Sample viewer

vx.netlux.org/Trojan.DOS.DelWin.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:46:17.257696758Z	48	PC: 12a4c \| Get DOS version
2018-12-17T22:46:17.260224174Z	53	PC: 12bef \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:17.26222929Z	53	PC: 12bfc \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:46:17.264039339Z	53	PC: 12c09 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:46:17.26586067Z	53	PC: 12c16 \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:46:17.268312465Z	37	PC: 12c2a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:17.269745267Z	74	PC: 12af4 \| Reallocate memory
2018-12-17T22:46:17.27194085Z	68	PC: 12f1f \| I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-17T22:46:17.274732513Z	68	PC: 12f1f \| I/O control for devices (Set for = '')
2018-12-17T22:46:17.277620867Z	55	PC: 12eb7 \| Get or set switch character
2018-12-17T22:46:17.280485728Z	41	PC: 1339d \| Parse filename
2018-12-17T22:46:17.283730943Z	41	PC: 133bc \| Parse filename
2018-12-17T22:46:17.288033704Z	75	PC: 133fc \| Execute program
2018-12-17T22:46:17.314579321Z	80	PC: 250c9 \| Set current PSP
2018-12-17T22:46:17.317265045Z	48	PC: 250ce \| Get DOS version
2018-12-17T22:46:17.319082869Z	99	PC: 2b8b0 \| Get DBCS lead byte table pointer
2018-12-17T22:46:17.322276768Z	101	PC: 25154 \| Get extended country info
2018-12-17T22:46:17.324543094Z	99	PC: 2515a \| Get DBCS lead byte table pointer
2018-12-17T22:46:17.326552207Z	74	PC: 251bc \| Reallocate memory
2018-12-17T22:46:17.328610042Z	25	PC: 251f3 \| Get default drive
2018-12-17T22:46:17.330643822Z	37	PC: 24cb3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:46:17.33271973Z	37	PC: 24cba \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:46:17.334424172Z	37	PC: 24cc1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:17.339629358Z	74	PC: 23e5c \| Reallocate memory
2018-12-17T22:46:17.342184958Z	72	PC: 23e9d \| Allocate memory
2018-12-17T22:46:17.344539259Z	72	PC: 23ed5 \| Allocate memory
2018-12-17T22:46:17.346911625Z	72	PC: 23edd \| Allocate memory