Sample viewer

vx.netlux.org/Trojan.DOS.WinCom

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:32.850538771Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:32.865461947Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:01:32.86704378Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:01:32.86853591Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:32.870006809Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:32.873556767Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:32.874922616Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:01:32.876261952Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:01:32.878305499Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:01:32.880304217Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:01:32.882149472Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:01:32.889248933Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:01:32.890875858Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:01:32.892482465Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:01:32.898897037Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:01:32.909374885Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:01:32.911265478Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:01:32.914033644Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:01:32.915722765Z	53	PC: 1332a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:01:32.91741074Z	37	PC: 1333f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:32.919965111Z	37	PC: 13347 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:32.922456851Z	37	PC: 1334f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:32.925720789Z	37	PC: 13357 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:01:32.929050802Z	68	PC: 13b2c \| I/O control for devices (Set for = '��')
2018-12-17T23:01:33.108094747Z	64	PC: 13748 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:01:33.110180792Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:33.111540623Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:01:33.112948866Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:01:33.114121632Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:33.115480815Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:01:33.126527397Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:33.127958313Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:01:33.129514085Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:01:33.132231093Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:01:33.133588708Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:01:33.136278339Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:01:33.138734432Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:01:33.140159698Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:01:33.141549058Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:01:33.143144586Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:01:33.145236371Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:01:33.146658526Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:01:33.148087257Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:01:33.151343653Z	37	PC: 13481 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:01:33.153843577Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.157334124Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.162614209Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.164861145Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.167190339Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.169986984Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.172141225Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.174447137Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.177831263Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.180163047Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.182638228Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.185477557Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.189481813Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.193009413Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.195674173Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.19878166Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.201242744Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.203436799Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.207197543Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.209427549Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.211609004Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.21561579Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.218013963Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.220569774Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.224031402Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.226968269Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.229584271Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.232125657Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.23513575Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.237752048Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.241306623Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.244948148Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.247300094Z	6	PC: 13508 \| Direct console I/O
2018-12-17T23:01:33.25151666Z	76	PC: 134c0 \| Terminate with return code (Return code = '200')