Sample viewer

vx.netlux.org/Trojan.DOS.AnDum.f

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:38.36434966Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:38.366334509Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:38.367459997Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:38.368668701Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:38.370494635Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:38.371657815Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:38.373367067Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:38.375548111Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:38.376633681Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:38.378000579Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:38.379491976Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:38.387794144Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:38.389152024Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:38.390472169Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:38.393152818Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:38.394254621Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:38.395299745Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:38.401220947Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:38.403152595Z	53	PC: 12cfa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:38.404976709Z	37	PC: 12d0f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:38.407122465Z	37	PC: 12d17 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:38.408665456Z	37	PC: 12d1f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:38.409995155Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:38.412652998Z	68	PC: 135b8 \| I/O control for devices (Set for = '�5��t �Y��{t��VWPQ�f��c��f��\|')
2018-12-17T23:03:38.414502099Z	65	PC: 13509 \| Delete file (Filename = 'c:\windows\system.dat')
2018-12-17T23:03:38.424611104Z	64	PC: 13118 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:03:38.427252156Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:38.428309301Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:38.429520536Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:38.430906556Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:38.432791337Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:38.434163593Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:38.435720204Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:38.437008726Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:38.438367467Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:38.439670998Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:38.441764217Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:38.443082026Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:38.444394494Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:38.44677154Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:38.448214758Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:38.449628649Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:38.451895977Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:38.452886706Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:03:38.453874537Z	37	PC: 12e51 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:03:38.455466517Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.457472547Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.459614861Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.462983812Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.464951708Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.466910794Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.469429421Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.471368271Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.473224425Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.483544184Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.485601127Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.487768138Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.490421373Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.492422741Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.494347784Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.497147766Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.499225323Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.501416337Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.504150461Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.506041242Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.508362905Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.510938001Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.512817066Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.514854952Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.517629505Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.519853828Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.522230552Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.52500467Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.527066926Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.528941273Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.531042683Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.533194554Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.535161823Z	6	PC: 12ed8 \| Direct console I/O
2018-12-17T23:03:38.540120133Z	76	PC: 12e90 \| Terminate with return code (Return code = '2')