Sample viewer

vx.netlux.org/Trojan.DOS.Grinder

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:29.552463539Z 48 PC: 163ac | Get DOS version
2018-12-17T22:41:29.555008128Z 74 PC: 163fc | Reallocate memory
2018-12-17T22:41:29.557103484Z 48 PC: 16460 | Get DOS version
2018-12-17T22:41:29.558575439Z 53 PC: 16468 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:29.560955108Z 37 PC: 1647a | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:29.562987135Z 68 PC: 1650b | I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:41:29.565129608Z 68 PC: 1650b | I/O control for devices
2018-12-17T22:41:29.575394137Z 68 PC: 1650b | I/O control for devices
2018-12-17T22:41:29.57747171Z 68 PC: 1650b | I/O control for devices
2018-12-17T22:41:29.579294563Z 68 PC: 1650b | I/O control for devices
2018-12-17T22:41:29.581331119Z 53 PC: 147b6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:29.583114478Z 53 PC: 147c3 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:41:29.58478192Z 53 PC: 147d0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:29.586248294Z 37 PC: 147e5 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:29.587615432Z 37 PC: 147ed | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:41:29.589283976Z 37 PC: 147f5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:29.590773072Z 53 PC: 15274 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:41:29.59209758Z 53 PC: 15281 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:41:29.594786129Z 53 PC: 15290 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:41:29.59656445Z 37 PC: 1529d | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:41:29.598285061Z 53 PC: 152a4 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:41:29.600987737Z 37 PC: 152b1 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:41:29.602514545Z 53 PC: 152bd | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:41:29.607289564Z 48 PC: 1537f | Get DOS version
2018-12-17T22:41:29.609868347Z 74 PC: 13481 | Reallocate memory
2018-12-17T22:41:29.611915332Z 74 PC: 13481 | Reallocate memory
2018-12-17T22:41:29.613862288Z 68 PC: 1472c | I/O control for devices (Set for = '�������������������������������������������������������������������������������������������������������������������������')
2018-12-17T22:41:29.616473032Z 68 PC: 1472c | I/O control for devices (Set for = '')
2018-12-17T22:41:29.618189766Z 51 PC: 1474a | Get or set Ctrl-Break
2018-12-17T22:41:29.619419175Z 51 PC: 14756 | Get or set Ctrl-Break
2018-12-17T22:41:29.626087129Z 6 PC: 156f3 | Direct console I/O
2018-12-17T22:41:29.631022429Z 74 PC: 13481 | Reallocate memory
2018-12-17T22:41:29.633423528Z 51 PC: 14761 | Get or set Ctrl-Break
2018-12-17T22:41:29.634896776Z 53 PC: 12eae | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:41:29.637101867Z 53 PC: 12ebb | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:41:29.638867924Z 53 PC: 12ec8 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:41:29.640609746Z 37 PC: 12ee3 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:41:29.643072531Z 53 PC: 12eeb | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:41:29.644776021Z 37 PC: 12ef8 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:41:29.646278723Z 53 PC: 12eff | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:41:29.648303235Z 37 PC: 12f0c | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:41:29.654360773Z 37 PC: 12f16 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:41:29.65611599Z 37 PC: 12f21 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:41:29.65880479Z 37 PC: 165bc | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:29.661670382Z 41 PC: 161bf | Parse filename
2018-12-17T22:41:29.663266329Z 41 PC: 161c1 | Parse filename
2018-12-17T22:41:29.665463897Z 41 PC: 161c6 | Parse filename
2018-12-17T22:41:29.667007075Z 75 PC: 161dc | Execute program
2018-12-17T22:41:29.690166884Z 80 PC: 19349 | Set current PSP
2018-12-17T22:41:29.691900019Z 48 PC: 1934e | Get DOS version
2018-12-17T22:41:29.693965889Z 99 PC: 1fb30 | Get DBCS lead byte table pointer
2018-12-17T22:41:29.696976273Z 101 PC: 193d4 | Get extended country info
2018-12-17T22:41:29.699223985Z 99 PC: 193da | Get DBCS lead byte table pointer
2018-12-17T22:41:29.701149071Z 74 PC: 1943c | Reallocate memory
2018-12-17T22:41:29.703012671Z 25 PC: 19473 | Get default drive
2018-12-17T22:41:29.704819255Z 37 PC: 18f33 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:41:29.706976336Z 37 PC: 18f3a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:29.708500919Z 37 PC: 18f41 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:29.713196879Z 74 PC: 180dc | Reallocate memory
2018-12-17T22:41:29.715835525Z 72 PC: 1811d | Allocate memory
2018-12-17T22:41:29.717572527Z 72 PC: 18155 | Allocate memory
2018-12-17T22:41:29.719452889Z 72 PC: 1815d | Allocate memory