Sample viewer

vx.netlux.org/Trojan.DOS.EraseEXE.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:00:43.476555906Z 48 PC: 12a4c | Get DOS version
2018-12-17T22:00:43.478752206Z 53 PC: 12bf2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:00:43.479904313Z 53 PC: 12bff | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:00:43.481404459Z 53 PC: 12c0c | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:00:43.483546893Z 53 PC: 12c19 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:00:43.484679784Z 37 PC: 12c2d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:00:43.485922201Z 74 PC: 12af7 | Reallocate memory
2018-12-17T22:00:43.490523991Z 68 PC: 13199 | I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-17T22:00:43.492364729Z 68 PC: 13199 | I/O control for devices (Set for = '')
2018-12-17T22:00:43.495514698Z 42 PC: 1307a | Get date 0x1307a: mov word ptr [si], cx
0x1307c: mov word ptr [si + 2], dx
0x1307f: pop si
0x13080: pop bp
0x13081: ret
0x13082: push bp
0x13083: mov bp, sp
0x13085: push si
0x13086: mov si, word ptr [bp + 4]
0x13089: mov ah, 0x2c
0x1308b: int 0x21
0x1308d: mov word ptr [si], cx
0x1308f: mov word ptr [si + 2], dx
0x13092: pop si
0x13093: pop bp
0x13094: ret
0x13095: pop cx
0x13096: push cs
0x13097: push cx
0x13098: xor cx, cx
2018-12-17T22:00:43.497754012Z 44 PC: 1308d | Get time 0x1308d: mov word ptr [si], cx
0x1308f: mov word ptr [si + 2], dx
0x13092: pop si
0x13093: pop bp
0x13094: ret
0x13095: pop cx
0x13096: push cs
0x13097: push cx
0x13098: xor cx, cx
0x1309a: jmp 0x130b2
0x1309c: pop cx
0x1309d: push cs
0x1309e: push cx
0x1309f: mov cx, 1
0x130a2: jmp 0x130b2
0x130a4: pop cx
0x130a5: push cs
0x130a6: push cx
0x130a7: mov cx, 2
0x130aa: jmp 0x130b2
2018-12-17T22:00:43.500398367Z 64 PC: 15c07 | Write file or device (Write 54 bytes on handle 1)
2018-12-17T22:00:43.502649352Z 67 PC: 145da | Get or set file attributes
2018-12-17T22:00:43.506841366Z 61 PC: 15017 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:00:43.511611588Z 68 PC: 13d4d | I/O control for devices (Set for = '')
2018-12-17T22:00:43.513562014Z 68 PC: 13199 | I/O control for devices (Set for = '')
2018-12-17T22:00:43.516157324Z 59 PC: 12fa2 | Change current directory
2018-12-17T22:00:43.519145113Z 47 PC: 1479e | Get disk transfer address
2018-12-17T22:00:43.520149263Z 26 PC: 147a7 | Set disk transfer address
2018-12-17T22:00:43.521288813Z 78 PC: 147b1 | Find first file
2018-12-17T22:00:43.526132732Z 26 PC: 147ba | Set disk transfer address
2018-12-17T22:00:43.527572987Z 64 PC: 15c07 | Write file or device (Write 35 bytes on handle 1)
2018-12-17T22:00:43.530717282Z 62 PC: 14615 | Close file
2018-12-17T22:00:43.533238496Z 37 PC: 12c39 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:00:43.534468933Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:00:43.535499677Z 37 PC: 12c4f | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:00:43.537257496Z 37 PC: 12c5a | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:00:43.538483534Z 62 PC: 14615 | Close file
2018-12-17T22:00:43.540017693Z 62 PC: 14615 | Close file
2018-12-17T22:00:43.542525924Z 62 PC: 14615 | Close file
2018-12-17T22:00:43.544155123Z 62 PC: 14615 | Close file
2018-12-17T22:00:43.545644613Z 62 PC: 14615 | Close file
2018-12-17T22:00:43.547883973Z 76 PC: 12be3 | Terminate with return code (Return code = '0')