Sample viewer

vx.netlux.org/Trojan.DOS.KillFiles.p

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:32.300011266Z 53 PC: 1333a | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:19:32.301446864Z 53 PC: 1333a | Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:19:32.304242591Z 53 PC: 1333a | Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:19:32.306046276Z 53 PC: 1333a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:32.307826877Z 53 PC: 1333a | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:19:32.31105478Z 53 PC: 1333a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:32.312510725Z 53 PC: 1333a | Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:19:32.313872924Z 53 PC: 1333a | Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:19:32.316269102Z 53 PC: 1333a | Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:19:32.317794806Z 53 PC: 1333a | Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:19:32.319184022Z 53 PC: 1333a | Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:19:32.321361487Z 53 PC: 1333a | Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:19:32.323515455Z 53 PC: 1333a | Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:19:32.325047104Z 53 PC: 1333a | Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:19:32.327110645Z 53 PC: 1333a | Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:19:32.328688675Z 53 PC: 1333a | Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:19:32.330063458Z 53 PC: 1333a | Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:19:32.332485302Z 53 PC: 1333a | Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:19:32.335027029Z 53 PC: 1333a | Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:19:32.33646106Z 37 PC: 1334f | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:19:32.337805106Z 37 PC: 13357 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:19:32.359098981Z 37 PC: 1335f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:32.360818192Z 37 PC: 13367 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:19:32.362814539Z 68 PC: 13e86 | I/O control for devices (Set for = '�� �t��������&�<t<�t���������Lr���')
2018-12-17T22:19:32.474066341Z 37 PC: 12ca1 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:19:32.484237718Z 60 PC: 13a00 | Create or truncate file
2018-12-17T22:19:32.844577171Z 61 PC: 13e6a | Open file (Filename = 'c:\ghost.txt')
2018-12-17T22:19:32.852469887Z 68 PC: 13e86 | I/O control for devices (Set for = '�� �t��������&�<t<�t���������Lr���')
2018-12-17T22:19:32.854011571Z 66 PC: 13ed5 | Move file pointer
2018-12-17T22:19:32.855485654Z 66 PC: 13eec | Move file pointer
2018-12-17T22:19:32.857447272Z 63 PC: 13ef9 | Read file or device (Read 128 bytes on handle 6)
2018-12-17T22:19:32.860630833Z 64 PC: 13733 | Write file or device (Write 82 bytes on handle 6)
2018-12-17T22:19:32.870683234Z 62 PC: 13772 | Close file
2018-12-17T22:19:32.880373692Z 62 PC: 13a50 | Close file
2018-12-17T22:19:32.883649397Z 14 PC: 13bac | Set default drive (Drive = 'C')
2018-12-17T22:19:32.885482679Z 25 PC: 13bb0 | Get default drive
2018-12-17T22:19:32.887211418Z 59 PC: 13c1a | Change current directory
2018-12-17T22:19:32.895408766Z 26 PC: 13287 | Set disk transfer address
2018-12-17T22:19:32.897074798Z 78 PC: 13293 | Find first file
2018-12-17T22:19:32.90726634Z 67 PC: 13256 | Get or set file attributes
2018-12-17T22:19:32.913454893Z 60 PC: 13a00 | Create or truncate file
2018-12-17T22:19:32.921093967Z 37 PC: 13491 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:19:32.922846239Z 37 PC: 13491 | Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:19:32.925479521Z 37 PC: 13491 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:19:32.927666202Z 37 PC: 13491 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:32.929274665Z 37 PC: 13491 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:19:32.931863963Z 37 PC: 13491 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:32.933524134Z 37 PC: 13491 | Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:19:32.935164571Z 37 PC: 13491 | Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:19:32.937034215Z 37 PC: 13491 | Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:19:32.939497124Z 37 PC: 13491 | Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:19:32.941102532Z 37 PC: 13491 | Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:19:32.942714963Z 37 PC: 13491 | Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:19:32.945330181Z 37 PC: 13491 | Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:19:32.946930245Z 37 PC: 13491 | Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:19:32.948523369Z 37 PC: 13491 | Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:19:32.950828847Z 37 PC: 13491 | Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:19:32.95249011Z 37 PC: 13491 | Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:19:32.954110261Z 37 PC: 13491 | Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:19:32.956750936Z 37 PC: 13491 | Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:19:32.958449058Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.962009421Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.965547515Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.968571383Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.970904219Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.973723909Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.976749437Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.979015131Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.981365848Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.984319203Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.986678565Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.989041252Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.991890847Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.994579887Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:32.997348893Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.001515835Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.004488933Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.006933022Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.011021577Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.013957037Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.017962622Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.021806881Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.024251149Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.026725122Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.029776914Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.033430707Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.03598633Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.042619858Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.047923022Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.05139582Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.054312821Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.057399168Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.059845669Z 6 PC: 13518 | Direct console I/O
2018-12-17T22:19:33.063955973Z 76 PC: 134d0 | Terminate with return code (Return code = '5')