Sample viewer

vx.netlux.org/Trojan.DOS.MkDirs.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:01:06.671128136Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:01:06.673386268Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:01:06.674905979Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:01:06.676556064Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:06.679429563Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:01:06.680755683Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:06.681858403Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:01:06.683373724Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:01:06.684606398Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:01:06.686057085Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:01:06.68802138Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:01:06.68935727Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:01:06.690522272Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:01:06.692449113Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:01:06.698658125Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:01:06.703394297Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:01:06.705969649Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:01:06.707197946Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:01:06.708342574Z	53	PC: 137fa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:01:06.71042033Z	37	PC: 1380f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:01:06.711534439Z	37	PC: 13817 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:01:06.712531553Z	37	PC: 1381f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:06.713801964Z	37	PC: 13827 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:01:06.716444913Z	68	PC: 142a3 \| I/O control for devices (Set for = '��$��Ëء��q��&n��ы��8')
2018-12-17T22:01:06.848404628Z	64	PC: 13c18 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:01:06.850081108Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:01:06.851935165Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:01:06.853088745Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:01:06.854266219Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:06.856692725Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:01:06.857860368Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:01:06.858921709Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:01:06.860884684Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:01:06.862587358Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:01:06.864172962Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:01:06.867382951Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:01:06.868699488Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:01:06.870678851Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:01:06.872646528Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:01:06.873770725Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:01:06.874815306Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:01:06.876848578Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:01:06.877952209Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:01:06.879000428Z	37	PC: 13951 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:01:06.881030086Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.883005448Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.884970185Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.888103272Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.889988128Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.891808458Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.895470093Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.90270324Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.91209812Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.917318345Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.922667363Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.927929171Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.941916178Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.945139473Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.947231154Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.949533252Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.952637749Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.957805119Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.960321686Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.973561154Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.979269194Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.981427995Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.992187656Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.994505625Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.996767021Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:06.99919942Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:07.00145603Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:07.003809276Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:07.007662296Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:07.009310314Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:07.011408158Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:07.014417696Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:07.016195675Z	6	PC: 139d8 \| Direct console I/O
2018-12-17T22:01:07.019500083Z	76	PC: 13990 \| Terminate with return code (Return code = '200')