Sample viewer

vx.netlux.org/Trojan.DOS.DelFiles.h

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:39:38.321477915Z	53	PC: 132da \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:38.323064992Z	53	PC: 132da \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:38.32583727Z	53	PC: 132da \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:38.327344657Z	53	PC: 132da \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:38.328884164Z	53	PC: 132da \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:38.331744117Z	53	PC: 132da \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:38.333351693Z	53	PC: 132da \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:38.334926978Z	53	PC: 132da \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:38.337778054Z	53	PC: 132da \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:38.339330184Z	53	PC: 132da \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:38.340854994Z	53	PC: 132da \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:38.342698093Z	53	PC: 132da \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:38.345117657Z	53	PC: 132da \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:38.346672363Z	53	PC: 132da \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:38.348192374Z	53	PC: 132da \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:38.350870755Z	53	PC: 132da \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:38.352474182Z	53	PC: 132da \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:39:38.354870162Z	53	PC: 132da \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:38.358424261Z	53	PC: 132da \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:39:38.360064869Z	37	PC: 132ef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:38.361613534Z	37	PC: 132f7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:38.364375682Z	37	PC: 132ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:38.366351351Z	37	PC: 13307 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:38.374510918Z	68	PC: 13c97 \| I/O control for devices (Set for = '�3�� tFV��.��Nr��Ї�^t��Zi��')
2018-12-17T22:39:38.443837195Z	37	PC: 12c41 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:38.44623053Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:38.783947962Z	62	PC: 137ed \| Close file
2018-12-17T22:39:38.786498222Z	14	PC: 139bd \| Set default drive (Drive = 'C')
2018-12-17T22:39:38.789197051Z	25	PC: 139c1 \| Get default drive
2018-12-17T22:39:38.790802934Z	59	PC: 13a2b \| Change current directory
2018-12-17T22:39:38.807668296Z	26	PC: 13227 \| Set disk transfer address
2018-12-17T22:39:38.810586529Z	78	PC: 13233 \| Find first file
2018-12-17T22:39:38.82154366Z	67	PC: 131f6 \| Get or set file attributes
2018-12-17T22:39:38.832050134Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:38.847377642Z	62	PC: 137ed \| Close file
2018-12-17T22:39:38.849721243Z	61	PC: 1379d \| Open file (Filename = 'LZEXPAND.DLL')
2018-12-17T22:39:38.857648012Z	65	PC: 138e6 \| Delete file (Filename = 'LZEXPAND.DLL')
2018-12-17T22:39:38.87849113Z	62	PC: 137ed \| Close file
2018-12-17T22:39:38.880820925Z	26	PC: 1324b \| Set disk transfer address
2018-12-17T22:39:38.882354461Z	79	PC: 13250 \| Find next file
2018-12-17T22:39:38.887136101Z	67	PC: 131f6 \| Get or set file attributes
2018-12-17T22:39:38.898088795Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:38.910968195Z	62	PC: 137ed \| Close file
2018-12-17T22:39:38.91345245Z	61	PC: 1379d \| Open file (Filename = 'VER.DLL')
2018-12-17T22:39:38.921869762Z	65	PC: 138e6 \| Delete file (Filename = 'VER.DLL')
2018-12-17T22:39:38.932501462Z	62	PC: 137ed \| Close file
2018-12-17T22:39:38.935668784Z	26	PC: 1324b \| Set disk transfer address
2018-12-17T22:39:38.938771874Z	79	PC: 13250 \| Find next file
2018-12-17T22:39:38.942787031Z	67	PC: 131f6 \| Get or set file attributes
2018-12-17T22:39:38.953618557Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:38.96741401Z	62	PC: 137ed \| Close file
2018-12-17T22:39:38.97018743Z	61	PC: 1379d \| Open file (Filename = 'WIN87EM.DLL')
2018-12-17T22:39:38.977848649Z	65	PC: 138e6 \| Delete file (Filename = 'WIN87EM.DLL')
2018-12-17T22:39:38.989763575Z	62	PC: 137ed \| Close file
2018-12-17T22:39:38.992209218Z	26	PC: 1324b \| Set disk transfer address
2018-12-17T22:39:38.993802707Z	79	PC: 13250 \| Find next file
2018-12-17T22:39:38.998009374Z	67	PC: 131f6 \| Get or set file attributes
2018-12-17T22:39:39.010062365Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:39.023926495Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.026180094Z	61	PC: 1379d \| Open file (Filename = 'COMMDLG.DLL')
2018-12-17T22:39:39.035005666Z	65	PC: 138e6 \| Delete file (Filename = 'COMMDLG.DLL')
2018-12-17T22:39:39.045700534Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.048031859Z	26	PC: 1324b \| Set disk transfer address
2018-12-17T22:39:39.050352375Z	79	PC: 13250 \| Find next file
2018-12-17T22:39:39.054704982Z	67	PC: 131f6 \| Get or set file attributes
2018-12-17T22:39:39.065071743Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:39.080422179Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.083122338Z	61	PC: 1379d \| Open file (Filename = 'DDEML.DLL')
2018-12-17T22:39:39.090722394Z	65	PC: 138e6 \| Delete file (Filename = 'DDEML.DLL')
2018-12-17T22:39:39.1016288Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.10926788Z	26	PC: 1324b \| Set disk transfer address
2018-12-17T22:39:39.110930788Z	79	PC: 13250 \| Find next file
2018-12-17T22:39:39.114913659Z	67	PC: 131f6 \| Get or set file attributes
2018-12-17T22:39:39.126207214Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:39.140140063Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.142454125Z	61	PC: 1379d \| Open file (Filename = 'MMSYSTEM.DLL')
2018-12-17T22:39:39.151038123Z	65	PC: 138e6 \| Delete file (Filename = 'MMSYSTEM.DLL')
2018-12-17T22:39:39.162670064Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.164931828Z	26	PC: 1324b \| Set disk transfer address
2018-12-17T22:39:39.167273233Z	79	PC: 13250 \| Find next file
2018-12-17T22:39:39.171664122Z	67	PC: 131f6 \| Get or set file attributes
2018-12-17T22:39:39.182356305Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:39.196376348Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.200595524Z	61	PC: 1379d \| Open file (Filename = 'OLECLI.DLL')
2018-12-17T22:39:39.208343239Z	65	PC: 138e6 \| Delete file (Filename = 'OLECLI.DLL')
2018-12-17T22:39:39.219425235Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.222455485Z	26	PC: 1324b \| Set disk transfer address
2018-12-17T22:39:39.223982327Z	79	PC: 13250 \| Find next file
2018-12-17T22:39:39.227943969Z	67	PC: 131f6 \| Get or set file attributes
2018-12-17T22:39:39.239526958Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:39.252400905Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.254707454Z	61	PC: 1379d \| Open file (Filename = 'OLESVR.DLL')
2018-12-17T22:39:39.263170384Z	65	PC: 138e6 \| Delete file (Filename = 'OLESVR.DLL')
2018-12-17T22:39:39.275052234Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.277487465Z	26	PC: 1324b \| Set disk transfer address
2018-12-17T22:39:39.279719163Z	79	PC: 13250 \| Find next file
2018-12-17T22:39:39.284084504Z	67	PC: 131f6 \| Get or set file attributes
2018-12-17T22:39:39.29462382Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:39.308119687Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.311418823Z	61	PC: 1379d \| Open file (Filename = 'SHELL.DLL')
2018-12-17T22:39:39.318926065Z	65	PC: 138e6 \| Delete file (Filename = 'SHELL.DLL')
2018-12-17T22:39:39.330419224Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.33384596Z	26	PC: 1324b \| Set disk transfer address
2018-12-17T22:39:39.335314763Z	79	PC: 13250 \| Find next file
2018-12-17T22:39:39.339307413Z	67	PC: 131f6 \| Get or set file attributes
2018-12-17T22:39:39.35122937Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:39.365712093Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.36796442Z	61	PC: 1379d \| Open file (Filename = 'TOOLHELP.DLL')
2018-12-17T22:39:39.376242412Z	65	PC: 138e6 \| Delete file (Filename = 'TOOLHELP.DLL')
2018-12-17T22:39:39.38745871Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.389758276Z	26	PC: 1324b \| Set disk transfer address
2018-12-17T22:39:39.391221308Z	79	PC: 13250 \| Find next file
2018-12-17T22:39:39.39688919Z	67	PC: 131f6 \| Get or set file attributes
2018-12-17T22:39:39.403572492Z	60	PC: 1379d \| Create or truncate file
2018-12-17T22:39:39.415270316Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.418394563Z	61	PC: 1379d \| Open file (Filename = 'TOOLHELP.DLL')
2018-12-17T22:39:39.426662135Z	65	PC: 138e6 \| Delete file (Filename = 'TOOLHELP.DLL')
2018-12-17T22:39:39.438804025Z	62	PC: 137ed \| Close file
2018-12-17T22:39:39.442164968Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:39.443466346Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:39.444880416Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:39.447192445Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:39.448748501Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:39.450246008Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:39.452466916Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:39.455994021Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:39.463408999Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:39.467638255Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:39.469674926Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:39.471236474Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:39.473238269Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:39.476551832Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:39.478560911Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:39.480524375Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:39.482502345Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:39:39.484297533Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:39.486750046Z	37	PC: 13431 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:39:39.488257121Z	76	PC: 13470 \| Terminate with return code (Return code = '0')