Sample viewer

vx.netlux.org/Trojan.DOS.KillFiles.i

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:18.135492874Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:18.137602943Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:10:18.139964226Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:18.141931868Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:18.14489905Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:18.147314915Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:18.149700573Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:10:18.151392105Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:10:18.153854799Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:10:18.155467292Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:10:18.157041984Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:10:18.159745871Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:10:18.161528805Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:10:18.163195822Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:10:18.165441607Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:10:18.166791697Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:10:18.168131237Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:10:18.169948074Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:18.171660105Z	53	PC: 1322a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:10:18.172978065Z	37	PC: 1323f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:18.174512351Z	37	PC: 13247 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:18.176454695Z	37	PC: 1324f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:18.178085413Z	37	PC: 13257 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:18.180186426Z	68	PC: 138b5 \| I/O control for devices (Set for = '�<(u��')
2018-12-17T23:10:18.227986853Z	37	PC: 12c51 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:18.230231175Z	67	PC: 12ba2 \| Get or set file attributes
2018-12-17T23:10:18.578705419Z	67	PC: 12ba2 \| Get or set file attributes
2018-12-17T23:10:18.581669255Z	60	PC: 13899 \| Create or truncate file
2018-12-17T23:10:18.594277856Z	68	PC: 138b5 \| I/O control for devices (Set for = '�<(u��')
2018-12-17T23:10:18.597322013Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:18.59972868Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:10:18.601203384Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:18.602594632Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:18.604494075Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:18.605922413Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:18.607212269Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:10:18.609295298Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:10:18.610732682Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:10:18.611957115Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:10:18.61442599Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:10:18.615847515Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:10:18.617647922Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:10:18.619344253Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:10:18.622004728Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:10:18.623670943Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:10:18.625286703Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:10:18.627698139Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:18.629347121Z	37	PC: 13381 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:10:18.631016812Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.635612358Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.6379893Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.640168339Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.642693049Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.645463792Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.64819544Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.651044841Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.653860899Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.656296682Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.658680035Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.661870838Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.664239304Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.666409327Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.668928055Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.670860841Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.67349658Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.67766377Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.680527116Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.68284684Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.685898682Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.688548587Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.690865887Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.694026763Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.696158463Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.698239509Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.701129956Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.703622565Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.706124022Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.709666286Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.714427413Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.717261274Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.720701055Z	6	PC: 13408 \| Direct console I/O
2018-12-17T23:10:18.726026644Z	76	PC: 133c0 \| Terminate with return code (Return code = '102')