Sample viewer

vx.netlux.org/Trojan.DOS.Docror

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:59.812707502Z	48	PC: 12a44 \| Get DOS version
2018-12-17T21:56:59.817075892Z	52	PC: 12a4f \| Get InDOS flag pointer
2018-12-17T21:56:59.81829453Z	53	PC: 12a5c \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:56:59.819448261Z	37	PC: 12a70 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:56:59.822320524Z	75	PC: 12a7d \| Execute program
2018-12-17T21:56:59.829450204Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:59.830786125Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:56:59.831957136Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:59.833718554Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:59.835317804Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:59.836771734Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:56:59.846351686Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:56:59.849011124Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:56:59.850308767Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:56:59.853626413Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:56:59.855175345Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:56:59.85671363Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:56:59.858767567Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:56:59.859942466Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:56:59.861130754Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:56:59.862636273Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:56:59.864219953Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:59.865284103Z	53	PC: 1a156 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:56:59.867017025Z	37	PC: 1a16b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:59.868293195Z	37	PC: 1a173 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:59.869419725Z	37	PC: 1a17b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:59.871019393Z	37	PC: 1a183 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:59.873030192Z	68	PC: 1a9da \| I/O control for devices (Set for = '')
2018-12-17T21:56:59.874852421Z	53	PC: 19f27 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:59.877094845Z	53	PC: 19f27 \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T21:56:59.878539231Z	55	PC: 19d05 \| Get or set switch character
2018-12-17T21:56:59.880264875Z	64	PC: 1aadd \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T21:56:59.885947824Z	64	PC: 1aadd \| Write file or device (Write 79 bytes on handle 1)
2018-12-17T21:56:59.893257112Z	64	PC: 1aadd \| Write file or device (Write 79 bytes on handle 1)
2018-12-17T21:56:59.899617335Z	64	PC: 1aadd \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T21:56:59.906735581Z	61	PC: 1ade8 \| Open file (Filename = '>>')
2018-12-17T21:56:59.909209583Z	63	PC: 1aebb \| Read file or device (Read 1800 bytes on handle 5)
2018-12-17T21:56:59.911304557Z	62	PC: 1ae38 \| Close file
2018-12-17T21:56:59.914250035Z	61	PC: 1ade8 \| Open file (Filename = '>>>')
2018-12-17T21:56:59.916671514Z	63	PC: 1aebb \| Read file or device (Read 1986 bytes on handle 5)
2018-12-17T21:56:59.918770595Z	62	PC: 1ae38 \| Close file
2018-12-17T21:56:59.921306255Z	61	PC: 1ade8 \| Open file (Filename = '>')
2018-12-17T21:56:59.927222623Z	63	PC: 1aebb \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T21:56:59.929489705Z	63	PC: 1aebb \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T21:56:59.932442407Z	63	PC: 1aebb \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T21:56:59.93509362Z	63	PC: 1aebb \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T21:56:59.937404413Z	63	PC: 1aebb \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T21:56:59.944602871Z	63	PC: 1aebb \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T21:56:59.948018624Z	63	PC: 1aebb \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T21:56:59.950686746Z	63	PC: 1aebb \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T21:56:59.954095074Z	62	PC: 1ae38 \| Close file
2018-12-17T21:56:59.955970559Z	25	PC: 1a010 \| Get default drive
2018-12-17T21:56:59.957014018Z	71	PC: 1a02b \| Get current directory
2018-12-17T21:56:59.961427965Z	64	PC: 1aadd \| Write file or device (Write 20 bytes on handle 1)
2018-12-17T21:56:59.966373829Z	64	PC: 1aadd \| Write file or device (Write 1 bytes on handle 1)
2018-12-17T21:56:59.970566742Z	64	PC: 1aadd \| Write file or device (Write 15 bytes on handle 1)
2018-12-17T21:56:59.978899362Z	26	PC: 19e4b \| Set disk transfer address
2018-12-17T21:56:59.980135103Z	78	PC: 19e57 \| Find first file
2018-12-17T21:56:59.988148305Z	61	PC: 1ade8 \| Open file (Filename = 'A:\SLEEP.COM')
2018-12-17T21:56:59.995860367Z	66	PC: 1af84 \| Move file pointer
2018-12-17T21:56:59.9984799Z	66	PC: 1af92 \| Move file pointer
2018-12-17T21:57:00.000222465Z	66	PC: 1afa0 \| Move file pointer
2018-12-17T21:57:00.002180259Z	63	PC: 1aebb \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:57:00.010255754Z	62	PC: 1ae38 \| Close file
2018-12-17T21:57:00.012429688Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.013747127Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.018316205Z	61	PC: 1ade8 \| Open file (Filename = 'A:\PRINT.S')
2018-12-17T21:57:00.025390477Z	66	PC: 1af84 \| Move file pointer
2018-12-17T21:57:00.0269896Z	66	PC: 1af92 \| Move file pointer
2018-12-17T21:57:00.028967841Z	66	PC: 1afa0 \| Move file pointer
2018-12-17T21:57:00.030532778Z	63	PC: 1aebb \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:57:00.049700072Z	62	PC: 1ae38 \| Close file
2018-12-17T21:57:00.052223999Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.053345313Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.057080952Z	61	PC: 1ade8 \| Open file (Filename = 'A:\PRINT.COM')
2018-12-17T21:57:00.064583796Z	66	PC: 1af84 \| Move file pointer
2018-12-17T21:57:00.066250967Z	66	PC: 1af92 \| Move file pointer
2018-12-17T21:57:00.067906388Z	66	PC: 1afa0 \| Move file pointer
2018-12-17T21:57:00.07057141Z	63	PC: 1aebb \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:57:00.077162535Z	62	PC: 1ae38 \| Close file
2018-12-17T21:57:00.079024713Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.08147893Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.085373407Z	61	PC: 1ade8 \| Open file (Filename = 'A:\HELLO.COM')
2018-12-17T21:57:00.092367888Z	66	PC: 1af84 \| Move file pointer
2018-12-17T21:57:00.094359424Z	66	PC: 1af92 \| Move file pointer
2018-12-17T21:57:00.095745432Z	66	PC: 1afa0 \| Move file pointer
2018-12-17T21:57:00.097302891Z	63	PC: 1aebb \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:57:00.104687193Z	62	PC: 1ae38 \| Close file
2018-12-17T21:57:00.106479712Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.1074144Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.111780712Z	61	PC: 1ade8 \| Open file (Filename = 'A:\PHANG.COM')
2018-12-17T21:57:00.119293966Z	66	PC: 1af84 \| Move file pointer
2018-12-17T21:57:00.120802077Z	66	PC: 1af92 \| Move file pointer
2018-12-17T21:57:00.12337493Z	66	PC: 1afa0 \| Move file pointer
2018-12-17T21:57:00.125075546Z	63	PC: 1aebb \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:57:00.131570899Z	62	PC: 1ae38 \| Close file
2018-12-17T21:57:00.134558691Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.13569201Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.139935043Z	61	PC: 1ade8 \| Open file (Filename = 'A:\PRINTA~1.COM')
2018-12-17T21:57:00.147801902Z	66	PC: 1af84 \| Move file pointer
2018-12-17T21:57:00.149571187Z	66	PC: 1af92 \| Move file pointer
2018-12-17T21:57:00.151246249Z	66	PC: 1afa0 \| Move file pointer
2018-12-17T21:57:00.154074188Z	63	PC: 1aebb \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:57:00.161430279Z	62	PC: 1ae38 \| Close file
2018-12-17T21:57:00.163701337Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.165687418Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.170284238Z	61	PC: 1ade8 \| Open file (Filename = 'A:\MANDEL.COM')
2018-12-17T21:57:00.178072684Z	66	PC: 1af84 \| Move file pointer
2018-12-17T21:57:00.180313177Z	66	PC: 1af92 \| Move file pointer
2018-12-17T21:57:00.1821677Z	66	PC: 1afa0 \| Move file pointer
2018-12-17T21:57:00.184140968Z	63	PC: 1aebb \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:57:00.191708929Z	62	PC: 1ae38 \| Close file
2018-12-17T21:57:00.193965876Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.195327685Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.199724492Z	61	PC: 1ade8 \| Open file (Filename = 'A:\PAH.COM')
2018-12-17T21:57:00.206670259Z	66	PC: 1af84 \| Move file pointer
2018-12-17T21:57:00.208378874Z	66	PC: 1af92 \| Move file pointer
2018-12-17T21:57:00.210698553Z	66	PC: 1afa0 \| Move file pointer
2018-12-17T21:57:00.2123429Z	63	PC: 1aebb \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:57:00.219569001Z	62	PC: 1ae38 \| Close file
2018-12-17T21:57:00.222068919Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.224269707Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.228423317Z	61	PC: 1ade8 \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T21:57:00.235478638Z	66	PC: 1af84 \| Move file pointer
2018-12-17T21:57:00.238013863Z	66	PC: 1af92 \| Move file pointer
2018-12-17T21:57:00.239495936Z	66	PC: 1afa0 \| Move file pointer
2018-12-17T21:57:00.241668651Z	63	PC: 1aebb \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:57:00.246225119Z	66	PC: 1af1a \| Move file pointer
2018-12-17T21:57:00.247906766Z	63	PC: 1aebb \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T21:57:00.255789078Z	62	PC: 1ae38 \| Close file
2018-12-17T21:57:00.258908547Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.260007137Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.26266196Z	26	PC: 19e4b \| Set disk transfer address
2018-12-17T21:57:00.264060293Z	78	PC: 19e57 \| Find first file
2018-12-17T21:57:00.270383139Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.271408221Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.274253661Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.275171212Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.277691818Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.279286869Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.281881147Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.282892406Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.286284926Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.287637452Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.29075828Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.292124616Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.294702144Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.296568808Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.299151223Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.300133634Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.302848904Z	26	PC: 19e6f \| Set disk transfer address
2018-12-17T21:57:00.304337685Z	79	PC: 19e74 \| Find next file
2018-12-17T21:57:00.307121371Z	72	PC: 19d05 \| Allocate memory
2018-12-17T21:57:00.309462315Z	72	PC: 19d05 \| Allocate memory
2018-12-17T21:57:00.311762597Z	73	PC: 19d05 \| Release memory
2018-12-17T21:57:00.312899273Z	42	PC: 19d33 \| Get date 0x19d33: xor ah, ah 0x19d35: les di, ptr [bp + 6] 0x19d38: stosw word ptr es:[di], ax 0x19d39: mov al, dl 0x19d3b: les di, ptr [bp + 0xa] 0x19d3e: stosw word ptr es:[di], ax 0x19d3f: mov al, dh 0x19d41: les di, ptr [bp + 0xe] 0x19d44: stosw word ptr es:[di], ax 0x19d45: xchg ax, cx 0x19d46: les di, ptr [bp + 0x12] 0x19d49: stosw word ptr es:[di], ax 0x19d4a: pop bp 0x19d4b: retf 0x10 0x19d4e: push bp 0x19d4f: mov bp, sp 0x19d51: mov cx, word ptr [bp + 0xa] 0x19d54: mov dh, byte ptr [bp + 8] 0x19d57: mov dl, byte ptr [bp + 6] 0x19d5a: mov ah, 0x2b
2018-12-17T21:57:00.31542121Z	64	PC: 1aadd \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T21:57:00.321607869Z	64	PC: 1aadd \| Write file or device (Write 35 bytes on handle 1)
2018-12-17T21:57:00.329256695Z	64	PC: 1aadd \| Write file or device (Write 37 bytes on handle 1)
2018-12-17T21:57:00.336039795Z	64	PC: 1aadd \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T21:57:00.337842537Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:57:00.339167703Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:57:00.340670211Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:57:00.342136668Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:57:00.343446436Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:57:00.345332514Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:57:00.34677168Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:57:00.348223071Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:57:00.351142716Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:57:00.353589063Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:57:00.355067694Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:57:00.359135712Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:57:00.360309723Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:57:00.361807112Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:57:00.364138024Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:57:00.365670511Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:57:00.367079868Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:57:00.369374603Z	37	PC: 1a265 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:57:00.370898347Z	76	PC: 1a2a4 \| Terminate with return code (Return code = '0')
2018-12-17T21:57:00.373862222Z	37	PC: 12a86 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T21:57:00.3756722Z	77	PC: 12a8a \| Get program return code
2018-12-17T21:57:00.377139555Z	76	PC: 12a8e \| Terminate with return code (Return code = '0')