Sample viewer

vx.netlux.org/Trojan.DOS.Erase26.i

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:46.025934255Z	48	PC: 15b82 \| Get DOS version
2018-12-17T23:05:46.028945457Z	74	PC: 15bd2 \| Reallocate memory
2018-12-17T23:05:46.031809171Z	48	PC: 1595e \| Get DOS version
2018-12-17T23:05:46.033376749Z	53	PC: 15966 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:46.035966408Z	37	PC: 15978 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:46.038092787Z	53	PC: 18042 \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:46.039740084Z	37	PC: 18052 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:46.041685692Z	53	PC: 18057 \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:46.044410946Z	37	PC: 18067 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:46.047617536Z	53	PC: 15d96 \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:46.050010485Z	53	PC: 15d96 \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:46.053096828Z	53	PC: 15d96 \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:46.054647905Z	53	PC: 15d96 \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:46.05607031Z	53	PC: 15d96 \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:46.059062326Z	53	PC: 15d96 \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:46.060628741Z	53	PC: 15d96 \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:46.06242618Z	53	PC: 15d96 \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:46.077162579Z	53	PC: 15d96 \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:46.085185765Z	53	PC: 15d96 \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:46.086994406Z	53	PC: 15d96 \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:05:46.090300682Z	37	PC: 15dc5 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:46.092690236Z	37	PC: 15dc5 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:46.094457569Z	37	PC: 15dc5 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:46.096060463Z	37	PC: 15dc5 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:46.09881405Z	37	PC: 15dc5 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:46.100242617Z	37	PC: 15dc5 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:46.102373684Z	37	PC: 15dc5 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:46.106289526Z	37	PC: 15dc5 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:46.109804375Z	37	PC: 15dcc \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:46.111510163Z	37	PC: 15dd1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:46.125522851Z	68	PC: 15a09 \| I/O control for devices (Set for = '�5�!��6�׊��<@u�� v ׀�
2018-12-17T23:05:46.127534533Z	68	PC: 15a09 \| I/O control for devices
2018-12-17T23:05:46.129363342Z	68	PC: 15a09 \| I/O control for devices
2018-12-17T23:05:46.132724872Z	68	PC: 15a09 \| I/O control for devices
2018-12-17T23:05:46.13487254Z	68	PC: 15a09 \| I/O control for devices
2018-12-17T23:05:46.137085622Z	53	PC: 13a92 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:46.139525469Z	53	PC: 13a9f \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:05:46.142233431Z	53	PC: 13aac \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:46.144046651Z	37	PC: 13ac1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:46.145734004Z	37	PC: 13ac9 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:05:46.14940201Z	37	PC: 13ad1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:46.152753011Z	53	PC: 13d1e \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:05:46.155413614Z	53	PC: 13d2b \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:05:46.160587713Z	53	PC: 13d3a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:05:46.163471885Z	37	PC: 13d47 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:05:46.164922513Z	53	PC: 13d4e \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:05:46.167142878Z	37	PC: 13d5b \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:05:46.168602282Z	53	PC: 13d67 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:05:46.172486987Z	48	PC: 13e29 \| Get DOS version
2018-12-17T23:05:46.175383743Z	68	PC: 13a08 \| I/O control for devices (Set for = '')
2018-12-17T23:05:46.176907999Z	68	PC: 13a08 \| I/O control for devices (Set for = '')
2018-12-17T23:05:46.179134856Z	51	PC: 13a26 \| Get or set Ctrl-Break
2018-12-17T23:05:46.180787063Z	51	PC: 13a32 \| Get or set Ctrl-Break
2018-12-17T23:05:46.493028648Z	37	PC: 13ff9 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:05:46.494813253Z	53	PC: 14000 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:05:46.497885379Z	37	PC: 1400d \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:05:46.499381252Z	37	PC: 14018 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T23:05:46.500728305Z	37	PC: 14023 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T23:05:46.502558978Z	51	PC: 13a3d \| Get or set Ctrl-Break
2018-12-17T23:05:46.504480531Z	37	PC: 13cbf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:46.505848232Z	37	PC: 13cc9 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:05:46.511714012Z	37	PC: 13cd3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:46.514620767Z	37	PC: 15de1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:05:46.516296318Z	37	PC: 15de1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:05:46.517990583Z	37	PC: 15de1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:05:46.526021053Z	37	PC: 15de1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:05:46.527838981Z	37	PC: 15de1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:05:46.53762407Z	37	PC: 15de1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:05:46.543572114Z	37	PC: 15de1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:05:46.54543653Z	37	PC: 15de1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:05:46.547169328Z	37	PC: 15de1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:05:46.549083848Z	37	PC: 15de1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:05:46.55139314Z	37	PC: 15de1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:05:46.553380277Z	37	PC: 18076 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:05:46.55537102Z	37	PC: 15aba \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:05:46.557985856Z	76	PC: 15aa3 \| Terminate with return code (Return code = '0')