Sample viewer

vx.netlux.org/Trojan.DOS.Virri.f

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:25:16.060040091Z	48	PC: 1a02e \| Get DOS version
2018-12-17T22:25:16.062134474Z	74	PC: 1a07e \| Reallocate memory
2018-12-17T22:25:16.063999279Z	48	PC: 19e3c \| Get DOS version
2018-12-17T22:25:16.065175662Z	53	PC: 19e44 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:16.067373739Z	37	PC: 19e56 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:16.083577514Z	53	PC: 1c592 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:25:16.085113757Z	37	PC: 1c5a2 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:25:16.08725796Z	53	PC: 1c5a7 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:16.097815369Z	37	PC: 1c5b7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:16.100121925Z	53	PC: 1a2e6 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:25:16.122148935Z	53	PC: 1a2e6 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:25:16.123349993Z	53	PC: 1a2e6 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:25:16.124844866Z	53	PC: 1a2e6 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:25:16.127521691Z	53	PC: 1a2e6 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:25:16.128953163Z	53	PC: 1a2e6 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:25:16.130393628Z	53	PC: 1a2e6 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:25:16.132659328Z	53	PC: 1a2e6 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:25:16.134043927Z	53	PC: 1a2e6 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:25:16.13533621Z	53	PC: 1a2e6 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:25:16.137410527Z	53	PC: 1a2e6 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:25:16.138689739Z	37	PC: 1a315 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:25:16.139896391Z	37	PC: 1a315 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:25:16.145709082Z	37	PC: 1a315 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:25:16.146938159Z	37	PC: 1a315 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:25:16.14812498Z	37	PC: 1a315 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:25:16.150146762Z	37	PC: 1a315 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:25:16.151288885Z	37	PC: 1a315 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:25:16.152879551Z	37	PC: 1a315 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:25:16.155437321Z	37	PC: 1a31c \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:25:16.16614926Z	37	PC: 1a321 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:25:16.167606891Z	68	PC: 19ee7 \| I/O control for devices (Set for = '��Q�Ⱥ')
2018-12-17T22:25:16.169621263Z	68	PC: 19ee7 \| I/O control for devices (Set for = 'lable')
2018-12-17T22:25:16.171190563Z	68	PC: 19ee7 \| I/O control for devices (Set for = '')
2018-12-17T22:25:16.172857633Z	68	PC: 19ee7 \| I/O control for devices
2018-12-17T22:25:16.175390418Z	68	PC: 19ee7 \| I/O control for devices
2018-12-17T22:25:16.177481272Z	53	PC: 17d2e \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:16.178940153Z	53	PC: 17d3b \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:25:16.19102755Z	53	PC: 17d48 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:16.19283155Z	37	PC: 17d5d \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:16.19434763Z	37	PC: 17d65 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:25:16.196436191Z	37	PC: 17d6d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:16.201132361Z	53	PC: 184b8 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:25:16.202550804Z	53	PC: 184c5 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:25:16.204477813Z	53	PC: 184d4 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:25:16.206409765Z	37	PC: 184e1 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:25:16.207880794Z	53	PC: 184e8 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:25:16.21027202Z	37	PC: 184f5 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:25:16.21170397Z	53	PC: 18501 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:25:16.219721264Z	48	PC: 185c3 \| Get DOS version
2018-12-17T22:25:16.221570782Z	74	PC: 19795 \| Reallocate memory
2018-12-17T22:25:16.225050893Z	74	PC: 19795 \| Reallocate memory
2018-12-17T22:25:16.227895999Z	68	PC: 17ca4 \| I/O control for devices (Set for = ' Prodigy')
2018-12-17T22:25:16.231008952Z	68	PC: 17ca4 \| I/O control for devices (Set for = '')
2018-12-17T22:25:16.232987251Z	51	PC: 17cc2 \| Get or set Ctrl-Break
2018-12-17T22:25:16.234270691Z	51	PC: 17cce \| Get or set Ctrl-Break
2018-12-17T22:25:16.236885606Z	72	PC: 19314 \| Allocate memory
2018-12-17T22:25:16.238972754Z	74	PC: 19795 \| Reallocate memory
2018-12-17T22:25:16.240420343Z	72	PC: 19314 \| Allocate memory
2018-12-17T22:25:16.242764261Z	37	PC: 1571b \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:25:16.24593658Z	73	PC: 19314 \| Release memory
2018-12-17T22:25:16.248744003Z	74	PC: 19795 \| Reallocate memory
2018-12-17T22:25:16.250375733Z	51	PC: 17cd9 \| Get or set Ctrl-Break
2018-12-17T22:25:16.251899964Z	37	PC: 17f5b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:16.252931421Z	37	PC: 17f65 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:25:16.253777819Z	37	PC: 17f6f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:16.255341521Z	53	PC: 167c6 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:25:16.25633894Z	53	PC: 167d3 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:25:16.257304124Z	53	PC: 167e0 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:25:16.259360112Z	37	PC: 167fb \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:25:16.260393445Z	53	PC: 16803 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:25:16.263919232Z	37	PC: 16810 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:25:16.266529123Z	53	PC: 16817 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:25:16.270735654Z	37	PC: 16824 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:25:16.272249058Z	37	PC: 1682e \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:25:16.274840372Z	37	PC: 16839 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:25:16.277500988Z	37	PC: 1a331 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:25:16.279484249Z	37	PC: 1a331 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:25:16.282477698Z	37	PC: 1a331 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:25:16.286028556Z	37	PC: 1a331 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:25:16.287587992Z	37	PC: 1a331 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:25:16.291658066Z	37	PC: 1a331 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:25:16.29324567Z	37	PC: 1a331 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:25:16.294842273Z	37	PC: 1a331 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:25:16.297075812Z	37	PC: 1a331 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:25:16.2988343Z	37	PC: 1a331 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:25:16.300379319Z	37	PC: 1a331 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:25:16.302570959Z	37	PC: 1c5c6 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:25:16.304373729Z	37	PC: 19f98 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:25:16.308830365Z	41	PC: 19d2b \| Parse filename
2018-12-17T22:25:16.31175573Z	41	PC: 19d2d \| Parse filename
2018-12-17T22:25:16.313878251Z	41	PC: 19d32 \| Parse filename
2018-12-17T22:25:16.331317204Z	75	PC: 19d48 \| Execute program
2018-12-17T22:25:16.366531622Z	80	PC: 200c9 \| Set current PSP
2018-12-17T22:25:16.367763769Z	48	PC: 200ce \| Get DOS version
2018-12-17T22:25:16.369887076Z	99	PC: 268b0 \| Get DBCS lead byte table pointer
2018-12-17T22:25:16.372985387Z	101	PC: 20154 \| Get extended country info
2018-12-17T22:25:16.374725717Z	99	PC: 2015a \| Get DBCS lead byte table pointer
2018-12-17T22:25:16.376027628Z	74	PC: 201bc \| Reallocate memory
2018-12-17T22:25:16.378144455Z	25	PC: 201f3 \| Get default drive
2018-12-17T22:25:16.379652489Z	37	PC: 1fcb3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:25:16.380741469Z	37	PC: 1fcba \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:25:16.382120172Z	37	PC: 1fcc1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:16.389112964Z	74	PC: 1ee5c \| Reallocate memory
2018-12-17T22:25:16.39103197Z	72	PC: 1ee9d \| Allocate memory
2018-12-17T22:25:16.393051904Z	72	PC: 1eed5 \| Allocate memory
2018-12-17T22:25:16.395796514Z	72	PC: 1eedd \| Allocate memory