Sample viewer

vx.netlux.org/Trojan.DOS.Elim.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:46:29.71907412Z	48	PC: 17d3c \| Get DOS version
2018-12-17T22:46:29.72084338Z	74	PC: 17d8c \| Reallocate memory
2018-12-17T22:46:29.722977163Z	48	PC: 17df0 \| Get DOS version
2018-12-17T22:46:29.724418285Z	53	PC: 17df8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:29.726758999Z	37	PC: 17e0a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:29.728028233Z	68	PC: 17e9b \| I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:46:29.729400744Z	68	PC: 17e9b \| I/O control for devices
2018-12-17T22:46:29.731727842Z	68	PC: 17e9b \| I/O control for devices
2018-12-17T22:46:29.733319293Z	68	PC: 17e9b \| I/O control for devices
2018-12-17T22:46:29.735011498Z	68	PC: 17e9b \| I/O control for devices
2018-12-17T22:46:29.737702947Z	53	PC: 15a26 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:29.741589708Z	53	PC: 15a33 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:46:29.742762287Z	53	PC: 15a40 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:29.74470631Z	37	PC: 15a55 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:29.745931746Z	37	PC: 15a5d \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:46:29.746971705Z	37	PC: 15a65 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:29.74849572Z	53	PC: 164e4 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:46:29.750360593Z	53	PC: 164f1 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:46:29.751959461Z	53	PC: 16500 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:46:29.753016278Z	37	PC: 1650d \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:46:29.754638088Z	53	PC: 16514 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:46:29.755866005Z	37	PC: 16521 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:46:29.75735271Z	53	PC: 1652d \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:46:29.761583649Z	48	PC: 165ef \| Get DOS version
2018-12-17T22:46:29.762909499Z	74	PC: 146f1 \| Reallocate memory
2018-12-17T22:46:29.764473904Z	74	PC: 146f1 \| Reallocate memory
2018-12-17T22:46:29.766610578Z	68	PC: 1599c \| I/O control for devices (Set for = 'HKMPR:EF8*6COMSPEC=\COMMAND.COM')
2018-12-17T22:46:29.768791819Z	68	PC: 1599c \| I/O control for devices (Set for = '')
2018-12-17T22:46:29.771821124Z	51	PC: 159ba \| Get or set Ctrl-Break
2018-12-17T22:46:29.773501606Z	51	PC: 159c6 \| Get or set Ctrl-Break
2018-12-17T22:46:29.776988161Z	37	PC: 13b01 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:46:29.779909904Z	74	PC: 146f1 \| Reallocate memory
2018-12-17T22:46:29.782623756Z	51	PC: 159d1 \| Get or set Ctrl-Break
2018-12-17T22:46:29.783507372Z	37	PC: 15c53 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:29.784564819Z	37	PC: 15c5d \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:46:29.786475744Z	37	PC: 15c67 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:29.788145094Z	53	PC: 1411e \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:46:29.789261403Z	53	PC: 1412b \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:46:29.791379682Z	53	PC: 14138 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:46:29.792594471Z	37	PC: 14153 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:46:29.793646241Z	53	PC: 1415b \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:46:29.7972737Z	37	PC: 14168 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:46:29.798369908Z	53	PC: 1416f \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:46:29.799467725Z	37	PC: 1417c \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:46:29.801387184Z	37	PC: 14186 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:46:29.802425878Z	37	PC: 14191 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:46:29.803539985Z	37	PC: 17f4c \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:46:29.808364546Z	41	PC: 17c33 \| Parse filename
2018-12-17T22:46:29.811026555Z	41	PC: 17c35 \| Parse filename
2018-12-17T22:46:29.813762833Z	41	PC: 17c3a \| Parse filename
2018-12-17T22:46:29.816067003Z	75	PC: 17c50 \| Execute program
2018-12-17T22:46:29.832070478Z	80	PC: 1aeb9 \| Set current PSP
2018-12-17T22:46:29.832871298Z	48	PC: 1aebe \| Get DOS version
2018-12-17T22:46:29.836862244Z	99	PC: 216a0 \| Get DBCS lead byte table pointer
2018-12-17T22:46:29.838579718Z	101	PC: 1af44 \| Get extended country info
2018-12-17T22:46:29.839484466Z	99	PC: 1af4a \| Get DBCS lead byte table pointer
2018-12-17T22:46:29.841499194Z	74	PC: 1afac \| Reallocate memory
2018-12-17T22:46:29.842867056Z	25	PC: 1afe3 \| Get default drive
2018-12-17T22:46:29.843965546Z	37	PC: 1aaa3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:46:29.845610116Z	37	PC: 1aaaa \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:46:29.846883707Z	37	PC: 1aab1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:29.851062664Z	74	PC: 19c4c \| Reallocate memory
2018-12-17T22:46:29.853039348Z	72	PC: 19c8d \| Allocate memory
2018-12-17T22:46:29.854936313Z	72	PC: 19cc5 \| Allocate memory
2018-12-17T22:46:29.857553183Z	72	PC: 19ccd \| Allocate memory