Sample viewer

vx.netlux.org/Trojan.DOS.Rbbs

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:29.886789134Z	48	PC: 12c64 \| Get DOS version
2018-12-17T22:56:29.889671684Z	74	PC: 12cb5 \| Reallocate memory
2018-12-17T22:56:29.89270118Z	48	PC: 12d22 \| Get DOS version
2018-12-17T22:56:29.901970459Z	53	PC: 12d2a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:29.904079324Z	37	PC: 12d3c \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:29.907047075Z	53	PC: 192aa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:29.908818386Z	53	PC: 192b7 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:29.910587893Z	37	PC: 192c7 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:29.913236162Z	37	PC: 192cf \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:29.914980923Z	53	PC: 1717d \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:56:29.916768614Z	53	PC: 1717d \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:56:29.926357684Z	53	PC: 1717d \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:56:29.928358446Z	53	PC: 1717d \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:56:29.930171064Z	53	PC: 1717d \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:56:29.933414743Z	53	PC: 1717d \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:56:29.935348419Z	53	PC: 1717d \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:56:29.937229025Z	53	PC: 1717d \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:56:29.94013535Z	53	PC: 1717d \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:56:29.941595485Z	53	PC: 1717d \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:56:29.944137906Z	53	PC: 1717d \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:56:29.947411701Z	37	PC: 171ac \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:56:29.966228422Z	37	PC: 171ac \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:56:29.968178699Z	37	PC: 171ac \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:56:29.97433751Z	37	PC: 171ac \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:56:29.977648505Z	37	PC: 171ac \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:56:29.979295632Z	37	PC: 171ac \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:56:29.980914165Z	37	PC: 171ac \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:56:29.983834406Z	37	PC: 171ac \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:56:29.98561798Z	37	PC: 171b3 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:56:29.98758031Z	37	PC: 171b8 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:56:29.9911438Z	68	PC: 12dcd \| I/O control for devices (Set for = '�QWR�6��6�;6�tt�
2018-12-17T22:56:29.993570853Z	68	PC: 12dcd \| I/O control for devices
2018-12-17T22:56:29.996308821Z	68	PC: 12dcd \| I/O control for devices (Set for = '02468:<>@BDFHJLNPRTVXZ\^`bdfhjlnprtvxz\|~��')
2018-12-17T22:56:29.99947785Z	68	PC: 12dcd \| I/O control for devices (Set for = 'DFHJLNPRTVXZ\^`bdfhjlnprtvxz\|~��')
2018-12-17T22:56:30.001431925Z	68	PC: 12dcd \| I/O control for devices (Set for = 'DFHJLNPRTVXZ\^`bdfhjlnprtvxz\|~��')
2018-12-17T22:56:30.003860802Z	53	PC: 142bb \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:30.005957554Z	53	PC: 142c8 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:56:30.008206542Z	53	PC: 142d5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:30.009930955Z	37	PC: 142eb \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:30.011539189Z	37	PC: 142f3 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:56:30.015582422Z	37	PC: 142fb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:30.017544771Z	53	PC: 15598 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:56:30.0195014Z	53	PC: 155a5 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:56:30.024756371Z	53	PC: 155b4 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:56:30.031565203Z	37	PC: 155c1 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:56:30.040462513Z	53	PC: 155c8 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:56:30.043619098Z	37	PC: 155d5 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:56:30.046117085Z	53	PC: 155e1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:56:30.052167752Z	48	PC: 156a1 \| Get DOS version
2018-12-17T22:56:30.054573756Z	68	PC: 16f19 \| I/O control for devices (Set for = 'echo offH')
2018-12-17T22:56:30.056354284Z	68	PC: 16f19 \| I/O control for devices (Set for = '')
2018-12-17T22:56:30.058073176Z	51	PC: 13f7f \| Get or set Ctrl-Break
2018-12-17T22:56:30.059836882Z	51	PC: 13f8b \| Get or set Ctrl-Break
2018-12-17T22:56:30.061270968Z	37	PC: 14037 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:56:30.077305487Z	51	PC: 13f96 \| Get or set Ctrl-Break
2018-12-17T22:56:30.079616503Z	53	PC: 1451e \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:56:30.081639216Z	53	PC: 1452b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:56:30.083245226Z	53	PC: 14538 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:56:30.08534789Z	37	PC: 14553 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:56:30.088040823Z	53	PC: 1455b \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:56:30.089763301Z	37	PC: 14568 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:56:30.091077312Z	53	PC: 1456f \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:56:30.093369271Z	37	PC: 1457c \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:56:30.09469278Z	37	PC: 14586 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:56:30.095945065Z	37	PC: 14591 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:56:30.098147456Z	37	PC: 171c8 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:56:30.099405983Z	37	PC: 171c8 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:56:30.10064394Z	37	PC: 171c8 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:56:30.10282436Z	37	PC: 171c8 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:56:30.104147227Z	37	PC: 171c8 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:56:30.105378863Z	37	PC: 171c8 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:56:30.107601752Z	37	PC: 171c8 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:56:30.10912161Z	37	PC: 171c8 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:56:30.110623955Z	37	PC: 171c8 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:56:30.112146758Z	37	PC: 171c8 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:56:30.114421225Z	37	PC: 171c8 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:56:30.116337679Z	37	PC: 192de \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:56:30.117622785Z	37	PC: 192e8 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:56:30.119346396Z	37	PC: 12e83 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:30.122008842Z	41	PC: 16ff7 \| Parse filename
2018-12-17T22:56:30.123623538Z	41	PC: 16ff9 \| Parse filename
2018-12-17T22:56:30.126021427Z	41	PC: 16ffe \| Parse filename
2018-12-17T22:56:30.127955964Z	75	PC: 17014 \| Execute program
2018-12-17T22:56:30.152533707Z	80	PC: 2b249 \| Set current PSP
2018-12-17T22:56:30.154267297Z	48	PC: 2b24e \| Get DOS version
2018-12-17T22:56:30.156120251Z	99	PC: 31a30 \| Get DBCS lead byte table pointer
2018-12-17T22:56:30.159034059Z	101	PC: 2b2d4 \| Get extended country info
2018-12-17T22:56:30.161491249Z	99	PC: 2b2da \| Get DBCS lead byte table pointer
2018-12-17T22:56:30.162958187Z	74	PC: 2b33c \| Reallocate memory
2018-12-17T22:56:30.164539581Z	25	PC: 2b373 \| Get default drive
2018-12-17T22:56:30.166680486Z	37	PC: 2ae33 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:56:30.169307897Z	37	PC: 2ae3a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:56:30.170884101Z	37	PC: 2ae41 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:30.175173355Z	74	PC: 29fdc \| Reallocate memory
2018-12-17T22:56:30.176986855Z	72	PC: 2a01d \| Allocate memory
2018-12-17T22:56:30.178479702Z	72	PC: 2a055 \| Allocate memory
2018-12-17T22:56:30.180204726Z	72	PC: 2a05d \| Allocate memory