Sample viewer

vx.netlux.org/Trojan.DOS.DosProb

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:29:10.568914286Z 48 PC: 16f1c | Get DOS version
2018-12-17T22:29:10.571505727Z 74 PC: 16f6c | Reallocate memory
2018-12-17T22:29:10.573452041Z 48 PC: 16fd0 | Get DOS version
2018-12-17T22:29:10.575265122Z 53 PC: 16fd8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:10.577343133Z 37 PC: 16fea | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:10.579149673Z 68 PC: 1707b | I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:29:10.580738186Z 68 PC: 1707b | I/O control for devices
2018-12-17T22:29:10.582949178Z 68 PC: 1707b | I/O control for devices
2018-12-17T22:29:10.584235176Z 68 PC: 1707b | I/O control for devices
2018-12-17T22:29:10.585473725Z 68 PC: 1707b | I/O control for devices
2018-12-17T22:29:10.587031276Z 53 PC: 14f04 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:10.587931918Z 53 PC: 14f11 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:29:10.588753635Z 53 PC: 14f1e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:10.589903598Z 37 PC: 14f33 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:10.590908084Z 37 PC: 14f3b | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:29:10.59172039Z 37 PC: 14f43 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:10.592989567Z 53 PC: 159c2 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:29:10.593964899Z 53 PC: 159cf | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:29:10.594878687Z 53 PC: 159de | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:29:10.596431378Z 37 PC: 159eb | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:29:10.597359912Z 53 PC: 159f2 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:29:10.598213926Z 37 PC: 159ff | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:29:10.599242809Z 53 PC: 15a0b | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:29:10.603056994Z 48 PC: 15acd | Get DOS version
2018-12-17T22:29:10.604315641Z 74 PC: 13bcf | Reallocate memory
2018-12-17T22:29:10.606230269Z 74 PC: 13bcf | Reallocate memory
2018-12-17T22:29:10.607730192Z 68 PC: 14e7a | I/O control for devices (Set for = 'Gawd! If You Can't Save Your Self From This!k&')
2018-12-17T22:29:10.608947992Z 68 PC: 14e7a | I/O control for devices (Set for = '')
2018-12-17T22:29:10.610736052Z 51 PC: 14e98 | Get or set Ctrl-Break
2018-12-17T22:29:10.611677238Z 51 PC: 14ea4 | Get or set Ctrl-Break
2018-12-17T22:29:10.613613792Z 37 PC: 12fdf | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:29:10.616907299Z 74 PC: 13bcf | Reallocate memory
2018-12-17T22:29:10.618533296Z 51 PC: 14eaf | Get or set Ctrl-Break
2018-12-17T22:29:10.61925484Z 53 PC: 135fc | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:29:10.620383352Z 53 PC: 13609 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:29:10.621707245Z 53 PC: 13616 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:29:10.622653471Z 37 PC: 13631 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:29:10.623804012Z 53 PC: 13639 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:29:10.624973014Z 37 PC: 13646 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:29:10.625945064Z 53 PC: 1364d | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:29:10.627180058Z 37 PC: 1365a | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:29:10.628294116Z 37 PC: 13664 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:29:10.629236269Z 37 PC: 1366f | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:29:10.630355225Z 37 PC: 1712c | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:10.63509613Z 41 PC: 16e15 | Parse filename
2018-12-17T22:29:10.636518655Z 41 PC: 16e17 | Parse filename
2018-12-17T22:29:10.637927242Z 41 PC: 16e1c | Parse filename
2018-12-17T22:29:10.639281606Z 75 PC: 16e32 | Execute program
2018-12-17T22:29:10.673517999Z 80 PC: 1a0f9 | Set current PSP
2018-12-17T22:29:10.674620207Z 48 PC: 1a0fe | Get DOS version
2018-12-17T22:29:10.676573108Z 99 PC: 208e0 | Get DBCS lead byte table pointer
2018-12-17T22:29:10.679058949Z 101 PC: 1a184 | Get extended country info
2018-12-17T22:29:10.680261045Z 99 PC: 1a18a | Get DBCS lead byte table pointer
2018-12-17T22:29:10.686047877Z 74 PC: 1a1ec | Reallocate memory
2018-12-17T22:29:10.687629524Z 25 PC: 1a223 | Get default drive
2018-12-17T22:29:10.705195186Z 37 PC: 19ce3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:29:10.707481332Z 37 PC: 19cea | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:10.708728034Z 37 PC: 19cf1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:10.7129834Z 74 PC: 18e8c | Reallocate memory
2018-12-17T22:29:10.714917404Z 72 PC: 18ecd | Allocate memory
2018-12-17T22:29:10.716621367Z 72 PC: 18f05 | Allocate memory
2018-12-17T22:29:10.718402628Z 72 PC: 18f0d | Allocate memory