Sample viewer

vx.netlux.org/Trojan.DOS.SPS.202.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:28.747202142Z	25	PC: 12a5b \| Get default drive
2018-12-17T21:56:28.74954718Z	42	PC: 12a73 \| Get date 0x12a73: jle 0x12a77 0x12a75: neg bp 0x12a77: rcl ah, cl 0x12a79: jbe 0x12a7d 0x12a7b: xor ah, byte ptr [si] 0x12a7d: test byte ptr [bx + di], ch 0x12a7f: mov ax, 0x12 0x12a83: test si, 0x2b29 0x12a87: mov ah, byte ptr [bp + di + 0x3d] 0x12a8a: test bh, bh 0x12a8c: mov ah, 0x2c 0x12a8e: int 0x21 0x12a90: call 0x12ab9 0x12a93: ror bp, 1 0x12a95: sbb al, 0x12 0x12a98: sub al, 0x21 0x12a9b: add bp, si 0x12a9d: je 0x12aa3 0x12a9f: mov ax, 0x2505 0x12aa3: sar al, 1
2018-12-17T21:56:28.753817423Z	44	PC: 12a90 \| Get time 0x12a90: call 0x12ab9 0x12a93: ror bp, 1 0x12a95: sbb al, 0x12 0x12a98: sub al, 0x21 0x12a9b: add bp, si 0x12a9d: je 0x12aa3 0x12a9f: mov ax, 0x2505 0x12aa3: sar al, 1 0x12aa5: adc ah, 0x35 0x12aa8: not ax 0x12aaa: test word ptr [0x3332], bp 0x12aae: add bp, 0x232f 0x12ab2: sbb si, 0x2d09 0x12ab6: jmp 0x12adb 0x12ab9: and si, 0x3039 0x12abd: jmp 0x12ad5 0x12ac0: xor si, 7 0x12ac4: neg al 0x12ac6: sar ax, cl 0x12ac8: rol al, cl
2018-12-17T21:56:28.765798118Z	52	PC: 12a6d \| Get InDOS flag pointer
2018-12-17T21:56:28.775577563Z	81	PC: 12a75 \| Get current PSP
2018-12-17T21:56:28.777628045Z	9	PC: 12aea \| Display string (String= ' PasswordStorer 4 Novell Network / v2.02 (c) 1997 by Psychomancer aka Nice,SPS. ')
2018-12-17T21:56:28.786638478Z	9	PC: 12aea \| Display string (String= ' ')
2018-12-17T21:56:28.792029038Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:28.793993342Z	51	PC: 12c45 \| Get or set Ctrl-Break
2018-12-17T21:56:28.795229772Z	51	PC: 12cb7 \| Get or set Ctrl-Break
2018-12-17T21:56:28.796151074Z	9	PC: 12aea \| Display string (Could not find end pointer)
2018-12-17T21:56:28.812049735Z	9	PC: 12aea \| Display string (String= ' ')