Sample viewer

vx.netlux.org/Trojan.DOS.Zorka

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:23:31.703917355Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:31.707089981Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:23:31.708579447Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:23:31.709859121Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:23:31.711402936Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:31.712575826Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:23:31.713746562Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:23:31.715759229Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:23:31.717098612Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:23:31.718230034Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:23:31.720025926Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:23:31.72163433Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:23:31.72289571Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:23:31.738256038Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:23:31.739717504Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:23:31.740802974Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:23:31.742241584Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:23:31.743965204Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:23:31.745411907Z	53	PC: 132ca \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:23:31.746782591Z	37	PC: 132df \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:31.748227092Z	37	PC: 132e7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:31.749412255Z	37	PC: 132ef \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:23:31.750921593Z	37	PC: 132f7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:23:31.752457941Z	68	PC: 13c10 \| I/O control for devices (Set for = 'K��#%�!��')
2018-12-17T22:23:31.843677466Z	37	PC: 12cf1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:23:31.850407315Z	67	PC: 12c36 \| Get or set file attributes
2018-12-17T22:23:31.856046751Z	65	PC: 13ad9 \| Delete file (Filename = 'c:\bootlog.txt')
2018-12-17T22:23:31.862838829Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:23:31.864954882Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:23:31.867812665Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:23:31.869338837Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:23:31.870820859Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:23:31.873176847Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:23:31.874310151Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:23:31.875438956Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:23:31.878593065Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:23:31.88003828Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:23:31.881482332Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:23:31.886109786Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:23:31.887208925Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:23:31.888243123Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:23:31.895804266Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:23:31.897503142Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:23:31.899121446Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:23:31.901136672Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:23:31.902281022Z	37	PC: 13421 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:23:31.903451404Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.906188946Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.908269252Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.910244657Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.912195208Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.914787821Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.916736038Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.918690314Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.921931516Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.923901145Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.925886073Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.928686762Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.930649188Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.932537612Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.935084465Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.937048293Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.939075559Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.941775844Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.944619245Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.946558891Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.949007514Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.950959779Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.953620631Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.956538957Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.958522175Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.960325236Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.96297877Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.964985109Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.966878072Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.975046082Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.977065657Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.979303335Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.981788997Z	6	PC: 134a8 \| Direct console I/O
2018-12-17T22:23:31.98545956Z	76	PC: 13460 \| Terminate with return code (Return code = '2')