Sample viewer

vx.netlux.org/Trojan.DOS.Cmpufon

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:56.215669589Z	48	PC: 150cb \| Get DOS version
2018-12-17T23:00:56.218885031Z	52	PC: 1519f \| Get InDOS flag pointer
2018-12-17T23:00:56.22032335Z	93	PC: 151ad \| File sharing functions
2018-12-17T23:00:56.222242105Z	53	PC: 151d8 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:00:56.223985443Z	37	PC: 151e8 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:00:56.238736184Z	53	PC: 151ed \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:00:56.240208288Z	37	PC: 151fd \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:00:56.241622627Z	53	PC: 15202 \| Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T23:00:56.245120377Z	37	PC: 15212 \| Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T23:00:56.246605044Z	53	PC: 15217 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:00:56.248139348Z	37	PC: 15227 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:00:56.252454695Z	53	PC: 1522c \| Get interrupt vector (Interrupt = '37' AKA 'Set interrupt vector')
2018-12-17T23:00:56.2539145Z	37	PC: 1523c \| Set interrupt vector (Interrupt = '37' AKA 'Set interrupt vector')
2018-12-17T23:00:56.256885669Z	53	PC: 15241 \| Get interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T23:00:56.267671142Z	37	PC: 15251 \| Set interrupt vector (Interrupt = '38' AKA 'Create PSP')
2018-12-17T23:00:56.269064054Z	53	PC: 15256 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:00:56.27047615Z	37	PC: 15266 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T23:00:56.281506213Z	53	PC: 1526b \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:00:56.283836345Z	37	PC: 1527b \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T23:00:56.285863107Z	73	PC: 15283 \| Release memory
2018-12-17T23:00:56.288922162Z	9	PC: 1528a \| Display string (String= 'ctory window. ')
2018-12-17T23:00:56.29461677Z	49	PC: 1529a \| Terminate and stay resident (Return code = '0' \| Memory size = '1862')