Sample viewer

vx.netlux.org/Trojan.DOS.3360

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:16:45.1363006Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:16:45.138313903Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:16:45.140027869Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:16:45.143925092Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:16:45.146124561Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:45.149201826Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:16:45.159947436Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:16:45.161742698Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:16:45.163533661Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:16:45.165515762Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:16:45.167745412Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:16:45.169649631Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:16:45.170971959Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:16:45.173034758Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:16:45.175532394Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:16:45.17697311Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:16:45.178416624Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:16:45.180611598Z	53	PC: 131d6 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:16:45.181841963Z	37	PC: 131eb \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:16:45.183185936Z	37	PC: 131f3 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:16:45.193045893Z	37	PC: 131fb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:45.194620418Z	37	PC: 13203 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:16:45.197400889Z	68	PC: 13586 \| I/O control for devices (Set for = '')
2018-12-17T22:16:45.23444244Z	37	PC: 12b97 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:16:45.236489076Z	44	PC: 13422 \| Get time 0x13422: mov word ptr [0x38], cx 0x13426: mov word ptr [0x3a], dx 0x1342a: retf 0x1342b: mov bx, sp 0x1342d: push ds 0x1342e: les di, ptr ss:[bx + 8] 0x13432: lds si, ptr ss:[bx + 4] 0x13436: cld 0x13437: xor ax, ax 0x13439: stosw word ptr es:[di], ax 0x1343a: mov ax, 0xd7b0 0x1343d: stosw word ptr es:[di], ax 0x1343e: mov ax, 0x80 0x13441: stosw word ptr es:[di], ax 0x13442: xor ax, ax 0x13444: stosw word ptr es:[di], ax 0x13445: stosw word ptr es:[di], ax 0x13446: stosw word ptr es:[di], ax 0x13447: lea ax, word ptr [di + 0x74] 0x1344a: stosw word ptr es:[di], ax
2018-12-17T22:16:45.241428394Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:16:45.242663721Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:16:45.244798095Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:16:45.245975688Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:16:45.247068365Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:45.2537486Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:16:45.254894491Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:16:45.256004821Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:16:45.257650325Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:16:45.258770211Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:16:45.259850002Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:16:45.261632723Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:16:45.262846563Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:16:45.264098892Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:16:45.265538634Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:16:45.278359718Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:16:45.279773315Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:16:45.281692176Z	37	PC: 132e5 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:16:45.282708859Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.284656672Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.287172054Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.289823761Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.292495484Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.295035621Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.298087886Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.300414072Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.30277568Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.305642327Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.30757858Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.309521024Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.312499617Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.314977827Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.318520677Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.321425316Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.323769764Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.326167485Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.329420769Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.331705936Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.333986599Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.339588334Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.341889602Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.344150265Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.347151969Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.349435554Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.351873424Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.355596291Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.358058083Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.360580928Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.363681735Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.365878112Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.367900877Z	6	PC: 1336c \| Direct console I/O
2018-12-17T22:16:45.371276226Z	76	PC: 13324 \| Terminate with return code (Return code = '200')