Sample viewer

vx.netlux.org/Trojan.DOS.MMi.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:39.967073549Z 53 PC: 1474a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:39.970035112Z 53 PC: 1474a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:39.971818484Z 53 PC: 1474a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:39.973296468Z 53 PC: 1474a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:39.975275984Z 53 PC: 1474a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:39.976636869Z 53 PC: 1474a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:39.978177513Z 53 PC: 1474a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:39.979816847Z 53 PC: 1474a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:39.983599101Z 53 PC: 1474a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:39.986103313Z 53 PC: 1474a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:39.988032085Z 53 PC: 1474a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:39.9907839Z 53 PC: 1474a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:39.992623329Z 53 PC: 1474a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:39.994701563Z 53 PC: 1474a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:39.997426544Z 53 PC: 1474a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:39.998702638Z 53 PC: 1474a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:39.999841363Z 53 PC: 1474a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:40.001906132Z 53 PC: 1474a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:40.007193013Z 53 PC: 1474a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:40.009248839Z 37 PC: 1475f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:40.012611831Z 37 PC: 14767 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:40.013810924Z 37 PC: 1476f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:40.014864308Z 37 PC: 14777 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:40.017109568Z 68 PC: 15238 | I/O control for devices (Set for = '')
2018-12-17T22:41:40.019904661Z 53 PC: 145f1 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:41:40.021414084Z 37 PC: 1460d | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:41:40.02285399Z 53 PC: 145f1 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:40.025111882Z 37 PC: 1460d | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:41:40.026526161Z 53 PC: 145f1 | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:40.027968935Z 37 PC: 1460d | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:40.030412635Z 51 PC: 144df | Get or set Ctrl-Break
2018-12-17T22:41:40.031714758Z 48 PC: 14f5e | Get DOS version
2018-12-17T22:41:40.033398215Z 67 PC: 144f2 | Get or set file attributes
2018-12-17T22:41:40.040898242Z 67 PC: 14519 | Get or set file attributes
2018-12-17T22:41:40.06054625Z 61 PC: 14e10 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:41:40.06919256Z 63 PC: 14ee3 | Read file or device (Read 6247 bytes on handle 5)
2018-12-17T22:41:40.087919886Z 67 PC: 14519 | Get or set file attributes
2018-12-17T22:41:40.099860877Z 62 PC: 14e60 | Close file
2018-12-17T22:41:40.102602799Z 48 PC: 14f5e | Get DOS version
2018-12-17T22:41:40.105262189Z 26 PC: 14590 | Set disk transfer address
2018-12-17T22:41:40.107767867Z 78 PC: 1459c | Find first file
2018-12-17T22:41:40.114954595Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.117067904Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.122134596Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.123744749Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.12806702Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.130346909Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.133399676Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.134588803Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.137904614Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.139573041Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.143504339Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.14554022Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.148763437Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.150094831Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.153481025Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.154958884Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.158057572Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.159387388Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.162682462Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.163867343Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.167160849Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.168622932Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.171743758Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.173112005Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.176444208Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.177777919Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.180863633Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.182940458Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.186161027Z 26 PC: 145b4 | Set disk transfer address
2018-12-17T22:41:40.187339302Z 79 PC: 145b9 | Find next file
2018-12-17T22:41:40.191003607Z 64 PC: 14b68 | Write file or device (Write 30 bytes on handle 1)
2018-12-17T22:41:40.196157562Z 44 PC: 1448d | Get time 0x1448d: xor ah, ah
0x1448f: mov al, dl
0x14491: les di, ptr [bp + 6]
0x14494: stosw word ptr es:[di], ax
0x14495: mov al, dh
0x14497: les di, ptr [bp + 0xa]
0x1449a: stosw word ptr es:[di], ax
0x1449b: mov al, cl
0x1449d: les di, ptr [bp + 0xe]
0x144a0: stosw word ptr es:[di], ax
0x144a1: mov al, ch
0x144a3: les di, ptr [bp + 0x12]
0x144a6: stosw word ptr es:[di], ax
0x144a7: pop bp
0x144a8: retf 0x10
0x144ab: push bp
0x144ac: mov bp, sp
0x144ae: mov ch, byte ptr [bp + 0xc]
0x144b1: mov cl, byte ptr [bp + 0xa]
0x144b4: mov dh, byte ptr [bp + 8]
2018-12-17T22:41:40.198830618Z 64 PC: 14b68 | Write file or device (Write 29 bytes on handle 1)
2018-12-17T22:41:40.207492758Z 64 PC: 14b68 | Write file or device (Write 33 bytes on handle 1)
2018-12-17T22:41:40.212895627Z 64 PC: 14b68 | Write file or device (Write 32 bytes on handle 1)
2018-12-17T22:41:40.219822883Z 64 PC: 14b68 | Write file or device (Write 33 bytes on handle 1)
2018-12-17T22:41:40.225792592Z 64 PC: 14b68 | Write file or device (Write 31 bytes on handle 1)
2018-12-17T22:41:40.232699519Z 64 PC: 14b68 | Write file or device (Write 36 bytes on handle 1)
2018-12-17T22:41:40.238223964Z 64 PC: 14b68 | Write file or device (Write 28 bytes on handle 1)
2018-12-17T22:41:40.246214304Z 64 PC: 14b68 | Write file or device (Write 29 bytes on handle 1)
2018-12-17T22:41:40.252037116Z 64 PC: 14b68 | Write file or device (Write 29 bytes on handle 1)
2018-12-17T22:41:40.257559818Z 64 PC: 14b68 | Write file or device (Write 28 bytes on handle 1)
2018-12-17T22:41:40.265123628Z 64 PC: 14b68 | Write file or device (Write 30 bytes on handle 1)
2018-12-17T22:41:40.271449831Z 64 PC: 14b68 | Write file or device (Write 32 bytes on handle 1)
2018-12-17T22:41:40.27840016Z 63 PC: 14b11 | Read file or device (Read 128 bytes on handle 0)