Sample viewer

vx.netlux.org/Trojan.DOS.KillFiles.n

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:33.822521863Z 53 PC: 1329a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:33.82419537Z 53 PC: 1329a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:33.825270009Z 53 PC: 1329a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:33.826305353Z 53 PC: 1329a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:33.827946067Z 53 PC: 1329a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:33.828998803Z 53 PC: 1329a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:33.829988093Z 53 PC: 1329a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:33.831442867Z 53 PC: 1329a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:33.832561504Z 53 PC: 1329a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:33.833520749Z 53 PC: 1329a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:33.834894039Z 53 PC: 1329a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:33.836248011Z 53 PC: 1329a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:33.83734525Z 53 PC: 1329a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:33.838850134Z 53 PC: 1329a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:33.840056874Z 53 PC: 1329a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:33.84106171Z 53 PC: 1329a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:33.842265652Z 53 PC: 1329a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:33.843824473Z 53 PC: 1329a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:33.845305849Z 53 PC: 1329a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:33.84651578Z 37 PC: 132af | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:33.847810593Z 37 PC: 132b7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:33.848806737Z 37 PC: 132bf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:33.84972543Z 37 PC: 132c7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:33.85175648Z 68 PC: 13c57 | I/O control for devices (Set for = 'X�r���]=')
2018-12-17T22:58:33.917930681Z 37 PC: 12c01 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:33.919512109Z 14 PC: 1397d | Set default drive (Drive = 'C')
2018-12-17T22:58:33.921423971Z 25 PC: 13981 | Get default drive
2018-12-17T22:58:33.923008653Z 59 PC: 139eb | Change current directory
2018-12-17T22:58:33.932122723Z 26 PC: 131e7 | Set disk transfer address
2018-12-17T22:58:33.933538055Z 78 PC: 131f3 | Find first file
2018-12-17T22:58:33.941782347Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.286696188Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.307831988Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.310268551Z 61 PC: 1375d | Open file (Filename = 'COMM.DRV')
2018-12-17T22:58:34.319632681Z 65 PC: 138a6 | Delete file (Filename = 'COMM.DRV')
2018-12-17T22:58:34.33452419Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.336540595Z 26 PC: 1320b | Set disk transfer address
2018-12-17T22:58:34.337875603Z 79 PC: 13210 | Find next file
2018-12-17T22:58:34.341742087Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.356995055Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.368897293Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.371696839Z 61 PC: 1375d | Open file (Filename = 'KEYBOARD.DRV')
2018-12-17T22:58:34.37845664Z 65 PC: 138a6 | Delete file (Filename = 'KEYBOARD.DRV')
2018-12-17T22:58:34.388674724Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.39072677Z 26 PC: 1320b | Set disk transfer address
2018-12-17T22:58:34.391920129Z 79 PC: 13210 | Find next file
2018-12-17T22:58:34.39516662Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.405165584Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.417386567Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.419249887Z 61 PC: 1375d | Open file (Filename = 'MOUSE.DRV')
2018-12-17T22:58:34.427251226Z 65 PC: 138a6 | Delete file (Filename = 'MOUSE.DRV')
2018-12-17T22:58:34.437365219Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.439221212Z 26 PC: 1320b | Set disk transfer address
2018-12-17T22:58:34.440349744Z 79 PC: 13210 | Find next file
2018-12-17T22:58:34.444675236Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.454680566Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.466480179Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.469362309Z 61 PC: 1375d | Open file (Filename = 'VGA.DRV')
2018-12-17T22:58:34.47664496Z 65 PC: 138a6 | Delete file (Filename = 'VGA.DRV')
2018-12-17T22:58:34.48632275Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.489137833Z 26 PC: 1320b | Set disk transfer address
2018-12-17T22:58:34.490278049Z 79 PC: 13210 | Find next file
2018-12-17T22:58:34.493594062Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.503434115Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.517844265Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.519597574Z 61 PC: 1375d | Open file (Filename = 'MMSOUND.DRV')
2018-12-17T22:58:34.52707445Z 65 PC: 138a6 | Delete file (Filename = 'MMSOUND.DRV')
2018-12-17T22:58:34.536612939Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.538413351Z 26 PC: 1320b | Set disk transfer address
2018-12-17T22:58:34.540079238Z 79 PC: 13210 | Find next file
2018-12-17T22:58:34.546543572Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.561978895Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.571662818Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.574002296Z 61 PC: 1375d | Open file (Filename = 'SYSTEM.DRV')
2018-12-17T22:58:34.58166128Z 65 PC: 138a6 | Delete file (Filename = 'SYSTEM.DRV')
2018-12-17T22:58:34.592392131Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.594185921Z 26 PC: 1320b | Set disk transfer address
2018-12-17T22:58:34.595360784Z 79 PC: 13210 | Find next file
2018-12-17T22:58:34.599173925Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.608641531Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.620263407Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.622362862Z 61 PC: 1375d | Open file (Filename = 'SOUND.DRV')
2018-12-17T22:58:34.62898209Z 65 PC: 138a6 | Delete file (Filename = 'SOUND.DRV')
2018-12-17T22:58:34.63849778Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.641100176Z 26 PC: 1320b | Set disk transfer address
2018-12-17T22:58:34.642041084Z 79 PC: 13210 | Find next file
2018-12-17T22:58:34.646032191Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.655603922Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.668116381Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.670181865Z 61 PC: 1375d | Open file (Filename = 'MCISEQ.DRV')
2018-12-17T22:58:34.677274461Z 65 PC: 138a6 | Delete file (Filename = 'MCISEQ.DRV')
2018-12-17T22:58:34.690802228Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.692520881Z 26 PC: 1320b | Set disk transfer address
2018-12-17T22:58:34.693855565Z 79 PC: 13210 | Find next file
2018-12-17T22:58:34.697172317Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.706716784Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.719433782Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.72239757Z 61 PC: 1375d | Open file (Filename = 'MCIWAVE.DRV')
2018-12-17T22:58:34.729455596Z 65 PC: 138a6 | Delete file (Filename = 'MCIWAVE.DRV')
2018-12-17T22:58:34.741659426Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.745143445Z 26 PC: 1320b | Set disk transfer address
2018-12-17T22:58:34.746569251Z 79 PC: 13210 | Find next file
2018-12-17T22:58:34.750162068Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.759484846Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.767061001Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.769207947Z 61 PC: 1375d | Open file (Filename = 'MIDIMAP.DRV')
2018-12-17T22:58:34.77655144Z 65 PC: 138a6 | Delete file (Filename = 'MIDIMAP.DRV')
2018-12-17T22:58:34.784505123Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.786275558Z 26 PC: 1320b | Set disk transfer address
2018-12-17T22:58:34.787875387Z 79 PC: 13210 | Find next file
2018-12-17T22:58:34.791408683Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.800801022Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.813791495Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.815761281Z 61 PC: 1375d | Open file (Filename = 'TIMER.DRV')
2018-12-17T22:58:34.821891789Z 65 PC: 138a6 | Delete file (Filename = 'TIMER.DRV')
2018-12-17T22:58:34.831778338Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.833566043Z 26 PC: 1320b | Set disk transfer address
2018-12-17T22:58:34.834531359Z 79 PC: 13210 | Find next file
2018-12-17T22:58:34.838231411Z 67 PC: 131b6 | Get or set file attributes
2018-12-17T22:58:34.844666002Z 60 PC: 1375d | Create or truncate file
2018-12-17T22:58:34.854892037Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.857034005Z 61 PC: 1375d | Open file (Filename = 'TIMER.DRV')
2018-12-17T22:58:34.863301176Z 65 PC: 138a6 | Delete file (Filename = 'TIMER.DRV')
2018-12-17T22:58:34.873586003Z 62 PC: 137ad | Close file
2018-12-17T22:58:34.876077193Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:34.877045258Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:58:34.877976553Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:58:34.879719795Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:34.880719297Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:34.881686828Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:34.883076749Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:58:34.884079376Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:58:34.885038583Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:58:34.88654393Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:58:34.887680048Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:58:34.88870217Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:58:34.890271316Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:58:34.891205806Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:58:34.892396773Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:58:34.89366702Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:58:34.894700736Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:58:34.895648204Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:58:34.897153384Z 37 PC: 133f1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:58:34.89811073Z 76 PC: 13430 | Terminate with return code (Return code = '0')