Sample viewer

vx.netlux.org/Trojan.DOS.Direxe.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:34.668452165Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:34.670525951Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:34.673431541Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:34.675961976Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:34.678485365Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:34.690239484Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:34.692487518Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:34.694794521Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:34.697232764Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:34.699241455Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:34.701985064Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:34.703748904Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:34.705500531Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:34.708093926Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:34.709839187Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:34.711534231Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:34.713636388Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:34.715321229Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:34.717257892Z	53	PC: 1389a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:34.719735084Z	37	PC: 138af \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:34.72183853Z	37	PC: 138b7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:34.723759344Z	37	PC: 138bf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:34.726539502Z	37	PC: 138c7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:34.72880511Z	68	PC: 14141 \| I/O control for devices (Set for = '4�(,W�.�e��'��VEQ\|J')
2018-12-17T22:44:34.747717172Z	37	PC: 132c1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:34.750370039Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:34.752236103Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:34.753511704Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:34.754823984Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:34.756451231Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:34.757745522Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:34.759012646Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:34.761199622Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:34.762848318Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:34.764542726Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:34.766777705Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:34.768685776Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:34.770339924Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:34.772921846Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:34.774371632Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:34.775772758Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:34.778148875Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:34.787185406Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:34.788430232Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:34.790335752Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:34.791781516Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:34.79304625Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:34.794276507Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:34.79618522Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:34.797460744Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:34.798752759Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:34.806395164Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:34.808029245Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:34.809463952Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:34.811748266Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:34.813112975Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:34.814500254Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:34.816710754Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:34.818156801Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:34.819480838Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:34.821302511Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:34.823055403Z	53	PC: 131f5 \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:34.82483908Z	37	PC: 131fe \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:34.827296267Z	41	PC: 13144 \| Parse filename
2018-12-17T22:44:34.829847396Z	41	PC: 13152 \| Parse filename
2018-12-17T22:44:34.831428952Z	75	PC: 1315d \| Execute program
2018-12-17T22:44:34.85486981Z	80	PC: 18219 \| Set current PSP
2018-12-17T22:44:34.857000792Z	48	PC: 1821e \| Get DOS version
2018-12-17T22:44:34.858665802Z	99	PC: 1ea00 \| Get DBCS lead byte table pointer
2018-12-17T22:44:34.861574578Z	101	PC: 182a4 \| Get extended country info
2018-12-17T22:44:34.864488258Z	99	PC: 182aa \| Get DBCS lead byte table pointer
2018-12-17T22:44:34.866853111Z	74	PC: 1830c \| Reallocate memory
2018-12-17T22:44:34.869375971Z	25	PC: 18343 \| Get default drive
2018-12-17T22:44:34.881546175Z	37	PC: 17e03 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:44:34.883020468Z	37	PC: 17e0a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:34.884380566Z	37	PC: 17e11 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:34.890101346Z	74	PC: 16fac \| Reallocate memory
2018-12-17T22:44:34.891805351Z	72	PC: 16fed \| Allocate memory
2018-12-17T22:44:34.893938324Z	72	PC: 17025 \| Allocate memory
2018-12-17T22:44:34.896927684Z	72	PC: 1702d \| Allocate memory