Sample viewer

vx.netlux.org/Trojan.DOS.Qhost.e

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:02:19.594141453Z	48	PC: 12a4c \| Get DOS version
2018-12-17T22:02:19.596337526Z	53	PC: 12ba8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:02:19.597996019Z	53	PC: 12bb5 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:02:19.599559478Z	53	PC: 12bc2 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:02:19.60238549Z	53	PC: 12bcf \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:02:19.604009908Z	37	PC: 12be3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:02:19.605685387Z	74	PC: 12b19 \| Reallocate memory
2018-12-17T22:02:19.608749931Z	65	PC: 13a58 \| Delete file (Filename = 'c:\windows\system32\scpseg.dll')
2018-12-17T22:02:19.62069796Z	67	PC: 13ab2 \| Get or set file attributes
2018-12-17T22:02:19.626474682Z	60	PC: 13256 \| Create or truncate file
2018-12-17T22:02:19.632663122Z	67	PC: 13ab2 \| Get or set file attributes
2018-12-17T22:02:19.640302478Z	60	PC: 13256 \| Create or truncate file
2018-12-17T22:02:19.64763866Z	67	PC: 13ab2 \| Get or set file attributes
2018-12-17T22:02:19.655234457Z	60	PC: 13256 \| Create or truncate file
2018-12-17T22:02:20.003566367Z	68	PC: 1353e \| I/O control for devices (Set for = '�.�>U� u�')
2018-12-17T22:02:20.006854846Z	66	PC: 138d8 \| Move file pointer
2018-12-17T22:02:20.008635851Z	64	PC: 13868 \| Write file or device (Write 78 bytes on handle 5)
2018-12-17T22:02:20.018543559Z	62	PC: 136d1 \| Close file
2018-12-17T22:02:20.028227524Z	37	PC: 12bef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:02:20.029701019Z	37	PC: 12bfa \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:02:20.031395793Z	37	PC: 12c05 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:02:20.033948699Z	37	PC: 12c10 \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:02:20.035361775Z	76	PC: 12b98 \| Terminate with return code (Return code = '1')