Sample viewer

vx.netlux.org/Trojan.DOS.Deefes

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:39:48.814482063Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:48.815776045Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:48.81694084Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:48.818061281Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:48.819704129Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:48.820593007Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:48.821406435Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:48.823044966Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:48.824085123Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:48.825036506Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:48.826859446Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:48.82769623Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:48.828446888Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:48.841138755Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:48.842201046Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:48.843171568Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:48.844550346Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:39:48.845697814Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:48.846671665Z	53	PC: 16d0a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:39:48.848021215Z	37	PC: 16d1f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:48.849056066Z	37	PC: 16d27 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:48.849978483Z	37	PC: 16d2f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:48.851059505Z	37	PC: 16d37 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:48.852483552Z	68	PC: 17840 \| I/O control for devices (Set for = '�PQRVSV��.�D^u�.��')
2018-12-17T22:39:48.996866587Z	64	PC: 17128 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:39:48.999182101Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:49.001311265Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:39:49.002532649Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:39:49.003713794Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:49.005895945Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:49.00706246Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:49.008691907Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:39:49.011294002Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:39:49.012418563Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:39:49.01345502Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:39:49.01497086Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:39:49.01627322Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:39:49.01756335Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:39:49.019296417Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:39:49.020336255Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:39:49.021368141Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:39:49.023052901Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:39:49.024321311Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:39:49.025572315Z	37	PC: 16e61 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:39:49.027167172Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.029336078Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.031490296Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.03417785Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.036192214Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.037942987Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.039745529Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.041176105Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.042597804Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.044797406Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.046484247Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.048056723Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.050295181Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.052314714Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.054318802Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.056601484Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.058529018Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.060436205Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.062755987Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.064648799Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.066539748Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.069083659Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.070958861Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.072884634Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.075064807Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.076872872Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.078739982Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.081087763Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.083844426Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.085820427Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.089353502Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.091424216Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.093354004Z	6	PC: 16ee8 \| Direct console I/O
2018-12-17T22:39:49.098390068Z	76	PC: 16ea0 \| Terminate with return code (Return code = '200')