Sample viewer

vx.netlux.org/Trojan.DOS.Adinf-Fake

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:14.537100101Z	48	PC: 17a7c \| Get DOS version
2018-12-17T22:49:14.541578465Z	74	PC: 17acc \| Reallocate memory
2018-12-17T22:49:14.542930293Z	48	PC: 17b30 \| Get DOS version
2018-12-17T22:49:14.544234825Z	53	PC: 17b38 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:14.546088674Z	37	PC: 17b4a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:14.54724189Z	53	PC: 1a1d2 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:14.548136024Z	37	PC: 1a1e2 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:14.549474864Z	53	PC: 1a1e7 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:14.550331776Z	37	PC: 1a1f7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:14.551138181Z	53	PC: 17f26 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:14.552498859Z	53	PC: 17f26 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:14.553391514Z	53	PC: 17f26 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:14.554225138Z	53	PC: 17f26 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:14.56072789Z	53	PC: 17f26 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:14.566737251Z	53	PC: 17f26 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:14.56793154Z	53	PC: 17f26 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:14.569689425Z	53	PC: 17f26 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:14.570664563Z	53	PC: 17f26 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:14.571677622Z	53	PC: 17f26 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:14.573263218Z	53	PC: 17f26 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:14.574241639Z	37	PC: 17f55 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:14.57514377Z	37	PC: 17f55 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:14.576581805Z	37	PC: 17f55 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:14.577474666Z	37	PC: 17f55 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:14.578296209Z	37	PC: 17f55 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:14.579627927Z	37	PC: 17f55 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:14.580416932Z	37	PC: 17f55 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:14.582103492Z	37	PC: 17f55 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:14.584261147Z	37	PC: 17f5c \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:14.585311855Z	37	PC: 17f61 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:14.586498506Z	68	PC: 17bdb \| I/O control for devices (Set for = '�J��u�]�')
2018-12-17T22:49:14.588308565Z	68	PC: 17bdb \| I/O control for devices
2018-12-17T22:49:14.589992609Z	68	PC: 17bdb \| I/O control for devices (Set for = ',�')
2018-12-17T22:49:14.59136081Z	68	PC: 17bdb \| I/O control for devices (Set for = '')
2018-12-17T22:49:14.597357836Z	68	PC: 17bdb \| I/O control for devices (Set for = '')
2018-12-17T22:49:14.599207285Z	53	PC: 15e5c \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:14.600508535Z	53	PC: 15e69 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:49:14.602526177Z	53	PC: 15e76 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:14.604612787Z	37	PC: 15e8b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:14.606768926Z	37	PC: 15e93 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:49:14.608705423Z	37	PC: 15e9b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:14.610065723Z	53	PC: 1691a \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:49:14.611197782Z	53	PC: 16927 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:49:14.612922052Z	53	PC: 16936 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:49:14.614351769Z	37	PC: 16943 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:49:14.615491325Z	53	PC: 1694a \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:49:14.616899016Z	37	PC: 16957 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:49:14.618594775Z	53	PC: 16963 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:49:14.624023089Z	48	PC: 16a25 \| Get DOS version
2018-12-17T22:49:14.62574761Z	74	PC: 148b7 \| Reallocate memory
2018-12-17T22:49:14.627099019Z	74	PC: 148b7 \| Reallocate memory
2018-12-17T22:49:14.62858942Z	68	PC: 15dd2 \| I/O control for devices (Set for = '�� ... ')
2018-12-17T22:49:14.630000144Z	68	PC: 15dd2 \| I/O control for devices (Set for = '')
2018-12-17T22:49:14.631599108Z	51	PC: 15df0 \| Get or set Ctrl-Break
2018-12-17T22:49:14.632282702Z	51	PC: 15dfc \| Get or set Ctrl-Break
2018-12-17T22:49:14.633403634Z	72	PC: 12cba \| Allocate memory
2018-12-17T22:49:14.635534974Z	74	PC: 148b7 \| Reallocate memory
2018-12-17T22:49:14.636764421Z	72	PC: 12cba \| Allocate memory
2018-12-17T22:49:14.63831096Z	37	PC: 13be1 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:49:14.647142416Z	73	PC: 12cba \| Release memory
2018-12-17T22:49:14.649212196Z	74	PC: 148b7 \| Reallocate memory
2018-12-17T22:49:14.651150617Z	51	PC: 15e07 \| Get or set Ctrl-Break
2018-12-17T22:49:14.652183032Z	37	PC: 16089 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:14.653125212Z	37	PC: 16093 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:49:14.654269785Z	37	PC: 1609d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:14.655695571Z	53	PC: 142e4 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:49:14.656694251Z	53	PC: 142f1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:49:14.65769635Z	53	PC: 142fe \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:49:14.658798035Z	37	PC: 14319 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:49:14.659743036Z	53	PC: 14321 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:49:14.660708329Z	37	PC: 1432e \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:49:14.669651837Z	53	PC: 14335 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:49:14.670633673Z	37	PC: 14342 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:49:14.671582218Z	37	PC: 1434c \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:49:14.672681688Z	37	PC: 14357 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:49:14.673590039Z	37	PC: 17f71 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:14.674437095Z	37	PC: 17f71 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:14.675753042Z	37	PC: 17f71 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:14.676556288Z	37	PC: 17f71 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:14.677389055Z	37	PC: 17f71 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:14.679126262Z	37	PC: 17f71 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:14.679849988Z	37	PC: 17f71 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:14.680551337Z	37	PC: 17f71 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:14.681691003Z	37	PC: 17f71 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:14.682460671Z	37	PC: 17f71 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:14.683206003Z	37	PC: 17f71 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:14.6914477Z	37	PC: 1a206 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:14.692269412Z	37	PC: 17c8c \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:14.693557947Z	41	PC: 17973 \| Parse filename
2018-12-17T22:49:14.695003816Z	41	PC: 17975 \| Parse filename
2018-12-17T22:49:14.696102868Z	41	PC: 1797a \| Parse filename
2018-12-17T22:49:14.697377937Z	75	PC: 17990 \| Execute program
2018-12-17T22:49:14.710201849Z	80	PC: 1d3c9 \| Set current PSP
2018-12-17T22:49:14.710825802Z	48	PC: 1d3ce \| Get DOS version
2018-12-17T22:49:14.711841861Z	99	PC: 23bb0 \| Get DBCS lead byte table pointer
2018-12-17T22:49:14.713776318Z	101	PC: 1d454 \| Get extended country info
2018-12-17T22:49:14.714630262Z	99	PC: 1d45a \| Get DBCS lead byte table pointer
2018-12-17T22:49:14.715448343Z	74	PC: 1d4bc \| Reallocate memory
2018-12-17T22:49:14.716881596Z	25	PC: 1d4f3 \| Get default drive
2018-12-17T22:49:14.717708799Z	37	PC: 1cfb3 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:49:14.718449888Z	37	PC: 1cfba \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:14.719636553Z	37	PC: 1cfc1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:14.722232325Z	74	PC: 1c15c \| Reallocate memory
2018-12-17T22:49:14.72314438Z	72	PC: 1c19d \| Allocate memory
2018-12-17T22:49:14.724776014Z	72	PC: 1c1d5 \| Allocate memory
2018-12-17T22:49:14.726107275Z	72	PC: 1c1dd \| Allocate memory