Sample viewer

vx.netlux.org/Trojan.DOS.KillFiles.m

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:05:25.398361031Z	48	PC: 12a4c \| Get DOS version
2018-12-17T22:05:25.400468322Z	53	PC: 12bf2 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:25.401850789Z	53	PC: 12bff \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:05:25.403337406Z	53	PC: 12c0c \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:05:25.405365391Z	53	PC: 12c19 \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:05:25.406861396Z	37	PC: 12c2d \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:25.408382052Z	74	PC: 12af7 \| Reallocate memory
2018-12-17T22:05:25.410909588Z	68	PC: 12f79 \| I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-17T22:05:25.413794615Z	68	PC: 12f79 \| I/O control for devices (Set for = '')
2018-12-17T22:05:25.415897008Z	47	PC: 13a75 \| Get disk transfer address
2018-12-17T22:05:25.417235391Z	26	PC: 13a7e \| Set disk transfer address
2018-12-17T22:05:25.427680044Z	78	PC: 13a88 \| Find first file
2018-12-17T22:05:25.433871206Z	26	PC: 13a91 \| Set disk transfer address
2018-12-17T22:05:25.436164961Z	65	PC: 13063 \| Delete file (Filename = '')
2018-12-17T22:05:25.469566922Z	47	PC: 13aa8 \| Get disk transfer address
2018-12-17T22:05:25.471122115Z	26	PC: 13ab1 \| Set disk transfer address
2018-12-17T22:05:25.472482082Z	79	PC: 13ab5 \| Find next file
2018-12-17T22:05:25.476705477Z	26	PC: 13abe \| Set disk transfer address
2018-12-17T22:05:25.478894772Z	65	PC: 13063 \| Delete file (Filename = '')
2018-12-17T22:05:25.495603259Z	47	PC: 13aa8 \| Get disk transfer address
2018-12-17T22:05:25.497505137Z	26	PC: 13ab1 \| Set disk transfer address
2018-12-17T22:05:25.4990615Z	79	PC: 13ab5 \| Find next file
2018-12-17T22:05:25.502046605Z	26	PC: 13abe \| Set disk transfer address
2018-12-17T22:05:25.505003849Z	65	PC: 13063 \| Delete file (Filename = '')
2018-12-17T22:05:25.520221313Z	47	PC: 13aa8 \| Get disk transfer address
2018-12-17T22:05:25.521361877Z	26	PC: 13ab1 \| Set disk transfer address
2018-12-17T22:05:25.525166268Z	79	PC: 13ab5 \| Find next file
2018-12-17T22:05:25.528725143Z	26	PC: 13abe \| Set disk transfer address
2018-12-17T22:05:25.531049281Z	65	PC: 13063 \| Delete file (Filename = '')
2018-12-17T22:05:25.543341605Z	47	PC: 13aa8 \| Get disk transfer address
2018-12-17T22:05:25.545130668Z	26	PC: 13ab1 \| Set disk transfer address
2018-12-17T22:05:25.546133918Z	79	PC: 13ab5 \| Find next file
2018-12-17T22:05:25.553340273Z	26	PC: 13abe \| Set disk transfer address
2018-12-17T22:05:25.555255734Z	65	PC: 13063 \| Delete file (Filename = '')
2018-12-17T22:05:25.566722968Z	47	PC: 13aa8 \| Get disk transfer address
2018-12-17T22:05:25.568939771Z	26	PC: 13ab1 \| Set disk transfer address
2018-12-17T22:05:25.570509283Z	79	PC: 13ab5 \| Find next file
2018-12-17T22:05:25.57360593Z	26	PC: 13abe \| Set disk transfer address
2018-12-17T22:05:25.576778161Z	65	PC: 13063 \| Delete file (Filename = '')
2018-12-17T22:05:25.587988906Z	47	PC: 13aa8 \| Get disk transfer address
2018-12-17T22:05:25.589477008Z	26	PC: 13ab1 \| Set disk transfer address
2018-12-17T22:05:25.591509894Z	79	PC: 13ab5 \| Find next file
2018-12-17T22:05:25.594430487Z	26	PC: 13abe \| Set disk transfer address
2018-12-17T22:05:25.596622875Z	65	PC: 13063 \| Delete file (Filename = '')
2018-12-17T22:05:25.609706156Z	47	PC: 13aa8 \| Get disk transfer address
2018-12-17T22:05:25.610974989Z	26	PC: 13ab1 \| Set disk transfer address
2018-12-17T22:05:25.613102413Z	79	PC: 13ab5 \| Find next file
2018-12-17T22:05:25.620521768Z	26	PC: 13abe \| Set disk transfer address
2018-12-17T22:05:25.623761497Z	65	PC: 13063 \| Delete file (Filename = '')
2018-12-17T22:05:25.65375005Z	47	PC: 13aa8 \| Get disk transfer address
2018-12-17T22:05:25.655179081Z	26	PC: 13ab1 \| Set disk transfer address
2018-12-17T22:05:25.656417954Z	79	PC: 13ab5 \| Find next file
2018-12-17T22:05:25.658976467Z	26	PC: 13abe \| Set disk transfer address
2018-12-17T22:05:25.66123861Z	65	PC: 13063 \| Delete file (Filename = '')
2018-12-17T22:05:25.673345304Z	47	PC: 13aa8 \| Get disk transfer address
2018-12-17T22:05:25.674445355Z	26	PC: 13ab1 \| Set disk transfer address
2018-12-17T22:05:25.675526758Z	79	PC: 13ab5 \| Find next file
2018-12-17T22:05:25.678640386Z	26	PC: 13abe \| Set disk transfer address
2018-12-17T22:05:25.680138512Z	47	PC: 13a75 \| Get disk transfer address
2018-12-17T22:05:25.681254417Z	26	PC: 13a7e \| Set disk transfer address
2018-12-17T22:05:25.683263454Z	78	PC: 13a88 \| Find first file
2018-12-17T22:05:25.689891419Z	26	PC: 13a91 \| Set disk transfer address
2018-12-17T22:05:25.692096368Z	47	PC: 13a75 \| Get disk transfer address
2018-12-17T22:05:25.693923404Z	26	PC: 13a7e \| Set disk transfer address
2018-12-17T22:05:25.694992257Z	78	PC: 13a88 \| Find first file
2018-12-17T22:05:25.700550583Z	26	PC: 13a91 \| Set disk transfer address
2018-12-17T22:05:25.703359599Z	28	PC: 12eee \| Get allocation info for specified drive
2018-12-17T22:05:26.067705337Z	37	PC: 12c39 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:05:26.06930981Z	37	PC: 12c44 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:05:26.072197048Z	37	PC: 12c4f \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:05:26.073728695Z	37	PC: 12c5a \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:05:26.074868379Z	64	PC: 12ce8 \| Write file or device (Write 25 bytes on handle 2)
2018-12-17T22:05:26.080372508Z	76	PC: 12be3 \| Terminate with return code (Return code = '0')