Sample viewer

vx.netlux.org/Trojan.DOS.Virlen

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:00.201056517Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:00.202552167Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:00.204742114Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:00.206503921Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:00.208244444Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:00.210521697Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:00.2122005Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:00.213838866Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:00.227143564Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:00.22906319Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:00.230940263Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:00.250253965Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:00.251948645Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:00.253639609Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:00.256189134Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:00.257889446Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:00.25961673Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:00.262943446Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:00.273033136Z	53	PC: 1349a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:00:00.274979701Z	37	PC: 134af \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:00.276913302Z	37	PC: 134b7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:00.279260786Z	37	PC: 134bf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:00.281152973Z	37	PC: 134c7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:00.283269158Z	68	PC: 13d41 \| I/O control for devices (Set for = '�P��2J��$��=�� Ɉ�� ')
2018-12-17T23:00:00.379964203Z	37	PC: 12d81 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:00.38201663Z	61	PC: 13d25 \| Open file (Filename = 'vir.txt')
2018-12-17T23:00:00.389500339Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:00.39155657Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:00:00.392966557Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:00:00.39436244Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:00.39626094Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:00:00.39765075Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:00.398988728Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:00:00.401547717Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:00:00.415244355Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:00:00.416591967Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:00:00.418663578Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:00:00.420052818Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:00:00.421414449Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:00:00.422713002Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:00:00.424864612Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:00:00.42675576Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:00:00.428553175Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:00:00.431229686Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:00:00.432489933Z	37	PC: 135f1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:00:00.433525643Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.436264739Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.438588696Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.440824491Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.444314123Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.447290371Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.45075084Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.453803672Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.458146708Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.461072669Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.463794389Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.466715865Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.469072652Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.471462251Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.474309807Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.476581327Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.479173622Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.482215877Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.484756661Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.487300407Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.490454648Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.493067558Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.495598667Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.49877833Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.501293835Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.503812804Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.507006095Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.509664078Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.512143324Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.515447986Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.518351724Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.520881068Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.523482242Z	6	PC: 13678 \| Direct console I/O
2018-12-17T23:00:00.528499413Z	76	PC: 13630 \| Terminate with return code (Return code = '2')