Sample viewer

vx.netlux.org/Trojan.DOS.Format_d

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:43.383482476Z 74 PC: 12b06 | Reallocate memory
2018-12-17T22:48:43.385360397Z 60 PC: 12b37 | Create or truncate file
2018-12-17T22:48:43.81591271Z 69 PC: 12b55 | Duplicate handle
2018-12-17T22:48:43.818014577Z 70 PC: 12b60 | Redirect handle
2018-12-17T22:48:43.820339925Z 2 PC: 12b6c | Character output (Char = '79')
2018-12-17T22:48:43.825386399Z 2 PC: 12b6c | Character output (Char = '0d')
2018-12-17T22:48:43.828081123Z 2 PC: 12b6c | Character output (Char = '0a')
2018-12-17T22:48:43.831506153Z 70 PC: 12b7f | Redirect handle
2018-12-17T22:48:43.918757784Z 62 PC: 12b86 | Close file
2018-12-17T22:48:43.96526062Z 61 PC: 12b93 | Open file (Filename = 'T@M@P_$2.!!!')
2018-12-17T22:48:43.971683514Z 69 PC: 12b9f | Duplicate handle
2018-12-17T22:48:43.973577326Z 70 PC: 12ba9 | Redirect handle
2018-12-17T22:48:43.975646546Z 60 PC: 12b37 | Create or truncate file
2018-12-17T22:48:43.98050468Z 69 PC: 12b55 | Duplicate handle
2018-12-17T22:48:43.982881936Z 70 PC: 12b60 | Redirect handle
2018-12-17T22:48:43.985013004Z 71 PC: 12c22 | Get current directory
2018-12-17T22:48:43.988093491Z 26 PC: 12e93 | Set disk transfer address
2018-12-17T22:48:43.99002852Z 78 PC: 12e9b | Find first file
2018-12-17T22:48:43.998787788Z 26 PC: 12e93 | Set disk transfer address
2018-12-17T22:48:43.999813774Z 78 PC: 12e9b | Find first file
2018-12-17T22:48:44.010909285Z 26 PC: 12e93 | Set disk transfer address
2018-12-17T22:48:44.011862654Z 78 PC: 12e9b | Find first file
2018-12-17T22:48:44.018705917Z 26 PC: 12e93 | Set disk transfer address
2018-12-17T22:48:44.020051379Z 78 PC: 12e9b | Find first file
2018-12-17T22:48:44.02874898Z 41 PC: 12d7b | Parse filename
2018-12-17T22:48:44.030173623Z 41 PC: 12d83 | Parse filename
2018-12-17T22:48:44.031967027Z 75 PC: 12d9f | Execute program
2018-12-17T22:48:44.054607799Z 98 PC: 176a0 | Get current PSP
2018-12-17T22:48:44.055658818Z 99 PC: 15274 | Get DBCS lead byte table pointer
2018-12-17T22:48:44.057283918Z 68 PC: 1528e | I/O control for devices (Set for = '')
2018-12-17T22:48:44.058676688Z 68 PC: 15299 | I/O control for devices (Set for = '')
2018-12-17T22:48:44.060044591Z 68 PC: 152a4 | I/O control for devices (Set for = '')
2018-12-17T22:48:44.061729758Z 68 PC: 152ac | I/O control for devices (Set for = '�')
2018-12-17T22:48:44.063475161Z 48 PC: 152b1 | Get DOS version
2018-12-17T22:48:44.064854618Z 99 PC: 17658 | Get DBCS lead byte table pointer
2018-12-17T22:48:44.067815684Z 68 PC: 17c53 | I/O control for devices (Set for = '��y')
2018-12-17T22:48:44.069295803Z 68 PC: 1944a | I/O control for devices (Set for = '')
2018-12-17T22:48:44.070683827Z 25 PC: 17b40 | Get default drive
2018-12-17T22:48:44.071522983Z 68 PC: 17b57 | I/O control for devices (Set for = '��y')
2018-12-17T22:48:44.073776024Z 64 PC: 153e6 | Write file or device (Write 27 bytes on handle 2)
2018-12-17T22:48:44.076499215Z 64 PC: 153e6 | Write file or device (Write 2 bytes on handle 2)
2018-12-17T22:48:44.081253963Z 76 PC: 176d0 | Terminate with return code (Return code = '0')
2018-12-17T22:48:44.084544932Z 77 PC: 12db6 | Get program return code
2018-12-17T22:48:44.085543758Z 70 PC: 12b7f | Redirect handle
2018-12-17T22:48:44.087184913Z 62 PC: 12b86 | Close file
2018-12-17T22:48:44.089060715Z 70 PC: 12eb1 | Redirect handle
2018-12-17T22:48:44.090722598Z 62 PC: 12eb8 | Close file
2018-12-17T22:48:44.092224675Z 67 PC: 12ec2 | Get or set file attributes
2018-12-17T22:48:44.778839621Z 65 PC: 12ec6 | Delete file (Filename = 'T@M@P_$2.!!!')
2018-12-17T22:48:45.066818124Z 60 PC: 12b37 | Create or truncate file
2018-12-17T22:48:45.124574648Z 69 PC: 12b55 | Duplicate handle
2018-12-17T22:48:45.130721624Z 70 PC: 12b60 | Redirect handle
2018-12-17T22:48:45.13333454Z 2 PC: 12b6c | Character output (Char = '79')
2018-12-17T22:48:45.137941275Z 2 PC: 12b6c | Character output (Char = '0d')
2018-12-17T22:48:45.142244187Z 2 PC: 12b6c | Character output (Char = '0a')
2018-12-17T22:48:45.146132624Z 70 PC: 12b7f | Redirect handle
2018-12-17T22:48:45.154721595Z 62 PC: 12b86 | Close file
2018-12-17T22:48:45.163506318Z 61 PC: 12b93 | Open file (Filename = 'T@M@P_$1.!!!')
2018-12-17T22:48:45.189738585Z 69 PC: 12b9f | Duplicate handle
2018-12-17T22:48:45.191727002Z 70 PC: 12ba9 | Redirect handle
2018-12-17T22:48:45.194555676Z 60 PC: 12b37 | Create or truncate file
2018-12-17T22:48:45.199851001Z 69 PC: 12b55 | Duplicate handle
2018-12-17T22:48:45.201803275Z 70 PC: 12b60 | Redirect handle
2018-12-17T22:48:45.205101752Z 71 PC: 12c22 | Get current directory
2018-12-17T22:48:45.208576707Z 26 PC: 12e93 | Set disk transfer address
2018-12-17T22:48:45.210732324Z 78 PC: 12e9b | Find first file
2018-12-17T22:48:45.217891066Z 26 PC: 12e93 | Set disk transfer address
2018-12-17T22:48:45.219735859Z 78 PC: 12e9b | Find first file
2018-12-17T22:48:45.225995059Z 26 PC: 12e93 | Set disk transfer address
2018-12-17T22:48:45.228228425Z 78 PC: 12e9b | Find first file
2018-12-17T22:48:45.235034732Z 26 PC: 12e93 | Set disk transfer address
2018-12-17T22:48:45.236322685Z 78 PC: 12e9b | Find first file
2018-12-17T22:48:45.243785331Z 41 PC: 12d7b | Parse filename
2018-12-17T22:48:45.245725316Z 41 PC: 12d83 | Parse filename
2018-12-17T22:48:45.247227995Z 75 PC: 12d9f | Execute program
2018-12-17T22:48:45.262185721Z 98 PC: 176a0 | Get current PSP
2018-12-17T22:48:45.263437462Z 99 PC: 15274 | Get DBCS lead byte table pointer
2018-12-17T22:48:45.264516222Z 68 PC: 1528e | I/O control for devices (Set for = '')
2018-12-17T22:48:45.265807466Z 68 PC: 15299 | I/O control for devices (Set for = '')
2018-12-17T22:48:45.267469443Z 68 PC: 152a4 | I/O control for devices (Set for = '')
2018-12-17T22:48:45.268459861Z 68 PC: 152ac | I/O control for devices (Set for = '�')
2018-12-17T22:48:45.270327103Z 48 PC: 152b1 | Get DOS version
2018-12-17T22:48:45.271912775Z 99 PC: 17658 | Get DBCS lead byte table pointer
2018-12-17T22:48:45.274934773Z 68 PC: 17c53 | I/O control for devices (Set for = '��y')
2018-12-17T22:48:45.277968085Z 68 PC: 1944a | I/O control for devices (Set for = '')
2018-12-17T22:48:45.28014954Z 25 PC: 17b40 | Get default drive
2018-12-17T22:48:45.281913955Z 68 PC: 17b57 | I/O control for devices (Set for = '��y')
2018-12-17T22:48:45.283469973Z 68 PC: 17b7b | I/O control for devices (Set for = '')
2018-12-17T22:48:45.285743652Z 96 PC: 17bb4 | Qualify filename
2018-12-17T22:48:45.288102532Z 37 PC: 17bd6 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:45.289654172Z 74 PC: 17f6e | Reallocate memory
2018-12-17T22:48:45.291412802Z 68 PC: 1944a | I/O control for devices (Set for = '')
2018-12-17T22:48:45.293384072Z 72 PC: 1946e | Allocate memory
2018-12-17T22:48:45.295033592Z 72 PC: 194b1 | Allocate memory
2018-12-17T22:48:45.296830216Z 72 PC: 194cf | Allocate memory
2018-12-17T22:48:45.298451298Z 72 PC: 194ed | Allocate memory
2018-12-17T22:48:45.300099674Z 72 PC: 19502 | Allocate memory
2018-12-17T22:48:45.301925475Z 72 PC: 1951f | Allocate memory
2018-12-17T22:48:45.304615198Z 64 PC: 153e6 | Write file or device (Write 49 bytes on handle 1)
2018-12-17T22:48:45.306621196Z 64 PC: 153b6 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:48:45.30962585Z 64 PC: 153e6 | Write file or device (Write 43 bytes on handle 1)
2018-12-17T22:48:45.311321287Z 12 PC: 189b6 | Flush input buffer and input
2018-12-17T22:48:45.312617463Z 10 PC: 189bd | Buffered keyboard input
2018-12-17T22:48:45.317235873Z 12 PC: 189c2 | Flush input buffer and input
2018-12-17T22:48:45.318538375Z 101 PC: 18994 | Get extended country info
2018-12-17T22:48:45.320219283Z 64 PC: 153e6 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:48:45.322611184Z 64 PC: 153e6 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:48:45.324853826Z 64 PC: 153e6 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:48:45.327201637Z 68 PC: 17f91 | I/O control for devices (Set for = '')
2018-12-17T22:48:45.330271926Z 68 PC: 17f98 | I/O control for devices (Set for = '')
2018-12-17T22:48:45.335560818Z 25 PC: 19324 | Get default drive
2018-12-17T22:48:45.336758347Z 14 PC: 1932b | Set default drive (Drive = 'C')
2018-12-17T22:48:45.339042084Z 17 PC: 19333 | Find first file
2018-12-17T22:48:45.344462814Z 14 PC: 1933c | Set default drive (Drive = 'A')
2018-12-17T22:48:45.345898037Z 47 PC: 19347 | Get disk transfer address
2018-12-17T22:48:45.348105975Z 64 PC: 153e6 | Write file or device (Write 33 bytes on handle 1)
2018-12-17T22:48:45.355972906Z 64 PC: 153e6 | Write file or device (Write 17 bytes on handle 1)
2018-12-17T22:48:45.358217079Z 64 PC: 153e6 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:48:45.361222168Z 64 PC: 153b6 | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:48:45.363875669Z 64 PC: 153e6 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:48:45.366054819Z 64 PC: 153e6 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:48:45.369094449Z 68 PC: 19cf0 | I/O control for devices (Set for = '')
2018-12-17T22:48:45.401184527Z 64 PC: 153e6 | Write file or device (Write 44 bytes on handle 1)
2018-12-17T22:48:45.403041135Z 53 PC: 1849a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:45.404797907Z 37 PC: 184b4 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:45.749775383Z 42 PC: 1905c | Get date 0x1905c: push cx
0x1905d: push dx
0x1905e: mov ah, 0x2c
0x19060: int 0x21
0x19062: mov ax, dx
0x19064: pop dx
0x19065: add ax, dx
0x19067: mov word ptr [0x15f8], ax
0x1906a: mov word ptr [0xfce], ax
0x1906d: mov ax, cx
0x1906f: pop cx
0x19070: add ax, cx
0x19072: mov word ptr [0x15f6], ax
0x19075: mov word ptr [0xfd0], ax
0x19078: ret
0x19079: test word ptr [0xeab], 0x200
0x1907f: je 0x19087
0x19081: call 0x19108
0x19084: jae 0x19087
0x19086: ret
2018-12-17T22:48:45.752288659Z 44 PC: 19062 | Get time 0x19062: mov ax, dx
0x19064: pop dx
0x19065: add ax, dx
0x19067: mov word ptr [0x15f8], ax
0x1906a: mov word ptr [0xfce], ax
0x1906d: mov ax, cx
0x1906f: pop cx
0x19070: add ax, cx
0x19072: mov word ptr [0x15f6], ax
0x19075: mov word ptr [0xfd0], ax
0x19078: ret
0x19079: test word ptr [0xeab], 0x200
0x1907f: je 0x19087
0x19081: call 0x19108
0x19084: jae 0x19087
0x19086: ret
0x19087: test word ptr [0xeab], 0x100
0x1908d: je 0x19094
0x1908f: call 0x19177
0x19092: jb 0x19086
2018-12-17T22:48:45.756287489Z 68 PC: 19043 | I/O control for devices (Set for = '')
2018-12-17T22:48:45.764915399Z 68 PC: 1904b | I/O control for devices (Set for = '')
2018-12-17T22:48:45.799574547Z 68 PC: 19cf0 | I/O control for devices (Set for = '')
2018-12-17T22:48:45.802924182Z 50 PC: 1869d | Get disk parameter block for specified drive
2018-12-17T22:48:45.807495815Z 37 PC: 184cd | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:45.808767633Z 64 PC: 153e6 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:48:45.810787347Z 13 PC: 187c1 | Disk reset
2018-12-17T22:48:45.812002048Z 68 PC: 1931f | I/O control for devices (Set for = '')
2018-12-17T22:48:45.814814523Z 68 PC: 1931f | I/O control for devices (Set for = '')
2018-12-17T22:48:45.819269599Z 64 PC: 153e6 | Write file or device (Write 46 bytes on handle 1)
2018-12-17T22:48:45.820639398Z 12 PC: 17cca | Flush input buffer and input
2018-12-17T22:48:45.821779229Z 10 PC: 17cd1 | Buffered keyboard input