Sample viewer

vx.netlux.org/Trojan.DOS.Guess

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:31.444333628Z	48	PC: 17c3c \| Get DOS version
2018-12-17T23:04:31.447639385Z	74	PC: 17c8c \| Reallocate memory
2018-12-17T23:04:31.449517277Z	48	PC: 17cf0 \| Get DOS version
2018-12-17T23:04:31.450933166Z	53	PC: 17cf8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:31.453204794Z	37	PC: 17d0a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:31.457822679Z	53	PC: 1a952 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:31.458954892Z	37	PC: 1a962 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:31.461120753Z	53	PC: 1a967 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:31.462679044Z	37	PC: 1a977 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:31.464301004Z	53	PC: 186a6 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:31.467632474Z	53	PC: 186a6 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:31.469251291Z	53	PC: 186a6 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:31.470835566Z	53	PC: 186a6 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:31.472915116Z	53	PC: 186a6 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:31.474708474Z	53	PC: 186a6 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:31.476387277Z	53	PC: 186a6 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:31.479682539Z	53	PC: 186a6 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:31.484594993Z	53	PC: 186a6 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:31.487073373Z	53	PC: 186a6 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:31.489581975Z	53	PC: 186a6 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:31.491630756Z	37	PC: 186d5 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:31.492734143Z	37	PC: 186d5 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:31.493847849Z	37	PC: 186d5 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:31.495779989Z	37	PC: 186d5 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:31.497162771Z	37	PC: 186d5 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:31.498863548Z	37	PC: 186d5 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:31.501210596Z	37	PC: 186d5 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:31.503150292Z	37	PC: 186d5 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:31.504927639Z	37	PC: 186dc \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:31.510545362Z	37	PC: 186e1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:31.512179802Z	68	PC: 17d9b \| I/O control for devices (Set for = '��%}�A�0�Ѹ�4�')
2018-12-17T23:04:31.513902938Z	68	PC: 17d9b \| I/O control for devices
2018-12-17T23:04:31.516251185Z	68	PC: 17d9b \| I/O control for devices (Set for = '[3��t9��y��۹')
2018-12-17T23:04:31.518435093Z	68	PC: 17d9b \| I/O control for devices (Set for = '��s�W�ۿd')
2018-12-17T23:04:31.520544545Z	68	PC: 17d9b \| I/O control for devices (Set for = '��s�W�ۿd')
2018-12-17T23:04:31.523546277Z	53	PC: 153c0 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:31.524943635Z	53	PC: 153cd \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:04:31.526367036Z	53	PC: 153da \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:31.528013307Z	37	PC: 153ef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:31.529815224Z	37	PC: 153f7 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:04:31.530985727Z	37	PC: 153ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:31.533197887Z	53	PC: 15e7e \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:04:31.534862315Z	53	PC: 15e8b \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:04:31.537138474Z	53	PC: 15e9a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:04:31.538784912Z	37	PC: 15ea7 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:04:31.540806551Z	53	PC: 15eae \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:04:31.542369291Z	37	PC: 15ebb \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:04:31.543903391Z	53	PC: 15ec7 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:04:31.550511555Z	48	PC: 15f89 \| Get DOS version
2018-12-17T23:04:31.552358588Z	74	PC: 13e1b \| Reallocate memory
2018-12-17T23:04:31.554635491Z	74	PC: 13e1b \| Reallocate memory
2018-12-17T23:04:31.558136341Z	68	PC: 15336 \| I/O control for devices (Set for = ' TURN OFF YOUR.')
2018-12-17T23:04:31.562805304Z	68	PC: 15336 \| I/O control for devices (Set for = '')
2018-12-17T23:04:31.56471411Z	51	PC: 15354 \| Get or set Ctrl-Break
2018-12-17T23:04:31.567184055Z	51	PC: 15360 \| Get or set Ctrl-Break
2018-12-17T23:04:31.56908571Z	72	PC: 12cb4 \| Allocate memory
2018-12-17T23:04:31.571591547Z	74	PC: 13e1b \| Reallocate memory
2018-12-17T23:04:31.574092227Z	72	PC: 12cb4 \| Allocate memory
2018-12-17T23:04:31.587958866Z	37	PC: 13145 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:04:31.594011994Z	73	PC: 12cb4 \| Release memory
2018-12-17T23:04:31.597336525Z	74	PC: 13e1b \| Reallocate memory
2018-12-17T23:04:31.598810377Z	51	PC: 1536b \| Get or set Ctrl-Break
2018-12-17T23:04:31.599636721Z	53	PC: 13848 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:04:31.601528951Z	53	PC: 13855 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:04:31.610657636Z	53	PC: 13862 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:04:31.612064747Z	37	PC: 1387d \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:04:31.614066157Z	53	PC: 13885 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:04:31.615086347Z	37	PC: 13892 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:04:31.616104236Z	53	PC: 13899 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:04:31.618089047Z	37	PC: 138a6 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:04:31.619058397Z	37	PC: 138b0 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:04:31.620042256Z	37	PC: 138bb \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:04:31.621889871Z	37	PC: 186f1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:31.622977102Z	37	PC: 186f1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:31.624295527Z	37	PC: 186f1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:31.626456557Z	37	PC: 186f1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:31.627800672Z	37	PC: 186f1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:31.628926839Z	37	PC: 186f1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:31.630623876Z	37	PC: 186f1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:31.631772824Z	37	PC: 186f1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:31.63273892Z	37	PC: 186f1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:31.638591016Z	37	PC: 186f1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:31.650349504Z	37	PC: 186f1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:31.65214061Z	37	PC: 1a986 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:31.654263244Z	37	PC: 17e4c \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:31.655931853Z	41	PC: 17b39 \| Parse filename
2018-12-17T23:04:31.657160809Z	41	PC: 17b3b \| Parse filename
2018-12-17T23:04:31.659231549Z	41	PC: 17b40 \| Parse filename
2018-12-17T23:04:31.665594604Z	75	PC: 17b56 \| Execute program
2018-12-17T23:04:31.686012341Z	80	PC: 1dd79 \| Set current PSP
2018-12-17T23:04:31.68814727Z	48	PC: 1dd7e \| Get DOS version
2018-12-17T23:04:31.689922578Z	99	PC: 24560 \| Get DBCS lead byte table pointer
2018-12-17T23:04:31.692699567Z	101	PC: 1de04 \| Get extended country info
2018-12-17T23:04:31.696271721Z	99	PC: 1de0a \| Get DBCS lead byte table pointer
2018-12-17T23:04:31.697574713Z	74	PC: 1de6c \| Reallocate memory
2018-12-17T23:04:31.698857363Z	25	PC: 1dea3 \| Get default drive
2018-12-17T23:04:31.700704267Z	37	PC: 1d963 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:04:31.702217508Z	37	PC: 1d96a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:31.703533075Z	37	PC: 1d971 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:31.708435695Z	74	PC: 1cb0c \| Reallocate memory
2018-12-17T23:04:31.709961337Z	72	PC: 1cb4d \| Allocate memory
2018-12-17T23:04:31.711729226Z	72	PC: 1cb85 \| Allocate memory
2018-12-17T23:04:31.71420229Z	72	PC: 1cb8d \| Allocate memory