Sample viewer

vx.netlux.org/Trojan.DOS.SPS.103

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:47:03.041574712Z	44	PC: 12a6e \| Get time 0x12a6e: jne 0x12a72 0x12a70: ror di, 1 0x12a72: cmp byte ptr [bx + si + 0x3d], bh 0x12a75: xor ch, 0x30 0x12a78: or ch, 4 0x12a7b: mov cx, 0x60f 0x12a7f: and cx, word ptr [0x2e0c] 0x12a83: neg cx 0x12a85: xor ch, 0x27 0x12a88: sbb cl, ah 0x12a8a: and cl, byte ptr [bx + si + 0x1a] 0x12a8d: mov cl, byte ptr [bx] 0x12a8f: sub cx, 0x3533 0x12a93: mov ch, byte ptr [bp + di + 0x12] 0x12a96: mov ch, 0x19 0x12a99: add cl, byte ptr [bp + si + 0x2b] 0x12a9c: and cx, ax 0x12a9e: mov ah, 0x2c 0x12aa0: int 0x21 0x12aa2: mov ch, 0x17
2018-12-17T22:47:03.044276698Z	44	PC: 12aa2 \| Get time 0x12aa2: mov ch, 0x17 0x12aa5: sub ch, byte ptr [bx + di + 0x3a] 0x12aa8: ror bp, 1 0x12aaa: and cx, 0x2b1a 0x12aae: add cl, byte ptr [di] 0x12ab0: xor ch, byte ptr [bp + si + 0x2f] 0x12ab3: mov cl, byte ptr [bx + 0x1d02] 0x12ab7: sar di, 1 0x12ab9: or cl, byte ptr [si + 0x1f] 0x12abc: mov bp, 0x1e20 0x12ac0: and ch, byte ptr [di] 0x12ac2: neg ch 0x12ac4: test byte ptr [si + 0xd2d], dl 0x12ac8: or di, 0x2514 0x12acc: sar cx, 1 0x12ace: rcr cx, 1 0x12ad0: cmp dl, byte ptr [si] 0x12ad2: rcr ch, 1 0x12ad4: shr cx, 1 0x12ad6: call 0x12af6
2018-12-17T22:47:03.053749415Z	52	PC: 12a6d \| Get InDOS flag pointer
2018-12-17T22:47:03.054887654Z	81	PC: 12a75 \| Get current PSP
2018-12-17T22:47:03.056516143Z	9	PC: 12b2b \| Display string (String= ' PasswordCracker 1.03 4 Novell Network. (c) 1997 by Psychomancer aka Nice,SPS.')
2018-12-17T22:47:03.062021206Z	9	PC: 12b2b \| Display string (String= ' ')
2018-12-17T22:47:03.064869247Z	37	PC: 12aa8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:03.066134123Z	51	PC: 12e36 \| Get or set Ctrl-Break
2018-12-17T22:47:03.068452609Z	51	PC: 12ec8 \| Get or set Ctrl-Break
2018-12-17T22:47:03.069584796Z	9	PC: 12b2b \| Display string (Could not find end pointer)
2018-12-17T22:47:03.085593905Z	9	PC: 12b2b \| Display string (String= ' ')