Sample viewer

vx.netlux.org/Trojan.DOS.Loser.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:26.256037802Z 48 PC: 160ec | Get DOS version
2018-12-17T22:55:26.258660535Z 74 PC: 1613c | Reallocate memory
2018-12-17T22:55:26.261112867Z 48 PC: 161a0 | Get DOS version
2018-12-17T22:55:26.262929774Z 53 PC: 161a8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:26.264335939Z 37 PC: 161ba | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:26.266399801Z 68 PC: 1624b | I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:55:26.267937122Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:55:26.269497557Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:55:26.273623838Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:55:26.275617177Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:55:26.278011059Z 53 PC: 14772 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:26.280516351Z 53 PC: 1477f | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:55:26.282337546Z 53 PC: 1478c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:26.284143733Z 37 PC: 147a1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:26.286674714Z 37 PC: 147a9 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:55:26.288844795Z 37 PC: 147b1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:26.290573937Z 53 PC: 15230 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:55:26.293094849Z 53 PC: 1523d | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:55:26.294591564Z 53 PC: 1524c | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:55:26.296018918Z 37 PC: 15259 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:55:26.298121813Z 53 PC: 15260 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:55:26.299978435Z 37 PC: 1526d | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:55:26.301596098Z 53 PC: 15279 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:55:26.310952756Z 48 PC: 1533b | Get DOS version
2018-12-17T22:55:26.313127215Z 74 PC: 1343d | Reallocate memory
2018-12-17T22:55:26.315259205Z 74 PC: 1343d | Reallocate memory
2018-12-17T22:55:26.317176851Z 68 PC: 146e8 | I/O control for devices (Set for = '���')
2018-12-17T22:55:26.319803481Z 68 PC: 146e8 | I/O control for devices (Set for = '')
2018-12-17T22:55:26.321499982Z 51 PC: 14706 | Get or set Ctrl-Break
2018-12-17T22:55:26.325082951Z 51 PC: 14712 | Get or set Ctrl-Break
2018-12-17T22:55:26.33379685Z 74 PC: 1343d | Reallocate memory
2018-12-17T22:55:26.33590204Z 51 PC: 1471d | Get or set Ctrl-Break
2018-12-17T22:55:26.33737487Z 53 PC: 12e6a | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:55:26.339800171Z 53 PC: 12e77 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:55:26.341173233Z 53 PC: 12e84 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:55:26.342547338Z 37 PC: 12e9f | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:55:26.344859987Z 53 PC: 12ea7 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:55:26.346288343Z 37 PC: 12eb4 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:55:26.347571236Z 53 PC: 12ebb | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:55:26.34965172Z 37 PC: 12ec8 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:55:26.351620452Z 37 PC: 12ed2 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:55:26.352913274Z 37 PC: 12edd | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:55:26.354926771Z 37 PC: 162fc | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:26.357757555Z 41 PC: 15f05 | Parse filename
2018-12-17T22:55:26.359500573Z 41 PC: 15f07 | Parse filename
2018-12-17T22:55:26.36162553Z 41 PC: 15f0c | Parse filename
2018-12-17T22:55:26.363815809Z 75 PC: 15f22 | Execute program
2018-12-17T22:55:26.386888764Z 80 PC: 18fb9 | Set current PSP
2018-12-17T22:55:26.389625201Z 48 PC: 18fbe | Get DOS version
2018-12-17T22:55:26.39225629Z 99 PC: 1f7a0 | Get DBCS lead byte table pointer
2018-12-17T22:55:26.395392749Z 101 PC: 19044 | Get extended country info
2018-12-17T22:55:26.397171794Z 99 PC: 1904a | Get DBCS lead byte table pointer
2018-12-17T22:55:26.399865301Z 74 PC: 190ac | Reallocate memory
2018-12-17T22:55:26.401557674Z 25 PC: 190e3 | Get default drive
2018-12-17T22:55:26.402979107Z 37 PC: 18ba3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:55:26.406328737Z 37 PC: 18baa | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:55:26.407967179Z 37 PC: 18bb1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:26.412861704Z 74 PC: 17d4c | Reallocate memory
2018-12-17T22:55:26.415636883Z 72 PC: 17d8d | Allocate memory
2018-12-17T22:55:26.417404037Z 72 PC: 17dc5 | Allocate memory
2018-12-17T22:55:26.419195877Z 72 PC: 17dcd | Allocate memory