Sample viewer

vx.netlux.org/Trojan.DOS.BatCom

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:44.420957574Z 48 PC: 12a4b | Get DOS version
2018-12-17T23:02:44.422561942Z 53 PC: 12bca | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:02:44.423702289Z 53 PC: 12bd7 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:02:44.424729865Z 53 PC: 12be4 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:02:44.426209814Z 53 PC: 12bf1 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:02:44.427276991Z 37 PC: 12c05 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:02:44.428411509Z 74 PC: 12af6 | Reallocate memory
2018-12-17T23:02:44.430612336Z 68 PC: 13077 | I/O control for devices (Set for = 'WW')
2018-12-17T23:02:44.432356496Z 68 PC: 13077 | I/O control for devices (Set for = '� ��')
2018-12-17T23:02:44.434351313Z 25 PC: 12f2d | Get default drive
2018-12-17T23:02:44.435562573Z 71 PC: 12fe3 | Get current directory
2018-12-17T23:02:44.438892691Z 59 PC: 12ede | Change current directory
2018-12-17T23:02:44.442866444Z 47 PC: 13dbe | Get disk transfer address
2018-12-17T23:02:44.443762013Z 26 PC: 13dc7 | Set disk transfer address
2018-12-17T23:02:44.444780479Z 78 PC: 13dd1 | Find first file
2018-12-17T23:02:44.450265665Z 26 PC: 13dda | Set disk transfer address
2018-12-17T23:02:44.451330183Z 59 PC: 12ede | Change current directory
2018-12-17T23:02:44.455631434Z 47 PC: 13dbe | Get disk transfer address
2018-12-17T23:02:44.456570578Z 26 PC: 13dc7 | Set disk transfer address
2018-12-17T23:02:44.457457467Z 78 PC: 13dd1 | Find first file
2018-12-17T23:02:44.467948482Z 26 PC: 13dda | Set disk transfer address
2018-12-17T23:02:44.468947092Z 59 PC: 12ede | Change current directory
2018-12-17T23:02:44.479032714Z 47 PC: 13dbe | Get disk transfer address
2018-12-17T23:02:44.489084113Z 26 PC: 13dc7 | Set disk transfer address
2018-12-17T23:02:44.490283651Z 78 PC: 13dd1 | Find first file
2018-12-17T23:02:44.49665213Z 26 PC: 13dda | Set disk transfer address
2018-12-17T23:02:44.499093699Z 47 PC: 13dbe | Get disk transfer address
2018-12-17T23:02:44.501172567Z 26 PC: 13dc7 | Set disk transfer address
2018-12-17T23:02:44.502683721Z 78 PC: 13dd1 | Find first file
2018-12-17T23:02:44.509873403Z 26 PC: 13dda | Set disk transfer address
2018-12-17T23:02:44.511933551Z 67 PC: 13bfa | Get or set file attributes
2018-12-17T23:02:44.5179125Z 61 PC: 145e4 | Open file (Filename = 'A:\TEST.COM')
2018-12-17T23:02:44.52522513Z 68 PC: 13844 | I/O control for devices (Set for = '')
2018-12-17T23:02:44.526790842Z 68 PC: 13077 | I/O control for devices
2018-12-17T23:02:44.528912917Z 67 PC: 13bfa | Get or set file attributes
2018-12-17T23:02:44.537220079Z 60 PC: 14451 | Create or truncate file
2018-12-17T23:02:44.554358834Z 68 PC: 13077 | I/O control for devices
2018-12-17T23:02:44.556362633Z 63 PC: 131f6 | Read file or device (Read 1024 bytes on handle 5)
2018-12-17T23:02:44.5633877Z 64 PC: 14c4d | Write file or device (Write 1024 bytes on handle 6)
2018-12-17T23:02:44.571989802Z 63 PC: 131f6 | Read file or device (Read 1024 bytes on handle 5)
2018-12-17T23:02:44.578908588Z 64 PC: 14c4d | Write file or device (Write 1024 bytes on handle 6)
2018-12-17T23:02:44.586896039Z 63 PC: 131f6 | Read file or device (Read 1024 bytes on handle 5)
2018-12-17T23:02:44.593615083Z 64 PC: 14c4d | Write file or device (Write 1024 bytes on handle 6)
2018-12-17T23:02:44.601288234Z 63 PC: 131f6 | Read file or device (Read 1024 bytes on handle 5)
2018-12-17T23:02:44.608689343Z 64 PC: 14c4d | Write file or device (Write 1024 bytes on handle 6)
2018-12-17T23:02:44.617052822Z 63 PC: 131f6 | Read file or device (Read 1024 bytes on handle 5)
2018-12-17T23:02:44.622914241Z 64 PC: 14c4d | Write file or device (Write 1024 bytes on handle 6)
2018-12-17T23:02:44.629572803Z 63 PC: 131f6 | Read file or device (Read 1024 bytes on handle 5)
2018-12-17T23:02:44.637163939Z 64 PC: 14c4d | Write file or device (Write 1024 bytes on handle 6)
2018-12-17T23:02:44.645360957Z 63 PC: 131f6 | Read file or device (Read 1024 bytes on handle 5)
2018-12-17T23:02:44.652412428Z 64 PC: 14c4d | Write file or device (Write 1024 bytes on handle 6)
2018-12-17T23:02:44.660419648Z 63 PC: 131f6 | Read file or device (Read 1024 bytes on handle 5)
2018-12-17T23:02:44.667141461Z 64 PC: 14c4d | Write file or device (Write 1024 bytes on handle 6)
2018-12-17T23:02:44.674869829Z 63 PC: 131f6 | Read file or device (Read 1024 bytes on handle 5)
2018-12-17T23:02:44.682272311Z 64 PC: 14c4d | Write file or device (Write 1024 bytes on handle 6)
2018-12-17T23:02:44.690511647Z 63 PC: 131f6 | Read file or device (Read 1024 bytes on handle 5)
2018-12-17T23:02:44.697806345Z 64 PC: 14c4d | Write file or device (Write 520 bytes on handle 6)
2018-12-17T23:02:44.706145469Z 62 PC: 13c35 | Close file
2018-12-17T23:02:44.708215283Z 62 PC: 13c35 | Close file
2018-12-17T23:02:44.716467866Z 59 PC: 12ede | Change current directory
2018-12-17T23:02:44.721367478Z 37 PC: 12c11 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:02:44.722713866Z 37 PC: 12c1c | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:02:44.724067869Z 37 PC: 12c27 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:02:44.725994704Z 37 PC: 12c32 | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:02:44.727355551Z 62 PC: 13c35 | Close file
2018-12-17T23:02:44.729171365Z 62 PC: 13c35 | Close file
2018-12-17T23:02:44.731861018Z 62 PC: 13c35 | Close file
2018-12-17T23:02:44.733837233Z 62 PC: 13c35 | Close file
2018-12-17T23:02:44.735849482Z 62 PC: 13c35 | Close file
2018-12-17T23:02:44.738278128Z 76 PC: 12bbb | Terminate with return code (Return code = '0')