Sample viewer

vx.netlux.org/Trojan.DOS.DelCur

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:06:55.555165756Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:06:55.55788427Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:06:55.55928567Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:06:55.560770244Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:06:55.563155021Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:55.568035941Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:55.569314664Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:06:55.571184695Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:06:55.575731845Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:06:55.577296083Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:06:55.57882479Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:06:55.580891156Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:06:55.58242564Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:06:55.583943729Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:06:55.586514181Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:06:55.58804661Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:06:55.589570388Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:06:55.592150511Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:06:55.594133826Z 53 PC: 12d9a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:06:55.595953042Z 37 PC: 12daf | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:06:55.599188219Z 37 PC: 12db7 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:55.602380896Z 37 PC: 12dbf | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:55.603515687Z 37 PC: 12dc7 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:06:55.605315607Z 68 PC: 135fd | I/O control for devices (Set for = ', &:u�G���p�&�>>�}< w�< t�]�< u��V��&�')
2018-12-17T22:06:55.60766268Z 44 PC: 13734 | Get time 0x13734: mov word ptr [0x3e], cx
0x13738: mov word ptr [0x40], dx
0x1373c: retf
0x1373d: mov di, 0x50
0x13740: push ds
0x13741: pop es
0x13742: mov cx, 0x3ca
0x13745: sub cx, di
0x13747: shr cx, 1
0x13749: xor ax, ax
0x1374b: cld
0x1374c: rep stosd dword ptr es:[di], eax
0x1374e: ret
0x1374f: add byte ptr [bx + si], al
0x13751: add byte ptr [bx + si], al
0x13753: add byte ptr [bx + si], al
0x13755: add byte ptr [bx + si], al
0x13757: add byte ptr [bx + si], al
0x13759: add byte ptr [bp + si - 0x4de9], dh
0x1375d: pop ss
2018-12-17T22:06:55.610224667Z 26 PC: 12ce5 | Set disk transfer address
2018-12-17T22:06:55.611905459Z 78 PC: 12cf1 | Find first file
2018-12-17T22:06:55.623190255Z 64 PC: 131b8 | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:06:55.625309082Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:06:55.626849707Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:06:55.629526273Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:06:55.631073473Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:06:55.632604858Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:55.635389908Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:55.636988706Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:06:55.638624609Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:06:55.641123135Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:06:55.642690392Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:06:55.644155555Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:06:55.646247729Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:06:55.647733438Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:06:55.648890853Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:06:55.65212757Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:06:55.653264647Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:06:55.654569158Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:06:55.656535554Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:06:55.657720946Z 37 PC: 12ef1 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:06:55.658840462Z 76 PC: 12f30 | Terminate with return code (Return code = '0')