Sample viewer

vx.netlux.org/Trojan.DOS.SPS.101

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:36.570706184Z 52 PC: 12a6e | Get InDOS flag pointer
2018-12-17T22:55:36.572688918Z 81 PC: 12a76 | Get current PSP
2018-12-17T22:55:36.57486565Z 44 PC: 13910 | Get time 0x13910: in al, 0x40
0x13912: mov ah, al
0x13914: in al, 0x40
0x13916: xor ax, cx
0x13918: xor dx, ax
0x1391a: jmp 0x13941
0x1391c: call 0x13924
0x1391f: or ax, ax
0x13921: je 0x1391c
0x13923: ret
0x13924: push dx
0x13925: push cx
0x13926: push bx
0x13927: in al, 0x40
0x13929: add ax, 0xfde0
0x1392c: mov dx, 0x814e
0x1392f: mov cx, 7
0x13932: shl ax, 1
0x13934: rcl dx, 1
0x13936: mov bl, al
2018-12-17T22:55:36.577243279Z 9 PC: 12afd | Display string (String= ' PasswordCracker 1.01 for Novell Network (c) 1997 by Psychomancer aka Nice, SPS.')
2018-12-17T22:55:36.584335943Z 9 PC: 12afd | Display string (String= ' ')
2018-12-17T22:55:36.589816243Z 37 PC: 12aac | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:36.590980271Z 51 PC: 12dea | Get or set Ctrl-Break
2018-12-17T22:55:36.591985146Z 51 PC: 12e71 | Get or set Ctrl-Break
2018-12-17T22:55:36.593889195Z 9 PC: 12afd | Display string (String= ' Usage: PswCrack username pswlist where: username - user name or * 4 all users on current server. pswlist - file with possible passwords. Please see file PswCrack.Doc 4 full information. Long live 4 SPS // Ugly userz & supervisorz must die 4ever!')
2018-12-17T22:55:36.60719311Z 9 PC: 12afd | Display string (String= ' ')