Sample viewer

vx.netlux.org/Trojan.DOS.AnDum.j

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:03.942186743Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:03.943927476Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:03.945903955Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:03.949077341Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:03.954167297Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:03.955926979Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:03.95850817Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:03.960601152Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:03.96233146Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:03.964057727Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:03.966475949Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:03.967933757Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:03.969386092Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:03.990223336Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:03.992081067Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:03.993920957Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:03.996752001Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:03.998590122Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:04.00040567Z	53	PC: 12eea \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:04.003343176Z	37	PC: 12eff \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:04.005165108Z	37	PC: 12f07 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:04.006684628Z	37	PC: 12f0f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:04.012068215Z	37	PC: 12f17 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:04.014602029Z	68	PC: 137a8 \| I/O control for devices (Set for = '')
2018-12-17T23:03:04.016610666Z	65	PC: 136f9 \| Delete file (Filename = 'c:\windows\system.dat')
2018-12-17T23:03:04.029054619Z	64	PC: 13308 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:03:04.032409496Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:04.034121709Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:04.036496433Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:04.038402594Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:04.040064198Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:04.041716143Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:04.043650621Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:04.045308984Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:04.046977643Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:04.049268678Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:04.051024807Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:04.052553993Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:04.055290247Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:04.057155983Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:04.059624942Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:04.062568241Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:04.064754957Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:04.066566616Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:04.06890809Z	37	PC: 13041 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:04.07050098Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.074758816Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.079368004Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.082861675Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.086231348Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.089212674Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.093897745Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.096445649Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.099129211Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.107253677Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.109988843Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.113126738Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.116565279Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.118940369Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.121212531Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.124053265Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.126273077Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.128511806Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.132226452Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.134957963Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.137723595Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.141371727Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.146953164Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.149693506Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.153248169Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.155881168Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.158737545Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.16177479Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.16467846Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.167495343Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.170327502Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.173469392Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.176125589Z	6	PC: 130c8 \| Direct console I/O
2018-12-17T23:03:04.180561684Z	76	PC: 13080 \| Terminate with return code (Return code = '2')