Sample viewer

vx.netlux.org/Trojan.DOS.VirHider

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:22.839988733Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:22.842212034Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:29:22.844152997Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:22.846069785Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:22.848947381Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:22.850171417Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:22.851328673Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:29:22.85956392Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:29:22.860821574Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:29:22.861979028Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:29:22.863534671Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:29:22.865019629Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:29:22.866168819Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:29:22.86748094Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:29:22.869077156Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:29:22.870155583Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:29:22.871262795Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:29:22.873864155Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:22.875184749Z	53	PC: 1344a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:29:22.876724496Z	37	PC: 1345f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:22.878293277Z	37	PC: 13467 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:22.87933846Z	37	PC: 1346f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:22.880661945Z	37	PC: 13477 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:22.883425876Z	68	PC: 13e4a \| I/O control for devices (Set for = 't�')
2018-12-17T22:29:22.916156599Z	37	PC: 12e71 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:22.917672063Z	61	PC: 1390d \| Open file (Filename = '0')
2018-12-17T22:29:22.928279211Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:29:22.930695393Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:29:22.931857034Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:29:22.93358763Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:22.934738867Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:29:22.935779463Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:22.937623603Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:29:22.938561684Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:29:22.939542543Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:29:22.941039336Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:29:22.942291292Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:29:22.943358786Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:29:22.944883872Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:29:22.946103231Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:29:22.947213943Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:29:22.949188317Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:29:22.950968401Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:29:22.952072529Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:29:22.959626307Z	37	PC: 135a1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:29:22.96151462Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.96375169Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.967958755Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.970678952Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.972772836Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.975591735Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.978122348Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.980702583Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.983385066Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.986143213Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.98859394Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.992173085Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.994691059Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.997019471Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:22.999475808Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.001941318Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.004510141Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.007029507Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.010332244Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.012982629Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.015756798Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.018384071Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.020729803Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.023054049Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.025724879Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.029034101Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.031887844Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.034955818Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.037454676Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.03970187Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.042763207Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.044718895Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.046554458Z	6	PC: 13628 \| Direct console I/O
2018-12-17T22:29:23.050608103Z	76	PC: 135e0 \| Terminate with return code (Return code = '2')