Sample viewer

vx.netlux.org/Trojan.DOS.Term151

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:11:01.39214047Z	48	PC: 1989c \| Get DOS version
2018-12-17T23:11:01.394639059Z	74	PC: 198ec \| Reallocate memory
2018-12-17T23:11:01.402224016Z	48	PC: 19950 \| Get DOS version
2018-12-17T23:11:01.403514113Z	53	PC: 19958 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:01.405583977Z	37	PC: 1996a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:01.411415385Z	53	PC: 1bff2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:01.412861255Z	37	PC: 1c002 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:01.414833695Z	53	PC: 1c007 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:01.41731929Z	37	PC: 1c017 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:01.418959245Z	53	PC: 19d46 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:01.421017145Z	53	PC: 19d46 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:01.422830366Z	53	PC: 19d46 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:01.424409296Z	53	PC: 19d46 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:01.426413966Z	53	PC: 19d46 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:01.428599046Z	53	PC: 19d46 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:01.430070604Z	53	PC: 19d46 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:01.431433187Z	53	PC: 19d46 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:01.434080446Z	53	PC: 19d46 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:01.436088894Z	53	PC: 19d46 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:01.437469691Z	53	PC: 19d46 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:01.43979737Z	37	PC: 19d75 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:01.44121662Z	37	PC: 19d75 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:01.442394385Z	37	PC: 19d75 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:01.445724859Z	37	PC: 19d75 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:01.447576753Z	37	PC: 19d75 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:01.449156464Z	37	PC: 19d75 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:01.450848647Z	37	PC: 19d75 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:01.452944669Z	37	PC: 19d75 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:01.454528699Z	37	PC: 19d7c \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:01.456138156Z	37	PC: 19d81 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:01.459009547Z	68	PC: 199fb \| I/O control for devices (Set for = '� =�r8[èt�x.u�*��')
2018-12-17T23:11:01.461470065Z	68	PC: 199fb \| I/O control for devices (Set for = '')
2018-12-17T23:11:01.463614468Z	68	PC: 199fb \| I/O control for devices (Set for = ']��[YZ^_�')
2018-12-17T23:11:01.470104285Z	68	PC: 199fb \| I/O control for devices (Set for = ' ')
2018-12-17T23:11:01.47173332Z	68	PC: 199fb \| I/O control for devices (Set for = ' ')
2018-12-17T23:11:01.473872514Z	53	PC: 16e6a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:01.476904166Z	53	PC: 16e77 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:11:01.47834198Z	53	PC: 16e84 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:01.479461206Z	37	PC: 16e99 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:01.481626238Z	37	PC: 16ea1 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:11:01.482819823Z	37	PC: 16ea9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:01.484151498Z	53	PC: 17928 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:11:01.486478234Z	53	PC: 17935 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:11:01.488087912Z	53	PC: 17944 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:11:01.490018253Z	37	PC: 17951 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:11:01.492449045Z	53	PC: 17958 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:11:01.494002356Z	37	PC: 17965 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:11:01.495548224Z	53	PC: 17971 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:11:01.500449994Z	48	PC: 17a33 \| Get DOS version
2018-12-17T23:11:01.501881266Z	74	PC: 158c5 \| Reallocate memory
2018-12-17T23:11:01.503873203Z	74	PC: 158c5 \| Reallocate memory
2018-12-17T23:11:01.506272557Z	68	PC: 16de0 \| I/O control for devices (Set for = 'r all of you outlaws out there who don't support crapware �')
2018-12-17T23:11:01.507824425Z	68	PC: 16de0 \| I/O control for devices (Set for = '')
2018-12-17T23:11:01.50917173Z	51	PC: 16dfe \| Get or set Ctrl-Break
2018-12-17T23:11:01.510314128Z	51	PC: 16e0a \| Get or set Ctrl-Break
2018-12-17T23:11:01.512195477Z	72	PC: 13cc8 \| Allocate memory
2018-12-17T23:11:01.514343718Z	74	PC: 158c5 \| Reallocate memory
2018-12-17T23:11:01.515936674Z	72	PC: 13cc8 \| Allocate memory
2018-12-17T23:11:01.51994858Z	37	PC: 14bef \| Set interrupt vector (Interrupt = '9' AKA 'Display string')