Sample viewer

vx.netlux.org/Trojan.DOS.XlmSoft

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:09:39.845481273Z	48	PC: 17ebc \| Get DOS version
2018-12-17T22:09:39.847090602Z	74	PC: 17f0c \| Reallocate memory
2018-12-17T22:09:39.84882806Z	48	PC: 17f70 \| Get DOS version
2018-12-17T22:09:39.849938138Z	53	PC: 17f78 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:39.851259518Z	37	PC: 17f8a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:39.852590341Z	53	PC: 1a9b2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:09:39.853642966Z	37	PC: 1a9c2 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:09:39.855349741Z	53	PC: 1a9c7 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:09:39.856458627Z	37	PC: 1a9d7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:09:39.858250007Z	53	PC: 18706 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:09:39.859784139Z	53	PC: 18706 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:09:39.861162714Z	53	PC: 18706 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:09:39.862158237Z	53	PC: 18706 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:09:39.864023043Z	53	PC: 18706 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:09:39.86513441Z	53	PC: 18706 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:09:39.866652148Z	53	PC: 18706 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:09:39.868488719Z	53	PC: 18706 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:09:39.869936749Z	53	PC: 18706 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:09:39.871354084Z	53	PC: 18706 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:09:39.87305588Z	53	PC: 18706 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:09:39.87415439Z	37	PC: 18735 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:09:39.875148165Z	37	PC: 18735 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:09:39.877158207Z	37	PC: 18735 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:09:39.878154482Z	37	PC: 18735 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:09:39.879143277Z	37	PC: 18735 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:09:39.880610054Z	37	PC: 18735 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:09:39.881696627Z	37	PC: 18735 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:09:39.882729442Z	37	PC: 18735 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:09:39.892252307Z	37	PC: 1873c \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:09:39.893646184Z	37	PC: 18741 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:09:39.89504712Z	68	PC: 1801b \| I/O control for devices (Set for = '��%�!��%�!�')
2018-12-17T22:09:39.896847354Z	68	PC: 1801b \| I/O control for devices
2018-12-17T22:09:39.898121704Z	68	PC: 1801b \| I/O control for devices (Set for = '��D ��')
2018-12-17T22:09:39.899346455Z	68	PC: 1801b \| I/O control for devices (Set for = '6')
2018-12-17T22:09:39.901149213Z	68	PC: 1801b \| I/O control for devices (Set for = '6')
2018-12-17T22:09:39.902737346Z	53	PC: 15864 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:39.903736758Z	53	PC: 15871 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:09:39.905542442Z	53	PC: 1587e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:39.906696677Z	37	PC: 15893 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:39.907684742Z	37	PC: 1589b \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:09:39.90929022Z	37	PC: 158a3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:39.910571455Z	53	PC: 16322 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:09:39.914186734Z	53	PC: 1632f \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:09:39.925498611Z	53	PC: 1633e \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:09:39.926572202Z	37	PC: 1634b \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:09:39.927456731Z	53	PC: 16352 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:09:39.928837403Z	37	PC: 1635f \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:09:39.929832923Z	53	PC: 1636b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:09:39.933681504Z	48	PC: 1642d \| Get DOS version
2018-12-17T22:09:39.93530812Z	74	PC: 1452f \| Reallocate memory
2018-12-17T22:09:39.937086798Z	74	PC: 1452f \| Reallocate memory
2018-12-17T22:09:39.938667597Z	68	PC: 157da \| I/O control for devices (Set for = 'r�'')
2018-12-17T22:09:39.940873455Z	68	PC: 157da \| I/O control for devices (Set for = '')
2018-12-17T22:09:39.942270152Z	51	PC: 157f8 \| Get or set Ctrl-Break
2018-12-17T22:09:39.94299146Z	51	PC: 15804 \| Get or set Ctrl-Break
2018-12-17T22:09:39.965228111Z	74	PC: 1452f \| Reallocate memory
2018-12-17T22:09:39.966822911Z	51	PC: 1580f \| Get or set Ctrl-Break
2018-12-17T22:09:39.967705198Z	37	PC: 15a91 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:39.977502026Z	37	PC: 15a9b \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:09:39.979039763Z	37	PC: 15aa5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:39.980622381Z	53	PC: 13f5c \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:09:39.98216043Z	53	PC: 13f69 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:09:39.983167224Z	53	PC: 13f76 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:09:39.984140175Z	37	PC: 13f91 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:09:39.986011573Z	53	PC: 13f99 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:09:39.993875962Z	37	PC: 13fa6 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:09:39.995003789Z	53	PC: 13fad \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:09:39.996940058Z	37	PC: 13fba \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:09:39.997928349Z	37	PC: 13fc4 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:09:39.998951216Z	37	PC: 13fcf \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:09:40.000731576Z	37	PC: 18751 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:09:40.002048601Z	37	PC: 18751 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:09:40.003328909Z	37	PC: 18751 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:09:40.005711022Z	37	PC: 18751 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:09:40.006877132Z	37	PC: 18751 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:09:40.007991541Z	37	PC: 18751 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:09:40.009799487Z	37	PC: 18751 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:09:40.010963251Z	37	PC: 18751 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:09:40.012054357Z	37	PC: 18751 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:09:40.014045119Z	37	PC: 18751 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:09:40.01521385Z	37	PC: 18751 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:09:40.016342375Z	37	PC: 1a9e6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:09:40.018544614Z	37	PC: 180cc \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:09:40.020438243Z	41	PC: 17c9b \| Parse filename
2018-12-17T22:09:40.021797824Z	41	PC: 17c9d \| Parse filename
2018-12-17T22:09:40.023541746Z	41	PC: 17ca2 \| Parse filename
2018-12-17T22:09:40.025074866Z	75	PC: 17cb8 \| Execute program
2018-12-17T22:09:40.045069342Z	80	PC: 1dd69 \| Set current PSP
2018-12-17T22:09:40.047081424Z	48	PC: 1dd6e \| Get DOS version
2018-12-17T22:09:40.048701688Z	99	PC: 24550 \| Get DBCS lead byte table pointer
2018-12-17T22:09:40.051206689Z	101	PC: 1ddf4 \| Get extended country info
2018-12-17T22:09:40.053589036Z	99	PC: 1ddfa \| Get DBCS lead byte table pointer
2018-12-17T22:09:40.054921532Z	74	PC: 1de5c \| Reallocate memory
2018-12-17T22:09:40.056358234Z	25	PC: 1de93 \| Get default drive
2018-12-17T22:09:40.058603503Z	37	PC: 1d953 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:09:40.059855724Z	37	PC: 1d95a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:09:40.061076633Z	37	PC: 1d961 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:40.06660441Z	74	PC: 1cafc \| Reallocate memory
2018-12-17T22:09:40.068008016Z	72	PC: 1cb3d \| Allocate memory
2018-12-17T22:09:40.069539379Z	72	PC: 1cb75 \| Allocate memory
2018-12-17T22:09:40.07160464Z	72	PC: 1cb7d \| Allocate memory