Sample viewer

vx.netlux.org/Trojan.DOS.Oeminfer.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:58.652944201Z 53 PC: 1350a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:58.654302862Z 53 PC: 1350a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:58.655678817Z 53 PC: 1350a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:58.656788992Z 53 PC: 1350a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:58.657901582Z 53 PC: 1350a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:58.660031462Z 53 PC: 1350a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:58.661435278Z 53 PC: 1350a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:58.663052205Z 53 PC: 1350a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:58.664902641Z 53 PC: 1350a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:58.666084651Z 53 PC: 1350a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:58.667251092Z 53 PC: 1350a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:58.669080768Z 53 PC: 1350a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:58.670172719Z 53 PC: 1350a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:58.671290999Z 53 PC: 1350a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:58.673851218Z 53 PC: 1350a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:58.675107598Z 53 PC: 1350a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:58.676454247Z 53 PC: 1350a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:58.680387685Z 53 PC: 1350a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:58.682305066Z 53 PC: 1350a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:58.683619886Z 37 PC: 1351f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:58.685100857Z 37 PC: 13527 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:58.686631031Z 37 PC: 1352f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:58.687702714Z 37 PC: 13537 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:58.689065213Z 68 PC: 13de5 | I/O control for devices (Set for = '��r��3����r��� ��3���p')
2018-12-17T22:41:58.741402623Z 37 PC: 12f31 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:58.743015692Z 60 PC: 13c61 | Create or truncate file
2018-12-17T22:41:59.091775501Z 61 PC: 13dc9 | Open file (Filename = 'c:\windows\system\oeminfo.ini')
2018-12-17T22:41:59.09861127Z 68 PC: 13de5 | I/O control for devices (Set for = '��r��3����r��� ��3���p')
2018-12-17T22:41:59.100106288Z 66 PC: 13e34 | Move file pointer
2018-12-17T22:41:59.101376544Z 66 PC: 13e4b | Move file pointer
2018-12-17T22:41:59.103037623Z 63 PC: 13e58 | Read file or device (Read 128 bytes on handle 6)
2018-12-17T22:41:59.105184576Z 64 PC: 13903 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:41:59.111916449Z 64 PC: 13903 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:41:59.117579316Z 64 PC: 13903 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:41:59.121759526Z 64 PC: 13903 | Write file or device (Write 87 bytes on handle 6)
2018-12-17T22:41:59.126166213Z 62 PC: 13942 | Close file
2018-12-17T22:41:59.135426346Z 62 PC: 13cb1 | Close file
2018-12-17T22:41:59.138839466Z 37 PC: 13661 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:59.140206524Z 37 PC: 13661 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:59.143969702Z 37 PC: 13661 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:59.146275332Z 37 PC: 13661 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:59.148632279Z 37 PC: 13661 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:59.151031315Z 37 PC: 13661 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:59.154674848Z 37 PC: 13661 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:59.156992892Z 37 PC: 13661 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:59.158893702Z 37 PC: 13661 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:59.161450104Z 37 PC: 13661 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:59.163127133Z 37 PC: 13661 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:59.165085882Z 37 PC: 13661 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:59.167851917Z 37 PC: 13661 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:59.169407259Z 37 PC: 13661 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:59.171215875Z 37 PC: 13661 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:59.175171004Z 37 PC: 13661 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:59.176878731Z 37 PC: 13661 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:59.178581129Z 37 PC: 13661 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:59.181111141Z 37 PC: 13661 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:59.182600558Z 76 PC: 136a0 | Terminate with return code (Return code = '0')