Sample viewer

vx.netlux.org/Trojan.DOS.FormatC.r

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:15:28.951747976Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:15:28.95378286Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:15:28.954893219Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:15:28.955992785Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:15:28.957791657Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:15:28.959102591Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:15:28.960322318Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:15:28.961600899Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:15:28.963233999Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:15:28.964082467Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:15:28.964910375Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:15:28.967357235Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:15:28.968909122Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:15:28.970774309Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:15:28.973144177Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:15:28.974577971Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:15:28.976232397Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:15:28.978251239Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:15:28.986865439Z	53	PC: 131ca \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:15:28.988292366Z	37	PC: 131df \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:15:28.989945379Z	37	PC: 131e7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:15:28.990932831Z	37	PC: 131ef \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:15:28.991913704Z	37	PC: 131f7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:15:28.994402059Z	68	PC: 13c2b \| I/O control for devices (Set for = '�')
2018-12-17T22:15:29.124020389Z	64	PC: 135e8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:15:29.126031178Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:15:29.129004801Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:15:29.130281326Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:15:29.131650716Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:15:29.133694435Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:15:29.135012584Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:15:29.136333993Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:15:29.138575568Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:15:29.139895603Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:15:29.141211625Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:15:29.14293216Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:15:29.144209269Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:15:29.145492841Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:15:29.146989792Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:15:29.148418576Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:15:29.149582354Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:15:29.151254696Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:15:29.152373579Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:15:29.153419857Z	37	PC: 13321 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:15:29.154864546Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.157419772Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.159283016Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.161405714Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.16369167Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.165543319Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.167707816Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.169891768Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.17753641Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.179686496Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.181744957Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.183614423Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.185594141Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.187621838Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.189533011Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.19155055Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.193857518Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.195725018Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.197694897Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.20012728Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.202224263Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.204330547Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.207140173Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.208972605Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.21085311Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.213060033Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.215224252Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.217635399Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.219953216Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.221985176Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.224451763Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.226508523Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.22812083Z	6	PC: 133a8 \| Direct console I/O
2018-12-17T22:15:29.231483109Z	76	PC: 13360 \| Terminate with return code (Return code = '200')