Sample viewer

vx.netlux.org/Trojan.DOS.Virri.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:50.389354511Z	48	PC: 176ae \| Get DOS version
2018-12-17T22:59:50.39361168Z	74	PC: 176fe \| Reallocate memory
2018-12-17T22:59:50.395699821Z	48	PC: 174bc \| Get DOS version
2018-12-17T22:59:50.397012504Z	53	PC: 174c4 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:59:50.398886552Z	37	PC: 174d6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:59:50.400024342Z	68	PC: 17567 \| I/O control for devices (Set for = '�RP��3�P�m��P�')
2018-12-17T22:59:50.401219174Z	68	PC: 17567 \| I/O control for devices
2018-12-17T22:59:50.402960527Z	68	PC: 17567 \| I/O control for devices
2018-12-17T22:59:50.404456383Z	68	PC: 17567 \| I/O control for devices
2018-12-17T22:59:50.405666212Z	68	PC: 17567 \| I/O control for devices
2018-12-17T22:59:50.407690744Z	53	PC: 1574e \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:59:50.408743757Z	53	PC: 1575b \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:59:50.409766534Z	53	PC: 15768 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:50.411253022Z	37	PC: 1577d \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:59:50.412286233Z	37	PC: 15785 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:59:50.413216164Z	37	PC: 1578d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:50.414935152Z	53	PC: 15cc6 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:59:50.415942282Z	53	PC: 15cd3 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:59:50.416887738Z	53	PC: 15ce2 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:59:50.418029975Z	37	PC: 15cef \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:59:50.419259253Z	53	PC: 15cf6 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:59:50.420601563Z	37	PC: 15d03 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:59:50.422231414Z	53	PC: 15d0f \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:59:50.432486762Z	48	PC: 15dd1 \| Get DOS version
2018-12-17T22:59:50.433932641Z	68	PC: 156c4 \| I/O control for devices (Set for = 'et you but your computer is infected')
2018-12-17T22:59:50.435217476Z	68	PC: 156c4 \| I/O control for devices (Set for = '')
2018-12-17T22:59:50.436595688Z	51	PC: 156e2 \| Get or set Ctrl-Break
2018-12-17T22:59:50.437454996Z	51	PC: 156ee \| Get or set Ctrl-Break
2018-12-17T22:59:50.438657094Z	72	PC: 17118 \| Allocate memory
2018-12-17T22:59:50.445713592Z	37	PC: 142f1 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:59:50.452812966Z	53	PC: 14116 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:59:50.453729827Z	37	PC: 1412c \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:59:55.446706458Z	61	PC: 12e3a \| Open file (Filename = 'C:\WINDOWS\WIN.INI')
2018-12-17T22:59:55.457192828Z	68	PC: 12d93 \| I/O control for devices (Set for = ' ')
2018-12-17T22:59:55.460107158Z	64	PC: 13e60 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:59:56.167620426Z	64	PC: 13e60 \| Write file or device (Write 30 bytes on handle 5)
2018-12-17T22:59:56.181371435Z	66	PC: 13c13 \| Move file pointer
2018-12-17T22:59:56.183400108Z	62	PC: 13e71 \| Close file
2018-12-17T22:59:56.19364193Z	61	PC: 12e3a \| Open file (Filename = 'C:\WINDOWS\SYSTEM.INI')
2018-12-17T22:59:56.201542677Z	68	PC: 12d93 \| I/O control for devices (Set for = ' ')