Sample viewer

vx.netlux.org/Trojan.DOS.Tiphoon

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:58.604765494Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:58.606389345Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:58.608770771Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:58.614403365Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:58.616152321Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:58.618769459Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:58.620933045Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:58.622980612Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:58.625071281Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:58.627168823Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:58.629531753Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:58.643873402Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:58.645881045Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:58.647735309Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:58.64994964Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:58.65229655Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:58.654013567Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:58.655772231Z	53	PC: 13296 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:00:58.669366316Z	37	PC: 132ab \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:58.671384748Z	37	PC: 132b3 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:58.673336947Z	37	PC: 132bb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:58.676679578Z	37	PC: 132c3 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:58.679031568Z	68	PC: 13608 \| I/O control for devices (Set for = '')
2018-12-17T23:00:58.69857368Z	37	PC: 12c27 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:58.701516379Z	41	PC: 13211 \| Parse filename
2018-12-17T23:00:58.703661269Z	41	PC: 1321f \| Parse filename
2018-12-17T23:00:58.70567841Z	75	PC: 1322a \| Execute program
2018-12-17T23:00:58.731162357Z	80	PC: 16289 \| Set current PSP
2018-12-17T23:00:58.732756923Z	48	PC: 1628e \| Get DOS version
2018-12-17T23:00:58.735316212Z	99	PC: 1ca70 \| Get DBCS lead byte table pointer
2018-12-17T23:00:58.739782896Z	101	PC: 16314 \| Get extended country info
2018-12-17T23:00:58.742039987Z	99	PC: 1631a \| Get DBCS lead byte table pointer
2018-12-17T23:00:58.743733329Z	74	PC: 1637c \| Reallocate memory
2018-12-17T23:00:58.7457187Z	25	PC: 163b3 \| Get default drive
2018-12-17T23:00:58.747982083Z	37	PC: 15e73 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:00:58.749568594Z	37	PC: 15e7a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:58.751417949Z	37	PC: 15e81 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:58.759561481Z	74	PC: 1501c \| Reallocate memory
2018-12-17T23:00:58.761470769Z	72	PC: 1505d \| Allocate memory
2018-12-17T23:00:58.763327548Z	72	PC: 15095 \| Allocate memory
2018-12-17T23:00:58.765921954Z	72	PC: 1509d \| Allocate memory