Sample viewer

vx.netlux.org/Trojan.DOS.Loader.Tef

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:02.893274345Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:02.894856781Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:30:02.896566713Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:02.897948175Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:02.899441254Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:02.900914803Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:02.902358036Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:30:02.903573018Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:30:02.905852809Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:30:02.907077499Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:30:02.908283348Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:30:02.909929436Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:30:02.911046584Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:30:02.912065897Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:30:02.913424625Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:30:02.914431185Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:30:02.915306758Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:30:02.916890959Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:30:02.917775725Z	53	PC: 13b3a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:30:02.918642458Z	37	PC: 13b4f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:02.920348065Z	37	PC: 13b57 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:02.921354398Z	37	PC: 13b5f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:02.922169195Z	37	PC: 13b67 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:30:02.923568211Z	68	PC: 1436b \| I/O control for devices (Set for = '��G t�[��G t�]�� ')
2018-12-17T22:30:03.03969342Z	64	PC: 13f58 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:30:03.041099783Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:03.042747065Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:30:03.044308494Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:30:03.04566948Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:03.047013841Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:30:03.048616251Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:03.049659807Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:30:03.050692978Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:30:03.052391556Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:30:03.053407203Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:30:03.054415179Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:30:03.056141272Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:30:03.057994577Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:30:03.059820709Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:30:03.061881555Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:30:03.063763241Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:30:03.06563853Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:30:03.067818917Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:30:03.068946802Z	37	PC: 13c91 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:30:03.069996614Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.072581109Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.074627032Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.077160833Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.080106151Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.082142796Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.084066937Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.086471622Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.08848561Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.090424838Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.093328702Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.095328118Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.097268469Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.099987055Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.102191826Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.104402031Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.106882114Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.109569872Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.111792667Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.114216425Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.116673933Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.118938761Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.121345437Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.123529888Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.125379742Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.128203815Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.130346915Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.13211351Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.134097976Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.137154658Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.138750776Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.140853853Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.143685854Z	6	PC: 13d18 \| Direct console I/O
2018-12-17T22:30:03.14744483Z	76	PC: 13cd0 \| Terminate with return code (Return code = '200')