Sample viewer

vx.netlux.org/Trojan.DOS.Slamkey

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:00.039919619Z 48 PC: 1873c | Get DOS version
2018-12-17T22:42:00.042174825Z 74 PC: 1878c | Reallocate memory
2018-12-17T22:42:00.044631048Z 48 PC: 187f0 | Get DOS version
2018-12-17T22:42:00.046267602Z 53 PC: 187f8 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:00.04887546Z 37 PC: 1880a | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:00.050708032Z 53 PC: 1b452 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:42:00.052289582Z 37 PC: 1b462 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:42:00.057990429Z 53 PC: 1b467 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:00.063234148Z 37 PC: 1b477 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:00.066361933Z 53 PC: 191a6 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:42:00.068780525Z 53 PC: 191a6 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:42:00.070586177Z 53 PC: 191a6 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:42:00.071984854Z 53 PC: 191a6 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:42:00.073311406Z 53 PC: 191a6 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:42:00.075407693Z 53 PC: 191a6 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:42:00.076673971Z 53 PC: 191a6 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:42:00.07845162Z 53 PC: 191a6 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:42:00.080992963Z 53 PC: 191a6 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:42:00.08243962Z 53 PC: 191a6 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:42:00.083872752Z 53 PC: 191a6 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:42:00.086130863Z 37 PC: 191d5 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:42:00.087741458Z 37 PC: 191d5 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:42:00.089408499Z 37 PC: 191d5 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:42:00.09177316Z 37 PC: 191d5 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:42:00.093134477Z 37 PC: 191d5 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:42:00.094471678Z 37 PC: 191d5 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:42:00.09654343Z 37 PC: 191d5 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:42:00.098065859Z 37 PC: 191d5 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:42:00.09965313Z 37 PC: 191dc | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:42:00.102108482Z 37 PC: 191e1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:42:00.103991909Z 68 PC: 1889b | I/O control for devices (Set for = 'vֵ���U���c����V�F�� �t ��s�J��( �( �( u�]�')
2018-12-17T22:42:00.106494069Z 68 PC: 1889b | I/O control for devices (Set for = '')
2018-12-17T22:42:00.109742981Z 68 PC: 1889b | I/O control for devices (Set for = '�')
2018-12-17T22:42:00.113261139Z 68 PC: 1889b | I/O control for devices (Set for = '�怊T�\�l�D������������ū�ë�«�&��� �t13�݋Ӹ')
2018-12-17T22:42:00.115816508Z 68 PC: 1889b | I/O control for devices (Set for = '�怊T�\�l�D������������ū�ë�«�&��� �t13�݋Ӹ')
2018-12-17T22:42:00.118987454Z 53 PC: 15f4a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:00.120743843Z 53 PC: 15f57 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:42:00.122205839Z 53 PC: 15f64 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:00.123776819Z 37 PC: 15f79 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:00.128729321Z 37 PC: 15f81 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:42:00.129923584Z 37 PC: 15f89 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:00.131740086Z 53 PC: 16a08 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:42:00.133948905Z 53 PC: 16a15 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:42:00.135338003Z 53 PC: 16a24 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:42:00.136641652Z 37 PC: 16a31 | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:42:00.13900447Z 53 PC: 16a38 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:42:00.140236504Z 37 PC: 16a45 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:42:00.141390511Z 53 PC: 16a51 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:42:00.146768542Z 48 PC: 16b13 | Get DOS version
2018-12-17T22:42:00.14826369Z 74 PC: 149a5 | Reallocate memory
2018-12-17T22:42:00.150554693Z 74 PC: 149a5 | Reallocate memory
2018-12-17T22:42:00.153144457Z 68 PC: 15ec0 | I/O control for devices (Set for = 'q�')
2018-12-17T22:42:00.154894224Z 68 PC: 15ec0 | I/O control for devices (Set for = '')
2018-12-17T22:42:00.156729901Z 51 PC: 15ede | Get or set Ctrl-Break
2018-12-17T22:42:00.158206956Z 51 PC: 15eea | Get or set Ctrl-Break
2018-12-17T22:42:00.159920243Z 72 PC: 1383e | Allocate memory
2018-12-17T22:42:00.162549942Z 74 PC: 149a5 | Reallocate memory
2018-12-17T22:42:00.164190634Z 72 PC: 1383e | Allocate memory
2018-12-17T22:42:00.167053912Z 37 PC: 13ccf | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:42:00.173300805Z 73 PC: 1383e | Release memory
2018-12-17T22:42:00.175645849Z 74 PC: 149a5 | Reallocate memory
2018-12-17T22:42:00.177953794Z 51 PC: 15ef5 | Get or set Ctrl-Break
2018-12-17T22:42:00.179039884Z 53 PC: 143d2 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:42:00.180530253Z 53 PC: 143df | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:42:00.182610821Z 53 PC: 143ec | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:42:00.184128461Z 37 PC: 14407 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:42:00.185589065Z 53 PC: 1440f | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:42:00.187795398Z 37 PC: 1441c | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:42:00.189208432Z 53 PC: 14423 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:42:00.190315962Z 37 PC: 14430 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:42:00.193181274Z 37 PC: 1443a | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:42:00.19508494Z 37 PC: 14445 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:42:00.19686873Z 37 PC: 191f1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:42:00.199457192Z 37 PC: 191f1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:42:00.200661303Z 37 PC: 191f1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:42:00.201887556Z 37 PC: 191f1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:42:00.203977642Z 37 PC: 191f1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:42:00.205506974Z 37 PC: 191f1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:42:00.207173314Z 37 PC: 191f1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:42:00.209876982Z 37 PC: 191f1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:42:00.21131347Z 37 PC: 191f1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:42:00.212647976Z 37 PC: 191f1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:42:00.215139365Z 37 PC: 191f1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:42:00.217155863Z 37 PC: 1b486 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:42:00.218455203Z 37 PC: 1894c | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:00.220880849Z 41 PC: 1862f | Parse filename
2018-12-17T22:42:00.222760469Z 41 PC: 18631 | Parse filename
2018-12-17T22:42:00.22447533Z 41 PC: 18636 | Parse filename
2018-12-17T22:42:00.229625924Z 75 PC: 1864c | Execute program
2018-12-17T22:42:00.251932761Z 80 PC: 1ec19 | Set current PSP
2018-12-17T22:42:00.253312663Z 48 PC: 1ec1e | Get DOS version
2018-12-17T22:42:00.256895592Z 99 PC: 25400 | Get DBCS lead byte table pointer
2018-12-17T22:42:00.259949327Z 101 PC: 1eca4 | Get extended country info
2018-12-17T22:42:00.261612361Z 99 PC: 1ecaa | Get DBCS lead byte table pointer
2018-12-17T22:42:00.263390731Z 74 PC: 1ed0c | Reallocate memory
2018-12-17T22:42:00.266555074Z 25 PC: 1ed43 | Get default drive
2018-12-17T22:42:00.268177612Z 37 PC: 1e803 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:42:00.270590273Z 37 PC: 1e80a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:00.273481162Z 37 PC: 1e811 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:00.27796258Z 74 PC: 1d9ac | Reallocate memory
2018-12-17T22:42:00.279617838Z 72 PC: 1d9ed | Allocate memory
2018-12-17T22:42:00.282323761Z 72 PC: 1da25 | Allocate memory
2018-12-17T22:42:00.284146434Z 72 PC: 1da2d | Allocate memory