Sample viewer

vx.netlux.org/Trojan.DOS.Shock.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:47:14.671238743Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:14.673686959Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:47:14.674901657Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:47:14.676049903Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:14.677803422Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:14.679180647Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:14.68032912Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:47:14.681492623Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:47:14.683888513Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:47:14.686356079Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:47:14.688413163Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:47:14.690617743Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:47:14.691884108Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:47:14.692979672Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:47:14.694850577Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:47:14.696023217Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:47:14.697151894Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:47:14.698737792Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:14.69991129Z	53	PC: 135ea \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:47:14.701130066Z	37	PC: 135ff \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:14.702768538Z	37	PC: 13607 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:14.703825303Z	37	PC: 1360f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:14.704824974Z	37	PC: 13617 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:14.713075584Z	68	PC: 14261 \| I/O control for devices (Set for = '')
2018-12-17T22:47:14.715043361Z	48	PC: 13e72 \| Get DOS version
2018-12-17T22:47:14.716975327Z	48	PC: 13e72 \| Get DOS version
2018-12-17T22:47:14.721251228Z	61	PC: 13cb0 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:47:14.728121706Z	66	PC: 14402 \| Move file pointer
2018-12-17T22:47:14.729702251Z	66	PC: 14410 \| Move file pointer
2018-12-17T22:47:14.731316117Z	66	PC: 1441e \| Move file pointer
2018-12-17T22:47:14.732736812Z	63	PC: 13d83 \| Read file or device (Read 5714 bytes on handle 5)
2018-12-17T22:47:14.739796241Z	62	PC: 13d00 \| Close file
2018-12-17T22:47:14.741700619Z	44	PC: 14398 \| Get time 0x14398: mov word ptr [0x3e], cx 0x1439c: mov word ptr [0x40], dx 0x143a0: retf 0x143a1: call 0x143e8 0x143a4: jb 0x143b5 0x143a6: mov cx, word ptr es:[di + 4] 0x143aa: cmp cx, 1 0x143ad: je 0x143b5 0x143af: xor bx, bx 0x143b1: push cs 0x143b2: call 0x23f24 0x143b5: retf 4 0x143b8: call 0x143e8 0x143bb: jb 0x143d0 0x143bd: mov ax, cx 0x143bf: mov dx, bx 0x143c1: mov cx, word ptr es:[di + 4] 0x143c5: cmp cx, 1 0x143c8: je 0x143d0 0x143ca: xor bx, bx
2018-12-17T22:47:14.744416632Z	60	PC: 14245 \| Create or truncate file
2018-12-17T22:47:15.095713003Z	68	PC: 14261 \| I/O control for devices (Set for = ';4�4��]��6�UΕ�7%��x�X�L2�,�yhE�9N�?m�H��;��R��Ĭ��\|�m Z��׎y��iAM̈́��Aw�m��d��m�`rj.%�д].��Ao�G5�q�7�Q��atm�Xo�d~Dc��Ob,��Rr��v��!G��8ō��{��2A��/ �8t�:��g"V��Q�4S��w?��Ր8��Ԑ��ѹCF阍u!Zs��')
2018-12-17T22:47:15.098087856Z	64	PC: 139e3 \| Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:47:15.107491598Z	62	PC: 13a22 \| Close file
2018-12-17T22:47:15.11491404Z	60	PC: 13cb0 \| Create or truncate file
2018-12-17T22:47:15.125187921Z	64	PC: 13d83 \| Write file or device (Write 5714 bytes on handle 5)
2018-12-17T22:47:15.134996176Z	62	PC: 13d00 \| Close file
2018-12-17T22:47:15.143304881Z	64	PC: 13a08 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:47:15.145618327Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:15.148683302Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:47:15.150042984Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:47:15.15136036Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:15.154573663Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:15.156201862Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:15.157769082Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:47:15.160324493Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:47:15.16179025Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:47:15.16352422Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:47:15.167021726Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:47:15.168503569Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:47:15.169841261Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:47:15.172584363Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:47:15.174364977Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:47:15.175861Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:47:15.17857646Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:47:15.179656961Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:47:15.181315193Z	37	PC: 13741 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:47:15.183239123Z	76	PC: 13780 \| Terminate with return code (Return code = '0')