Sample viewer

vx.netlux.org/Trojan.DOS.Fixob

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:29.657331411Z 48 PC: 173bc | Get DOS version
2018-12-17T22:47:29.659862827Z 74 PC: 1740c | Reallocate memory
2018-12-17T22:47:29.662363665Z 48 PC: 17470 | Get DOS version
2018-12-17T22:47:29.664776207Z 53 PC: 17478 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:29.676356244Z 37 PC: 1748a | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:29.678463793Z 53 PC: 1a0d2 | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:47:29.680340199Z 37 PC: 1a0e2 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:47:29.682266207Z 53 PC: 1a0e7 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:29.691010996Z 37 PC: 1a0f7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:47:29.692719335Z 53 PC: 17e26 | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:47:29.694497386Z 53 PC: 17e26 | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:47:29.696726273Z 53 PC: 17e26 | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:47:29.698117397Z 53 PC: 17e26 | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:47:29.699470659Z 53 PC: 17e26 | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:47:29.710652467Z 53 PC: 17e26 | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:47:29.712317114Z 53 PC: 17e26 | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:47:29.713956705Z 53 PC: 17e26 | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:47:29.716602826Z 53 PC: 17e26 | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:47:29.718586553Z 53 PC: 17e26 | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:47:29.720191538Z 53 PC: 17e26 | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:47:29.722741849Z 37 PC: 17e55 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:47:29.724300347Z 37 PC: 17e55 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:47:29.725598005Z 37 PC: 17e55 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:47:29.728217146Z 37 PC: 17e55 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:47:29.729899627Z 37 PC: 17e55 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:47:29.731475598Z 37 PC: 17e55 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:47:29.73302552Z 37 PC: 17e55 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:47:29.74275072Z 37 PC: 17e55 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:47:29.744381163Z 37 PC: 17e5c | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:47:29.745883426Z 37 PC: 17e61 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:47:29.748190921Z 68 PC: 1751b | I/O control for devices (Set for = '�<u)�\� �u �G�D���L���+ك��������n������\��<uG Y[�PSQW3��؋ȇL��\�A�O���?��E����_Y[X�PSQRW��3ۋ��I')
2018-12-17T22:47:29.750235913Z 68 PC: 1751b | I/O control for devices
2018-12-17T22:47:29.752207688Z 68 PC: 1751b | I/O control for devices (Set for = '')
2018-12-17T22:47:29.754674522Z 68 PC: 1751b | I/O control for devices (Set for = '')
2018-12-17T22:47:29.756516793Z 68 PC: 1751b | I/O control for devices (Set for = '')
2018-12-17T22:47:29.758700365Z 53 PC: 14bb6 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:29.760994976Z 53 PC: 14bc3 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:47:29.762359229Z 53 PC: 14bd0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:29.763776352Z 37 PC: 14be5 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:47:29.766177343Z 37 PC: 14bed | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:47:29.768702777Z 37 PC: 14bf5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:29.773616108Z 53 PC: 15674 | Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:47:29.775135132Z 53 PC: 15681 | Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:47:29.782392486Z 53 PC: 15690 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:47:29.783718788Z 37 PC: 1569d | Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:47:29.785062894Z 53 PC: 156a4 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:47:29.787468583Z 37 PC: 156b1 | Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:47:29.788745512Z 53 PC: 156bd | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:47:29.793357396Z 48 PC: 1577f | Get DOS version
2018-12-17T22:47:29.795305747Z 74 PC: 13611 | Reallocate memory
2018-12-17T22:47:29.797981283Z 74 PC: 13611 | Reallocate memory
2018-12-17T22:47:29.799888136Z 68 PC: 14b2c | I/O control for devices (Set for = '386 c:\windows\system\vnbt.00b')
2018-12-17T22:47:29.802168941Z 68 PC: 14b2c | I/O control for devices (Set for = '')
2018-12-17T22:47:29.804512324Z 51 PC: 14b4a | Get or set Ctrl-Break
2018-12-17T22:47:29.805970604Z 51 PC: 14b56 | Get or set Ctrl-Break
2018-12-17T22:47:29.807902363Z 72 PC: 12cec | Allocate memory
2018-12-17T22:47:29.811433487Z 74 PC: 13611 | Reallocate memory
2018-12-17T22:47:29.813090329Z 72 PC: 12cec | Allocate memory