Sample viewer

vx.netlux.org/Trojan.DOS.SPS.100

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:53.743946112Z 52 PC: 12a6e | Get InDOS flag pointer
2018-12-17T22:55:53.745906223Z 81 PC: 12a76 | Get current PSP
2018-12-17T22:55:53.748485688Z 44 PC: 138f9 | Get time 0x138f9: in al, 0x40
0x138fb: mov ah, al
0x138fd: in al, 0x40
0x138ff: xor ax, cx
0x13901: xor dx, ax
0x13903: jmp 0x1392a
0x13905: call 0x1390d
0x13908: or ax, ax
0x1390a: je 0x13905
0x1390c: ret
0x1390d: push dx
0x1390e: push cx
0x1390f: push bx
0x13910: in al, 0x40
0x13912: add ax, 0xb2cb
0x13915: mov dx, 0x4305
0x13918: mov cx, 7
0x1391b: shl ax, 1
0x1391d: rcl dx, 1
0x1391f: mov bl, al
2018-12-17T22:55:53.751901765Z 9 PC: 12b02 | Display string (String= ' PasswordCracker 1.0 for Novell Network (c) 1997 by Psychomancer, SPS.')
2018-12-17T22:55:53.759636094Z 9 PC: 12b02 | Display string (String= ' ')
2018-12-17T22:55:53.772563189Z 37 PC: 12aac | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:53.773897035Z 51 PC: 12dd9 | Get or set Ctrl-Break
2018-12-17T22:55:53.775086861Z 51 PC: 12e60 | Get or set Ctrl-Break
2018-12-17T22:55:53.776674024Z 9 PC: 12b02 | Display string (String= ' Usage: PswCrack username pswlist where: username - user name or * 4 all users on current server. pswlist - file with possible passwords. Please see file PswCrack.Doc 4 full information. Long live 4 SPS // Ugly userz & supervisorz must die 4ever!')
2018-12-17T22:55:53.792170961Z 9 PC: 12b02 | Display string (String= ' ')