Sample viewer

vx.netlux.org/Trojan.DOS.Loser.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:17:02.234002376Z 48 PC: 160ec | Get DOS version
2018-12-17T22:17:02.249644329Z 74 PC: 1613c | Reallocate memory
2018-12-17T22:17:02.252208309Z 48 PC: 161a0 | Get DOS version
2018-12-17T22:17:02.25347854Z 53 PC: 161a8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:17:02.259167747Z 37 PC: 161ba | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:17:02.2602849Z 68 PC: 1624b | I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:17:02.261528609Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:17:02.263628977Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:17:02.269923134Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:17:02.271235535Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:17:02.27336298Z 53 PC: 14768 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:17:02.274799104Z 53 PC: 14775 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:17:02.276029741Z 53 PC: 14782 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:02.277937142Z 37 PC: 14797 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:17:02.2792212Z 37 PC: 1479f | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:17:02.280378609Z 37 PC: 147a7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:02.281622779Z 53 PC: 15226 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:17:02.282809582Z 53 PC: 15233 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:17:02.283841402Z 53 PC: 15242 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:17:02.284868497Z 37 PC: 1524f | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:17:02.294029162Z 53 PC: 15256 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:17:02.295141716Z 37 PC: 15263 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:17:02.296144536Z 53 PC: 1526f | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:17:02.309465536Z 48 PC: 15331 | Get DOS version
2018-12-17T22:17:02.310794617Z 74 PC: 13433 | Reallocate memory
2018-12-17T22:17:02.313478344Z 74 PC: 13433 | Reallocate memory
2018-12-17T22:17:02.31548271Z 68 PC: 146de | I/O control for devices (Set for = ' ')
2018-12-17T22:17:02.317918025Z 68 PC: 146de | I/O control for devices (Set for = '')
2018-12-17T22:17:02.319737964Z 51 PC: 146fc | Get or set Ctrl-Break
2018-12-17T22:17:02.322256557Z 51 PC: 14708 | Get or set Ctrl-Break
2018-12-17T22:17:02.32961682Z 74 PC: 13433 | Reallocate memory
2018-12-17T22:17:02.331566387Z 51 PC: 14713 | Get or set Ctrl-Break
2018-12-17T22:17:02.333187968Z 53 PC: 12e60 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:17:02.335473257Z 53 PC: 12e6d | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:17:02.337086833Z 53 PC: 12e7a | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:17:02.338396125Z 37 PC: 12e95 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:17:02.340513334Z 53 PC: 12e9d | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:17:02.341446885Z 37 PC: 12eaa | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:17:02.342279019Z 53 PC: 12eb1 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:17:02.343569587Z 37 PC: 12ebe | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:17:02.34438755Z 37 PC: 12ec8 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:17:02.345293721Z 37 PC: 12ed3 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:17:02.348270161Z 37 PC: 162fc | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:17:02.35045756Z 41 PC: 15efb | Parse filename
2018-12-17T22:17:02.353147243Z 41 PC: 15efd | Parse filename
2018-12-17T22:17:02.355104314Z 41 PC: 15f02 | Parse filename
2018-12-17T22:17:02.356059004Z 75 PC: 15f18 | Execute program
2018-12-17T22:17:02.369354345Z 80 PC: 18f99 | Set current PSP
2018-12-17T22:17:02.370765036Z 48 PC: 18f9e | Get DOS version
2018-12-17T22:17:02.37212234Z 99 PC: 1f780 | Get DBCS lead byte table pointer
2018-12-17T22:17:02.374124838Z 101 PC: 19024 | Get extended country info
2018-12-17T22:17:02.37844906Z 99 PC: 1902a | Get DBCS lead byte table pointer
2018-12-17T22:17:02.379611835Z 74 PC: 1908c | Reallocate memory
2018-12-17T22:17:02.380888085Z 25 PC: 190c3 | Get default drive
2018-12-17T22:17:02.382809859Z 37 PC: 18b83 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:17:02.384113197Z 37 PC: 18b8a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:17:02.385583663Z 37 PC: 18b91 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:02.390420047Z 74 PC: 17d2c | Reallocate memory
2018-12-17T22:17:02.392128562Z 72 PC: 17d6d | Allocate memory
2018-12-17T22:17:02.393757363Z 72 PC: 17da5 | Allocate memory
2018-12-17T22:17:02.396205077Z 72 PC: 17dad | Allocate memory