Sample viewer

vx.netlux.org/Trojan.DOS.DelWinbootdir

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:17:29.871879354Z 53 PC: 1362a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:17:29.875233207Z 53 PC: 1362a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:17:29.87672826Z 53 PC: 1362a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:17:29.878055602Z 53 PC: 1362a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:29.879816212Z 53 PC: 1362a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:17:29.881498113Z 53 PC: 1362a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:29.883360979Z 53 PC: 1362a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:17:29.884845473Z 53 PC: 1362a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:17:29.887504177Z 53 PC: 1362a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:17:29.888744423Z 53 PC: 1362a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:17:29.890645755Z 53 PC: 1362a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:17:29.901024864Z 53 PC: 1362a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:17:29.902240317Z 53 PC: 1362a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:17:29.903390749Z 53 PC: 1362a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:17:29.905141515Z 53 PC: 1362a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:17:29.906535147Z 53 PC: 1362a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:17:29.907965839Z 53 PC: 1362a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:17:29.910572899Z 53 PC: 1362a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:17:29.912119049Z 53 PC: 1362a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:17:29.913552317Z 37 PC: 1363f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:17:29.915568627Z 37 PC: 13647 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:17:29.920303573Z 37 PC: 1364f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:17:29.922473543Z 37 PC: 13657 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:17:29.926539933Z 68 PC: 13f5d | I/O control for devices (Set for = '������^ÿ��3��a=��t=')
2018-12-17T22:17:30.045506046Z 37 PC: 1304c | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:17:30.046965441Z 44 PC: 14094 | Get time 0x14094: mov word ptr [0x3e], cx
0x14098: mov word ptr [0x40], dx
0x1409c: retf
0x1409d: mov di, 0x52
0x140a0: push ds
0x140a1: pop es
0x140a2: mov cx, 0x4b8
0x140a5: sub cx, di
0x140a7: shr cx, 1
0x140a9: xor ax, ax
0x140ab: cld
0x140ac: rep stosd dword ptr es:[di], eax
0x140ae: ret
0x140af: add byte ptr [bx + si], al
0x140b1: add byte ptr [bx + si], al
0x140b3: add byte ptr [bx + si], al
0x140b5: add byte ptr [bx + si], al
0x140b7: add byte ptr [bx + si], al
0x140b9: add byte ptr [bx + 0x18], dl
0x140bc: push di
2018-12-17T22:17:30.050273408Z 67 PC: 12f86 | Get or set file attributes
2018-12-17T22:17:30.386001617Z 61 PC: 13f41 | Open file (Filename = 'c:\msdos.sys')
2018-12-17T22:17:30.392744792Z 62 PC: 13a62 | Close file
2018-12-17T22:17:30.395973998Z 61 PC: 13f41 | Open file (Filename = 'c:\msdos.sys')
2018-12-17T22:17:30.402582833Z 68 PC: 13f5d | I/O control for devices (Set for = '������^ÿ��3��a=��t=')
2018-12-17T22:17:30.404470638Z 66 PC: 13fac | Move file pointer
2018-12-17T22:17:30.406374691Z 66 PC: 13fc3 | Move file pointer
2018-12-17T22:17:30.408425027Z 63 PC: 13fd0 | Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:17:30.414398877Z 66 PC: 13ff2 | Move file pointer
2018-12-17T22:17:30.416022619Z 64 PC: 13ffa | Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:17:30.42425833Z 64 PC: 13a23 | Write file or device (Write 128 bytes on handle 5)
2018-12-17T22:17:30.42800204Z 64 PC: 13a23 | Write file or device (Write 95 bytes on handle 5)
2018-12-17T22:17:30.430978864Z 62 PC: 13a62 | Close file
2018-12-17T22:17:30.438223122Z 67 PC: 12f86 | Get or set file attributes