Sample viewer

vx.netlux.org/Trojan.DOS.EraseFiles

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:33.346092463Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:33.349718932Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:33.351612032Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:33.353216438Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:33.357270231Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:33.359595934Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:33.361416498Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:33.363168151Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:33.365696776Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:33.367467646Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:33.369162853Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:33.371731965Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:33.373371117Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:33.375052308Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:33.377583928Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:33.379159821Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:33.381017274Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:05:33.3840197Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:33.385447264Z	53	PC: 1361e \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:05:33.386906037Z	37	PC: 13633 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:33.389315047Z	37	PC: 1363a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:33.390974707Z	37	PC: 13641 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:33.392634739Z	37	PC: 13648 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:05:33.395000939Z	68	PC: 13949 \| I/O control for devices (Set for = 'Ȫ��C�')
2018-12-17T23:05:33.544482349Z	37	PC: 12f49 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:05:33.548655205Z	26	PC: 13539 \| Set disk transfer address
2018-12-17T23:05:33.549719677Z	78	PC: 13545 \| Find first file
2018-12-17T23:05:33.554216683Z	26	PC: 13539 \| Set disk transfer address
2018-12-17T23:05:33.555276927Z	78	PC: 13545 \| Find first file
2018-12-17T23:05:33.560398557Z	67	PC: 13506 \| Get or set file attributes
2018-12-17T23:05:33.574627192Z	65	PC: 13fce \| Delete file (Filename = '\SLEEP.COM')
2018-12-17T23:05:33.586989357Z	26	PC: 1355f \| Set disk transfer address
2018-12-17T23:05:33.589116858Z	79	PC: 13564 \| Find next file
2018-12-17T23:05:33.594203323Z	67	PC: 13506 \| Get or set file attributes
2018-12-17T23:05:33.604042914Z	65	PC: 13fce \| Delete file (Filename = '\PRINT.S')
2018-12-17T23:05:33.614978056Z	26	PC: 1355f \| Set disk transfer address
2018-12-17T23:05:33.617565752Z	79	PC: 13564 \| Find next file
2018-12-17T23:05:33.621459755Z	67	PC: 13506 \| Get or set file attributes
2018-12-17T23:05:33.632527516Z	65	PC: 13fce \| Delete file (Filename = '\PRINT.COM')
2018-12-17T23:05:33.645216797Z	26	PC: 1355f \| Set disk transfer address
2018-12-17T23:05:33.646578427Z	79	PC: 13564 \| Find next file
2018-12-17T23:05:33.652841383Z	67	PC: 13506 \| Get or set file attributes
2018-12-17T23:05:33.669759476Z	65	PC: 13fce \| Delete file (Filename = '\HELLO.COM')
2018-12-17T23:05:33.680487208Z	26	PC: 1355f \| Set disk transfer address
2018-12-17T23:05:33.68305674Z	79	PC: 13564 \| Find next file
2018-12-17T23:05:33.686489695Z	67	PC: 13506 \| Get or set file attributes
2018-12-17T23:05:33.696165499Z	65	PC: 13fce \| Delete file (Filename = '\PHANG.COM')
2018-12-17T23:05:33.707171734Z	26	PC: 1355f \| Set disk transfer address
2018-12-17T23:05:33.708361021Z	79	PC: 13564 \| Find next file
2018-12-17T23:05:33.711908472Z	67	PC: 13506 \| Get or set file attributes
2018-12-17T23:05:33.720040983Z	65	PC: 13fce \| Delete file (Filename = '\PRINTA~1.COM')
2018-12-17T23:05:33.731881598Z	26	PC: 1355f \| Set disk transfer address
2018-12-17T23:05:33.734942093Z	79	PC: 13564 \| Find next file
2018-12-17T23:05:33.739082759Z	67	PC: 13506 \| Get or set file attributes
2018-12-17T23:05:33.749807125Z	65	PC: 13fce \| Delete file (Filename = '\MANDEL.COM')
2018-12-17T23:05:33.762883684Z	26	PC: 1355f \| Set disk transfer address
2018-12-17T23:05:33.764134386Z	79	PC: 13564 \| Find next file
2018-12-17T23:05:33.767565597Z	67	PC: 13506 \| Get or set file attributes
2018-12-17T23:05:33.778987014Z	65	PC: 13fce \| Delete file (Filename = '\PAH.COM')
2018-12-17T23:05:33.791012726Z	26	PC: 1355f \| Set disk transfer address
2018-12-17T23:05:33.792284798Z	79	PC: 13564 \| Find next file
2018-12-17T23:05:33.796818593Z	67	PC: 13506 \| Get or set file attributes
2018-12-17T23:05:33.808160701Z	65	PC: 13fce \| Delete file (Filename = '\TEST.EXE')
2018-12-17T23:05:33.820505353Z	26	PC: 1355f \| Set disk transfer address
2018-12-17T23:05:33.82170553Z	79	PC: 13564 \| Find next file