Sample viewer

vx.netlux.org/Trojan.DOS.Wnsock

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:15.377819916Z	48	PC: 12a4c \| Get DOS version
2018-12-17T23:06:15.380547134Z	53	PC: 12bef \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:06:15.382416248Z	53	PC: 12bfc \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:06:15.38384318Z	53	PC: 12c09 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:06:15.385835195Z	53	PC: 12c16 \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:06:15.38716187Z	37	PC: 12c2a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:06:15.38891714Z	74	PC: 12af4 \| Reallocate memory
2018-12-17T23:06:15.392451385Z	68	PC: 12ff2 \| I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-17T23:06:15.395699953Z	68	PC: 12ff2 \| I/O control for devices (Set for = '')
2018-12-17T23:06:15.399845136Z	68	PC: 12ff2 \| I/O control for devices (Set for = '')
2018-12-17T23:06:15.405551445Z	67	PC: 13db3 \| Get or set file attributes
2018-12-17T23:06:15.413244869Z	61	PC: 141e1 \| Open file (Filename = 'c:\autoexec.bat')
2018-12-17T23:06:15.422299463Z	68	PC: 13509 \| I/O control for devices (Set for = 'Copyright 1991 Borland Intl.')
2018-12-17T23:06:15.42423905Z	64	PC: 14068 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T23:06:15.764814866Z	66	PC: 13016 \| Move file pointer
2018-12-17T23:06:15.769149285Z	64	PC: 14514 \| Write file or device (Write 20 bytes on handle 5)
2018-12-17T23:06:15.782119321Z	55	PC: 12f8a \| Get or set switch character
2018-12-17T23:06:15.786425076Z	41	PC: 13beb \| Parse filename
2018-12-17T23:06:15.789260697Z	41	PC: 13c0a \| Parse filename
2018-12-17T23:06:15.791925187Z	75	PC: 13c4a \| Execute program
2018-12-17T23:06:15.820400705Z	80	PC: 27289 \| Set current PSP
2018-12-17T23:06:15.823333869Z	48	PC: 2728e \| Get DOS version
2018-12-17T23:06:15.82575982Z	99	PC: 2da70 \| Get DBCS lead byte table pointer
2018-12-17T23:06:15.834544727Z	101	PC: 27314 \| Get extended country info
2018-12-17T23:06:15.836327229Z	99	PC: 2731a \| Get DBCS lead byte table pointer
2018-12-17T23:06:15.83828542Z	74	PC: 2737c \| Reallocate memory
2018-12-17T23:06:15.841495134Z	25	PC: 273b3 \| Get default drive
2018-12-17T23:06:15.845591867Z	37	PC: 26e73 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:06:15.847474918Z	37	PC: 26e7a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:06:15.849343361Z	37	PC: 26e81 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:15.85532171Z	74	PC: 2601c \| Reallocate memory
2018-12-17T23:06:15.859281586Z	72	PC: 2605d \| Allocate memory
2018-12-17T23:06:15.862032758Z	72	PC: 26095 \| Allocate memory
2018-12-17T23:06:15.865051894Z	72	PC: 2609d \| Allocate memory