Sample viewer

vx.netlux.org/Trojan.DOS.Osam

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:28.360975286Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:28.362110915Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:28.364351628Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:28.365740095Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:28.367097114Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:28.369446942Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:28.370586311Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:28.371671978Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:28.373774769Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:28.37489399Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:28.375998101Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:28.378026236Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:28.379108895Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:28.380614261Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:28.381756499Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:28.383515512Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:28.384574429Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:28.385633527Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:28.387167386Z 53 PC: 134b2 | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:00:28.388506208Z 37 PC: 134c7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:28.389784078Z 37 PC: 134cf | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:28.391758372Z 37 PC: 134d7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:28.393059012Z 37 PC: 134df | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:28.394739989Z 68 PC: 13851 | I/O control for devices (Set for = '')
2018-12-17T23:00:28.437766855Z 37 PC: 12e55 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:28.441820957Z 26 PC: 13405 | Set disk transfer address
2018-12-17T23:00:28.443179547Z 78 PC: 13411 | Find first file
2018-12-17T23:00:28.450552124Z 26 PC: 13405 | Set disk transfer address
2018-12-17T23:00:28.451909581Z 78 PC: 13411 | Find first file
2018-12-17T23:00:28.458279501Z 26 PC: 13405 | Set disk transfer address
2018-12-17T23:00:28.460400628Z 78 PC: 13411 | Find first file
2018-12-17T23:00:28.466714286Z 26 PC: 13405 | Set disk transfer address
2018-12-17T23:00:28.4680345Z 78 PC: 13411 | Find first file
2018-12-17T23:00:28.4749734Z 26 PC: 13405 | Set disk transfer address
2018-12-17T23:00:28.476315818Z 78 PC: 13411 | Find first file
2018-12-17T23:00:28.48220455Z 26 PC: 13405 | Set disk transfer address
2018-12-17T23:00:28.483783979Z 78 PC: 13411 | Find first file
2018-12-17T23:00:28.491144105Z 26 PC: 13405 | Set disk transfer address
2018-12-17T23:00:28.492328649Z 78 PC: 13411 | Find first file
2018-12-17T23:00:28.49985126Z 26 PC: 13405 | Set disk transfer address
2018-12-17T23:00:28.501168797Z 78 PC: 13411 | Find first file
2018-12-17T23:00:28.507834786Z 60 PC: 13838 | Create or truncate file
2018-12-17T23:00:28.529371021Z 68 PC: 13851 | I/O control for devices (Set for = 'SLEEP.COM')
2018-12-17T23:00:28.531701563Z 64 PC: 1392f | Write file or device (Write 13 bytes on handle 5)
2018-12-17T23:00:28.53573878Z 62 PC: 1396e | Close file
2018-12-17T23:00:28.543923052Z 26 PC: 13429 | Set disk transfer address
2018-12-17T23:00:28.545345429Z 79 PC: 1342e | Find next file
2018-12-17T23:00:28.547537882Z 60 PC: 13838 | Create or truncate file
2018-12-17T23:00:28.555217579Z 68 PC: 13851 | I/O control for devices (Set for = 'PRINT.COM')
2018-12-17T23:00:28.557620027Z 64 PC: 1392f | Write file or device (Write 13 bytes on handle 5)
2018-12-17T23:00:28.560444432Z 62 PC: 1396e | Close file
2018-12-17T23:00:28.56577271Z 26 PC: 13429 | Set disk transfer address
2018-12-17T23:00:28.567303131Z 79 PC: 1342e | Find next file
2018-12-17T23:00:28.569515561Z 60 PC: 13838 | Create or truncate file
2018-12-17T23:00:28.577808732Z 68 PC: 13851 | I/O control for devices (Set for = 'HELLO.COM')
2018-12-17T23:00:28.579789893Z 64 PC: 1392f | Write file or device (Write 13 bytes on handle 5)
2018-12-17T23:00:28.582403574Z 62 PC: 1396e | Close file
2018-12-17T23:00:28.587704812Z 26 PC: 13429 | Set disk transfer address
2018-12-17T23:00:28.589043502Z 79 PC: 1342e | Find next file
2018-12-17T23:00:28.591150375Z 60 PC: 13838 | Create or truncate file
2018-12-17T23:00:28.59861993Z 68 PC: 13851 | I/O control for devices (Set for = 'PHANG.COM')
2018-12-17T23:00:28.600439842Z 64 PC: 1392f | Write file or device (Write 13 bytes on handle 5)
2018-12-17T23:00:28.602864092Z 62 PC: 1396e | Close file
2018-12-17T23:00:28.608044092Z 26 PC: 13429 | Set disk transfer address
2018-12-17T23:00:28.609423327Z 79 PC: 1342e | Find next file
2018-12-17T23:00:28.611429006Z 60 PC: 13838 | Create or truncate file
2018-12-17T23:00:28.62235762Z 68 PC: 13851 | I/O control for devices (Set for = 'PRINTA~1.COM')
2018-12-17T23:00:28.62527865Z 64 PC: 1392f | Write file or device (Write 13 bytes on handle 5)
2018-12-17T23:00:28.629161591Z 62 PC: 1396e | Close file
2018-12-17T23:00:28.637390583Z 26 PC: 13429 | Set disk transfer address
2018-12-17T23:00:28.63953981Z 79 PC: 1342e | Find next file
2018-12-17T23:00:28.64316394Z 60 PC: 13838 | Create or truncate file
2018-12-17T23:00:28.650728802Z 68 PC: 13851 | I/O control for devices (Set for = 'MANDEL.COM')
2018-12-17T23:00:28.652421557Z 64 PC: 1392f | Write file or device (Write 13 bytes on handle 5)
2018-12-17T23:00:28.655114929Z 62 PC: 1396e | Close file
2018-12-17T23:00:28.661657811Z 26 PC: 13429 | Set disk transfer address
2018-12-17T23:00:28.663294579Z 79 PC: 1342e | Find next file
2018-12-17T23:00:28.665501512Z 60 PC: 13838 | Create or truncate file
2018-12-17T23:00:28.673209614Z 68 PC: 13851 | I/O control for devices (Set for = 'PAH.COM')
2018-12-17T23:00:28.675167253Z 64 PC: 1392f | Write file or device (Write 13 bytes on handle 5)
2018-12-17T23:00:28.677700881Z 62 PC: 1396e | Close file
2018-12-17T23:00:28.683033781Z 26 PC: 13429 | Set disk transfer address
2018-12-17T23:00:28.684536786Z 79 PC: 1342e | Find next file
2018-12-17T23:00:28.686445601Z 26 PC: 13405 | Set disk transfer address
2018-12-17T23:00:28.687355613Z 78 PC: 13411 | Find first file
2018-12-17T23:00:28.692242327Z 60 PC: 13838 | Create or truncate file
2018-12-17T23:00:28.701087268Z 68 PC: 13851 | I/O control for devices (Set for = 'TEST.EXE')
2018-12-17T23:00:28.702731679Z 64 PC: 1392f | Write file or device (Write 13 bytes on handle 5)
2018-12-17T23:00:28.706328957Z 62 PC: 1396e | Close file
2018-12-17T23:00:28.71225295Z 26 PC: 13429 | Set disk transfer address
2018-12-17T23:00:28.713330972Z 79 PC: 1342e | Find next file
2018-12-17T23:00:28.717526511Z 44 PC: 13d9d | Get time 0x13d9d: mov word ptr [0x3e], cx
0x13da1: mov word ptr [0x40], dx
0x13da5: retf
0x13da6: push di
0x13da7: cld
0x13da8: mov bx, ax
0x13daa: or dx, dx
0x13dac: jge 0x13dbb
0x13dae: not bx
0x13db0: not dx
0x13db2: add bx, 1
0x13db5: adc dx, 0
0x13db8: mov al, 0x2d
0x13dba: stosb byte ptr es:[di], al
0x13dbb: mov si, 0x998
0x13dbe: mov cl, 9
0x13dc0: cmp dx, word ptr cs:[si + 2]
0x13dc4: jb 0x13dcd
0x13dc6: ja 0x13dd4
0x13dc8: cmp bx, word ptr cs:[si]
2018-12-17T23:00:28.720370159Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.733850717Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.748780691Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.762138275Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.77549306Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.789163292Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.803523658Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.81701973Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.830246518Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.858190984Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.871673673Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.885119516Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.908149197Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.921591921Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.935533336Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.950122077Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.964083771Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.977843669Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:28.99351439Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.008205849Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.023393165Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.038413147Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.052700506Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.066604463Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.081738816Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.096110178Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.110392936Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.125513883Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.139675799Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.165697313Z 57 PC: 14013 | Create subdirectory
2018-12-17T23:00:29.192713099Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:29.203357241Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:29.214853643Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:29.216173717Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:29.217384105Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:29.218690342Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:29.220189989Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:29.222066295Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:29.223383265Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:29.224862074Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:29.226431505Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:29.227565837Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:29.228906961Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:29.230557225Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:29.23172416Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:29.232849297Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:29.234985699Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:29.236008507Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:29.237061069Z 37 PC: 135c6 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:00:29.238938302Z 76 PC: 13605 | Terminate with return code (Return code = '0')