Sample viewer

vx.netlux.org/Trojan.DOS.Blay

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:20.906700542Z	48	PC: 1855c \| Get DOS version
2018-12-17T22:30:20.90980043Z	74	PC: 185ac \| Reallocate memory
2018-12-17T22:30:20.912420032Z	48	PC: 18610 \| Get DOS version
2018-12-17T22:30:20.914246738Z	53	PC: 18618 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:20.916096425Z	37	PC: 1862a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:20.919271024Z	53	PC: 1b412 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:30:20.921065324Z	37	PC: 1b422 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:30:20.922811794Z	53	PC: 1b427 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:20.93856462Z	37	PC: 1b437 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:20.940372533Z	53	PC: 19166 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:30:20.942093809Z	53	PC: 19166 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:30:20.943870374Z	53	PC: 19166 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:30:20.945000538Z	53	PC: 19166 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:30:20.946108435Z	53	PC: 19166 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:30:20.947847452Z	53	PC: 19166 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:30:20.948955288Z	53	PC: 19166 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:30:20.950068704Z	53	PC: 19166 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:30:20.978578348Z	53	PC: 19166 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:30:20.979742385Z	53	PC: 19166 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:30:20.981123153Z	53	PC: 19166 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:30:20.98251301Z	37	PC: 19195 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:30:20.985284137Z	37	PC: 19195 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:30:20.986742496Z	37	PC: 19195 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:30:20.988325041Z	37	PC: 19195 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:30:20.99657077Z	37	PC: 19195 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:30:20.99807439Z	37	PC: 19195 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:30:20.999613955Z	37	PC: 19195 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:30:21.001966384Z	37	PC: 19195 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:30:21.004242365Z	37	PC: 1919c \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:30:21.006354411Z	37	PC: 191a1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:30:21.013223609Z	68	PC: 186bb \| I/O control for devices (Set for = '��ʇ�� r��')
2018-12-17T22:30:21.015168634Z	68	PC: 186bb \| I/O control for devices (Set for = '')
2018-12-17T22:30:21.017073219Z	68	PC: 186bb \| I/O control for devices (Set for = '3�݋Ӹ')
2018-12-17T22:30:21.020305426Z	68	PC: 186bb \| I/O control for devices (Set for = '��6')
2018-12-17T22:30:21.022232581Z	68	PC: 186bb \| I/O control for devices (Set for = '��6')
2018-12-17T22:30:21.025394625Z	53	PC: 157f4 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:21.04196991Z	53	PC: 15801 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:30:21.045426141Z	53	PC: 1580e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:21.047057172Z	37	PC: 15823 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:21.048607469Z	37	PC: 1582b \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:30:21.051246534Z	37	PC: 15833 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:21.053057859Z	53	PC: 162b2 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:30:21.054738643Z	53	PC: 162bf \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:30:21.057359593Z	53	PC: 162ce \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:30:21.059051611Z	37	PC: 162db \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:30:21.060735729Z	53	PC: 162e2 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:30:21.062950013Z	37	PC: 162ef \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:30:21.064487388Z	53	PC: 162fb \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:30:21.069569719Z	48	PC: 163bd \| Get DOS version
2018-12-17T22:30:21.071929824Z	74	PC: 144bf \| Reallocate memory
2018-12-17T22:30:21.074086426Z	74	PC: 144bf \| Reallocate memory
2018-12-17T22:30:21.076050053Z	68	PC: 1576a \| I/O control for devices (Set for = 'C:\zzz.BAT ')
2018-12-17T22:30:21.078868107Z	68	PC: 1576a \| I/O control for devices (Set for = '')
2018-12-17T22:30:21.081202742Z	51	PC: 15788 \| Get or set Ctrl-Break
2018-12-17T22:30:21.08252735Z	51	PC: 15794 \| Get or set Ctrl-Break
2018-12-17T22:30:21.086337271Z	61	PC: 13832 \| Open file (Filename = 'C:\ZZZ.BAT')
2018-12-17T22:30:21.10467692Z	60	PC: 136f7 \| Create or truncate file
2018-12-17T22:30:21.782392695Z	62	PC: 13665 \| Close file
2018-12-17T22:30:21.789730478Z	61	PC: 13832 \| Open file (Filename = 'C:\ZZZ.BAT')
2018-12-17T22:30:21.805391459Z	68	PC: 1378b \| I/O control for devices (Set for = 'c:\autoexec.batU')
2018-12-17T22:30:21.809164398Z	64	PC: 13654 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:30:21.811912962Z	64	PC: 13654 \| Write file or device (Write 140 bytes on handle 5)
2018-12-17T22:30:21.822191132Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.827327326Z	62	PC: 13665 \| Close file
2018-12-17T22:30:21.838833385Z	61	PC: 13832 \| Open file (Filename = 'C:\AUTOEXEC.BAT')
2018-12-17T22:30:21.850335367Z	68	PC: 1378b \| I/O control for devices (Set for = 'c:\autoexec.batU')
2018-12-17T22:30:21.852181738Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.854360624Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.857437541Z	63	PC: 1362e \| Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:30:21.862455108Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.864524707Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.867208943Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.869367339Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.871441782Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.874287651Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.876734925Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.878807055Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.881078361Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.883994175Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.886082664Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.888218947Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.891359088Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.893426038Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.895602922Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.898714905Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.900790408Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.902845822Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.905577305Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.906901714Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.9084378Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.911143435Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.913210843Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.915233645Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.918037368Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.9204085Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.922384025Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.925124872Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.927285372Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.929848805Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.93241194Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.934180932Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.935895512Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.937803656Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.940298629Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.942036113Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.943746405Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.946371827Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.948070066Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.950692929Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.954138752Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.95592127Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.957630169Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.960434956Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.962178754Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.963941195Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.966507729Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.968316117Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.97030996Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.97341746Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.97580354Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.97806689Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.981301245Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.983993897Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.986342246Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.989416821Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.992548616Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.994866884Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:21.998306859Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.000686944Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.003012745Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.006388671Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.008846358Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.011006883Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.012730372Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.015394717Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.017103184Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.018834505Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.021183361Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.02299576Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.024723995Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.027169751Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.028846557Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.030521805Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.033337043Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.035060265Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.036780285Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.039678535Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.041361956Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.043060245Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.046007335Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.047718348Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.05026541Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.052774907Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.054577664Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.056905198Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.059165296Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.061056458Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.062812142Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.065375439Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.067193156Z	63	PC: 1362e \| Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:30:22.069431798Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.073231761Z	64	PC: 13654 \| Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:30:22.077561927Z	66	PC: 13407 \| Move file pointer
2018-12-17T22:30:22.079320149Z	62	PC: 13665 \| Close file