Sample viewer

vx.netlux.org/Trojan.DOS.Zelu

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:03:24.146258255Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:03:24.148024831Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:03:24.149200185Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:03:24.150347694Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:03:24.152821769Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:03:24.154887227Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:03:24.156451824Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:03:24.159338093Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:03:24.160847885Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:03:24.16238916Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:03:24.168452471Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:03:24.17001311Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:03:24.171970175Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:03:24.174223306Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:03:24.176785629Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:03:24.178409887Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:03:24.179928321Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:03:24.181427024Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:03:24.183175384Z	53	PC: 1488a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:03:24.18465395Z	37	PC: 1489f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:03:24.189647954Z	37	PC: 148a7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:03:24.191293553Z	37	PC: 148af \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:03:24.19228707Z	37	PC: 148b7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:03:24.193670848Z	68	PC: 1832c \| I/O control for devices (Set for = '')
2018-12-17T22:03:24.196266785Z	37	PC: 17634 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:03:24.197601305Z	37	PC: 17634 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:03:24.198939031Z	37	PC: 17634 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:03:24.201838833Z	37	PC: 17634 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:03:24.203387508Z	37	PC: 17634 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:03:24.204905263Z	37	PC: 17634 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:03:24.221538857Z	37	PC: 17634 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:03:24.222984354Z	37	PC: 17634 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:03:24.224202511Z	37	PC: 17634 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:03:24.226965781Z	37	PC: 17634 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:03:24.22809176Z	37	PC: 1763b \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:03:24.229151106Z	37	PC: 17642 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:03:24.230813146Z	37	PC: 17649 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:03:24.356234127Z	64	PC: 17a33 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:03:24.358379402Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:03:24.36024338Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:03:24.365616648Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:03:24.366699206Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:03:24.368558965Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:03:24.369767993Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:03:24.370861997Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:03:24.372820755Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:03:24.373979495Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:03:24.375063404Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:03:24.376355445Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:03:24.377919533Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:03:24.378978602Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:03:24.380045135Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:03:24.381920589Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:03:24.382944209Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:03:24.383983363Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:03:24.385883464Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:03:24.387227034Z	37	PC: 149e1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:03:24.388466761Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.391707389Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.393593283Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.395853963Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.398950123Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.400208157Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.401548246Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.403681751Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.404987325Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.40627285Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.408974464Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.410271061Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.411541017Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.415708862Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.41728589Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.41917731Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.421446222Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.423595131Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.425537817Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.427894141Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.429716741Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.431569237Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.433787717Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.435983546Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.437954704Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.441000015Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.443687726Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.44559437Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.448104507Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.450245814Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.452443662Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.455615929Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.457400191Z	6	PC: 14a68 \| Direct console I/O
2018-12-17T22:03:24.459458647Z	76	PC: 14a20 \| Terminate with return code (Return code = '200')