Sample viewer

vx.netlux.org/Trojan.DOS.Oeminfo

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:15:31.413392583Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:15:31.415046652Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:15:31.418087328Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:15:31.419681754Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:31.421256945Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:15:31.423503818Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:31.425147759Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:15:31.426771731Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:15:31.428939957Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:15:31.430508094Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:15:31.432076693Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:15:31.434725191Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:15:31.436283239Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:15:31.43781033Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:15:31.439609491Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:15:31.441853709Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:15:31.443373346Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:15:31.444860822Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:15:31.447567009Z	53	PC: 1350a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:15:31.449097416Z	37	PC: 1351f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:15:31.45058416Z	37	PC: 13527 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:15:31.452954285Z	37	PC: 1352f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:31.454584088Z	37	PC: 13537 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:15:31.456472287Z	68	PC: 13de5 \| I/O control for devices (Set for = '��r��3��r�� Î�3��p')
2018-12-17T23:15:31.493175056Z	37	PC: 12f31 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:15:31.495307915Z	60	PC: 13c61 \| Create or truncate file
2018-12-17T23:15:33.487388578Z	61	PC: 13dc9 \| Open file (Filename = 'c:\windows\system\oeminfo.ini')
2018-12-17T23:15:33.495592478Z	68	PC: 13de5 \| I/O control for devices (Set for = '��r��3��r�� Î�3��p')
2018-12-17T23:15:33.498012357Z	66	PC: 13e34 \| Move file pointer
2018-12-17T23:15:33.50034968Z	66	PC: 13e4b \| Move file pointer
2018-12-17T23:15:33.502413649Z	63	PC: 13e58 \| Read file or device (Read 128 bytes on handle 6)
2018-12-17T23:15:33.510774044Z	64	PC: 13903 \| Write file or device (Write 128 bytes on handle 6)
2018-12-17T23:15:33.52077351Z	64	PC: 13903 \| Write file or device (Write 128 bytes on handle 6)
2018-12-17T23:15:33.524362526Z	64	PC: 13903 \| Write file or device (Write 128 bytes on handle 6)
2018-12-17T23:15:33.529087788Z	64	PC: 13903 \| Write file or device (Write 87 bytes on handle 6)
2018-12-17T23:15:33.532386538Z	62	PC: 13942 \| Close file
2018-12-17T23:15:33.57047451Z	62	PC: 13cb1 \| Close file