Sample viewer

vx.netlux.org/Trojan.DOS.Mp3Kill

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:43.859526854Z	48	PC: 18dfc \| Get DOS version
2018-12-17T22:48:43.861548256Z	74	PC: 18e4c \| Reallocate memory
2018-12-17T22:48:43.864403674Z	48	PC: 18eb0 \| Get DOS version
2018-12-17T22:48:43.865917866Z	53	PC: 18eb8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:43.867410001Z	37	PC: 18eca \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:43.869807125Z	53	PC: 1bb12 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:43.871488161Z	37	PC: 1bb22 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:43.873091409Z	53	PC: 1bb27 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:43.875259883Z	37	PC: 1bb37 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:43.876836777Z	53	PC: 19866 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:43.878450222Z	53	PC: 19866 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:43.881069592Z	53	PC: 19866 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:43.88305093Z	53	PC: 19866 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:43.884632291Z	53	PC: 19866 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:43.886707116Z	53	PC: 19866 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:43.888536532Z	53	PC: 19866 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:43.890183106Z	53	PC: 19866 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:43.892206086Z	53	PC: 19866 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:43.894625374Z	53	PC: 19866 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:43.896257593Z	53	PC: 19866 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:43.898178031Z	37	PC: 19895 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:43.899853033Z	37	PC: 19895 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:43.901202807Z	37	PC: 19895 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:43.902581208Z	37	PC: 19895 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:43.905752906Z	37	PC: 19895 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:43.908011515Z	37	PC: 19895 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:43.910252995Z	37	PC: 19895 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:43.912695947Z	37	PC: 19895 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:43.914833884Z	37	PC: 1989c \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:43.916944612Z	37	PC: 198a1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:43.919976497Z	68	PC: 18f5b \| I/O control for devices (Set for = 'D�u�t�L@<u:��t,��')
2018-12-17T22:48:43.923168532Z	68	PC: 18f5b \| I/O control for devices (Set for = '')
2018-12-17T22:48:43.926350114Z	68	PC: 18f5b \| I/O control for devices (Set for = '')
2018-12-17T22:48:43.929516504Z	68	PC: 18f5b \| I/O control for devices (Set for = '��r"��')
2018-12-17T22:48:43.932150638Z	68	PC: 18f5b \| I/O control for devices (Set for = '��r"��')
2018-12-17T22:48:43.935401537Z	53	PC: 160b8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:43.937235371Z	53	PC: 160c5 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:48:43.938854882Z	53	PC: 160d2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:43.954452204Z	37	PC: 160e7 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:43.955710613Z	37	PC: 160ef \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:48:43.957120647Z	37	PC: 160f7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:43.959089206Z	53	PC: 16b76 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:48:43.960482551Z	53	PC: 16b83 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:48:43.961875981Z	53	PC: 16b92 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:48:43.963536844Z	37	PC: 16b9f \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:48:43.964909594Z	53	PC: 16ba6 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:48:43.966248145Z	37	PC: 16bb3 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:48:43.968448971Z	53	PC: 16bbf \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:48:43.971842094Z	48	PC: 16c81 \| Get DOS version
2018-12-17T22:48:43.973194469Z	74	PC: 14d83 \| Reallocate memory
2018-12-17T22:48:43.974981473Z	74	PC: 14d83 \| Reallocate memory
2018-12-17T22:48:43.976689705Z	68	PC: 1602e \| I/O control for devices (Set for = '��㧨� ��, �� ⠫쭮� �஢�ન ��孮�� ᪠, �� 'Reset'�')
2018-12-17T22:48:43.978043738Z	68	PC: 1602e \| I/O control for devices (Set for = '')
2018-12-17T22:48:43.979467685Z	51	PC: 1604c \| Get or set Ctrl-Break
2018-12-17T22:48:43.980670448Z	51	PC: 16058 \| Get or set Ctrl-Break
2018-12-17T22:48:43.988645174Z	74	PC: 14d83 \| Reallocate memory
2018-12-17T22:48:43.990958797Z	51	PC: 16063 \| Get or set Ctrl-Break
2018-12-17T22:48:43.992235773Z	37	PC: 162e5 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:43.993383597Z	37	PC: 162ef \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:48:43.994531594Z	37	PC: 162f9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:43.996228197Z	53	PC: 147b0 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:48:43.997210772Z	53	PC: 147bd \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:48:43.998523151Z	53	PC: 147ca \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:48:44.000200686Z	37	PC: 147e5 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:48:44.001303955Z	53	PC: 147ed \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:48:44.002484618Z	37	PC: 147fa \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:48:44.004065763Z	53	PC: 14801 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:48:44.005207653Z	37	PC: 1480e \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:48:44.006575117Z	37	PC: 14818 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:48:44.008351118Z	37	PC: 14823 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:48:44.009890296Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:44.011092062Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:44.01331021Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:44.014539472Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:44.015589492Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:44.017381545Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:44.018613677Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:44.019752396Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:44.021420728Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:44.023095808Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:44.025341345Z	37	PC: 198b1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:44.028305877Z	37	PC: 1bb46 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:44.02997425Z	37	PC: 1900c \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:44.032471663Z	41	PC: 18bb1 \| Parse filename
2018-12-17T22:48:44.034615841Z	41	PC: 18bb3 \| Parse filename
2018-12-17T22:48:44.036671741Z	41	PC: 18bb8 \| Parse filename
2018-12-17T22:48:44.03836897Z	75	PC: 18bce \| Execute program
2018-12-17T22:48:44.061724126Z	80	PC: 1ec19 \| Set current PSP
2018-12-17T22:48:44.063787296Z	48	PC: 1ec1e \| Get DOS version
2018-12-17T22:48:44.065457451Z	99	PC: 25400 \| Get DBCS lead byte table pointer
2018-12-17T22:48:44.068094073Z	101	PC: 1eca4 \| Get extended country info
2018-12-17T22:48:44.070037726Z	99	PC: 1ecaa \| Get DBCS lead byte table pointer
2018-12-17T22:48:44.07253733Z	74	PC: 1ed0c \| Reallocate memory
2018-12-17T22:48:44.080958246Z	25	PC: 1ed43 \| Get default drive
2018-12-17T22:48:44.083632754Z	37	PC: 1e803 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:48:44.085512775Z	37	PC: 1e80a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:44.087363677Z	37	PC: 1e811 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:44.092895408Z	74	PC: 1d9ac \| Reallocate memory
2018-12-17T22:48:44.094286666Z	72	PC: 1d9ed \| Allocate memory
2018-12-17T22:48:44.099966426Z	72	PC: 1da25 \| Allocate memory
2018-12-17T22:48:44.110530761Z	72	PC: 1da2d \| Allocate memory