Sample viewer

vx.netlux.org/Trojan.DOS.Kevin.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:17.911562604Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:17.914042811Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:17.915589646Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:17.917121006Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:17.919930463Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:17.92137699Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:17.922576515Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:57:17.924078777Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:57:17.925821494Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:57:17.926947288Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:57:17.928045999Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:57:17.930539489Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:57:17.93162536Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:57:17.93349371Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:57:17.935140881Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:57:17.93689893Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:57:17.938460576Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:57:17.941277661Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:17.942507226Z	53	PC: 13c4a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:57:17.943737156Z	37	PC: 13c5f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:17.945461934Z	37	PC: 13c67 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:17.946653755Z	37	PC: 13c6f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:17.94794785Z	37	PC: 13c77 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:17.950324997Z	68	PC: 14851 \| I/O control for devices (Set for = '�T��t,��\')
2018-12-17T22:57:18.106402452Z	37	PC: 13621 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:18.108530122Z	61	PC: 143a1 \| Open file (Filename = 'c:.bat')
2018-12-17T22:57:18.115169439Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:57:18.11635233Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:57:18.117545537Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:57:18.119933721Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:18.121475794Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:57:18.12291668Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:18.124565012Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:57:18.126323824Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:57:18.127423872Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:57:18.12855531Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:57:18.130427446Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:57:18.131670364Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:57:18.133056386Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:57:18.137272989Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:57:18.138499762Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:57:18.139617342Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:57:18.142005892Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:57:18.143499512Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:57:18.145191105Z	37	PC: 13da1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:57:18.147917486Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.150142901Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.152152162Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.155020204Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.157122395Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.159617868Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.162929753Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.164988259Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.167005564Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.169557401Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.171804887Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.174234127Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.179619255Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.182084275Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.184322296Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.187397126Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.189367444Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.191507916Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.194103232Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.196705381Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.19915999Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.201847999Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.204166311Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.206675213Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.208765562Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.210886213Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.213224129Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.215670066Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.223300752Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.225551618Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.227827862Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.232135934Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.234038745Z	6	PC: 13e28 \| Direct console I/O
2018-12-17T22:57:18.237593148Z	76	PC: 13de0 \| Terminate with return code (Return code = '2')