Sample viewer

vx.netlux.org/Trojan.DOS.Darkman

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:38.123789892Z 48 PC: 171fc | Get DOS version
2018-12-17T23:04:38.125857401Z 74 PC: 1724c | Reallocate memory
2018-12-17T23:04:38.128410693Z 48 PC: 172b0 | Get DOS version
2018-12-17T23:04:38.130318822Z 53 PC: 172b8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.133074244Z 37 PC: 172ca | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.135131754Z 68 PC: 1735b | I/O control for devices (Set for = 'WJWUWW')
2018-12-17T23:04:38.137261269Z 68 PC: 1735b | I/O control for devices
2018-12-17T23:04:38.139358002Z 68 PC: 1735b | I/O control for devices
2018-12-17T23:04:38.145092387Z 68 PC: 1735b | I/O control for devices
2018-12-17T23:04:38.147299568Z 68 PC: 1735b | I/O control for devices
2018-12-17T23:04:38.149794531Z 53 PC: 152e2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.157310186Z 53 PC: 152ef | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:04:38.158970278Z 53 PC: 152fc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.160857888Z 37 PC: 15311 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:38.163440605Z 37 PC: 15319 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:04:38.164957358Z 37 PC: 15321 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:38.16675539Z 53 PC: 15da0 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:04:38.169283725Z 53 PC: 15dad | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:04:38.170847816Z 53 PC: 15dbc | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:04:38.172309375Z 37 PC: 15dc9 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:04:38.174037736Z 53 PC: 15dd0 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:04:38.176436207Z 37 PC: 15ddd | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:04:38.177736943Z 53 PC: 15de9 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:04:38.182692503Z 48 PC: 15eab | Get DOS version
2018-12-17T23:04:38.185250625Z 68 PC: 15258 | I/O control for devices (Set for = 'l them that you tried to steal software and�9')
2018-12-17T23:04:38.186899496Z 68 PC: 15258 | I/O control for devices (Set for = '')
2018-12-17T23:04:38.188521817Z 51 PC: 15276 | Get or set Ctrl-Break
2018-12-17T23:04:38.190275565Z 51 PC: 15282 | Get or set Ctrl-Break
2018-12-17T23:04:38.192646084Z 37 PC: 13cf7 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:04:38.195149522Z 26 PC: 12ecb | Set disk transfer address
2018-12-17T23:04:38.1977063Z 78 PC: 12ed2 | Find first file
2018-12-17T23:04:38.204498194Z 65 PC: 12e49 | Delete file (Filename = 'C:\AUTOEXEC.BAT')
2018-12-17T23:04:38.621217448Z 79 PC: 12e4f | Find next file
2018-12-17T23:04:38.626795149Z 61 PC: 13782 | Open file (Filename = 'C:\PONG.BAT')
2018-12-17T23:04:38.633836561Z 60 PC: 13647 | Create or truncate file
2018-12-17T23:04:38.644985971Z 62 PC: 135b5 | Close file
2018-12-17T23:04:38.648084318Z 61 PC: 13782 | Open file (Filename = 'C:\PONG.BAT')
2018-12-17T23:04:38.656014673Z 68 PC: 136db | I/O control for devices (Set for = 'port guy�7')
2018-12-17T23:04:38.659240961Z 64 PC: 135a4 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T23:04:38.662128451Z 64 PC: 135a4 | Write file or device (Write 14 bytes on handle 5)
2018-12-17T23:04:38.671707728Z 66 PC: 13357 | Move file pointer
2018-12-17T23:04:38.673610156Z 62 PC: 135b5 | Close file
2018-12-17T23:04:38.683432659Z 61 PC: 13782 | Open file (Filename = 'C:\AUTOEXEC.BAT')
2018-12-17T23:04:38.691833589Z 60 PC: 13647 | Create or truncate file
2018-12-17T23:04:38.702935569Z 62 PC: 135b5 | Close file
2018-12-17T23:04:38.705240505Z 61 PC: 13782 | Open file (Filename = 'C:\AUTOEXEC.BAT')
2018-12-17T23:04:38.713861799Z 68 PC: 136db | I/O control for devices (Set for = 'port guy�7')
2018-12-17T23:04:38.7181801Z 64 PC: 135a4 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T23:04:38.720962744Z 64 PC: 135a4 | Write file or device (Write 512 bytes on handle 5)
2018-12-17T23:04:38.731505082Z 64 PC: 135a4 | Write file or device (Write 512 bytes on handle 5)
2018-12-17T23:04:38.740241793Z 64 PC: 135a4 | Write file or device (Write 183 bytes on handle 5)
2018-12-17T23:04:38.743739942Z 66 PC: 13357 | Move file pointer
2018-12-17T23:04:38.746325865Z 62 PC: 135b5 | Close file
2018-12-17T23:04:38.75636682Z 26 PC: 12ecb | Set disk transfer address
2018-12-17T23:04:38.757635907Z 78 PC: 12ed2 | Find first file
2018-12-17T23:04:38.763925446Z 65 PC: 12e49 | Delete file (Filename = 'C:\CONFIG.SYS')
2018-12-17T23:04:38.775510304Z 79 PC: 12e4f | Find next file
2018-12-17T23:04:38.779700876Z 61 PC: 13782 | Open file (Filename = 'C:\CONFIG.SYS')
2018-12-17T23:04:38.785945039Z 60 PC: 13647 | Create or truncate file
2018-12-17T23:04:38.797403229Z 62 PC: 135b5 | Close file
2018-12-17T23:04:38.799504121Z 61 PC: 13782 | Open file (Filename = 'C:\CONFIG.SYS')
2018-12-17T23:04:38.806763193Z 68 PC: 136db | I/O control for devices (Set for = 'port guy�7')
2018-12-17T23:04:38.811284606Z 26 PC: 12ecb | Set disk transfer address
2018-12-17T23:04:38.812607775Z 78 PC: 12ed2 | Find first file
2018-12-17T23:04:38.823022583Z 65 PC: 12e49 | Delete file (Filename = 'C:\WINDOWS\WIN.COM')
2018-12-17T23:04:38.836850029Z 79 PC: 12e4f | Find next file
2018-12-17T23:04:38.840920784Z 26 PC: 12ecb | Set disk transfer address
2018-12-17T23:04:38.842183149Z 78 PC: 12ed2 | Find first file
2018-12-17T23:04:38.85005314Z 65 PC: 12e49 | Delete file (Filename = 'C:\WINDOWS\WIN.INI')
2018-12-17T23:04:38.86261689Z 79 PC: 12e4f | Find next file
2018-12-17T23:04:38.866667508Z 26 PC: 12ecb | Set disk transfer address
2018-12-17T23:04:38.868451473Z 78 PC: 12ed2 | Find first file
2018-12-17T23:04:38.875464242Z 65 PC: 12e49 | Delete file (Filename = 'C:\WINDOWS\SYSTEM.INI')
2018-12-17T23:04:38.88830909Z 79 PC: 12e4f | Find next file
2018-12-17T23:04:38.892603417Z 26 PC: 12ecb | Set disk transfer address
2018-12-17T23:04:38.894647421Z 78 PC: 12ed2 | Find first file
2018-12-17T23:04:38.902630736Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.905436913Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.910075768Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.912350145Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.914657956Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.917810194Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.920049566Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.922307883Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.925088203Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.927669377Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.930142068Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.933158921Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.935664323Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.938014153Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.941072695Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.943487186Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.946138753Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.949119259Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.951501569Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.954030686Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.957211969Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.959578189Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.962490747Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.965447458Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.967601148Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.970076665Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.97303613Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.975168761Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.97729478Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.982346521Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.985001845Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.987578801Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.990575878Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.993978699Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.996501343Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:38.999257266Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.004330988Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.007082904Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.009863844Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.013742138Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.016412019Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.019024462Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.02283531Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.025786641Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.028484244Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.033055271Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.036254808Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.03902569Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.042456923Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.046873019Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.049844267Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.052970075Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.055304005Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.057516567Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.060511319Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.062903197Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.065192723Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.068810538Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.071581018Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.073814569Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.076346901Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.079136017Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.081934971Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.084437498Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.086993866Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.08928799Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.091822597Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.094313101Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.096521985Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.099186076Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.101845267Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.104039995Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.106524197Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.108818382Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.111352187Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.114271608Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.117309492Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.119528044Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.121708996Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.12450835Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.127771046Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.131898449Z 64 PC: 135a4 | Write file or device (Write 0 bytes on handle 5)
2018-12-17T23:04:39.135595413Z 64 PC: 135a4 | Write file or device (Write 275 bytes on handle 5)
2018-12-17T23:04:39.140408875Z 66 PC: 13357 | Move file pointer
2018-12-17T23:04:39.142037919Z 62 PC: 135b5 | Close file
2018-12-17T23:04:39.152010796Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.15427817Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.158407386Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.161672868Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.164403343Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.16767741Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.179850154Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.182502843Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.184932002Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.18854171Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.191151479Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.193615584Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.197188784Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.19953188Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.202640937Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.205781875Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.208526297Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.211132098Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.213949166Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.217010303Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.219587429Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.222358942Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.225516801Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.228075203Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.230846996Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.233876774Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.236404047Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.239237696Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.242168569Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.244853328Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.247763491Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.250785304Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.253842785Z 6 PC: 15229 | Direct console I/O
2018-12-17T23:04:39.258943238Z 12 PC: 152d2 | Flush input buffer and input