Sample viewer

vx.netlux.org/Trojan.DOS.HackDel

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:12.140504154Z	48	PC: 1746c \| Get DOS version
2018-12-17T22:45:12.14320632Z	74	PC: 174bc \| Reallocate memory
2018-12-17T22:45:12.145274867Z	48	PC: 17520 \| Get DOS version
2018-12-17T22:45:12.146730863Z	53	PC: 17528 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:12.149224646Z	37	PC: 1753a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:12.150748998Z	68	PC: 175cb \| I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:45:12.152018883Z	68	PC: 175cb \| I/O control for devices
2018-12-17T22:45:12.153842278Z	68	PC: 175cb \| I/O control for devices
2018-12-17T22:45:12.155156267Z	68	PC: 175cb \| I/O control for devices
2018-12-17T22:45:12.156471492Z	68	PC: 175cb \| I/O control for devices
2018-12-17T22:45:12.179997767Z	53	PC: 1563a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:12.181120042Z	53	PC: 15647 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:45:12.182133243Z	53	PC: 15654 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:12.18340197Z	37	PC: 15669 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:12.186729274Z	37	PC: 15671 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:45:12.18759022Z	37	PC: 15679 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:12.188596868Z	53	PC: 160f8 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:45:12.2057238Z	53	PC: 16105 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:45:12.20701174Z	53	PC: 16114 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:45:12.207980689Z	37	PC: 16121 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:45:12.209525321Z	53	PC: 16128 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:45:12.210734711Z	37	PC: 16135 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:45:12.211838918Z	53	PC: 16141 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:45:12.216384998Z	48	PC: 16203 \| Get DOS version
2018-12-17T22:45:12.217478636Z	74	PC: 14305 \| Reallocate memory
2018-12-17T22:45:12.218941512Z	74	PC: 14305 \| Reallocate memory
2018-12-17T22:45:12.220434089Z	68	PC: 155b0 \| I/O control for devices (Set for = 'ib C:\autoexec.bat -r -h -sc')
2018-12-17T22:45:12.221637427Z	68	PC: 155b0 \| I/O control for devices (Set for = '')
2018-12-17T22:45:12.222892947Z	51	PC: 155ce \| Get or set Ctrl-Break
2018-12-17T22:45:12.224569815Z	51	PC: 155da \| Get or set Ctrl-Break
2018-12-17T22:45:12.23327936Z	74	PC: 14305 \| Reallocate memory
2018-12-17T22:45:12.234857466Z	51	PC: 155e5 \| Get or set Ctrl-Break
2018-12-17T22:45:12.240582404Z	37	PC: 15867 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:12.242246832Z	37	PC: 15871 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:45:12.246622888Z	37	PC: 1587b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:12.261767262Z	53	PC: 13c6e \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:45:12.263129366Z	53	PC: 13c7b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:45:12.264483306Z	53	PC: 13c88 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:45:12.271021022Z	37	PC: 13ca3 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:45:12.273543768Z	53	PC: 13cab \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:45:12.275719105Z	37	PC: 13cb8 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:45:12.278477539Z	53	PC: 13cbf \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:45:12.280438274Z	37	PC: 13ccc \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:45:12.283106563Z	37	PC: 13cd6 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:45:12.285407109Z	37	PC: 13ce1 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:45:12.28648094Z	37	PC: 1767c \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:12.28834497Z	41	PC: 1724f \| Parse filename
2018-12-17T22:45:12.290376193Z	41	PC: 17251 \| Parse filename
2018-12-17T22:45:12.291914741Z	41	PC: 17256 \| Parse filename
2018-12-17T22:45:12.293176426Z	75	PC: 1726c \| Execute program
2018-12-17T22:45:12.315737874Z	80	PC: 1a579 \| Set current PSP
2018-12-17T22:45:12.316954518Z	48	PC: 1a57e \| Get DOS version
2018-12-17T22:45:12.318886799Z	99	PC: 20d60 \| Get DBCS lead byte table pointer
2018-12-17T22:45:12.322579741Z	101	PC: 1a604 \| Get extended country info
2018-12-17T22:45:12.324247664Z	99	PC: 1a60a \| Get DBCS lead byte table pointer
2018-12-17T22:45:12.325804282Z	74	PC: 1a66c \| Reallocate memory
2018-12-17T22:45:12.328681793Z	25	PC: 1a6a3 \| Get default drive
2018-12-17T22:45:12.329979825Z	37	PC: 1a163 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:45:12.33135893Z	37	PC: 1a16a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:12.333631608Z	37	PC: 1a171 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:12.337717803Z	74	PC: 1930c \| Reallocate memory
2018-12-17T22:45:12.339119086Z	72	PC: 1934d \| Allocate memory
2018-12-17T22:45:12.341760338Z	72	PC: 19385 \| Allocate memory
2018-12-17T22:45:12.343765279Z	72	PC: 1938d \| Allocate memory