Sample viewer

vx.netlux.org/Trojan.DOS.Chernich

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:31.809120544Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:31.81163496Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:31.812709256Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:31.814030088Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:31.816782157Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:31.818197149Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:31.819605622Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:31.822098073Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:31.823410492Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:31.82483218Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:31.826634775Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:31.828538413Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:31.829783262Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:31.83123271Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:31.832732749Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:31.833939385Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:31.835139085Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:31.836745243Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:31.838225945Z	53	PC: 12d3a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:31.839713609Z	37	PC: 12d4f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:31.846625587Z	37	PC: 12d57 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:31.847824706Z	37	PC: 12d5f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:31.848958203Z	37	PC: 12d67 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:31.851980039Z	68	PC: 13721 \| I/O control for devices (Set for = '')
2018-12-17T22:44:31.853720939Z	64	PC: 13158 \| Write file or device (Write 48 bytes on handle 1)
2018-12-17T22:44:31.858554895Z	64	PC: 13158 \| Write file or device (Write 27 bytes on handle 1)
2018-12-17T22:44:31.865820768Z	61	PC: 13400 \| Open file (Filename = 'c:\autoexec.bat')
2018-12-17T22:44:31.872607973Z	66	PC: 13820 \| Move file pointer
2018-12-17T22:44:31.874482925Z	66	PC: 1382e \| Move file pointer
2018-12-17T22:44:31.876691218Z	66	PC: 1383c \| Move file pointer
2018-12-17T22:44:31.878276995Z	63	PC: 134d3 \| Read file or device (Read 90 bytes on handle 5)
2018-12-17T22:44:31.881745461Z	62	PC: 13450 \| Close file
2018-12-17T22:44:31.884491662Z	60	PC: 13400 \| Create or truncate file
2018-12-17T22:44:32.234764728Z	64	PC: 134d3 \| Write file or device (Write 101 bytes on handle 5)
2018-12-17T22:44:32.243042401Z	62	PC: 13450 \| Close file
2018-12-17T22:44:32.251629129Z	48	PC: 1354e \| Get DOS version
2018-12-17T22:44:32.253463006Z	61	PC: 13400 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:44:32.26033124Z	66	PC: 13820 \| Move file pointer
2018-12-17T22:44:32.262816314Z	66	PC: 1382e \| Move file pointer
2018-12-17T22:44:32.265000106Z	66	PC: 1383c \| Move file pointer
2018-12-17T22:44:32.266793919Z	66	PC: 13532 \| Move file pointer
2018-12-17T22:44:32.268783387Z	63	PC: 134d3 \| Read file or device (Read 85 bytes on handle 5)
2018-12-17T22:44:32.27290851Z	62	PC: 13450 \| Close file
2018-12-17T22:44:32.275197893Z	60	PC: 13400 \| Create or truncate file
2018-12-17T22:44:32.285480146Z	64	PC: 134d3 \| Write file or device (Write 85 bytes on handle 5)
2018-12-17T22:44:32.291197065Z	62	PC: 13450 \| Close file
2018-12-17T22:44:32.298756784Z	64	PC: 13158 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:44:32.300810263Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:32.30331876Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:32.30480905Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:32.306280108Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:32.308542246Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:32.310039719Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:32.311499845Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:32.313645831Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:32.315460585Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:32.316772273Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:32.318658778Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:32.319832157Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:32.320942863Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:32.323114218Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:32.324389887Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:32.325693268Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:32.327814932Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:32.329031992Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:32.330110935Z	37	PC: 12e91 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:32.331347581Z	76	PC: 12ed0 \| Terminate with return code (Return code = '0')