Sample viewer

vx.netlux.org/Trojan.DOS.DelFiles.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:12:12.706785411Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:12:12.708601496Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:12:12.710295125Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:12:12.711457072Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:12:12.714095269Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:12:12.715360383Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:12:12.716697114Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:12:12.718166914Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:12:12.719808645Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:12:12.720870658Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:12:12.721889894Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:12:12.724080466Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:12:12.725174955Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:12:12.726321959Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:12:12.728327558Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:12:12.729367269Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:12:12.730380855Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:12:12.731975873Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:12:12.733133074Z	53	PC: 12f5a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:12:12.73421377Z	37	PC: 12f6f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:12:12.735740383Z	37	PC: 12f77 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:12:12.736863363Z	37	PC: 12f7f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:12:12.737944853Z	37	PC: 12f87 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:12:12.739940289Z	68	PC: 13615 \| I/O control for devices (Set for = '�z�r<:t&��< u �j�r<:t��u��w')
2018-12-17T22:12:12.741987734Z	65	PC: 13566 \| Delete file (Filename = 'c:\command.com')
2018-12-17T22:12:13.086186762Z	65	PC: 13566 \| Delete file (Filename = 'c:\program files\internet explorer\iexplore.exe')
2018-12-17T22:12:13.093453553Z	64	PC: 13378 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:12:13.095465156Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:12:13.096899533Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:12:13.098814816Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:12:13.100269202Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:12:13.101540004Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:12:13.10409012Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:12:13.106119307Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:12:13.10767752Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:12:13.109259854Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:12:13.11132146Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:12:13.112495396Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:12:13.113613536Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:12:13.115791674Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:12:13.116829999Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:12:13.117996002Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:12:13.1199182Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:12:13.120898193Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:12:13.135113857Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:12:13.137462952Z	37	PC: 130b1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:12:13.139333306Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.141735046Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.144369416Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.146765509Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.148981317Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.151325377Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.153846078Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.155958651Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.158081579Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.161111799Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.163118024Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.165101638Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.167542052Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.169217521Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.171155149Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.173565741Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.175433673Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.177287547Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.179627484Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.181459614Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.183404599Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.185909044Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.187366493Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.188684081Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.190445156Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.19177736Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.193139244Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.195690023Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.197254534Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.199526268Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.202063271Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.203806954Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.205325146Z	6	PC: 13138 \| Direct console I/O
2018-12-17T22:12:13.20853713Z	76	PC: 130f0 \| Terminate with return code (Return code = '3')