Sample viewer

vx.netlux.org/Trojan.DOS.Athana

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:23.880426241Z 48 PC: 12a4c | Get DOS version
2018-12-17T22:19:23.883045609Z 53 PC: 12bc3 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:19:23.884804941Z 53 PC: 12bd0 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:19:23.886590212Z 53 PC: 12bdd | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:19:23.889702921Z 53 PC: 12bea | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:19:23.891511369Z 37 PC: 12bfe | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:19:23.893358724Z 74 PC: 12ad9 | Reallocate memory
2018-12-17T22:19:23.902283295Z 68 PC: 12f0a | I/O control for devices (Set for = '')
2018-12-17T22:19:23.904889663Z 74 PC: 1470e | Reallocate memory
2018-12-17T22:19:23.907184046Z 74 PC: 1470e | Reallocate memory
2018-12-17T22:19:23.909769339Z 68 PC: 12f0a | I/O control for devices (Set for = 'Borland C++ - Copyright 1991 Borland Intl.')
2018-12-17T22:19:23.913195241Z 67 PC: 1475a | Get or set file attributes
2018-12-17T22:19:23.924405236Z 61 PC: 15032 | Open file (Filename = 'c:\dos\safty.gwf')
2018-12-17T22:19:23.933339507Z 25 PC: 12d46 | Get default drive
2018-12-17T22:19:23.942720946Z 7 PC: 1400e | Direct console input without echo