Sample viewer

vx.netlux.org/Trojan.DOS.FormatC.m

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:34.025595025Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:34.027847723Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:10:34.029718792Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:34.031219235Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:34.032753942Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:34.034829487Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:34.036708522Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:10:34.03860532Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:10:34.041156229Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:10:34.044224381Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:10:34.046868154Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:10:34.051272109Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:10:34.053210234Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:10:34.054800967Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:10:34.057235467Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:10:34.05870966Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:10:34.060116176Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:10:34.062024445Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:34.064778526Z	53	PC: 1352a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:10:34.06734815Z	37	PC: 1353f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:34.069662173Z	37	PC: 13547 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:34.072707502Z	37	PC: 1354f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:34.075493342Z	37	PC: 13557 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:34.07929842Z	68	PC: 141be \| I/O control for devices (Set for = '�� ? � �l��=��J��o��')
2018-12-17T23:10:34.155355856Z	37	PC: 12f51 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:34.157946359Z	26	PC: 12e55 \| Set disk transfer address
2018-12-17T23:10:34.159686673Z	78	PC: 12e61 \| Find first file
2018-12-17T23:10:34.177161736Z	48	PC: 13dcf \| Get DOS version
2018-12-17T23:10:34.179482492Z	61	PC: 13c81 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:10:34.188074075Z	60	PC: 13c81 \| Create or truncate file
2018-12-17T23:10:34.531716621Z	63	PC: 13d54 \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:10:34.539401167Z	64	PC: 13d54 \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:10:34.550157111Z	63	PC: 13d54 \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:10:34.558522387Z	64	PC: 13d54 \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:10:34.566844983Z	63	PC: 13d54 \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:10:34.574785601Z	64	PC: 13d54 \| Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:10:34.584309106Z	63	PC: 13d54 \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:10:34.593375291Z	64	PC: 13d54 \| Write file or device (Write 608 bytes on handle 6)
2018-12-17T23:10:34.601914915Z	63	PC: 13d54 \| Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:10:34.604512271Z	62	PC: 13cd1 \| Close file
2018-12-17T23:10:34.608218774Z	62	PC: 13cd1 \| Close file
2018-12-17T23:10:34.618205781Z	60	PC: 141a2 \| Create or truncate file
2018-12-17T23:10:34.632204655Z	68	PC: 141be \| I/O control for devices (Set for = '�J�')
2018-12-17T23:10:34.635557533Z	64	PC: 13923 \| Write file or device (Write 34 bytes on handle 5)
2018-12-17T23:10:34.64758612Z	62	PC: 13962 \| Close file
2018-12-17T23:10:34.659070174Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:10:34.661966993Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:10:34.663532779Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:10:34.664922683Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:34.666320252Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:10:34.668545308Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:34.67009322Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:10:34.671748754Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:10:34.674498306Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:10:34.675900775Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:10:34.677350572Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:10:34.679471101Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:10:34.680849284Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:10:34.682209112Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:10:34.684397558Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:10:34.685816648Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:10:34.68709869Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:10:34.688392634Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:10:34.690420769Z	37	PC: 13681 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:10:34.691964663Z	76	PC: 136c0 \| Terminate with return code (Return code = '0')