Sample viewer

vx.netlux.org/Trojan.DOS.DelWin.h

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:13.559656714Z	53	PC: 132da \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:13.560837344Z	53	PC: 132da \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:52:13.562424334Z	53	PC: 132da \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:52:13.563528485Z	53	PC: 132da \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:13.564580251Z	53	PC: 132da \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:13.566782297Z	53	PC: 132da \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:13.567915122Z	53	PC: 132da \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:52:13.56953425Z	53	PC: 132da \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:52:13.572127972Z	53	PC: 132da \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:52:13.573197535Z	53	PC: 132da \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:52:13.574387607Z	53	PC: 132da \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:52:13.576789501Z	53	PC: 132da \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:52:13.57819512Z	53	PC: 132da \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:52:13.579368844Z	53	PC: 132da \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:52:13.581531366Z	53	PC: 132da \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:52:13.583414061Z	53	PC: 132da \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:52:13.584422149Z	53	PC: 132da \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:52:13.586693842Z	53	PC: 132da \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:13.589412499Z	53	PC: 132da \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:52:13.591930701Z	37	PC: 132ef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:13.594258354Z	37	PC: 132f7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:13.596531497Z	37	PC: 132ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:13.59821954Z	37	PC: 13307 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:13.600337032Z	68	PC: 13c97 \| I/O control for devices (Set for = '�3�� tFV��.��Nr��Ї�^t��Zi��')
2018-12-17T22:52:13.697549439Z	37	PC: 12c41 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:52:13.699545046Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:52:14.042283372Z	62	PC: 137ed \| Close file
2018-12-17T22:52:14.055655851Z	14	PC: 139bd \| Set default drive (Drive = 'C')
2018-12-17T22:52:14.057501192Z	25	PC: 139c1 \| Get default drive
2018-12-17T22:52:14.059143283Z	59	PC: 13a2b \| Change current directory
2018-12-17T22:52:14.075449985Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:52:14.077640237Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:52:14.079392319Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:52:14.081396048Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:14.083576888Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:14.084814976Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:14.086011714Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:52:14.08825318Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:52:14.089683509Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:52:14.091165775Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:52:14.093289709Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:52:14.094983252Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:52:14.096653856Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:52:14.099242815Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:52:14.101130429Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:52:14.102794604Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:52:14.105047506Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:52:14.106415537Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:52:14.107826753Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:52:14.109393962Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.112212981Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.114485101Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.116747083Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.120214441Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.123827701Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.126584788Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.130183364Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.133215555Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.135964554Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.139493917Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.142587863Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.145296384Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.148191283Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.15157659Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.15428213Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.15696447Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.160379298Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.163074774Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.165775099Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.169356055Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.172135247Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.17487477Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.178413503Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.180942968Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.183606686Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.186857306Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.189619028Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.192355193Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.195597318Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.197969507Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.200340065Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.204038985Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:52:14.209498344Z	76	PC: 13470 \| Terminate with return code (Return code = '3')