Sample viewer

vx.netlux.org/Trojan.DOS.Barjam

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:43.453865361Z	48	PC: 1d7f4 \| Get DOS version
2018-12-17T23:12:43.45554977Z	74	PC: 1d853 \| Reallocate memory
2018-12-17T23:12:43.457790912Z	48	PC: 1d424 \| Get DOS version
2018-12-17T23:12:43.459337711Z	53	PC: 1d42c \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:43.465725038Z	53	PC: 214a2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:43.467194037Z	37	PC: 214b2 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:43.468990748Z	53	PC: 214b7 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:43.470979946Z	37	PC: 214c7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:43.472394812Z	53	PC: 1f0a8 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:43.47386337Z	53	PC: 1f0a8 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:43.476335645Z	53	PC: 1f0a8 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:43.477756783Z	53	PC: 1f0a8 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:43.479153032Z	53	PC: 1f0a8 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:43.481596348Z	53	PC: 1f0a8 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:43.482727052Z	53	PC: 1f0a8 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:43.483823529Z	53	PC: 1f0a8 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:43.486084147Z	53	PC: 1f0a8 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:43.487398313Z	53	PC: 1f0a8 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:43.488757484Z	53	PC: 1f0a8 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:43.490945904Z	37	PC: 1f0d7 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:43.492615998Z	37	PC: 1f0d7 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:43.493974215Z	37	PC: 1f0d7 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:43.496328561Z	37	PC: 1f0d7 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:43.497724776Z	37	PC: 1f0d7 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:43.499016896Z	37	PC: 1f0d7 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:43.501349107Z	37	PC: 1f0d7 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:43.502509854Z	37	PC: 1f0d7 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:43.503787379Z	37	PC: 1f0de \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:43.505865152Z	37	PC: 1f0e3 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:43.507444182Z	68	PC: 1d4c2 \| I/O control for devices (Set for = 'ï¿½ï¿½ï¿½ï¿½>ï¿½ï¿½~ï¿½ï¿½ï¿½{ï¿½ï¿½6ï¿½ï¿½6ï¿½ï¿½#ï¿½ï¿½6ï¿½ï¿½6ï¿½ï¿½=ï¿½ï¿½6ï¿½ï¿½ï¿½ï¿½P3ï¿½Pï¿½p ï¿½ï¿½Nï¿½6ï¿½ï¿½æ¡°ï¿½ï¿½ï¿½ï¿½>ï¿½6ï¿½ï¿½æ¡²ï¿½ï¿½Pï¿½.ï¿½6ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ ï¿½ï¿½6ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½@ï¿½ï¿½;ï¿½ï¿½Xï¿½ï¿½ï¿½äš°ï¿½Pï¿½ï¿½ï¿½Pï¿½ï¿½Pï¿½Uï¿½ï¿½ï¿½ï¿½ï¿½Pï¿½ï¿½ï¿½ï¿½uï¿½dï¿½ï¿½ï¿½ï¿½Pï¿½')
2018-12-17T23:12:43.50897706Z	68	PC: 1d4c2 \| I/O control for devices (Set for = 'ï¿½-ï¿½')
2018-12-17T23:12:43.512008862Z	68	PC: 1d4c2 \| I/O control for devices (Set for = 'Vï¿½ï¿½ï¿½&;wr&;wr &+wr&;wr@^Ã‘ï¿½G]ï¿½ï¿½3ï¿½;ï¿½r;ï¿½wHï¿½Pï¿½')
2018-12-17T23:12:43.51359503Z	68	PC: 1d4c2 \| I/O control for devices (Set for = 'r&;wr@^Ã‘ï¿½G]ï¿½ï¿½3ï¿½;ï¿½r;ï¿½wHï¿½Pï¿½')
2018-12-17T23:12:43.515261738Z	68	PC: 1d4c2 \| I/O control for devices (Set for = 'r&;wr@^Ã‘ï¿½G]ï¿½ï¿½3ï¿½;ï¿½r;ï¿½wHï¿½Pï¿½')
2018-12-17T23:12:43.517435717Z	53	PC: 1eee2 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:43.518885912Z	37	PC: 1eef8 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:43.519935258Z	53	PC: 1a508 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:43.521203107Z	53	PC: 1a515 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:12:43.522756704Z	53	PC: 1a522 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:43.523804391Z	37	PC: 1a534 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:43.524845481Z	37	PC: 1a53c \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:12:43.526549708Z	37	PC: 19e18 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:43.527693954Z	53	PC: 1891b \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:12:43.532672777Z	74	PC: 1abc1 \| Reallocate memory
2018-12-17T23:12:43.535106182Z	74	PC: 1abc1 \| Reallocate memory
2018-12-17T23:12:43.539521265Z	68	PC: 174da \| I/O control for devices (Set for = ';ï¿½rï¿½ï¿½+ï¿½;ï¿½s+ï¿½+ÑŽÛŽï¿½;ï¿½rï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½3ï¿½;ï¿½sï¿½ï¿½Nï¿½ï¿½ï¿½;ï¿½uï¿½4GGIï¿½ï¿½uï¿½ï¿½^ï¿½Sï¿½4.ï¿½ï¿½;ï¿½rï¿½ï¿½ï¿½%[ï¿½SQRVWï¿½ï¿½ï¿½ï¿½ï¿½F')
2018-12-17T23:12:43.540752238Z	68	PC: 174da \| I/O control for devices (Set for = '.:.')
2018-12-17T23:12:43.542490126Z	51	PC: 174f7 \| Get or set Ctrl-Break
2018-12-17T23:12:43.543307005Z	51	PC: 17503 \| Get or set Ctrl-Break