Sample viewer

vx.netlux.org/Trojan.DOS.Moron.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:28.954876456Z 53 PC: 12dae | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:28.956130082Z 53 PC: 12dae | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:28.957597217Z 53 PC: 12dae | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:28.958894728Z 53 PC: 12dae | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:28.960117026Z 53 PC: 12dae | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:28.966298707Z 53 PC: 12dae | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:28.968086795Z 53 PC: 12dae | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:28.969838686Z 53 PC: 12dae | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:28.971739108Z 53 PC: 12dae | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:28.972995453Z 53 PC: 12dae | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:28.974264951Z 53 PC: 12dae | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:28.976250707Z 53 PC: 12dae | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:28.977606236Z 53 PC: 12dae | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:28.979442642Z 53 PC: 12dae | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:28.982419889Z 53 PC: 12dae | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:28.984739616Z 53 PC: 12dae | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:28.986419683Z 53 PC: 12dae | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:28.995902483Z 53 PC: 12dae | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:28.997379193Z 53 PC: 12dae | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:28.998760589Z 37 PC: 12dc3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:29.000314625Z 37 PC: 12dca | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:29.002478614Z 37 PC: 12dd1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:29.004076159Z 37 PC: 12dd8 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:29.006246662Z 68 PC: 1304d | I/O control for devices (Set for = '�')
2018-12-17T22:54:29.009031745Z 64 PC: 132c4 | Write file or device (Write 53 bytes on handle 1)
2018-12-17T22:54:29.015141444Z 64 PC: 132c4 | Write file or device (Write 50 bytes on handle 1)
2018-12-17T22:54:29.02259171Z 64 PC: 132c4 | Write file or device (Write 35 bytes on handle 1)
2018-12-17T22:54:29.030682815Z 64 PC: 132c4 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:54:29.035979971Z 64 PC: 132c4 | Write file or device (Write 47 bytes on handle 1)
2018-12-17T22:54:29.04295877Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:29.048163362Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:29.049562849Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:29.050977839Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:29.057710965Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:29.059731122Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:29.061537884Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:29.06414374Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:29.065507107Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:29.067106447Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:29.069120453Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:29.070707978Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:29.07228753Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:29.074245019Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:29.079325591Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:29.080953626Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:29.083414632Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:29.085391847Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:29.087051028Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:29.088742645Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:29.092425606Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:29.094275479Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:29.095937994Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:29.098634774Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:29.106009863Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:29.107826274Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:29.11001677Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:29.111763865Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:29.113469539Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:29.115808904Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:29.117313052Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:29.118697418Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:29.120591676Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:29.122315932Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:29.123946523Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:29.126175498Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:29.128045891Z 53 PC: 12cfc | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:29.129765502Z 37 PC: 12d05 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:29.131626145Z 41 PC: 12cb1 | Parse filename
2018-12-17T22:54:29.134842626Z 41 PC: 12cbf | Parse filename
2018-12-17T22:54:29.136997774Z 75 PC: 12cca | Execute program
2018-12-17T22:54:29.165014118Z 80 PC: 18ec9 | Set current PSP
2018-12-17T22:54:29.167007573Z 48 PC: 18ece | Get DOS version
2018-12-17T22:54:29.168722145Z 99 PC: 1f6b0 | Get DBCS lead byte table pointer
2018-12-17T22:54:29.171564228Z 101 PC: 18f54 | Get extended country info
2018-12-17T22:54:29.17396193Z 99 PC: 18f5a | Get DBCS lead byte table pointer
2018-12-17T22:54:29.175859695Z 74 PC: 18fbc | Reallocate memory
2018-12-17T22:54:29.177739608Z 25 PC: 18ff3 | Get default drive
2018-12-17T22:54:29.179509518Z 37 PC: 18ab3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:54:29.181875543Z 37 PC: 18aba | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:29.183525329Z 37 PC: 18ac1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:29.188563731Z 74 PC: 17c5c | Reallocate memory
2018-12-17T22:54:29.19052182Z 72 PC: 17c9d | Allocate memory
2018-12-17T22:54:29.192218825Z 72 PC: 17cd5 | Allocate memory
2018-12-17T22:54:29.194771702Z 72 PC: 17cdd | Allocate memory