Sample viewer

vx.netlux.org/Trojan.DOS.Lamens

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:57:14.669358359Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:57:14.678047214Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:57:14.679211217Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:57:14.680634665Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:57:14.683133244Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:57:14.685684983Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:57:14.68761496Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:57:14.690366764Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:57:14.697670426Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:57:14.699327038Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:57:14.700788009Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:57:14.702795661Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:57:14.705174081Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:57:14.707681071Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:57:14.711598041Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:57:14.718652782Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:57:14.721060155Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:57:14.723174655Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:57:14.741767167Z	53	PC: 12d92 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:57:14.74321469Z	37	PC: 12da7 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:57:14.744643852Z	37	PC: 12daf \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:57:14.751523205Z	37	PC: 12db7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:57:14.752800809Z	37	PC: 12dbf \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:57:14.754604509Z	68	PC: 1312f \| I/O control for devices (Set for = '')
2018-12-17T21:57:14.763983963Z	44	PC: 13474 \| Get time 0x13474: mov word ptr [0x4e], cx 0x13478: mov word ptr [0x50], dx 0x1347c: retf 0x1347d: add byte ptr [bx + si], al 0x1347f: add byte ptr [bx + si], al 0x13481: add byte ptr [bx + di], al 0x13483: add al, byte ptr [bp + di] 0x13485: add al, 5 0x13487: adc al, 7 0x13489: cmp byte ptr [bx + di], bh 0x1348b: cmp bh, byte ptr [bp + di] 0x1348d: cmp al, 0x3d 0x1348f: aas 0x13491: add byte ptr [bx + si], al 0x13493: add byte ptr [bx + si], al 0x13495: add byte ptr [bx + si], al 0x13497: add byte ptr [bx + si], al 0x13499: add byte ptr [bx + si - 0x47ed], bh 0x1349d: adc di, word ptr [bx + si + 0x13] 0x134a1: add byte ptr [bx + si], al
2018-12-17T21:57:14.767197761Z	64	PC: 13232 \| Write file or device (Write 34 bytes on handle 1)
2018-12-17T21:57:14.771978129Z	37	PC: 12d16 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T21:57:14.773979219Z	49	PC: 12d31 \| Terminate and stay resident (Return code = '0' \| Memory size = '524')