Sample viewer

vx.netlux.org/Trojan.DOS.Tonester

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:04.632233644Z	48	PC: 12a4c \| Get DOS version
2018-12-17T23:08:04.634187606Z	53	PC: 12bab \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:04.635304666Z	53	PC: 12bb8 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:08:04.636378385Z	53	PC: 12bc5 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:08:04.637826036Z	53	PC: 12bd2 \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:08:04.639187605Z	37	PC: 12be6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:04.640400836Z	74	PC: 12af4 \| Reallocate memory
2018-12-17T23:08:04.642078208Z	68	PC: 141fb \| I/O control for devices (Set for = '�� ')
2018-12-17T23:08:04.644532401Z	68	PC: 141fb \| I/O control for devices (Set for = '�� ')
2018-12-17T23:08:04.647823808Z	61	PC: 144ae \| Open file (Filename = '')
2018-12-17T23:08:04.653347601Z	55	PC: 13119 \| Get or set switch character
2018-12-17T23:08:04.65835322Z	41	PC: 14ece \| Parse filename
2018-12-17T23:08:04.660362476Z	41	PC: 14edc \| Parse filename
2018-12-17T23:08:04.662457915Z	75	PC: 14f1c \| Execute program
2018-12-17T23:08:04.685292156Z	80	PC: 26659 \| Set current PSP
2018-12-17T23:08:04.686478396Z	48	PC: 2665e \| Get DOS version
2018-12-17T23:08:04.689218195Z	99	PC: 2ce40 \| Get DBCS lead byte table pointer
2018-12-17T23:08:04.693273218Z	101	PC: 266e4 \| Get extended country info
2018-12-17T23:08:04.695476679Z	99	PC: 266ea \| Get DBCS lead byte table pointer
2018-12-17T23:08:04.697407088Z	74	PC: 2674c \| Reallocate memory
2018-12-17T23:08:04.699465838Z	25	PC: 26783 \| Get default drive
2018-12-17T23:08:04.701369456Z	37	PC: 26243 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:08:04.702854718Z	37	PC: 2624a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:04.704317257Z	37	PC: 26251 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:04.709630313Z	74	PC: 253ec \| Reallocate memory
2018-12-17T23:08:04.711357951Z	72	PC: 2542d \| Allocate memory
2018-12-17T23:08:04.713210874Z	72	PC: 25465 \| Allocate memory
2018-12-17T23:08:04.716076841Z	72	PC: 2546d \| Allocate memory