Sample viewer

vx.netlux.org/Trojan.DOS.Oeminfer.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:16.242435103Z 53 PC: 1350a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:16.243934574Z 53 PC: 1350a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:45:16.245495913Z 53 PC: 1350a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:45:16.246519785Z 53 PC: 1350a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:16.247647444Z 53 PC: 1350a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:16.249587358Z 53 PC: 1350a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:16.251489582Z 53 PC: 1350a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:45:16.258504601Z 53 PC: 1350a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:45:16.260392708Z 53 PC: 1350a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:45:16.262542058Z 53 PC: 1350a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:45:16.2643431Z 53 PC: 1350a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:45:16.277958142Z 53 PC: 1350a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:45:16.279237605Z 53 PC: 1350a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:45:16.280281896Z 53 PC: 1350a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:45:16.28174538Z 53 PC: 1350a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:45:16.28353628Z 53 PC: 1350a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:45:16.284782242Z 53 PC: 1350a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:45:16.286003435Z 53 PC: 1350a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:45:16.287388786Z 53 PC: 1350a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:45:16.28854694Z 37 PC: 1351f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:16.289630348Z 37 PC: 13527 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:16.291494812Z 37 PC: 1352f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:16.292739406Z 37 PC: 13537 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:45:16.294359997Z 68 PC: 13de5 | I/O control for devices (Set for = '��r��3����r��� ��3���p')
2018-12-17T22:45:16.346068124Z 37 PC: 12f31 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:45:16.347891144Z 60 PC: 13c61 | Create or truncate file
2018-12-17T22:45:16.680612868Z 61 PC: 13dc9 | Open file (Filename = 'c:\windows\system\oeminfo.ini')
2018-12-17T22:45:16.689553853Z 68 PC: 13de5 | I/O control for devices (Set for = '��r��3����r��� ��3���p')
2018-12-17T22:45:16.691170656Z 66 PC: 13e34 | Move file pointer
2018-12-17T22:45:16.692858384Z 66 PC: 13e4b | Move file pointer
2018-12-17T22:45:16.695567161Z 63 PC: 13e58 | Read file or device (Read 128 bytes on handle 6)
2018-12-17T22:45:16.698795416Z 64 PC: 13903 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:45:16.708403068Z 64 PC: 13903 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:45:16.713720563Z 64 PC: 13903 | Write file or device (Write 128 bytes on handle 6)
2018-12-17T22:45:16.717642771Z 64 PC: 13903 | Write file or device (Write 86 bytes on handle 6)
2018-12-17T22:45:16.720923704Z 62 PC: 13942 | Close file
2018-12-17T22:45:16.729349445Z 62 PC: 13cb1 | Close file