Sample viewer

vx.netlux.org/Trojan.DOS.Seryt.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:36.398754373Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:36.400555529Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:36.402091213Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:36.404064927Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:36.406029814Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:36.407988442Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:36.409409696Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:36.411521073Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:36.413332371Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:36.414921058Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:36.416626138Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:36.418060357Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:36.4197984Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:36.428735937Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:36.43119632Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:36.433610816Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:36.436387969Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:36.438126055Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:36.439592355Z	53	PC: 133ca \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:36.441587656Z	37	PC: 133df \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:36.442963282Z	37	PC: 133e7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:36.444290458Z	37	PC: 133ef \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:36.446030241Z	37	PC: 133f7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:36.447943215Z	68	PC: 13e4e \| I/O control for devices (Set for = 'P�*.P��P�Թ')
2018-12-17T22:54:36.565150029Z	64	PC: 137e8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:54:36.568054838Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:54:36.569745699Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:54:36.571083447Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:54:36.572404827Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:36.574842537Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:54:36.576060331Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:36.577224133Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:54:36.578850839Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:54:36.580039167Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:54:36.58117603Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:54:36.58286195Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:54:36.58407632Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:54:36.585232671Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:54:36.587068655Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:54:36.588640602Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:54:36.589800737Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:54:36.591469119Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:54:36.592535074Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:54:36.593842067Z	37	PC: 13521 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:54:36.595490283Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.597830067Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.599968389Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.602392704Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.604859429Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.607162893Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.609922496Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.612279357Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.614536873Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.61663578Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.62050156Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.623040468Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.625296796Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.627961041Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.6302886Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.632890099Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.635870848Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.638128297Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.640499007Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.646257872Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.648570838Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.650687678Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.654665895Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.657850812Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.660065743Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.663294058Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.665555937Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.667690374Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.670531881Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.672124389Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.673609911Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.675821243Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.677444977Z	6	PC: 135a8 \| Direct console I/O
2018-12-17T22:54:36.681762286Z	76	PC: 13560 \| Terminate with return code (Return code = '200')