Sample viewer

vx.netlux.org/Trojan.DOS.AnDum.d

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:20.061594147Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:20.063080076Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:20.064064878Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:20.064955443Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:20.066301744Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:20.067303063Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:20.068224975Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:20.069409089Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:20.070419899Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:20.071313562Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:20.072401433Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:20.073575442Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:20.074509769Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:20.075425425Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:20.076629231Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:20.077787022Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:20.078984864Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:20.080540629Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:20.081515647Z	53	PC: 12c5a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:20.082440915Z	37	PC: 12c6f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:20.083733871Z	37	PC: 12c77 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:20.084577162Z	37	PC: 12c7f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:20.092642871Z	37	PC: 12c87 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:20.109999295Z	68	PC: 13518 \| I/O control for devices (Set for = '�')
2018-12-17T23:12:20.112248051Z	65	PC: 13469 \| Delete file (Filename = 'c:\windows\win.ini')
2018-12-17T23:12:20.466461378Z	65	PC: 13469 \| Delete file (Filename = 'c:\windows\system.ini')
2018-12-17T23:12:20.474872212Z	65	PC: 13469 \| Delete file (Filename = 'c:\windows\user.dat')
2018-12-17T23:12:20.479853137Z	64	PC: 13078 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:12:20.481577479Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:20.483280321Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:20.484425775Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:20.485447447Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:20.486944548Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:20.488055612Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:20.489065168Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:20.491001437Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:20.492104009Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:20.493079334Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:20.494544186Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:20.49552346Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:20.496466959Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:20.497913441Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:20.499014084Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:20.500076523Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:20.5052085Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:20.507019514Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:20.508489767Z	37	PC: 12db1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:20.510125928Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.513074286Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.51544889Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.518406143Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.520614133Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.522771819Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.525859845Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.528680839Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.530725076Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.532669958Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.535381034Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.537396877Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.539394395Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.542264151Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.544289008Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.546275073Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.549179084Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.551182319Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.553151597Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.556482331Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.558818582Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.56121644Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.564619977Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.566968254Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.569289962Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.572198658Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.574242873Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.576191411Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.579138668Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.581091891Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.583078466Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.586021482Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.587865121Z	6	PC: 12e38 \| Direct console I/O
2018-12-17T23:12:20.59154457Z	76	PC: 12df0 \| Terminate with return code (Return code = '2')