Sample viewer

vx.netlux.org/Trojan.DOS.Virri.i

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:20:26.46854178Z	48	PC: 17d7e \| Get DOS version
2018-12-17T22:20:26.470894837Z	74	PC: 17dce \| Reallocate memory
2018-12-17T22:20:26.472607584Z	48	PC: 17b8c \| Get DOS version
2018-12-17T22:20:26.473924879Z	53	PC: 17b94 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:26.475610712Z	37	PC: 17ba6 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:26.476884773Z	68	PC: 17c37 \| I/O control for devices (Set for = '�BP��lP��\|P��P��P��P��- �� ')
2018-12-17T22:20:26.478197413Z	68	PC: 17c37 \| I/O control for devices
2018-12-17T22:20:26.480447406Z	68	PC: 17c37 \| I/O control for devices
2018-12-17T22:20:26.481846099Z	68	PC: 17c37 \| I/O control for devices
2018-12-17T22:20:26.483595829Z	68	PC: 17c37 \| I/O control for devices
2018-12-17T22:20:26.486678104Z	53	PC: 15a7a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:26.488369417Z	53	PC: 15a87 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:20:26.489618981Z	53	PC: 15a94 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:26.491119643Z	37	PC: 15aa9 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:26.49306468Z	37	PC: 15ab1 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:20:26.494152338Z	37	PC: 15ab9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:26.495978509Z	53	PC: 15ff2 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:20:26.49713748Z	53	PC: 15fff \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:20:26.498263581Z	53	PC: 1600e \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:20:26.49969591Z	37	PC: 1601b \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:20:26.501371828Z	53	PC: 16022 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:20:26.503055004Z	37	PC: 1602f \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:20:26.504719631Z	53	PC: 1603b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:20:26.51068761Z	48	PC: 160fd \| Get DOS version
2018-12-17T22:20:26.512929056Z	74	PC: 16dcb \| Reallocate memory
2018-12-17T22:20:26.514788437Z	74	PC: 16dcb \| Reallocate memory
2018-12-17T22:20:26.517318789Z	68	PC: 159f0 \| I/O control for devices (Set for = 'ommand.com$')
2018-12-17T22:20:26.518751313Z	68	PC: 159f0 \| I/O control for devices (Set for = '')
2018-12-17T22:20:26.520058423Z	51	PC: 15a0e \| Get or set Ctrl-Break
2018-12-17T22:20:26.521579012Z	51	PC: 15a1a \| Get or set Ctrl-Break
2018-12-17T22:20:26.522924679Z	72	PC: 17760 \| Allocate memory
2018-12-17T22:20:26.525219632Z	74	PC: 16dcb \| Reallocate memory
2018-12-17T22:20:26.527093742Z	72	PC: 17760 \| Allocate memory
2018-12-17T22:20:26.529685258Z	37	PC: 14411 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:20:26.536589757Z	53	PC: 14236 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:20:26.538420686Z	37	PC: 1424c \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:20:27.559843554Z	61	PC: 12d48 \| Open file (Filename = 'C:\WINSTART.BAT')
2018-12-17T22:20:27.563392918Z	60	PC: 12c0d \| Create or truncate file
2018-12-17T22:20:27.899559664Z	62	PC: 13f91 \| Close file
2018-12-17T22:20:27.901741259Z	61	PC: 12d48 \| Open file (Filename = 'C:\WINSTART.BAT')
2018-12-17T22:20:27.909152287Z	68	PC: 12ca1 \| I/O control for devices (Set for = '�')
2018-12-17T22:20:27.912800812Z	64	PC: 13f80 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:20:27.915242816Z	64	PC: 13f80 \| Write file or device (Write 13 bytes on handle 5)
2018-12-17T22:20:27.922852452Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.924845349Z	62	PC: 13f91 \| Close file
2018-12-17T22:20:27.930243109Z	61	PC: 12d48 \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:20:27.934694678Z	68	PC: 12ca1 \| I/O control for devices (Set for = '�')
2018-12-17T22:20:27.936731252Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.939285406Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.940731886Z	63	PC: 13f5a \| Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:20:27.944348268Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.945749971Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.947473351Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.951857535Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.954138003Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.957844155Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.960880874Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.963562312Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.965803034Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.978777875Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.980360061Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.982038229Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.985709727Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.987702284Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.989662622Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.992079275Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.994129263Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.996208717Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:27.998939842Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.001001569Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.003053044Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.0055801Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.007305329Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.00879333Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.011496472Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.014046212Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.015689438Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.018065465Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.019984608Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.021939591Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.024175275Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.026200255Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.027653333Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.029612795Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.03130414Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.033618645Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.036190058Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.040592239Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.042430584Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.044422907Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.04652361Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.048309518Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.050284065Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.052632567Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.053943014Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.055082652Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.056525142Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.057616839Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.058696972Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.060653998Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.061727081Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.06317145Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.064980588Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.067081927Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.068940567Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.071331828Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.072790234Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.074235108Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.077001922Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.078627918Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.080371068Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.082861241Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.084496733Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.085866235Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.088665665Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.090794199Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.092143501Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.0942999Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.095654564Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.097004641Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.098902268Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.100257646Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.101663626Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.103524029Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.104929695Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.10633862Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.111661547Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.113229309Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.114701139Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.116768503Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.118366645Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.119731917Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.12159298Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.123063745Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.124755085Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.126617544Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.128077813Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.129969977Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.131287368Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.132624073Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.135086175Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.136199913Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.137282475Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.139820714Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.14107381Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.142261905Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.144401814Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.145929561Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.146996827Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.14885606Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.150363297Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.151735337Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.153406603Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.154463886Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.155378843Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.157452074Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.158624198Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.159778189Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.161583449Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.162721779Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.164117505Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.166722636Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.167845479Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.169240422Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.170663132Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.171752676Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.173322055Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.174663761Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.175923806Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.177625608Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.178750032Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.179913852Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.182316335Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.183441995Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.184756626Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.186461454Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.187563548Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.188632174Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.190225959Z	63	PC: 13f5a \| Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:20:28.191511147Z	66	PC: 13d33 \| Move file pointer
2018-12-17T22:20:28.194425524Z	73	PC: 17760 \| Release memory
2018-12-17T22:20:28.196752102Z	74	PC: 16dcb \| Reallocate memory
2018-12-17T22:20:28.197922969Z	51	PC: 15a25 \| Get or set Ctrl-Break
2018-12-17T22:20:28.198718037Z	37	PC: 15ca7 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:28.200275894Z	37	PC: 15cb1 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:20:28.201169914Z	37	PC: 15cbb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:28.202065856Z	53	PC: 14782 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:20:28.203532178Z	53	PC: 1478f \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:20:28.204513283Z	53	PC: 1479c \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:20:28.205705676Z	37	PC: 147b7 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:20:28.206885806Z	53	PC: 147bf \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:20:28.207739131Z	37	PC: 147cc \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:20:28.208743223Z	53	PC: 147d3 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:20:28.209990359Z	37	PC: 147e0 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:20:28.210853735Z	37	PC: 147ea \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:20:28.211989673Z	37	PC: 147f5 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:20:28.212980165Z	37	PC: 17ce8 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:28.214393324Z	41	PC: 17a7b \| Parse filename
2018-12-17T22:20:28.216229999Z	41	PC: 17a7d \| Parse filename
2018-12-17T22:20:28.217388348Z	41	PC: 17a82 \| Parse filename
2018-12-17T22:20:28.218394853Z	75	PC: 17a98 \| Execute program
2018-12-17T22:20:28.243172677Z	80	PC: 1b189 \| Set current PSP
2018-12-17T22:20:28.243950514Z	48	PC: 1b18e \| Get DOS version
2018-12-17T22:20:28.245369901Z	99	PC: 21970 \| Get DBCS lead byte table pointer
2018-12-17T22:20:28.24868478Z	101	PC: 1b214 \| Get extended country info
2018-12-17T22:20:28.249920706Z	99	PC: 1b21a \| Get DBCS lead byte table pointer
2018-12-17T22:20:28.251204342Z	74	PC: 1b27c \| Reallocate memory
2018-12-17T22:20:28.254268139Z	25	PC: 1b2b3 \| Get default drive
2018-12-17T22:20:28.255619886Z	37	PC: 1ad73 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:20:28.256896836Z	37	PC: 1ad7a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:28.259220701Z	37	PC: 1ad81 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:28.26382238Z	74	PC: 19f1c \| Reallocate memory
2018-12-17T22:20:28.265521815Z	72	PC: 19f5d \| Allocate memory
2018-12-17T22:20:28.268325081Z	72	PC: 19f95 \| Allocate memory
2018-12-17T22:20:28.270591181Z	72	PC: 19f9d \| Allocate memory