Sample viewer

vx.netlux.org/Trojan.DOS.Bombardment

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:53:24.351839337Z	53	PC: 152bb \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:53:24.353436348Z	53	PC: 152c8 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:53:24.354517648Z	53	PC: 152d5 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:53:24.355556237Z	53	PC: 152e2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:53:24.356991109Z	53	PC: 152ef \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:53:24.358238121Z	37	PC: 15302 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:53:24.359382289Z	37	PC: 1530a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:53:24.360750938Z	37	PC: 15312 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:53:24.362371898Z	68	PC: 15828 \| I/O control for devices (Set for = '')
2018-12-17T21:53:24.453245252Z	53	PC: 14c2f \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:53:24.454411788Z	37	PC: 14c42 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:53:24.459109428Z	48	PC: 149f1 \| Get DOS version
2018-12-17T21:53:24.460415018Z	52	PC: 14a06 \| Get InDOS flag pointer
2018-12-17T21:53:24.46161806Z	47	PC: 14a74 \| Get disk transfer address
2018-12-17T21:53:24.464877667Z	81	PC: 14660 \| Get current PSP
2018-12-17T21:53:24.465937177Z	62	PC: 14ac2 \| Close file
2018-12-17T21:53:24.46852898Z	62	PC: 14ac2 \| Close file
2018-12-17T21:53:24.470889656Z	62	PC: 14ac2 \| Close file
2018-12-17T21:53:24.472619622Z	62	PC: 14ac2 \| Close file
2018-12-17T21:53:24.474339133Z	62	PC: 14ac2 \| Close file
2018-12-17T21:53:24.477373711Z	53	PC: 14ad7 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:53:24.478690174Z	53	PC: 145ec \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:53:24.479878282Z	37	PC: 145fb \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:53:24.481563967Z	53	PC: 145ec \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:53:24.483054679Z	37	PC: 145fb \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:53:24.484134571Z	53	PC: 145ec \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:53:24.48582905Z	37	PC: 145fb \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:53:24.487668786Z	53	PC: 145ec \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T21:53:24.489162926Z	37	PC: 145fb \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T21:53:24.492101841Z	53	PC: 145ec \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T21:53:24.493644379Z	37	PC: 145fb \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T21:53:24.495087756Z	53	PC: 145ec \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:53:24.497238311Z	37	PC: 145fb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:53:24.499375694Z	53	PC: 145ec \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T21:53:24.501536109Z	37	PC: 13e2f \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T21:53:24.504204371Z	53	PC: 145ec \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:53:24.50700371Z	37	PC: 13e2f \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:53:24.508836949Z	49	PC: 14b50 \| Terminate and stay resident (Return code = '0' \| Memory size = '1225')