Sample viewer

vx.netlux.org/Trojan.DOS.Never

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:59:24.510666726Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:59:24.51286535Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:59:24.514267301Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:59:24.515647038Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:24.517500288Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:59:24.518685787Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:24.5197585Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:59:24.521011671Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:59:24.52243192Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:59:24.5234983Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:59:24.524540287Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:59:24.525952493Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:59:24.527132912Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:59:24.528192841Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:59:24.529719441Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:59:24.530748815Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:59:24.531856119Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:59:24.537063755Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:59:24.538133907Z	53	PC: 12cea \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:59:24.539199087Z	37	PC: 12cff \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:59:24.540898653Z	37	PC: 12d07 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:59:24.542467863Z	37	PC: 12d0f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:24.544027309Z	37	PC: 12d17 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:59:24.545947716Z	68	PC: 13534 \| I/O control for devices (Set for = '')
2018-12-17T21:59:24.547653459Z	60	PC: 13518 \| Create or truncate file
2018-12-17T21:59:24.893267715Z	68	PC: 13534 \| I/O control for devices (Set for = '')
2018-12-17T21:59:24.895768704Z	64	PC: 130e3 \| Write file or device (Write 21 bytes on handle 5)
2018-12-17T21:59:24.903891169Z	62	PC: 13122 \| Close file
2018-12-17T21:59:24.913144068Z	60	PC: 133b0 \| Create or truncate file
2018-12-17T21:59:24.924626886Z	64	PC: 13483 \| Write file or device (Write 7 bytes on handle 5)
2018-12-17T21:59:24.929338379Z	62	PC: 13400 \| Close file
2018-12-17T21:59:24.93751872Z	41	PC: 12c4f \| Parse filename
2018-12-17T21:59:24.940302724Z	41	PC: 12c5d \| Parse filename
2018-12-17T21:59:24.942087772Z	75	PC: 12c68 \| Execute program
2018-12-17T21:59:24.949847848Z	64	PC: 13108 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T21:59:24.951957168Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:59:24.965641194Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:59:24.966722429Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:59:24.968638918Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:24.969765454Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:59:24.970818298Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:24.971852096Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:59:24.973889271Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:59:24.975021761Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:59:24.976161128Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:59:24.978543038Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:59:24.979940489Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:59:24.981339142Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:59:24.983072992Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:59:24.984261473Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:59:24.985439989Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:59:24.987671595Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:59:24.988780455Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:59:24.989903826Z	37	PC: 12e41 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:59:24.992331212Z	76	PC: 12e80 \| Terminate with return code (Return code = '0')