Sample viewer

vx.netlux.org/Trojan.DOS.FormatAC

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:35.550537131Z	48	PC: 12a4c \| Get DOS version
2018-12-17T22:30:35.552938307Z	53	PC: 12bc0 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:35.554080303Z	53	PC: 12bcd \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:30:35.555674077Z	53	PC: 12bda \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:30:35.557435535Z	53	PC: 12be7 \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:30:35.558529519Z	37	PC: 12bfb \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:30:35.559685572Z	74	PC: 12ad6 \| Reallocate memory
2018-12-17T22:30:35.562272667Z	68	PC: 12ef0 \| I/O control for devices (Set for = '')
2018-12-17T22:30:35.564507889Z	74	PC: 13e62 \| Reallocate memory
2018-12-17T22:30:35.566570429Z	74	PC: 13e62 \| Reallocate memory
2018-12-17T22:30:35.568792528Z	68	PC: 12ef0 \| I/O control for devices (Set for = 'Borland C++ - Copyright 1991 Borland Intl.')
2018-12-17T22:30:35.57123799Z	67	PC: 13e82 \| Get or set file attributes
2018-12-17T22:30:35.576575271Z	61	PC: 14667 \| Open file (Filename = 'c:\autoexec.bat')
2018-12-17T22:30:35.583747372Z	68	PC: 13e3c \| I/O control for devices (Set for = '')
2018-12-17T22:30:35.585173345Z	64	PC: 144ca \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:30:36.275902267Z	68	PC: 12ef0 \| I/O control for devices (Set for = 's3�I��ZYÃ>Xcu ��=��u@�PS�Y��')
2018-12-17T22:30:36.282158446Z	64	PC: 14d55 \| Write file or device (Write 22 bytes on handle 5)
2018-12-17T22:30:36.291615995Z	62	PC: 13ec0 \| Close file
2018-12-17T22:30:36.299536542Z	64	PC: 14d55 \| Write file or device (Write 19 bytes on handle 1)
2018-12-17T22:30:37.305581502Z	67	PC: 13e82 \| Get or set file attributes
2018-12-17T22:30:37.317671385Z	28	PC: 12ddd \| Get allocation info for specified drive