Sample viewer

vx.netlux.org/Trojan.DOS.Cindy

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:53.176978539Z 48 PC: 12a54 | Get DOS version
2018-12-17T23:05:53.178827977Z 74 PC: 12ab2 | Reallocate memory
2018-12-17T23:05:53.180888801Z 48 PC: 12b22 | Get DOS version
2018-12-17T23:05:53.183236896Z 53 PC: 12b2a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:53.189081416Z 37 PC: 12b3c | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:53.19169467Z 68 PC: 12bc0 | I/O control for devices (Set for = '����3ҋڋȋ����3� �y����ڋȋ� �y���ك�')
2018-12-17T23:05:53.194374057Z 68 PC: 12bc0 | I/O control for devices (Set for = '&�W�F��V�RP�Rߋ؎‰^��F�&�?�t�&�G��]�')
2018-12-17T23:05:53.197732823Z 68 PC: 12bc0 | I/O control for devices (Set for = '0�G+��F�F��<')
2018-12-17T23:05:53.199310168Z 68 PC: 12bc0 | I/O control for devices (Set for = 'W��$�������N�u�^���G�D�G+��G�G �G�G�G�G�G�G�G�G �G�G"�G&�G$^_��]ÐU����F�')
2018-12-17T23:05:53.201636813Z 68 PC: 12bc0 | I/O control for devices (Set for = 'W��$�������N�u�^���G�D�G+��G�G �G�G�G�G�G�G�G�G �G�G"�G&�G$^_��]ÐU����F�')
2018-12-17T23:05:53.203994686Z 48 PC: 16092 | Get DOS version
2018-12-17T23:05:53.205568104Z 37 PC: 160c2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:53.20894294Z 72 PC: 27fb3 | Allocate memory
2018-12-17T23:05:53.211737244Z 72 PC: 27fc4 | Allocate memory
2018-12-17T23:05:53.216490822Z 53 PC: 2e159 | Get interrupt vector (Interrupt = '103' AKA 'Set handle count')
2018-12-17T23:05:53.236793587Z 37 PC: 189da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:53.258444826Z 61 PC: 161f6 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:05:53.268441542Z 66 PC: 162a4 | Move file pointer
2018-12-17T23:05:53.271326066Z 63 PC: 16248 | Read file or device (Read 1024 bytes on handle 5)
2018-12-17T23:05:53.301514588Z 62 PC: 1621f | Close file
2018-12-17T23:05:53.306346924Z 25 PC: 1655a | Get default drive
2018-12-17T23:05:53.309163991Z 71 PC: 165cc | Get current directory
2018-12-17T23:05:53.3124716Z 90 PC: 161b1 | Create unique file
2018-12-17T23:05:53.332370675Z 66 PC: 162a4 | Move file pointer
2018-12-17T23:05:53.335171692Z 64 PC: 16275 | Write file or device (Write 2048 bytes on handle 5)
2018-12-17T23:05:53.345429549Z 74 PC: 27fdb | Reallocate memory
2018-12-17T23:05:53.347435661Z 75 PC: 189b1 | Execute program
2018-12-17T23:05:53.369175427Z 80 PC: 47569 | Set current PSP
2018-12-17T23:05:53.374966927Z 48 PC: 4756e | Get DOS version
2018-12-17T23:05:53.377722919Z 99 PC: 4dd50 | Get DBCS lead byte table pointer
2018-12-17T23:05:53.382374044Z 101 PC: 475f4 | Get extended country info
2018-12-17T23:05:53.3873925Z 99 PC: 475fa | Get DBCS lead byte table pointer
2018-12-17T23:05:53.388956811Z 74 PC: 4765c | Reallocate memory
2018-12-17T23:05:53.39309936Z 25 PC: 47693 | Get default drive
2018-12-17T23:05:53.394937326Z 37 PC: 47153 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:05:53.39729575Z 37 PC: 4715a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:53.399470389Z 37 PC: 47161 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:53.405035924Z 74 PC: 462fc | Reallocate memory
2018-12-17T23:05:53.407166209Z 72 PC: 4633d | Allocate memory
2018-12-17T23:05:53.411670839Z 72 PC: 46375 | Allocate memory
2018-12-17T23:05:53.413566754Z 72 PC: 4637d | Allocate memory