Sample viewer

vx.netlux.org/Trojan.DOS.AFT

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:51.056793936Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:51.060948807Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:51.062274804Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:51.063293251Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:51.065173555Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:51.066208838Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:51.067151253Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:51.071817057Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:51.072865309Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:51.073795989Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:51.075238257Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:51.076397609Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:51.077268784Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:51.078308725Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:51.079636398Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:51.080623446Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:51.082001552Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:51.083669258Z	53	PC: 14696 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:51.084849103Z	37	PC: 146ab \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:51.086129056Z	37	PC: 146b3 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:51.088051381Z	37	PC: 146bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:51.089266453Z	37	PC: 146c3 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:51.090998842Z	68	PC: 150f3 \| I/O control for devices (Set for = '')
2018-12-17T22:58:51.15651864Z	37	PC: 140c7 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:51.160174063Z	44	PC: 14f8f \| Get time 0x14f8f: mov word ptr [0x3a], cx 0x14f93: mov word ptr [0x3c], dx 0x14f97: retf 0x14f98: mov bx, sp 0x14f9a: push ds 0x14f9b: les di, ptr ss:[bx + 8] 0x14f9f: lds si, ptr ss:[bx + 4] 0x14fa3: cld 0x14fa4: xor ax, ax 0x14fa6: stosw word ptr es:[di], ax 0x14fa7: mov ax, 0xd7b0 0x14faa: stosw word ptr es:[di], ax 0x14fab: mov ax, 0x80 0x14fae: stosw word ptr es:[di], ax 0x14faf: xor ax, ax 0x14fb1: stosw word ptr es:[di], ax 0x14fb2: stosw word ptr es:[di], ax 0x14fb3: stosw word ptr es:[di], ax 0x14fb4: lea ax, word ptr [di + 0x74] 0x14fb7: stosw word ptr es:[di], ax
2018-12-17T22:58:51.173575043Z	26	PC: 13fd1 \| Set disk transfer address
2018-12-17T22:58:51.176449722Z	78	PC: 13fdd \| Find first file
2018-12-17T22:58:51.183153997Z	86	PC: 15594 \| Rename file
2018-12-17T22:58:51.189632858Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:51.1915314Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:51.193236586Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:51.194398736Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:51.196649796Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:51.197993815Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:51.199081393Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:51.200398453Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:51.201606701Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:51.202531003Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:51.203916567Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:51.20491196Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:51.205823852Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:51.207240679Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:51.208173257Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:51.209136453Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:51.210077741Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:51.21102015Z	37	PC: 147a5 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:51.211801348Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.21329685Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.215163152Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.216455857Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.217858603Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.219375132Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.220697483Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.222249797Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.224293503Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.225738068Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.227334963Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.229036247Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.23057164Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.232111862Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.234054124Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.235657343Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.237134464Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.238634171Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.239919982Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.241174244Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.24266647Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.244045766Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.245421831Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.246983506Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.248460497Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.250140272Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.251897445Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.253368568Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.255137279Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.256723656Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.258010982Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.259290392Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.261445125Z	6	PC: 1482c \| Direct console I/O
2018-12-17T22:58:51.263572694Z	76	PC: 147e4 \| Terminate with return code (Return code = '2')