Sample viewer

vx.netlux.org/Trojan.DOS.Sabotage

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:24:20.236596108Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:24:20.238876169Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:24:20.246002854Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:24:20.247500879Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:24:20.253870246Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:24:20.255098791Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:20.256271135Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:24:20.257622806Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:24:20.25961995Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:24:20.261175981Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:24:20.262544951Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:24:20.264664724Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:24:20.266686408Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:24:20.268791418Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:24:20.271447786Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:24:20.27280365Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:24:20.274032698Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:24:20.275950151Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:24:20.277155983Z 53 PC: 13f6a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:24:20.278363994Z 37 PC: 13f7f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:24:20.280115002Z 37 PC: 13f87 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:24:20.282329887Z 37 PC: 13f8f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:20.284118046Z 37 PC: 13f97 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:24:20.28993152Z 68 PC: 149ce | I/O control for devices (Set for = '7uH��')
2018-12-17T22:24:20.311290986Z 37 PC: 13741 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:24:20.312821383Z 42 PC: 13cc7 | Get date 0x13cc7: xor ah, ah
0x13cc9: les di, ptr [bp + 6]
0x13ccc: stosw word ptr es:[di], ax
0x13ccd: mov al, dl
0x13ccf: les di, ptr [bp + 0xa]
0x13cd2: stosw word ptr es:[di], ax
0x13cd3: mov al, dh
0x13cd5: les di, ptr [bp + 0xe]
0x13cd8: stosw word ptr es:[di], ax
0x13cd9: xchg ax, cx
0x13cda: les di, ptr [bp + 0x12]
0x13cdd: stosw word ptr es:[di], ax
0x13cde: pop bp
0x13cdf: retf 0x10
0x13ce2: push bp
0x13ce3: mov bp, sp
0x13ce5: mov cx, word ptr [bp + 0xa]
0x13ce8: mov dh, byte ptr [bp + 8]
0x13ceb: mov dl, byte ptr [bp + 6]
0x13cee: mov ah, 0x2b
2018-12-17T22:24:20.315503981Z 44 PC: 13cfd | Get time 0x13cfd: xor ah, ah
0x13cff: mov al, dl
0x13d01: les di, ptr [bp + 6]
0x13d04: stosw word ptr es:[di], ax
0x13d05: mov al, dh
0x13d07: les di, ptr [bp + 0xa]
0x13d0a: stosw word ptr es:[di], ax
0x13d0b: mov al, cl
0x13d0d: les di, ptr [bp + 0xe]
0x13d10: stosw word ptr es:[di], ax
0x13d11: mov al, ch
0x13d13: les di, ptr [bp + 0x12]
0x13d16: stosw word ptr es:[di], ax
0x13d17: pop bp
0x13d18: retf 0x10
0x13d1b: push bp
0x13d1c: mov bp, sp
0x13d1e: mov ch, byte ptr [bp + 0xc]
0x13d21: mov cl, byte ptr [bp + 0xa]
0x13d24: mov dh, byte ptr [bp + 8]
2018-12-17T22:24:20.318400439Z 26 PC: 13d9d | Set disk transfer address
2018-12-17T22:24:20.319707475Z 78 PC: 13da9 | Find first file
2018-12-17T22:24:20.330744881Z 26 PC: 13d9d | Set disk transfer address
2018-12-17T22:24:20.332751064Z 78 PC: 13da9 | Find first file
2018-12-17T22:24:20.601006758Z 86 PC: 1484e | Rename file
2018-12-17T22:24:20.607008203Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:24:20.609164321Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:24:20.610874279Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:24:20.61258729Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:24:20.61596647Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:24:20.617661825Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:20.620943489Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:24:20.634239812Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:24:20.635837333Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:24:20.637483439Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:24:20.639909837Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:24:20.641458326Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:24:20.642993304Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:24:20.645311184Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:24:20.646687715Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:24:20.648013457Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:24:20.650633824Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:24:20.65199435Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:24:20.653342128Z 37 PC: 140c1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:24:20.655394401Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.657940905Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.660164162Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.670584975Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.673804185Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.675989915Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.67816692Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.681221621Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.6833793Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.685704509Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.688800198Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.690980188Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.693151812Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.696202141Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.698403575Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.700572299Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.703795808Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.706333586Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.708561711Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.712254751Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.714306244Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.716576766Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.719482965Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.722005971Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.724209851Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.727122231Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.729669982Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.73187312Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.734557427Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.736998586Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.739883779Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.742015265Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.744105644Z 6 PC: 14148 | Direct console I/O
2018-12-17T22:24:20.747772987Z 76 PC: 14100 | Terminate with return code (Return code = '17')