Sample viewer

vx.netlux.org/Trojan.DOS.Asas

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:51:34.005255314Z	48	PC: 12a4c \| Get DOS version
2018-12-17T21:51:34.006758449Z	53	PC: 12bc3 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:51:34.008066286Z	53	PC: 12bd0 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T21:51:34.009312149Z	53	PC: 12bdd \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T21:51:34.010897637Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T21:51:34.011984153Z	37	PC: 12bfe \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:51:34.013161792Z	74	PC: 12ad9 \| Reallocate memory
2018-12-17T21:51:34.029424417Z	68	PC: 12f60 \| I/O control for devices (Set for = '')
2018-12-17T21:51:34.031498407Z	74	PC: 13796 \| Reallocate memory
2018-12-17T21:51:34.033419309Z	68	PC: 12f60 \| I/O control for devices (Set for = 'Borland C++ - Copyright 1991 Borland Intl.')
2018-12-17T21:51:34.037433044Z	42	PC: 12d9c \| Get date 0x12d9c: les bx, ptr [bp + 6] 0x12d9f: mov word ptr es:[bx], cx 0x12da2: mov word ptr es:[bx + 2], dx 0x12da6: pop bp 0x12da7: retf 0x12da8: push bp 0x12da9: mov bp, sp 0x12dab: mov ah, 0x2c 0x12dad: int 0x21 0x12daf: les bx, ptr [bp + 6] 0x12db2: mov word ptr es:[bx], cx 0x12db5: mov word ptr es:[bx + 2], dx 0x12db9: pop bp 0x12dba: retf 0x12dbb: push bp 0x12dbc: mov bp, sp 0x12dbe: mov ah, 0x35 0x12dc0: mov al, byte ptr [bp + 6] 0x12dc3: int 0x21 0x12dc5: xchg ax, bx
2018-12-17T21:51:34.039637929Z	44	PC: 12daf \| Get time 0x12daf: les bx, ptr [bp + 6] 0x12db2: mov word ptr es:[bx], cx 0x12db5: mov word ptr es:[bx + 2], dx 0x12db9: pop bp 0x12dba: retf 0x12dbb: push bp 0x12dbc: mov bp, sp 0x12dbe: mov ah, 0x35 0x12dc0: mov al, byte ptr [bp + 6] 0x12dc3: int 0x21 0x12dc5: xchg ax, bx 0x12dc6: mov dx, es 0x12dc8: pop bp 0x12dc9: retf 0x12dca: push bp 0x12dcb: mov bp, sp 0x12dcd: mov ah, 0x25 0x12dcf: mov al, byte ptr [bp + 6] 0x12dd2: push ds 0x12dd3: lds dx, ptr [bp + 8]
2018-12-17T21:51:34.04278619Z	53	PC: 12dc5 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T21:51:34.045803096Z	37	PC: 12dd8 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T21:51:34.047034367Z	73	PC: 145e8 \| Release memory
2018-12-17T21:51:34.048310533Z	49	PC: 145f2 \| Terminate and stay resident (Return code = '0' \| Memory size = '4756')