Sample viewer

vx.netlux.org/Trojan.DOS.Hellow

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:40.5337323Z 48 PC: 1830c | Get DOS version
2018-12-17T23:04:40.537309167Z 74 PC: 1835c | Reallocate memory
2018-12-17T23:04:40.539782449Z 48 PC: 183c0 | Get DOS version
2018-12-17T23:04:40.541329058Z 53 PC: 183c8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:40.543627491Z 37 PC: 183da | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:40.546035139Z 53 PC: 1b022 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:40.547952384Z 37 PC: 1b032 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:04:40.550148825Z 53 PC: 1b037 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:40.551556463Z 37 PC: 1b047 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:04:40.552886063Z 53 PC: 18d76 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:40.554640543Z 53 PC: 18d76 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:40.556386507Z 53 PC: 18d76 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:40.557942093Z 53 PC: 18d76 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:40.559643312Z 53 PC: 18d76 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:40.562980408Z 53 PC: 18d76 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:40.564721893Z 53 PC: 18d76 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:40.566460553Z 53 PC: 18d76 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:40.569050144Z 53 PC: 18d76 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:40.570730474Z 53 PC: 18d76 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:40.572441933Z 53 PC: 18d76 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:04:40.574794197Z 37 PC: 18da5 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:04:40.576436526Z 37 PC: 18da5 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:04:40.577905138Z 37 PC: 18da5 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:04:40.580499257Z 37 PC: 18da5 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:04:40.581858653Z 37 PC: 18da5 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:04:40.583124303Z 37 PC: 18da5 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:04:40.585165302Z 37 PC: 18da5 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:04:40.586573641Z 37 PC: 18da5 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:04:40.587798524Z 37 PC: 18dac | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:04:40.589268348Z 37 PC: 18db1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:04:40.59445847Z 68 PC: 1846b | I/O control for devices (Set for = 'N:�rJ:�tF���>������Î��Ŋ���Ê{�ر��ʇ��� ��r�������')
2018-12-17T23:04:40.596326614Z 68 PC: 1846b | I/O control for devices (Set for = ' "$&(*,.02468:<>@BDFHJLNPRT=%�@')
2018-12-17T23:04:40.598144673Z 68 PC: 1846b | I/O control for devices (Set for = 'u�4�� �6')
2018-12-17T23:04:40.60106206Z 68 PC: 1846b | I/O control for devices (Set for = '')
2018-12-17T23:04:40.603094271Z 68 PC: 1846b | I/O control for devices (Set for = '')
2018-12-17T23:04:40.606255797Z 53 PC: 157f8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:40.60846902Z 53 PC: 15805 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:04:40.610022863Z 53 PC: 15812 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:40.611507114Z 37 PC: 15827 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:04:40.613708855Z 37 PC: 1582f | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:04:40.61522703Z 37 PC: 15837 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:40.616945312Z 53 PC: 162b6 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:04:40.619182008Z 53 PC: 162c3 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:04:40.620743094Z 53 PC: 162d2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:04:40.622298309Z 37 PC: 162df | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:04:40.624486104Z 53 PC: 162e6 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:04:40.626013386Z 37 PC: 162f3 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:04:40.627500092Z 53 PC: 162ff | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:04:40.63296486Z 48 PC: 163c1 | Get DOS version
2018-12-17T23:04:40.63520845Z 74 PC: 144c3 | Reallocate memory
2018-12-17T23:04:40.637310433Z 74 PC: 144c3 | Reallocate memory
2018-12-17T23:04:40.639895495Z 68 PC: 1576e | I/O control for devices (Set for = 'an\win32lib.exe�')
2018-12-17T23:04:40.641607845Z 68 PC: 1576e | I/O control for devices (Set for = '')
2018-12-17T23:04:40.643251096Z 51 PC: 1578c | Get or set Ctrl-Break
2018-12-17T23:04:40.644402542Z 51 PC: 15798 | Get or set Ctrl-Break
2018-12-17T23:04:40.647051935Z 44 PC: 1806b | Get time 0x1806b: mov al, 0x3c
0x1806d: mul ch
0x1806f: xor ch, ch
0x18071: add ax, cx
0x18073: mov bx, ax
0x18075: push dx
0x18076: call 0x27f80
0x18079: pop dx
0x1807a: mov ax, 0x3c
0x1807d: call 0x180a7
0x18080: mov al, dh
0x18082: mov ah, 1
0x18084: call 0x180a7
0x18087: mov ax, 0x64
0x1808a: call 0x180a7
0x1808d: mov al, dl
0x1808f: mov ah, 1
0x18091: call 0x180a7
0x18094: mov ax, 0x264
0x18097: call 0x180a7