 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:54:08.931259276Z 37 PC: 1312e | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:54:08.932742003Z 53 PC: 13135 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:54:08.949977417Z 37 PC: 13142 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:54:08.951575545Z 37 PC: 1314c | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:54:08.953184695Z 37 PC: 13157 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:54:08.955136867Z 37 PC: 1687c | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:08.957571955Z 41 PC: 16481 | Parse filename
2018-12-17T22:54:08.959525849Z 41 PC: 16483 | Parse filename
2018-12-17T22:54:08.961687588Z 41 PC: 16488 | Parse filename
2018-12-17T22:54:08.964150561Z 75 PC: 1649e | Execute program
2018-12-17T22:54:09.002761799Z 80 PC: 19fb9 | Set current PSP
2018-12-17T22:54:09.018351533Z 48 PC: 19fbe | Get DOS version
2018-12-17T22:54:09.020579443Z 99 PC: 207a0 | Get DBCS lead byte table pointer
2018-12-17T22:54:09.03091067Z 101 PC: 1a044 | Get extended country info
2018-12-17T22:54:09.03245395Z 99 PC: 1a04a | Get DBCS lead byte table pointer
2018-12-17T22:54:09.034936672Z 74 PC: 1a0ac | Reallocate memory
2018-12-17T22:54:09.036728365Z 25 PC: 1a0e3 | Get default drive
2018-12-17T22:54:09.038175433Z 37 PC: 19ba3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:54:09.04047428Z 37 PC: 19baa | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:09.041919326Z 37 PC: 19bb1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:09.054455773Z 74 PC: 18d4c | Reallocate memory
2018-12-17T22:54:09.05692712Z 72 PC: 18d8d | Allocate memory
2018-12-17T22:54:09.05882023Z 72 PC: 18dc5 | Allocate memory
2018-12-17T22:54:09.061626717Z 72 PC: 18dcd | Allocate memory