Sample viewer

vx.netlux.org/Trojan.DOS.DelWin.i

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:54.107494871Z	48	PC: 172ec \| Get DOS version
2018-12-17T23:03:54.111935093Z	74	PC: 1733c \| Reallocate memory
2018-12-17T23:03:54.114084778Z	48	PC: 173a0 \| Get DOS version
2018-12-17T23:03:54.116043723Z	53	PC: 173a8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:54.132052766Z	37	PC: 173ba \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:54.134014Z	53	PC: 1a002 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:54.135665061Z	37	PC: 1a012 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:03:54.137639107Z	53	PC: 1a017 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:54.139450413Z	37	PC: 1a027 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:54.140721726Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:54.143250888Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:54.144548683Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:54.145747584Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:54.147864453Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:54.149138627Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:54.150312487Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:54.153362638Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:54.15465871Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:54.15591454Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:54.158083089Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:03:54.159768353Z	37	PC: 17d85 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:03:54.161589173Z	37	PC: 17d85 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:03:54.16341327Z	37	PC: 17d85 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:03:54.164782788Z	37	PC: 17d85 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:03:54.166201668Z	37	PC: 17d85 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:03:54.167916989Z	37	PC: 17d85 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:03:54.169482866Z	37	PC: 17d85 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:03:54.170571421Z	37	PC: 17d85 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:03:54.171967406Z	37	PC: 17d8c \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:03:54.174096248Z	37	PC: 17d91 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:03:54.175424164Z	68	PC: 1744b \| I/O control for devices (Set for = 'U��u �l�t��OO��')
2018-12-17T23:03:54.176804022Z	68	PC: 1744b \| I/O control for devices
2018-12-17T23:03:54.178364448Z	68	PC: 1744b \| I/O control for devices (Set for = '�� ஫� � �� ᪥ c:\windows\ᮧ�� 1 �祭� �� 䠩� �� sysdump.dll. �� 䠩� �� 襬� Windows,䠩� sysdump.dll ��室�� ஡�� Windows 95 � �� Windows XP. Password: 3')
2018-12-17T23:03:54.179752918Z	68	PC: 1744b \| I/O control for devices (Set for = '�� ᪥ c:\windows\ᮧ�� 1 �祭� �� 䠩� �� sysdump.dll. �� 䠩� �� 襬� Windows,䠩� sysdump.dll ��室�� ஡�� Windows 95 � �� Windows XP. Password: 3')
2018-12-17T23:03:54.18139799Z	68	PC: 1744b \| I/O control for devices (Set for = '�� ᪥ c:\windows\ᮧ�� 1 �祭� �� 䠩� �� sysdump.dll. �� 䠩� �� 襬� Windows,䠩� sysdump.dll ��室�� ஡�� Windows 95 � �� Windows XP. Password: 3')
2018-12-17T23:03:54.184046374Z	53	PC: 14b1c \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:54.186047568Z	53	PC: 14b29 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:03:54.188753773Z	53	PC: 14b36 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:54.190157812Z	37	PC: 14b4b \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:03:54.191352652Z	37	PC: 14b53 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:03:54.192726078Z	37	PC: 14b5b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:54.194615057Z	53	PC: 155da \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:03:54.195670705Z	53	PC: 155e7 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:03:54.197861528Z	53	PC: 155f6 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:03:54.199476059Z	37	PC: 15603 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:03:54.200684914Z	53	PC: 1560a \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:03:54.202390728Z	37	PC: 15617 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:03:54.204108841Z	53	PC: 15623 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:03:54.209069321Z	48	PC: 156e5 \| Get DOS version
2018-12-17T23:03:54.21051225Z	68	PC: 14a92 \| I/O control for devices (Set for = '�� Windows XP. Password: 3')
2018-12-17T23:03:54.212678822Z	68	PC: 14a92 \| I/O control for devices (Set for = '')
2018-12-17T23:03:54.214048792Z	51	PC: 14ab0 \| Get or set Ctrl-Break
2018-12-17T23:03:54.215153397Z	51	PC: 14abc \| Get or set Ctrl-Break