Sample viewer

vx.netlux.org/Trojan.DOS.DontRun.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:27:55.992201029Z 48 PC: 160ec | Get DOS version
2018-12-17T22:27:55.993959149Z 74 PC: 1613c | Reallocate memory
2018-12-17T22:27:55.995868543Z 48 PC: 161a0 | Get DOS version
2018-12-17T22:27:55.997129522Z 53 PC: 161a8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:27:55.999003625Z 37 PC: 161ba | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:27:56.000792251Z 68 PC: 1624b | I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:27:56.00593582Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:27:56.011420509Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:27:56.013339339Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:27:56.015101618Z 68 PC: 1624b | I/O control for devices
2018-12-17T22:27:56.021968166Z 53 PC: 14768 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:27:56.02388137Z 53 PC: 14775 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:27:56.025203523Z 53 PC: 14782 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:27:56.027430369Z 37 PC: 14797 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:27:56.028902763Z 37 PC: 1479f | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:27:56.030181794Z 37 PC: 147a7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:27:56.031806456Z 53 PC: 15226 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:27:56.033808055Z 53 PC: 15233 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:27:56.035201685Z 53 PC: 15242 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:27:56.036521741Z 37 PC: 1524f | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:27:56.038310804Z 53 PC: 15256 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:27:56.039518469Z 37 PC: 15263 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:27:56.040704874Z 53 PC: 1526f | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:27:56.047498192Z 48 PC: 15331 | Get DOS version
2018-12-17T22:27:56.048863361Z 74 PC: 13433 | Reallocate memory
2018-12-17T22:27:56.050691328Z 74 PC: 13433 | Reallocate memory
2018-12-17T22:27:56.052700606Z 68 PC: 146de | I/O control for devices (Set for = ' ')
2018-12-17T22:27:56.054039306Z 68 PC: 146de | I/O control for devices (Set for = '')
2018-12-17T22:27:56.056372131Z 51 PC: 146fc | Get or set Ctrl-Break
2018-12-17T22:27:56.057637587Z 51 PC: 14708 | Get or set Ctrl-Break
2018-12-17T22:27:56.065327987Z 74 PC: 13433 | Reallocate memory
2018-12-17T22:27:56.067313317Z 51 PC: 14713 | Get or set Ctrl-Break
2018-12-17T22:27:56.068659598Z 53 PC: 12e60 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:27:56.071337304Z 53 PC: 12e6d | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:27:56.072658504Z 53 PC: 12e7a | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:27:56.073995581Z 37 PC: 12e95 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:27:56.076373049Z 53 PC: 12e9d | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:27:56.077676212Z 37 PC: 12eaa | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:27:56.079004213Z 53 PC: 12eb1 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:27:56.081247801Z 37 PC: 12ebe | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:27:56.082320924Z 37 PC: 12ec8 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:27:56.083281183Z 37 PC: 12ed3 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:27:56.084776741Z 37 PC: 162fc | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:27:56.086381462Z 41 PC: 15efb | Parse filename
2018-12-17T22:27:56.087642457Z 41 PC: 15efd | Parse filename
2018-12-17T22:27:56.089787876Z 41 PC: 15f02 | Parse filename
2018-12-17T22:27:56.091358061Z 75 PC: 15f18 | Execute program
2018-12-17T22:27:56.114786768Z 80 PC: 18f99 | Set current PSP
2018-12-17T22:27:56.115621333Z 48 PC: 18f9e | Get DOS version
2018-12-17T22:27:56.118100388Z 99 PC: 1f780 | Get DBCS lead byte table pointer
2018-12-17T22:27:56.120827469Z 101 PC: 19024 | Get extended country info
2018-12-17T22:27:56.122206862Z 99 PC: 1902a | Get DBCS lead byte table pointer
2018-12-17T22:27:56.123643134Z 74 PC: 1908c | Reallocate memory
2018-12-17T22:27:56.12492813Z 25 PC: 190c3 | Get default drive
2018-12-17T22:27:56.125902678Z 37 PC: 18b83 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:27:56.127364397Z 37 PC: 18b8a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:27:56.128472762Z 37 PC: 18b91 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:27:56.134076378Z 74 PC: 17d2c | Reallocate memory
2018-12-17T22:27:56.137116714Z 72 PC: 17d6d | Allocate memory
2018-12-17T22:27:56.138749674Z 72 PC: 17da5 | Allocate memory
2018-12-17T22:27:56.140524608Z 72 PC: 17dad | Allocate memory