Sample viewer

vx.netlux.org/Trojan.DOS.KillFiles.y

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:20:11.754692288Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:11.75623261Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:20:11.758004136Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:20:11.759570177Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:11.760914241Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:11.76227292Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:11.764041439Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:20:11.770210837Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:20:11.771326273Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:20:11.773955419Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:20:11.775688048Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:20:11.776775648Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:20:11.779372161Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:20:11.780481504Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:20:11.781575408Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:20:11.783580054Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:20:11.784592865Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:20:11.785524811Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:11.787186768Z	53	PC: 12dda \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:20:11.789098764Z	37	PC: 12def \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:20:11.791022641Z	37	PC: 12df7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:20:11.793807343Z	37	PC: 12dff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:11.795930601Z	37	PC: 12e07 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:20:11.798583658Z	68	PC: 137ea \| I/O control for devices (Set for = 'u�O�Q3ɸ')
2018-12-17T22:20:11.800950167Z	25	PC: 134bc \| Get default drive
2018-12-17T22:20:11.802602311Z	71	PC: 134cf \| Get current directory
2018-12-17T22:20:11.80600076Z	48	PC: 1342f \| Get DOS version
2018-12-17T22:20:11.808235234Z	25	PC: 134bc \| Get default drive
2018-12-17T22:20:11.809811242Z	71	PC: 134cf \| Get current directory
2018-12-17T22:20:11.814068251Z	26	PC: 12cd5 \| Set disk transfer address
2018-12-17T22:20:11.815354036Z	78	PC: 12ce1 \| Find first file
2018-12-17T22:20:11.822136433Z	60	PC: 137ce \| Create or truncate file
2018-12-17T22:20:12.837079316Z	68	PC: 137ea \| I/O control for devices (Set for = 'u�O�Q3ɸ')
2018-12-17T22:20:12.839164632Z	64	PC: 131d3 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:20:12.841887001Z	62	PC: 13212 \| Close file
2018-12-17T22:20:12.84981043Z	61	PC: 137ce \| Open file (Filename = 'C:\dos.txt')
2018-12-17T22:20:12.856377442Z	68	PC: 137ea \| I/O control for devices (Set for = 'u�O�Q3ɸ')
2018-12-17T22:20:12.857737421Z	66	PC: 13839 \| Move file pointer
2018-12-17T22:20:12.859304575Z	66	PC: 13850 \| Move file pointer
2018-12-17T22:20:12.860939398Z	63	PC: 1385d \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:20:12.862888266Z	64	PC: 131d3 \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:20:12.865149603Z	62	PC: 13212 \| Close file
2018-12-17T22:20:12.873393049Z	61	PC: 137ce \| Open file (Filename = 'C:\autoexec.bat')
2018-12-17T22:20:12.879890856Z	68	PC: 137ea \| I/O control for devices (Set for = 'u�O�Q3ɸ')
2018-12-17T22:20:12.881823095Z	66	PC: 13839 \| Move file pointer
2018-12-17T22:20:12.884087627Z	66	PC: 13850 \| Move file pointer
2018-12-17T22:20:12.885959008Z	63	PC: 1385d \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T22:20:12.889806768Z	64	PC: 131d3 \| Write file or device (Write 13 bytes on handle 5)
2018-12-17T22:20:12.894299862Z	62	PC: 13212 \| Close file
2018-12-17T22:20:12.901615205Z	53	PC: 12d36 \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T22:20:12.903280346Z	37	PC: 12d52 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T22:20:12.905820784Z	49	PC: 12d6d \| Terminate and stay resident (Return code = '0' \| Memory size = '2894')