Sample viewer

vx.netlux.org/Trojan.DOS.DelWin.j

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:32:46.432429837Z	53	PC: 132da \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:46.434417512Z	53	PC: 132da \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:32:46.435759617Z	53	PC: 132da \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:32:46.437060891Z	53	PC: 132da \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:46.438367811Z	53	PC: 132da \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:46.440254718Z	53	PC: 132da \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:46.442405427Z	53	PC: 132da \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:32:46.443848726Z	53	PC: 132da \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:32:46.445910222Z	53	PC: 132da \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:32:46.447336715Z	53	PC: 132da \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:32:46.448826399Z	53	PC: 132da \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:32:46.450880851Z	53	PC: 132da \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:32:46.45252004Z	53	PC: 132da \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:32:46.454077028Z	53	PC: 132da \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:32:46.456469528Z	53	PC: 132da \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:32:46.45801088Z	53	PC: 132da \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:32:46.4590528Z	53	PC: 132da \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:32:46.460884709Z	53	PC: 132da \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:46.462158909Z	53	PC: 132da \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:32:46.463250287Z	37	PC: 132ef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:46.464863552Z	37	PC: 132f7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:46.465864079Z	37	PC: 132ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:46.466870657Z	37	PC: 13307 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:46.468806917Z	68	PC: 13c97 \| I/O control for devices (Set for = '�3�� tFV��.��Nr��Ї�^t��Zi��')
2018-12-17T22:32:46.557246084Z	37	PC: 12c41 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:32:46.559049721Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:32:46.897423098Z	62	PC: 137ed \| Close file
2018-12-17T22:32:46.899980142Z	14	PC: 139bd \| Set default drive (Drive = 'C')
2018-12-17T22:32:46.901800117Z	25	PC: 139c1 \| Get default drive
2018-12-17T22:32:46.903482387Z	59	PC: 13a2b \| Change current directory
2018-12-17T22:32:46.914517158Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:32:46.915588668Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:32:46.916844331Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:32:46.918471603Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:46.919483952Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:32:46.920485997Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:32:46.922704304Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:32:46.92489035Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:32:46.927033911Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:32:46.929195886Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:32:46.930429875Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:32:46.931520563Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:32:46.933563585Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:32:46.934865898Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:32:46.936281939Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:32:46.938397521Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:32:46.939468623Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:32:46.940553887Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:32:46.942418579Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:32:46.943952822Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.946512883Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.949433722Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.952682927Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.955086926Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.957811332Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.960653874Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.964144117Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.966509824Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.973638762Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.976100744Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.978799838Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.981034608Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.983561132Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.993332383Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.995367313Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:46.997383717Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.000430234Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.002881277Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.004850359Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.007054003Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.009683731Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.012134057Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.01484171Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.017270182Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.019485817Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.02195289Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.024298792Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.026409373Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.028961328Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.040726372Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.042841535Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.046552582Z	6	PC: 134b8 \| Direct console I/O
2018-12-17T22:32:47.064979737Z	76	PC: 13470 \| Terminate with return code (Return code = '3')