Sample viewer

vx.netlux.org/Trojan.DOS.Slavik.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:39:02.667555051Z	48	PC: 19d82 \| Get DOS version
2018-12-17T22:39:02.669500375Z	74	PC: 19dd2 \| Reallocate memory
2018-12-17T22:39:02.67119884Z	48	PC: 19b68 \| Get DOS version
2018-12-17T22:39:02.672225516Z	53	PC: 19b70 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:02.674285935Z	37	PC: 19b82 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:02.676245768Z	53	PC: 1c232 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:02.677845259Z	37	PC: 1c242 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:02.679524802Z	53	PC: 1c247 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:02.680764207Z	37	PC: 1c257 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:02.681942818Z	53	PC: 19f86 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:02.683574562Z	53	PC: 19f86 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:02.684752983Z	53	PC: 19f86 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:02.685887425Z	53	PC: 19f86 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:02.687621018Z	53	PC: 19f86 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:02.68872096Z	53	PC: 19f86 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:02.689773605Z	53	PC: 19f86 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:02.696816302Z	53	PC: 19f86 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:02.697871383Z	53	PC: 19f86 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:02.698845332Z	53	PC: 19f86 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:02.700480169Z	53	PC: 19f86 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:39:02.706273156Z	37	PC: 19fb5 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:02.707850814Z	37	PC: 19fb5 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:02.708994522Z	37	PC: 19fb5 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:02.710610932Z	37	PC: 19fb5 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:02.71166599Z	37	PC: 19fb5 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:02.712580558Z	37	PC: 19fb5 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:02.714180632Z	37	PC: 19fb5 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:02.715059451Z	37	PC: 19fb5 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:02.715913609Z	37	PC: 19fbc \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:02.721634647Z	37	PC: 19fc1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:02.730990467Z	68	PC: 19c13 \| I/O control for devices (Set for = ' ')
2018-12-17T22:39:02.732011789Z	68	PC: 19c13 \| I/O control for devices (Set for = '')
2018-12-17T22:39:02.735259541Z	68	PC: 19c13 \| I/O control for devices (Set for = 'T=��')
2018-12-17T22:39:02.736230737Z	68	PC: 19c13 \| I/O control for devices (Set for = '')
2018-12-17T22:39:02.737127121Z	68	PC: 19c13 \| I/O control for devices (Set for = '')
2018-12-17T22:39:02.743401581Z	53	PC: 176de \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:02.744200669Z	53	PC: 176eb \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:39:02.744943759Z	53	PC: 176f8 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:02.746422262Z	37	PC: 1770d \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:02.747442584Z	37	PC: 17715 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:39:02.748409213Z	37	PC: 1771d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:02.750081445Z	53	PC: 17e68 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:39:02.751118085Z	53	PC: 17e75 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:39:02.75213183Z	53	PC: 17e84 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:39:02.753636043Z	37	PC: 17e91 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:39:02.754653672Z	53	PC: 17e98 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:39:02.755692408Z	37	PC: 17ea5 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:39:02.769427053Z	53	PC: 17eb1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:39:02.773577947Z	48	PC: 17f73 \| Get DOS version
2018-12-17T22:39:02.779607733Z	74	PC: 18c41 \| Reallocate memory
2018-12-17T22:39:02.782456595Z	74	PC: 18c41 \| Reallocate memory
2018-12-17T22:39:02.784047774Z	68	PC: 17654 \| I/O control for devices (Set for = ' � � � � � � � ۪C')
2018-12-17T22:39:02.78555422Z	68	PC: 17654 \| I/O control for devices (Set for = '')
2018-12-17T22:39:02.787829526Z	51	PC: 17672 \| Get or set Ctrl-Break
2018-12-17T22:39:02.788935372Z	51	PC: 1767e \| Get or set Ctrl-Break
2018-12-17T22:39:02.790277949Z	72	PC: 194b8 \| Allocate memory
2018-12-17T22:39:02.793162086Z	74	PC: 18c41 \| Reallocate memory
2018-12-17T22:39:02.79518451Z	72	PC: 194b8 \| Allocate memory
2018-12-17T22:39:02.797876423Z	37	PC: 154ad \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:39:02.806058805Z	61	PC: 13002 \| Open file (Filename = 'C:\WINSTART.BAT')
2018-12-17T22:39:02.81191124Z	60	PC: 12ec7 \| Create or truncate file
2018-12-17T22:39:04.235701447Z	62	PC: 1502d \| Close file
2018-12-17T22:39:04.238625113Z	61	PC: 13002 \| Open file (Filename = 'C:\WINSTART.BAT')
2018-12-17T22:39:04.245438569Z	68	PC: 12f5b \| I/O control for devices (Set for = ' � � � � � � � � � � � ۪C')
2018-12-17T22:39:04.248091397Z	64	PC: 1501c \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:39:04.251488065Z	64	PC: 1501c \| Write file or device (Write 14 bytes on handle 5)
2018-12-17T22:39:04.260147242Z	66	PC: 14dcf \| Move file pointer
2018-12-17T22:39:04.262397669Z	62	PC: 1502d \| Close file
2018-12-17T22:39:04.344555781Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.34667964Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.348625993Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.351407824Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.353990751Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.355660459Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.357908817Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.359666677Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.361139896Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.363312436Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.364810296Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.366214023Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.368583905Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.370130879Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.372126332Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.374694673Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.376303317Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.377799014Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.380394986Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.381991854Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.383501525Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.385709007Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.387190181Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.388761573Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.390901095Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.392380783Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.393908723Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.396201396Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.397648414Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.399169683Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.40126889Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.402712216Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.404175965Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.40614986Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.407596379Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.408988108Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.413620964Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.416009445Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.417953432Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.420397839Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.434148342Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.437261408Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.447505826Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.450121065Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.452679253Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.456311877Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.463591878Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.465777173Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.46862154Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.470819931Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.47281374Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.476486018Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.478762261Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.481051335Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.48422197Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.486310393Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.488368638Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.491911893Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.494481951Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.497058323Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.521238761Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.530093024Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.53231174Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.535227131Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.537475162Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.540452776Z	73	PC: 194b8 \| Release memory
2018-12-17T22:39:04.542637685Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.544573624Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.546736029Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.549924205Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.552014423Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.554119075Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.556673578Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.559222273Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.561511196Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.564164761Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.566324782Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.568605532Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.571413418Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.573444535Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.575718029Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.578259677Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.580408055Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.58915509Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.591824441Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.594537636Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.598406648Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.601089222Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.603778763Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.60722647Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.609972641Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.612384562Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.615686385Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.618291864Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.620686632Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.623950526Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.626694003Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.629086293Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.632996423Z	6	PC: 17625 \| Direct console I/O
2018-12-17T22:39:04.636153177Z	12	PC: 176ce \| Flush input buffer and input