Sample viewer

vx.netlux.org/Trojan.DOS.Galuj

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:38:34.772046565Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:38:34.774886951Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:38:34.776478285Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:38:34.777852237Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:38:34.779632045Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:38:34.792218593Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:38:34.793769783Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:38:34.795224656Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:38:34.797211705Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:38:34.79868947Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:38:34.80012326Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:38:34.802542991Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:38:34.803952124Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:38:34.805369418Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:38:34.8077496Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:38:34.809164344Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:38:34.810573009Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:38:34.812856034Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:38:34.814282916Z	53	PC: 13cfa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:38:34.815725633Z	37	PC: 13d0f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:38:34.818546877Z	37	PC: 13d17 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:38:34.819838483Z	37	PC: 13d1f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:38:34.8211843Z	37	PC: 13d27 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:38:34.823148585Z	68	PC: 146bd \| I/O control for devices (Set for = '')
2018-12-17T22:38:34.946331432Z	64	PC: 14118 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:38:34.948032569Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:38:34.949136193Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:38:34.952416426Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:38:34.95352349Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:38:34.954604442Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:38:34.957558297Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:38:34.959166431Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:38:34.961480998Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:38:34.964822657Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:38:34.966170732Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:38:34.967564778Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:38:34.969854489Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:38:34.970954831Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:38:34.973090799Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:38:34.975088192Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:38:34.976706595Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:38:34.978035529Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:38:34.980023806Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:38:34.981635676Z	37	PC: 13e51 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:38:34.983003797Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:34.985456106Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:34.98841529Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:34.990679323Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:34.992943156Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:34.996096421Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:34.998365014Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.000607902Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.010716836Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.015065307Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.027808386Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.030536828Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.032608337Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.034578973Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.037468786Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.051173333Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.053526515Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.056279806Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.058554719Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.060880832Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.063946077Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.066597637Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.068902712Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.071417218Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.074479114Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.076423597Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.078399745Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.081518805Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.083765668Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.085995593Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.089218672Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.092231277Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.094358197Z	6	PC: 13ed8 \| Direct console I/O
2018-12-17T22:38:35.098997421Z	76	PC: 13e90 \| Terminate with return code (Return code = '200')