Sample viewer

vx.netlux.org/Trojan.DOS.SexQuiz

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:35.640003563Z	74	PC: 12a8f \| Reallocate memory
2018-12-17T23:00:35.641596176Z	2	PC: 12aa9 \| Character output (Char = '50')
2018-12-17T23:00:35.644292583Z	2	PC: 12aa9 \| Character output (Char = '6c')
2018-12-17T23:00:35.646947863Z	2	PC: 12aa9 \| Character output (Char = '65')
2018-12-17T23:00:35.649648067Z	2	PC: 12aa9 \| Character output (Char = '61')
2018-12-17T23:00:35.6529651Z	2	PC: 12aa9 \| Character output (Char = '73')
2018-12-17T23:00:35.655974966Z	2	PC: 12aa9 \| Character output (Char = '65')
2018-12-17T23:00:35.658511683Z	2	PC: 12aa9 \| Character output (Char = '20')
2018-12-17T23:00:35.661871627Z	2	PC: 12aa9 \| Character output (Char = '57')
2018-12-17T23:00:35.665110633Z	2	PC: 12aa9 \| Character output (Char = '61')
2018-12-17T23:00:35.667560036Z	2	PC: 12aa9 \| Character output (Char = '69')
2018-12-17T23:00:35.67104748Z	2	PC: 12aa9 \| Character output (Char = '74')
2018-12-17T23:00:35.673855796Z	2	PC: 12aa9 \| Character output (Char = '21')
2018-12-17T23:00:35.676721642Z	2	PC: 12aa9 \| Character output (Char = '2e')
2018-12-17T23:00:35.679758479Z	2	PC: 12aa9 \| Character output (Char = '2e')
2018-12-17T23:00:35.682731205Z	2	PC: 12aa9 \| Character output (Char = '2e')
2018-12-17T23:00:35.685465303Z	2	PC: 12aa9 \| Character output (Char = '0d')
2018-12-17T23:00:35.688239376Z	2	PC: 12aa9 \| Character output (Char = '0a')
2018-12-17T23:00:35.693623032Z	41	PC: 12b04 \| Parse filename
2018-12-17T23:00:35.695765739Z	41	PC: 12b0c \| Parse filename
2018-12-17T23:00:35.697825329Z	75	PC: 12b28 \| Execute program
2018-12-17T23:00:35.723480991Z	80	PC: 157f9 \| Set current PSP
2018-12-17T23:00:35.724780623Z	48	PC: 157fe \| Get DOS version
2018-12-17T23:00:35.726867965Z	99	PC: 1bfe0 \| Get DBCS lead byte table pointer
2018-12-17T23:00:35.730585692Z	101	PC: 15884 \| Get extended country info
2018-12-17T23:00:35.732504588Z	99	PC: 1588a \| Get DBCS lead byte table pointer
2018-12-17T23:00:35.734367689Z	74	PC: 158ec \| Reallocate memory
2018-12-17T23:00:35.737534018Z	25	PC: 15923 \| Get default drive
2018-12-17T23:00:35.740514229Z	37	PC: 153e3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:00:35.742208122Z	37	PC: 153ea \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:35.744759486Z	37	PC: 153f1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:35.749718054Z	74	PC: 1458c \| Reallocate memory
2018-12-17T23:00:35.751454588Z	72	PC: 145cd \| Allocate memory
2018-12-17T23:00:35.754012114Z	72	PC: 14605 \| Allocate memory
2018-12-17T23:00:35.756401013Z	72	PC: 1460d \| Allocate memory