Sample viewer

vx.netlux.org/Trojan.DOS.Super

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:06.241366834Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:06.24405475Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:06.245328253Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:06.246604379Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:06.248658307Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:06.249822799Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:06.2508918Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:06.252164014Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:06.25372066Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:06.255155427Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:06.256685425Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:06.259290772Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:06.260396295Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:06.261487469Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:06.263356764Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:06.264428728Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:06.265525942Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:06.277687167Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:06.279165393Z	53	PC: 13bca \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:06.280477162Z	37	PC: 13bdf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:06.286659091Z	37	PC: 13be7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:06.287720599Z	37	PC: 13bef \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:06.288720366Z	37	PC: 13bf7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:06.303717162Z	68	PC: 14529 \| I/O control for devices (Set for = '�(��&��SQR��3ۉ?��E��G�=')
2018-12-17T22:51:06.374751925Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:06.380197354Z	61	PC: 1450d \| Open file (Filename = 'c:\autoexec.bat')
2018-12-17T22:51:06.387259449Z	68	PC: 14529 \| I/O control for devices (Set for = '�(��&��SQR��3ۉ?��E��G�=')
2018-12-17T22:51:06.389024991Z	66	PC: 14578 \| Move file pointer
2018-12-17T22:51:06.390697834Z	66	PC: 1458f \| Move file pointer
2018-12-17T22:51:06.394133646Z	63	PC: 1459c \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:51:06.397602097Z	64	PC: 13fc3 \| Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:51:06.400621143Z	62	PC: 14002 \| Close file
2018-12-17T22:51:06.74529228Z	61	PC: 14290 \| Open file (Filename = 'C:\WINDOWS\COMMAND\super.exe')
2018-12-17T22:51:06.758517855Z	61	PC: 14290 \| Open file (Filename = 'super.exe')
2018-12-17T22:51:06.765758279Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:51:06.7678423Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:51:06.770283235Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:51:06.771524734Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:06.772978634Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:51:06.77489853Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:06.776257184Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:51:06.778610239Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:51:06.786174026Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:51:06.787822549Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:51:06.789218212Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:51:06.791674168Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:51:06.793068323Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:51:06.794374678Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:51:06.79651211Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:51:06.798195817Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:51:06.799584181Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:51:06.801336281Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:51:06.802806938Z	37	PC: 13d21 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:51:06.804148507Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.807633866Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.80987785Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.812081317Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.815406194Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.817752797Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.819915209Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.823193173Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.825308438Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.827441978Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.83976967Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.842102617Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.844367069Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.847969942Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.85036974Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.852688581Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.855146408Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.858112757Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.860445603Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.862761927Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.865892134Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.868505375Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.870792873Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.874281401Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.87656629Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.878900516Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.882122103Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.884407051Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.886677891Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.890026883Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.893244119Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.89573095Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.899166802Z	6	PC: 13da8 \| Direct console I/O
2018-12-17T22:51:06.90299083Z	76	PC: 13d60 \| Terminate with return code (Return code = '2')