Sample viewer

vx.netlux.org/Trojan.DOS.Unfort

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:26.651921392Z	48	PC: 19c4c \| Get DOS version
2018-12-17T22:45:26.653923398Z	74	PC: 19c9c \| Reallocate memory
2018-12-17T22:45:26.656038885Z	48	PC: 19d00 \| Get DOS version
2018-12-17T22:45:26.657310851Z	53	PC: 19d08 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:26.659184966Z	37	PC: 19d1a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:26.660905084Z	53	PC: 1c3a2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:45:26.662275876Z	37	PC: 1c3b2 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:45:26.664506029Z	53	PC: 1c3b7 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:26.665711714Z	37	PC: 1c3c7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:45:26.666848374Z	53	PC: 1a0f6 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:45:26.668048705Z	53	PC: 1a0f6 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:45:26.66975649Z	53	PC: 1a0f6 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:45:26.6711475Z	53	PC: 1a0f6 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:45:26.672500795Z	53	PC: 1a0f6 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:45:26.675196962Z	53	PC: 1a0f6 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:45:26.677068388Z	53	PC: 1a0f6 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:45:26.678809584Z	53	PC: 1a0f6 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:45:26.681352455Z	53	PC: 1a0f6 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:45:26.6828096Z	53	PC: 1a0f6 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:45:26.68417105Z	53	PC: 1a0f6 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:45:26.686234162Z	37	PC: 1a125 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:45:26.687860519Z	37	PC: 1a125 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:45:26.689575332Z	37	PC: 1a125 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:45:26.69233164Z	37	PC: 1a125 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:45:26.693766844Z	37	PC: 1a125 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:45:26.695613213Z	37	PC: 1a125 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:45:26.697488707Z	37	PC: 1a125 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:45:26.699180124Z	37	PC: 1a125 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:45:26.700810904Z	37	PC: 1a12c \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:45:26.702958491Z	37	PC: 1a131 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:45:26.706053833Z	68	PC: 19dab \| I/O control for devices (Set for = '0��L3ۀ>�uC�>�u
2018-12-17T22:45:26.708024667Z	68	PC: 19dab \| I/O control for devices (Set for = 'ror during run-time initialization')
2018-12-17T22:45:26.710008553Z	68	PC: 19dab \| I/O control for devices (Set for = '')
2018-12-17T22:45:26.719016433Z	68	PC: 19dab \| I/O control for devices (Set for = '�j��0��')
2018-12-17T22:45:26.725296941Z	68	PC: 19dab \| I/O control for devices (Set for = '�j��0��')
2018-12-17T22:45:26.736009362Z	53	PC: 175a0 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:26.740013245Z	53	PC: 175ad \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:45:26.741602206Z	53	PC: 175ba \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:26.743209884Z	37	PC: 175cf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:45:26.745934714Z	37	PC: 175d7 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:45:26.748843526Z	37	PC: 175df \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:26.750702864Z	53	PC: 1805e \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:45:26.752921779Z	53	PC: 1806b \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:45:26.754316343Z	53	PC: 1807a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:45:26.75571732Z	37	PC: 18087 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:45:26.75746024Z	53	PC: 1808e \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:45:26.75924678Z	37	PC: 1809b \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:45:26.760775343Z	53	PC: 180a7 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:45:26.765867317Z	48	PC: 18169 \| Get DOS version
2018-12-17T22:45:26.767919498Z	68	PC: 17516 \| I/O control for devices (Set for = 'ini')
2018-12-17T22:45:26.769557985Z	68	PC: 17516 \| I/O control for devices (Set for = '')
2018-12-17T22:45:26.771472464Z	51	PC: 17534 \| Get or set Ctrl-Break
2018-12-17T22:45:26.773827929Z	51	PC: 17540 \| Get or set Ctrl-Break
2018-12-17T22:45:26.775426769Z	72	PC: 134b8 \| Allocate memory
2018-12-17T22:45:26.778821704Z	37	PC: 143df \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:45:26.78820604Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:26.789899075Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:26.800634974Z	65	PC: 13243 \| Delete file (Filename = 'C:\WINDOWS\WIN.COM')
2018-12-17T22:45:27.153037735Z	79	PC: 13249 \| Find next file
2018-12-17T22:45:27.158276941Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.160222745Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.168738024Z	65	PC: 13243 \| Delete file (Filename = 'C:\WINDOWS\WIN.INI')
2018-12-17T22:45:27.183341044Z	79	PC: 13249 \| Find next file
2018-12-17T22:45:27.18802221Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.190566677Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.198625278Z	65	PC: 13243 \| Delete file (Filename = 'C:\WINDOWS\SYSTEM.INI')
2018-12-17T22:45:27.226577567Z	79	PC: 13249 \| Find next file
2018-12-17T22:45:27.23185816Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.233912244Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.243838032Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.245316766Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.266682107Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.271162251Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.279509092Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.282449303Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.28717142Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.288873658Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.294445283Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.296569247Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.301263048Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.303795758Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.308743756Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.310356949Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.316761732Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.318698815Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.323261871Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.325069131Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.330272118Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.331774722Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.33623378Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.338141544Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.342605159Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.344123441Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.3473119Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.348373425Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.351025631Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.352577163Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.355988743Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.357660722Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.366245378Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.36788732Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.375942743Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.37805019Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.386386551Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.387543974Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.390758923Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.39182285Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.39447615Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.395970716Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.398537891Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.399485831Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.402928161Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.404174116Z	78	PC: 132cc \| Find first file
2018-12-17T22:45:27.406953431Z	26	PC: 132c5 \| Set disk transfer address
2018-12-17T22:45:27.409227446Z	78	PC: 132cc \| Find first file