Sample viewer

vx.netlux.org/Trojan.DOS.Virri.j

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:48.889390869Z 48 PC: 17dce | Get DOS version
2018-12-17T23:10:48.892781055Z 74 PC: 17e1e | Reallocate memory
2018-12-17T23:10:48.895084759Z 48 PC: 17bdc | Get DOS version
2018-12-17T23:10:48.896759329Z 53 PC: 17be4 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:48.899520102Z 37 PC: 17bf6 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:48.901194982Z 68 PC: 17c87 | I/O control for devices (Set for = '�NP����zP����P�����P�����P�����P����P�')
2018-12-17T23:10:48.902984479Z 68 PC: 17c87 | I/O control for devices
2018-12-17T23:10:48.904871088Z 68 PC: 17c87 | I/O control for devices
2018-12-17T23:10:48.907173358Z 68 PC: 17c87 | I/O control for devices
2018-12-17T23:10:48.909118276Z 68 PC: 17c87 | I/O control for devices
2018-12-17T23:10:48.911598201Z 53 PC: 15ace | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:48.913807067Z 53 PC: 15adb | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:10:48.915540688Z 53 PC: 15ae8 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:48.91732825Z 37 PC: 15afd | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:48.922392877Z 37 PC: 15b05 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:10:48.924151515Z 37 PC: 15b0d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:48.926072248Z 53 PC: 16046 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:10:48.928763139Z 53 PC: 16053 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:10:48.931305342Z 53 PC: 16062 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:10:48.933650583Z 37 PC: 1606f | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:10:48.935691081Z 53 PC: 16076 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:10:48.937802543Z 37 PC: 16083 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:10:48.939811512Z 53 PC: 1608f | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:10:48.945089891Z 48 PC: 16151 | Get DOS version
2018-12-17T23:10:48.947679592Z 74 PC: 16e1f | Reallocate memory
2018-12-17T23:10:48.949771117Z 74 PC: 16e1f | Reallocate memory
2018-12-17T23:10:48.95169202Z 68 PC: 15a44 | I/O control for devices (Set for = 'igned: QXV2-------------')
2018-12-17T23:10:48.970650923Z 68 PC: 15a44 | I/O control for devices (Set for = '')
2018-12-17T23:10:48.972436311Z 51 PC: 15a62 | Get or set Ctrl-Break
2018-12-17T23:10:48.97462103Z 51 PC: 15a6e | Get or set Ctrl-Break
2018-12-17T23:10:48.981183524Z 72 PC: 177b4 | Allocate memory
2018-12-17T23:10:48.98447682Z 74 PC: 16e1f | Reallocate memory
2018-12-17T23:10:48.986439011Z 72 PC: 177b4 | Allocate memory
2018-12-17T23:10:48.994055317Z 37 PC: 14465 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:10:49.001469103Z 53 PC: 1428a | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:10:49.003225928Z 37 PC: 142a0 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:10:50.043997718Z 73 PC: 177b4 | Release memory
2018-12-17T23:10:50.047506578Z 74 PC: 16e1f | Reallocate memory
2018-12-17T23:10:50.049732355Z 51 PC: 15a79 | Get or set Ctrl-Break
2018-12-17T23:10:50.051326444Z 37 PC: 15cfb | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:50.057576881Z 37 PC: 15d05 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:10:50.058998385Z 37 PC: 15d0f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:50.060632128Z 53 PC: 147d6 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:10:50.064976269Z 53 PC: 147e3 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:10:50.066492592Z 53 PC: 147f0 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:10:50.068112959Z 37 PC: 1480b | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:10:50.07085104Z 53 PC: 14813 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:10:50.072374736Z 37 PC: 14820 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:10:50.073919752Z 53 PC: 14827 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:10:50.076687358Z 37 PC: 14834 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:10:50.07781569Z 37 PC: 1483e | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:10:50.078946377Z 37 PC: 14849 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:10:50.080827506Z 37 PC: 17d38 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:50.082777775Z 41 PC: 17acf | Parse filename
2018-12-17T23:10:50.084287114Z 41 PC: 17ad1 | Parse filename
2018-12-17T23:10:50.085876724Z 41 PC: 17ad6 | Parse filename
2018-12-17T23:10:50.087632687Z 75 PC: 17aec | Execute program
2018-12-17T23:10:50.105529872Z 80 PC: 1b089 | Set current PSP
2018-12-17T23:10:50.10647507Z 48 PC: 1b08e | Get DOS version
2018-12-17T23:10:50.10877181Z 99 PC: 21870 | Get DBCS lead byte table pointer
2018-12-17T23:10:50.111100911Z 101 PC: 1b114 | Get extended country info
2018-12-17T23:10:50.112539217Z 99 PC: 1b11a | Get DBCS lead byte table pointer
2018-12-17T23:10:50.115114381Z 74 PC: 1b17c | Reallocate memory
2018-12-17T23:10:50.116553828Z 25 PC: 1b1b3 | Get default drive
2018-12-17T23:10:50.11774034Z 37 PC: 1ac73 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:10:50.119938896Z 37 PC: 1ac7a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:50.121130738Z 37 PC: 1ac81 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:50.124697367Z 74 PC: 19e1c | Reallocate memory
2018-12-17T23:10:50.12736252Z 72 PC: 19e5d | Allocate memory
2018-12-17T23:10:50.128957409Z 72 PC: 19e95 | Allocate memory
2018-12-17T23:10:50.131355931Z 72 PC: 19e9d | Allocate memory