Sample viewer

vx.netlux.org/Trojan.DOS.Het

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:35.920656349Z 48 PC: 1629e | Get DOS version
2018-12-17T23:11:35.923055871Z 74 PC: 162ee | Reallocate memory
2018-12-17T23:11:35.924959812Z 48 PC: 160ac | Get DOS version
2018-12-17T23:11:35.926182251Z 53 PC: 160b4 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:35.92811199Z 37 PC: 160c6 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:35.929726547Z 68 PC: 16157 | I/O control for devices (Set for = '��P�]')
2018-12-17T23:11:35.931267605Z 68 PC: 16157 | I/O control for devices
2018-12-17T23:11:35.933091095Z 68 PC: 16157 | I/O control for devices
2018-12-17T23:11:35.935611535Z 68 PC: 16157 | I/O control for devices
2018-12-17T23:11:35.937882727Z 68 PC: 16157 | I/O control for devices
2018-12-17T23:11:35.940081081Z 53 PC: 1426c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:35.942237887Z 53 PC: 14279 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:11:35.944086173Z 53 PC: 14286 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:35.946196212Z 37 PC: 1429b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:35.947770883Z 37 PC: 142a3 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:11:35.949020183Z 37 PC: 142ab | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:35.95050236Z 53 PC: 147e4 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:11:35.952506469Z 53 PC: 147f1 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:11:35.954197991Z 53 PC: 14800 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:11:35.955849096Z 37 PC: 1480d | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:11:35.958537702Z 53 PC: 14814 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:11:35.960164792Z 37 PC: 14821 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:11:35.961744944Z 53 PC: 1482d | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:11:35.967661411Z 48 PC: 148ef | Get DOS version
2018-12-17T23:11:35.969765028Z 74 PC: 15173 | Reallocate memory
2018-12-17T23:11:35.971895515Z 74 PC: 15173 | Reallocate memory
2018-12-17T23:11:35.974459286Z 68 PC: 141e2 | I/O control for devices (Set for = 'r het systeem wordt vernietigt')
2018-12-17T23:11:35.97654562Z 68 PC: 141e2 | I/O control for devices (Set for = '')
2018-12-17T23:11:35.978600014Z 51 PC: 14200 | Get or set Ctrl-Break
2018-12-17T23:11:35.980538429Z 51 PC: 1420c | Get or set Ctrl-Break
2018-12-17T23:11:35.990082599Z 74 PC: 15173 | Reallocate memory
2018-12-17T23:11:35.992353329Z 51 PC: 14217 | Get or set Ctrl-Break
2018-12-17T23:11:35.994008863Z 53 PC: 132ce | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:11:35.996082633Z 53 PC: 132db | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:11:35.997285155Z 53 PC: 132e8 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:11:35.99856973Z 37 PC: 13303 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:11:36.000349438Z 53 PC: 1330b | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:11:36.00172249Z 37 PC: 13318 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:11:36.003622112Z 53 PC: 1331f | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:11:36.00602425Z 37 PC: 1332c | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:11:36.007326129Z 37 PC: 13336 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:11:36.008611657Z 37 PC: 13341 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:11:36.011009998Z 37 PC: 16208 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:11:36.013408038Z 41 PC: 12bdf | Parse filename
2018-12-17T23:11:36.015294185Z 41 PC: 12be1 | Parse filename
2018-12-17T23:11:36.017589772Z 41 PC: 12be6 | Parse filename
2018-12-17T23:11:36.021148705Z 75 PC: 12bfc | Execute program
2018-12-17T23:11:36.044986547Z 80 PC: 19329 | Set current PSP
2018-12-17T23:11:36.046319113Z 48 PC: 1932e | Get DOS version
2018-12-17T23:11:36.04858267Z 99 PC: 1fb10 | Get DBCS lead byte table pointer
2018-12-17T23:11:36.051335497Z 101 PC: 193b4 | Get extended country info
2018-12-17T23:11:36.052905449Z 99 PC: 193ba | Get DBCS lead byte table pointer
2018-12-17T23:11:36.054877138Z 74 PC: 1941c | Reallocate memory
2018-12-17T23:11:36.056503858Z 25 PC: 19453 | Get default drive
2018-12-17T23:11:36.057857484Z 37 PC: 18f13 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:11:36.067992735Z 37 PC: 18f1a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:11:36.069418576Z 37 PC: 18f21 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:36.072948996Z 74 PC: 180bc | Reallocate memory
2018-12-17T23:11:36.074654854Z 72 PC: 180fd | Allocate memory
2018-12-17T23:11:36.076059075Z 72 PC: 18135 | Allocate memory
2018-12-17T23:11:36.077611835Z 72 PC: 1813d | Allocate memory