Sample viewer

vx.netlux.org/Trojan.DOS.Woll

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:27:41.840090666Z 47 PC: 12a4f | Get disk transfer address
2018-12-17T22:27:41.84184754Z 78 PC: 12a58 | Find first file
2018-12-17T22:27:41.845215397Z 78 PC: 12ae3 | Find first file
2018-12-17T22:27:41.848410671Z 53 PC: 12b24 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:27:41.850168404Z 37 PC: 12b34 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:27:41.851566445Z 49 PC: 12b41 | Terminate and stay resident (Return code = '0' | Memory size = '14')
2018-12-17T22:27:41.853220116Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:27:41.854748226Z 72 PC: 12174 | Allocate memory
2018-12-17T22:27:41.857389074Z 72 PC: 1218d | Allocate memory
2018-12-17T22:27:41.859923673Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:27:41.862328281Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:27:41.86429032Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:27:41.865667415Z 62 PC: 122ab | Close file
2018-12-17T22:27:41.867264369Z 47 PC: 12a4f | Get disk transfer address
2018-12-17T22:27:41.873280866Z 78 PC: 12a58 | Find first file