Sample viewer

vx.netlux.org/Trojan.DOS.Off.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:35.566098262Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:35.568352692Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:35.570895853Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:35.572894772Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:35.574943835Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:35.577280799Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:35.578756043Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:35.580049506Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:35.581999593Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:35.583901429Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:35.585820126Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:35.58993284Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:35.59162437Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:35.593279813Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:35.595445275Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:35.600076644Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:35.602416844Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:35.604710256Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:35.612006216Z	53	PC: 1323a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:35.613719618Z	37	PC: 1324f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:35.615266897Z	37	PC: 13257 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:35.624303959Z	37	PC: 1325f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:35.62604899Z	37	PC: 13267 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:35.632836253Z	68	PC: 13956 \| I/O control for devices (Set for = 'E��&�&K&�\|&�>v�u&�v')
2018-12-17T23:12:35.786676687Z	64	PC: 13658 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:12:35.789487973Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:12:35.790814157Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:12:35.793217285Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:12:35.79502245Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:35.796796586Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:12:35.798985382Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:35.800835551Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:12:35.802199135Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:12:35.803533033Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:12:35.805283875Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:12:35.806634294Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:12:35.807959145Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:12:35.810233923Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:12:35.811461571Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:12:35.812669633Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:12:35.815044017Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:12:35.816379118Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:12:35.817620622Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:12:35.820202828Z	37	PC: 13391 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:12:35.821960974Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.824625344Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.828376207Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.831036038Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.833729403Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.836365239Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.839279779Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.841800159Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.844419614Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.847905759Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.850374191Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.852613972Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.85642044Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.858774646Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.861057208Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.867569895Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.86978539Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.872048005Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.875167721Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.87756068Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.879881004Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.883691469Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.885993548Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.888815343Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.891377581Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.894850221Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.897414763Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.90002448Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.903531415Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.905860024Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.908074658Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.911355166Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.913843696Z	6	PC: 13418 \| Direct console I/O
2018-12-17T23:12:35.917645224Z	76	PC: 133d0 \| Terminate with return code (Return code = '200')