Sample viewer

vx.netlux.org/Trojan.DOS.Doroga

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:11:27.950848636Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:27.952997134Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:27.954367108Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:27.955572548Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:27.958265385Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:27.959574031Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:27.960694399Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:27.962085965Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:27.96352393Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:27.964994206Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:27.966729221Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:27.968339936Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:27.969798167Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:27.971188442Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:27.972928833Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:27.974008264Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:27.975117959Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:27.977259404Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:27.978788571Z	53	PC: 134aa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:27.980234255Z	37	PC: 134bf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:27.988135997Z	37	PC: 134c7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:27.989331393Z	37	PC: 134cf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:27.990309254Z	37	PC: 134d7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:27.992516794Z	68	PC: 141fb \| I/O control for devices (Set for = '�� ')
2018-12-17T23:11:28.051061252Z	37	PC: 12e11 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:28.056512103Z	61	PC: 141df \| Open file (Filename = 'c:\autoexec.bat')
2018-12-17T23:11:28.075105908Z	68	PC: 141fb \| I/O control for devices (Set for = '�� ')
2018-12-17T23:11:28.076434157Z	66	PC: 1424a \| Move file pointer
2018-12-17T23:11:28.077789682Z	66	PC: 14261 \| Move file pointer
2018-12-17T23:11:28.079759709Z	63	PC: 1426e \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T23:11:28.082862951Z	64	PC: 13b06 \| Write file or device (Write 95 bytes on handle 5)
2018-12-17T23:11:28.085621831Z	62	PC: 13b45 \| Close file
2018-12-17T23:11:28.897913746Z	48	PC: 13f21 \| Get DOS version
2018-12-17T23:11:28.900483996Z	61	PC: 13dd3 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:11:28.90829784Z	63	PC: 13ea6 \| Read file or device (Read 5366 bytes on handle 5)
2018-12-17T23:11:28.917596937Z	60	PC: 13dd3 \| Create or truncate file
2018-12-17T23:11:28.928655898Z	64	PC: 13ea6 \| Write file or device (Write 5366 bytes on handle 6)
2018-12-17T23:11:28.939520155Z	67	PC: 13438 \| Get or set file attributes
2018-12-17T23:11:28.949188331Z	62	PC: 13e23 \| Close file
2018-12-17T23:11:28.951097829Z	62	PC: 13e23 \| Close file
2018-12-17T23:11:28.95846178Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:28.959595335Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:11:28.96121695Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:11:28.962260278Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:28.963491486Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:28.964918427Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:28.965963546Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:11:28.966927865Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:11:28.968248903Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:11:28.969352097Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:11:28.970322563Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:11:28.971798011Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:11:28.972912886Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:11:28.974003173Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:11:28.975525576Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:11:28.97662676Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:11:28.977585913Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:11:28.979143882Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:11:28.980217733Z	37	PC: 13601 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:11:28.981450721Z	76	PC: 13640 \| Terminate with return code (Return code = '0')