Sample viewer

vx.netlux.org/Trojan.DOS.Gasija

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:47.942873503Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:47.944436807Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:47.946963319Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:49:47.948560718Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:47.950219233Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:47.952404404Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:47.95426558Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:47.956028715Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:47.958297937Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:47.960312776Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:47.962998776Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:47.964869771Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:47.966459526Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:47.967868641Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:47.969316809Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:47.970455816Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:47.971507111Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:47.972711571Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:47.974017202Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:49:47.974947158Z 37 PC: 12c4f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:47.975831097Z 37 PC: 12c57 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:47.9771672Z 37 PC: 12c5f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:47.978178623Z 37 PC: 12c67 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:47.979422793Z 68 PC: 134dc | I/O control for devices (Set for = 'N�< t��< t��i u����:�L���\ u�2��-��R u��>��')
2018-12-17T22:49:47.98378799Z 61 PC: 134c0 | Open file (Filename = 'C:\AUTOEXEC.BAT')
2018-12-17T22:49:47.995411539Z 68 PC: 134dc | I/O control for devices (Set for = 'N�< t��< t��i u����:�L���\ u�2��-��R u��>��')
2018-12-17T22:49:47.997418281Z 66 PC: 1352b | Move file pointer
2018-12-17T22:49:48.000983938Z 66 PC: 13542 | Move file pointer
2018-12-17T22:49:48.003871625Z 63 PC: 1354f | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:49:48.00887183Z 64 PC: 13033 | Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:49:48.013225221Z 64 PC: 13033 | Write file or device (Write 40 bytes on handle 5)
2018-12-17T22:49:48.01638866Z 62 PC: 13072 | Close file
2018-12-17T22:49:48.361245363Z 64 PC: 13058 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:49:48.364111588Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:48.367248274Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:48.368917752Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:49:48.371193912Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:48.372858731Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:48.374475222Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:48.376319019Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:48.378619018Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:48.380385237Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:48.382093225Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:48.384869261Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:48.386558617Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:48.388237596Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:48.39093808Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:48.39262728Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:48.394312693Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:48.397096647Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:48.399044487Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:48.400351862Z 37 PC: 12d91 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:49:48.402614Z 76 PC: 12dd0 | Terminate with return code (Return code = '0')