Sample viewer

vx.netlux.org/Trojan.DOS.DelWin.d

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:03.778051862Z	48	PC: 12a4c \| Get DOS version
2018-12-17T22:56:03.780381689Z	53	PC: 12bb0 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:03.782412377Z	53	PC: 12bbd \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:56:03.784375188Z	53	PC: 12bca \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:56:03.787681352Z	53	PC: 12bd7 \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:56:03.789589576Z	37	PC: 12beb \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:03.79167926Z	74	PC: 12ad9 \| Reallocate memory
2018-12-17T22:56:03.794355279Z	88	PC: 12b1d \| case 0xGet or set allocation strateg:
2018-12-17T22:56:03.796002921Z	103	PC: 12b27 \| Set handle count
2018-12-17T22:56:03.798297441Z	72	PC: 12b30 \| Allocate memory
2018-12-17T22:56:03.801157662Z	73	PC: 12b3d \| Release memory
2018-12-17T22:56:03.80294573Z	88	PC: 12b47 \| case 0xGet or set allocation strateg:
2018-12-17T22:56:03.805016856Z	68	PC: 13569 \| I/O control for devices (Set for = ' ')
2018-12-17T22:56:03.808706466Z	74	PC: 181d2 \| Reallocate memory
2018-12-17T22:56:03.811294055Z	74	PC: 181d2 \| Reallocate memory
2018-12-17T22:56:03.813487904Z	68	PC: 13569 \| I/O control for devices (Set for = '')
2018-12-17T22:56:03.817662576Z	74	PC: 181d2 \| Reallocate memory
2018-12-17T22:56:03.821563306Z	74	PC: 181d2 \| Reallocate memory
2018-12-17T22:56:03.82618009Z	68	PC: 13569 \| I/O control for devices (Set for = '')
2018-12-17T22:56:03.833545024Z	42	PC: 18c04 \| Get date 0x18c04: les bx, ptr [bp + 4] 0x18c07: mov word ptr es:[bx], cx 0x18c0a: mov word ptr es:[bx + 2], dx 0x18c0e: pop di 0x18c0f: pop si 0x18c10: pop bp 0x18c11: ret 0x18c12: push bp 0x18c13: mov bp, sp 0x18c15: push si 0x18c16: push di 0x18c17: mov ah, 0x2c 0x18c19: int 0x21 0x18c1b: les bx, ptr [bp + 4] 0x18c1e: mov word ptr es:[bx], cx 0x18c21: mov word ptr es:[bx + 2], dx 0x18c25: pop di 0x18c26: pop si 0x18c27: pop bp 0x18c28: ret
2018-12-17T22:56:03.836261013Z	44	PC: 18c1b \| Get time 0x18c1b: les bx, ptr [bp + 4] 0x18c1e: mov word ptr es:[bx], cx 0x18c21: mov word ptr es:[bx + 2], dx 0x18c25: pop di 0x18c26: pop si 0x18c27: pop bp 0x18c28: ret 0x18c29: push bp 0x18c2a: mov bp, sp 0x18c2c: sub sp, 8 0x18c2f: push si 0x18c30: push di 0x18c31: push ss 0x18c32: lea ax, word ptr [bp - 8] 0x18c35: push ax 0x18c36: push ss 0x18c37: lea ax, word ptr [bp - 4] 0x18c3a: push ax 0x18c3b: les bx, ptr [bp + 4] 0x18c3e: push word ptr es:[bx + 2]
2018-12-17T22:56:03.842280985Z	55	PC: 182ad \| Get or set switch character
2018-12-17T22:56:03.846599934Z	41	PC: 189ff \| Parse filename
2018-12-17T22:56:03.849400479Z	41	PC: 18a1e \| Parse filename
2018-12-17T22:56:03.851508131Z	75	PC: 18a61 \| Execute program
2018-12-17T22:56:03.875126671Z	80	PC: 22c29 \| Set current PSP
2018-12-17T22:56:03.876773743Z	48	PC: 22c2e \| Get DOS version
2018-12-17T22:56:03.878876488Z	99	PC: 29410 \| Get DBCS lead byte table pointer
2018-12-17T22:56:03.882839083Z	101	PC: 22cb4 \| Get extended country info
2018-12-17T22:56:03.885194545Z	99	PC: 22cba \| Get DBCS lead byte table pointer
2018-12-17T22:56:03.886919622Z	74	PC: 22d1c \| Reallocate memory
2018-12-17T22:56:03.889088718Z	25	PC: 22d53 \| Get default drive
2018-12-17T22:56:03.894906414Z	37	PC: 22813 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:56:03.896154604Z	37	PC: 2281a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:03.897397667Z	37	PC: 22821 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:03.903113461Z	74	PC: 219bc \| Reallocate memory
2018-12-17T22:56:03.904787328Z	72	PC: 219fd \| Allocate memory
2018-12-17T22:56:03.906650561Z	72	PC: 21a35 \| Allocate memory
2018-12-17T22:56:03.909974397Z	72	PC: 21a3d \| Allocate memory