Sample viewer

vx.netlux.org/Trojan.DOS.Netro

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:14.712712877Z	48	PC: 12a4c \| Get DOS version
2018-12-17T22:54:14.714912341Z	53	PC: 12bef \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:14.716514247Z	53	PC: 12bfc \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:54:14.717897638Z	53	PC: 12c09 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:54:14.71913769Z	53	PC: 12c16 \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:54:14.720764831Z	37	PC: 12c2a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:14.722171805Z	74	PC: 12af4 \| Reallocate memory
2018-12-17T22:54:14.724367595Z	68	PC: 13079 \| I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-17T22:54:14.72722667Z	68	PC: 13079 \| I/O control for devices (Set for = '')
2018-12-17T22:54:14.731612403Z	25	PC: 12f3e \| Get default drive
2018-12-17T22:54:14.732893494Z	71	PC: 14a39 \| Get current directory
2018-12-17T22:54:14.73713283Z	47	PC: 12edb \| Get disk transfer address
2018-12-17T22:54:14.738456068Z	26	PC: 12ee4 \| Set disk transfer address
2018-12-17T22:54:14.739653902Z	78	PC: 12eee \| Find first file
2018-12-17T22:54:14.746207501Z	26	PC: 12ef7 \| Set disk transfer address
2018-12-17T22:54:14.749036831Z	47	PC: 12edb \| Get disk transfer address
2018-12-17T22:54:14.751034678Z	26	PC: 12ee4 \| Set disk transfer address
2018-12-17T22:54:14.753306537Z	78	PC: 12eee \| Find first file
2018-12-17T22:54:14.764518586Z	26	PC: 12ef7 \| Set disk transfer address
2018-12-17T22:54:14.765940158Z	86	PC: 14549 \| Rename file
2018-12-17T22:54:14.786177773Z	55	PC: 13011 \| Get or set switch character
2018-12-17T22:54:14.790033135Z	41	PC: 13c5f \| Parse filename
2018-12-17T22:54:14.791985097Z	41	PC: 13c7e \| Parse filename
2018-12-17T22:54:14.794070146Z	75	PC: 13cbe \| Execute program
2018-12-17T22:54:14.817837627Z	80	PC: 174c9 \| Set current PSP
2018-12-17T22:54:14.81881802Z	48	PC: 174ce \| Get DOS version
2018-12-17T22:54:14.820506402Z	99	PC: 1dcb0 \| Get DBCS lead byte table pointer
2018-12-17T22:54:14.82408889Z	101	PC: 17554 \| Get extended country info
2018-12-17T22:54:14.826442353Z	99	PC: 1755a \| Get DBCS lead byte table pointer
2018-12-17T22:54:14.828148877Z	74	PC: 175bc \| Reallocate memory
2018-12-17T22:54:14.829832166Z	25	PC: 175f3 \| Get default drive
2018-12-17T22:54:14.8312316Z	37	PC: 170b3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:54:14.833243056Z	37	PC: 170ba \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:14.835307545Z	37	PC: 170c1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:14.841663975Z	74	PC: 1625c \| Reallocate memory
2018-12-17T22:54:14.844812568Z	72	PC: 1629d \| Allocate memory
2018-12-17T22:54:14.847129652Z	72	PC: 162d5 \| Allocate memory
2018-12-17T22:54:14.849487169Z	72	PC: 162dd \| Allocate memory