Sample viewer

vx.netlux.org/Trojan.DOS.AnDum.k

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:29.319582495Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:29.321240119Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:55:29.322590597Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:55:29.324152446Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:29.326551275Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:55:29.327974297Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:29.329184723Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:55:29.330632215Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:55:29.333541671Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:55:29.335537232Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:55:29.337183593Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:55:29.339163403Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:55:29.340389668Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:55:29.342431481Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:55:29.344445517Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:55:29.345671506Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:55:29.346830607Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:55:29.349007164Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:55:29.350679153Z	53	PC: 12eda \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:55:29.352074392Z	37	PC: 12eef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:29.354019819Z	37	PC: 12ef7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:55:29.355211049Z	37	PC: 12eff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:29.357222359Z	37	PC: 12f07 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:55:29.360365598Z	68	PC: 13798 \| I/O control for devices (Set for = '�G�G;Iڸ')
2018-12-17T22:55:29.36267706Z	65	PC: 136e9 \| Delete file (Filename = 'c:\windows\system.dat')
2018-12-17T22:55:29.373973368Z	64	PC: 132f8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:55:29.376402943Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:29.377693583Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:55:29.37889Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:55:29.380778492Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:29.38222959Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:55:29.38355308Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:29.385676347Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:55:29.386915188Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:55:29.388336348Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:55:29.39005764Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:55:29.391591648Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:55:29.392997695Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:55:29.394923033Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:55:29.396060277Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:55:29.397088753Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:55:29.398809339Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:55:29.402260534Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:55:29.40368168Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:55:29.405254182Z	37	PC: 13031 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:55:29.406940494Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.408996431Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.411319453Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.415207592Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.417435177Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.419628612Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.422207853Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.424056899Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.425959085Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.42810459Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.430214362Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.432384897Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.434701297Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.436549433Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.438432973Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.440827858Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.442865638Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.4448153Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.447032674Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.448900129Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.450757432Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.453095774Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.455133787Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.4573575Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.460789492Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.463017925Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.465310099Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.468400996Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.470687643Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.4729487Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.47565493Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.477687439Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.479538936Z	6	PC: 130b8 \| Direct console I/O
2018-12-17T22:55:29.485034427Z	76	PC: 13070 \| Terminate with return code (Return code = '2')