Sample viewer

vx.netlux.org/Trojan.DOS.KillFiles.h

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:45.428268624Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:06:45.429969021Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:06:45.431631597Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:06:45.434173906Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:45.436098294Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:06:45.438033823Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:45.44125071Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:06:45.443067937Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:06:45.445893288Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:06:45.449140012Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:06:45.452395121Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:06:45.454266439Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:06:45.456479851Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:06:45.458077444Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:06:45.460235802Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:06:45.462127598Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:06:45.464710364Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:06:45.466312967Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:06:45.467919538Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:06:45.471701047Z	37	PC: 1320f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:06:45.473146735Z	37	PC: 13217 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:06:45.474536287Z	37	PC: 1321f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:45.477043671Z	37	PC: 13227 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:06:45.480033441Z	68	PC: 136f6 \| I/O control for devices (Set for = '&�')
2018-12-17T23:06:45.581702477Z	37	PC: 12c21 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:06:45.584783729Z	26	PC: 12b27 \| Set disk transfer address
2018-12-17T23:06:45.586617356Z	78	PC: 12b33 \| Find first file
2018-12-17T23:06:45.593821811Z	67	PC: 12af6 \| Get or set file attributes
2018-12-17T23:06:45.601800621Z	65	PC: 13647 \| Delete file (Filename = 's')
2018-12-17T23:06:45.61830023Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:06:45.620109211Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:06:45.622159165Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:06:45.624165627Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:45.625867096Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:06:45.627546453Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:45.630350965Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:06:45.631840465Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:06:45.633329815Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:06:45.636075968Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:06:45.638475729Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:06:45.64021528Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:06:45.642644557Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:06:45.644555048Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:06:45.646382744Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:06:45.648924022Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:06:45.650770563Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:06:45.65257188Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:06:45.654684441Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:06:45.656649806Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.659067942Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.6613756Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.664911638Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.668633164Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.67147615Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.674892433Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.67774233Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.68066762Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.684213145Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.686906098Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.689544708Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.692581938Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.695049006Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.69747642Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.700677528Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.70315236Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.705554216Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.708172588Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.711167398Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.713569033Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.716017356Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.719446412Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.721859429Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.724228673Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.727581897Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.730455489Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.73315265Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.73666863Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.740175553Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.742928178Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.746156808Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.748606624Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T23:06:45.752804776Z	76	PC: 13390 \| Terminate with return code (Return code = '2')