Sample viewer

vx.netlux.org/Trojan.DOS.Epatch

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:20.151832743Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:20.154556455Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:20.156173001Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:20.157371408Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:20.159483416Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:20.160911076Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:20.162422364Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:20.164148349Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:20.165698304Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:20.166854756Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:20.167959159Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:20.170676156Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:20.17229333Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:20.173920549Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:20.176015983Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:20.177262708Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:20.178306211Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:20.180140478Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:20.181698136Z	53	PC: 1331a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:20.183267695Z	37	PC: 1332f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:20.186247104Z	37	PC: 13337 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:20.187674566Z	37	PC: 1333f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:20.189178014Z	37	PC: 13347 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:20.192684905Z	68	PC: 13fae \| I/O control for devices (Set for = '�')
2018-12-17T22:58:20.297811986Z	37	PC: 12d41 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:20.299284781Z	44	PC: 14446 \| Get time 0x14446: mov word ptr [0x3e], cx 0x1444a: mov word ptr [0x40], dx 0x1444e: retf 0x1444f: mov cx, di 0x14451: mov si, 0xa 0x14454: mov bx, dx 0x14456: or bx, bx 0x14458: jns 0x1446b 0x1445a: neg bx 0x1445c: neg ax 0x1445e: sbb bx, 0 0x14461: call 0x1446b 0x14464: dec di 0x14465: mov byte ptr es:[di], 0x2d 0x14469: inc cx 0x1446a: ret 0x1446b: xor dx, dx 0x1446d: xchg ax, bx 0x1446e: div si 0x14470: xchg ax, bx
2018-12-17T22:58:20.303824725Z	66	PC: 14970 \| Move file pointer
2018-12-17T22:58:20.30576777Z	66	PC: 1497e \| Move file pointer
2018-12-17T22:58:20.308002426Z	66	PC: 1498c \| Move file pointer
2018-12-17T22:58:20.312770878Z	66	PC: 13ba3 \| Move file pointer
2018-12-17T22:58:20.314410194Z	64	PC: 13b44 \| Write file or device (Write 1 bytes on handle 0)
2018-12-17T22:58:20.32002912Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:20.321480992Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:20.323486892Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:20.324598363Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:20.332238147Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:20.333493765Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:20.334608266Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:20.335891427Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:20.337787873Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:20.339256077Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:20.340951945Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:20.342076167Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:20.343172088Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:20.344411119Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:20.346042336Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:20.347461386Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:20.349867225Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:20.351257884Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:20.352653395Z	37	PC: 13471 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:20.354134959Z	76	PC: 134b0 \| Terminate with return code (Return code = '0')