Sample viewer

vx.netlux.org/Trojan.DOS.Mojo

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:36.586876843Z 48 PC: 17e1c | Get DOS version
2018-12-17T23:09:36.588903707Z 74 PC: 17e6c | Reallocate memory
2018-12-17T23:09:36.590831936Z 48 PC: 17ed0 | Get DOS version
2018-12-17T23:09:36.592238746Z 53 PC: 17ed8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:36.599716812Z 37 PC: 17eea | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:36.601050483Z 68 PC: 17f7b | I/O control for devices (Set for = 'WJWUWW')
2018-12-17T23:09:36.602377474Z 68 PC: 17f7b | I/O control for devices
2018-12-17T23:09:36.604570849Z 68 PC: 17f7b | I/O control for devices (Set for = '������������������������������������������������')
2018-12-17T23:09:36.611491914Z 68 PC: 17f7b | I/O control for devices (Set for = '��������������������������������������')
2018-12-17T23:09:36.618304049Z 68 PC: 17f7b | I/O control for devices (Set for = '��������������������������������������')
2018-12-17T23:09:36.620269284Z 53 PC: 1610e | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:36.6222332Z 53 PC: 1611b | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:09:36.623625556Z 53 PC: 16128 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:36.625017672Z 37 PC: 1613d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:36.627245759Z 37 PC: 16145 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:09:36.628796698Z 37 PC: 1614d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:36.630209798Z 53 PC: 16bcc | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:09:36.632065227Z 53 PC: 16bd9 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:09:36.633404813Z 53 PC: 16be8 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:09:36.634741832Z 37 PC: 16bf5 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:09:36.637030064Z 53 PC: 16bfc | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:09:36.638411355Z 37 PC: 16c09 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:09:36.639686836Z 53 PC: 16c15 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:09:36.645115091Z 48 PC: 16cd7 | Get DOS version
2018-12-17T23:09:36.646620815Z 74 PC: 14dd9 | Reallocate memory
2018-12-17T23:09:36.648499429Z 74 PC: 14dd9 | Reallocate memory
2018-12-17T23:09:36.654240769Z 68 PC: 16084 | I/O control for devices (Set for = ' a error with This file pls quit mIRC and try�')
2018-12-17T23:09:36.655633768Z 68 PC: 16084 | I/O control for devices (Set for = '')
2018-12-17T23:09:36.656981927Z 51 PC: 160a2 | Get or set Ctrl-Break
2018-12-17T23:09:36.658705783Z 51 PC: 160ae | Get or set Ctrl-Break
2018-12-17T23:09:36.664184151Z 74 PC: 14dd9 | Reallocate memory
2018-12-17T23:09:36.665909347Z 51 PC: 160b9 | Get or set Ctrl-Break
2018-12-17T23:09:36.668036213Z 37 PC: 1633b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:36.669043753Z 37 PC: 16345 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:09:36.671436879Z 37 PC: 1634f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:36.67376545Z 53 PC: 14806 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:09:36.674832337Z 53 PC: 14813 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:09:36.675896586Z 53 PC: 14820 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:09:36.677975612Z 37 PC: 1483b | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:09:36.679019554Z 53 PC: 14843 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:09:36.684151735Z 37 PC: 14850 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:09:36.686504777Z 53 PC: 14857 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:09:36.687883297Z 37 PC: 14864 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:09:36.68916524Z 37 PC: 1486e | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:09:36.691364521Z 37 PC: 14879 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:09:36.693234394Z 37 PC: 1802c | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:36.695402157Z 41 PC: 17c09 | Parse filename
2018-12-17T23:09:36.697735401Z 41 PC: 17c0b | Parse filename
2018-12-17T23:09:36.699723364Z 41 PC: 17c10 | Parse filename
2018-12-17T23:09:36.701261236Z 75 PC: 17c26 | Execute program
2018-12-17T23:09:36.721981164Z 80 PC: 1c479 | Set current PSP
2018-12-17T23:09:36.72427841Z 48 PC: 1c47e | Get DOS version
2018-12-17T23:09:36.725812939Z 99 PC: 22c60 | Get DBCS lead byte table pointer
2018-12-17T23:09:36.729058679Z 101 PC: 1c504 | Get extended country info
2018-12-17T23:09:36.730941042Z 99 PC: 1c50a | Get DBCS lead byte table pointer
2018-12-17T23:09:36.73231037Z 74 PC: 1c56c | Reallocate memory
2018-12-17T23:09:36.733905308Z 25 PC: 1c5a3 | Get default drive
2018-12-17T23:09:36.735492045Z 37 PC: 1c063 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:09:36.736561798Z 37 PC: 1c06a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:36.737685788Z 37 PC: 1c071 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:36.742536694Z 74 PC: 1b20c | Reallocate memory
2018-12-17T23:09:36.743821115Z 72 PC: 1b24d | Allocate memory
2018-12-17T23:09:36.745266116Z 72 PC: 1b285 | Allocate memory
2018-12-17T23:09:36.747673394Z 72 PC: 1b28d | Allocate memory