Sample viewer

vx.netlux.org/Trojan.DOS.Arm

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:25.979289349Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:25.98124087Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:25.98370243Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:25.985431051Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:25.987161656Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:25.988675233Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:25.990708227Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:25.991930976Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:25.99372983Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:25.994875334Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:25.995978519Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:25.998934078Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:26.000733984Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:26.00216231Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:26.007505469Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:26.00902084Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:26.010476748Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:26.013622705Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:26.015250186Z	53	PC: 13f2a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:26.016668393Z	37	PC: 13f3f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:26.018485261Z	37	PC: 13f47 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:26.020868143Z	37	PC: 13f4f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:26.022181884Z	37	PC: 13f57 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:26.023537103Z	68	PC: 14c0b \| I/O control for devices (Set for = '�&�=')
2018-12-17T23:04:26.12507003Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:26.127138881Z	61	PC: 14711 \| Open file (Filename = 'c:\windows\counter.psr')
2018-12-17T23:04:26.139021531Z	61	PC: 14711 \| Open file (Filename = 'c:\windows\win.com')
2018-12-17T23:04:26.148209692Z	60	PC: 14711 \| Create or truncate file
2018-12-17T23:04:26.155933279Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:26.157456294Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:26.160415489Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:04:26.162659961Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:26.164873254Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:26.167351866Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:26.169263862Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:26.170873149Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:26.17267132Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:26.17487749Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:26.176558041Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:26.178186904Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:26.180643555Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:26.182516869Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:26.184080399Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:26.187059783Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:26.188357423Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:26.189665854Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:04:26.191531474Z	37	PC: 14081 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:04:26.193281676Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.195572304Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.198901776Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.201161025Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.204214218Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.20746408Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.209705717Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.211909231Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.214123696Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.216966242Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.219167773Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.221394652Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.225080013Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.227332529Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.229755457Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.235191171Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.237424481Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.239934993Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.243418034Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.24604224Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.248586344Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.25260882Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.256726846Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.25932376Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.262434961Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.265838804Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.269065513Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.271873805Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.275250466Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.286431896Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.289933622Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.293789575Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.29586588Z	6	PC: 14108 \| Direct console I/O
2018-12-17T23:04:26.299653514Z	76	PC: 140c0 \| Terminate with return code (Return code = '3')