Sample viewer

vx.netlux.org/Trojan.DOS.Nirvana

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:53.914297455Z 53 PC: 1305a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:53.91684876Z 53 PC: 1305a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:53.919448366Z 53 PC: 1305a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:53.921241727Z 53 PC: 1305a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:53.923154692Z 53 PC: 1305a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:53.92611711Z 53 PC: 1305a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:53.927881706Z 53 PC: 1305a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:53.929666341Z 53 PC: 1305a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:53.932466213Z 53 PC: 1305a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:53.934192768Z 53 PC: 1305a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:53.935930093Z 53 PC: 1305a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:53.938108838Z 53 PC: 1305a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:53.940256365Z 53 PC: 1305a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:53.942008528Z 53 PC: 1305a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:53.943758206Z 53 PC: 1305a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:53.948629361Z 53 PC: 1305a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:53.950737253Z 53 PC: 1305a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:53.953351637Z 53 PC: 1305a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:53.956780942Z 53 PC: 1305a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:53.958613917Z 37 PC: 1306f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:53.960064373Z 37 PC: 13077 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:53.962304193Z 37 PC: 1307f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:53.963845099Z 37 PC: 13087 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:53.9658246Z 68 PC: 138bd | I/O control for devices (Set for = '����&�&K&�|&�>v�u&�v')
2018-12-17T22:58:53.968924286Z 44 PC: 139f4 | Get time 0x139f4: mov word ptr [0x3e], cx
0x139f8: mov word ptr [0x40], dx
0x139fc: retf
0x139fd: mov bx, sp
0x139ff: mov al, byte ptr ss:[bx + 4]
0x13a03: cmp al, 0x61
0x13a05: jb 0x13a0d
0x13a07: cmp al, 0x7a
0x13a09: ja 0x13a0d
0x13a0b: sub al, 0x20
0x13a0d: retf 2
0x13a10: mov di, 0x50
0x13a13: push ds
0x13a14: pop es
0x13a15: mov cx, 0x2a0
0x13a18: sub cx, di
0x13a1a: shr cx, 1
0x13a1c: xor ax, ax
0x13a1e: cld
0x13a1f: rep stosd dword ptr es:[di], eax
2018-12-17T22:58:53.97287965Z 26 PC: 12f35 | Set disk transfer address
2018-12-17T22:58:53.97441737Z 78 PC: 12f41 | Find first file
2018-12-17T22:58:53.981314303Z 61 PC: 1351d | Open file (Filename = 'C:\DOSnÀ&n���')
2018-12-17T22:58:53.985279235Z 64 PC: 13478 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:58:53.986685097Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:53.98779334Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:53.991800672Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:53.992849803Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:53.993850224Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:53.995780091Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:53.996905397Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:53.998031052Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:54.000338379Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:54.001452954Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:54.002590592Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:54.006585811Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:54.008132959Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:54.010156793Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:54.011348142Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:54.01421497Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:54.015484296Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:54.016730508Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:54.02183411Z 37 PC: 131b1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:54.023790227Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.029794411Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.034596086Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.037404775Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.040102085Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.044897267Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.047489419Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.050151713Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.054468476Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.061757125Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.064126288Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.066807367Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.069937991Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.072727824Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.075484506Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.078806118Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.081645505Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.083985273Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.087841761Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.090184684Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.092786274Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.096062632Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.098854619Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.102389984Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.105990181Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.10875121Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.113534049Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.117634576Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.120133613Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.122577456Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.125233548Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.127999246Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.130037477Z 6 PC: 13238 | Direct console I/O
2018-12-17T22:58:54.133815368Z 76 PC: 131f0 | Terminate with return code (Return code = '2')