Sample viewer

vx.netlux.org/Trojan.DOS.FloodDisk.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:11.163624519Z	48	PC: 12a4c \| Get DOS version
2018-12-17T23:08:11.165148777Z	53	PC: 12bc3 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:11.166134772Z	53	PC: 12bd0 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:08:11.167099036Z	53	PC: 12bdd \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:08:11.16852144Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:08:11.169710481Z	37	PC: 12bfe \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:08:11.170733076Z	74	PC: 12ad9 \| Reallocate memory
2018-12-17T23:08:11.172690791Z	68	PC: 13001 \| I/O control for devices (Set for = '')
2018-12-17T23:08:11.179178614Z	74	PC: 13701 \| Reallocate memory
2018-12-17T23:08:11.180638205Z	68	PC: 13001 \| I/O control for devices (Set for = 'Borland C++ - Copyright 1991 Borland Intl.')
2018-12-17T23:08:11.182583696Z	55	PC: 12f18 \| Get or set switch character
2018-12-17T23:08:11.184894178Z	41	PC: 137a0 \| Parse filename
2018-12-17T23:08:11.185960273Z	41	PC: 137bf \| Parse filename
2018-12-17T23:08:11.187023557Z	75	PC: 13802 \| Execute program
2018-12-17T23:08:11.201374426Z	80	PC: 17029 \| Set current PSP
2018-12-17T23:08:11.202730541Z	48	PC: 1702e \| Get DOS version
2018-12-17T23:08:11.204496764Z	99	PC: 1d810 \| Get DBCS lead byte table pointer
2018-12-17T23:08:11.207249033Z	101	PC: 170b4 \| Get extended country info
2018-12-17T23:08:11.208738228Z	99	PC: 170ba \| Get DBCS lead byte table pointer
2018-12-17T23:08:11.210008207Z	74	PC: 1711c \| Reallocate memory
2018-12-17T23:08:11.211189919Z	25	PC: 17153 \| Get default drive
2018-12-17T23:08:11.212071818Z	37	PC: 16c13 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:08:11.213415175Z	37	PC: 16c1a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:08:11.214293748Z	37	PC: 16c21 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:11.21804548Z	74	PC: 15dbc \| Reallocate memory
2018-12-17T23:08:11.219697214Z	72	PC: 15dfd \| Allocate memory
2018-12-17T23:08:11.221005145Z	72	PC: 15e35 \| Allocate memory
2018-12-17T23:08:11.222329199Z	72	PC: 15e3d \| Allocate memory