Sample viewer

vx.netlux.org/Trojan.DOS.EchoLock

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:27.524930054Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:27.527019975Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:56:27.528249448Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:56:27.539211478Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:27.540740421Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:27.544597184Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:27.546531749Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:56:27.548460848Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:56:27.553038427Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:56:27.554204028Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:56:27.555578815Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:56:27.565912173Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:56:27.567357176Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:56:27.568772641Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:56:27.571411067Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:56:27.572871983Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:56:27.575398381Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:56:27.585528309Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:27.58687755Z	53	PC: 12e7a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:56:27.588105571Z	37	PC: 12e8f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:56:27.601514146Z	37	PC: 12e97 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:56:27.603061723Z	37	PC: 12e9f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:27.606694657Z	37	PC: 12ea7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:56:27.60913049Z	68	PC: 13579 \| I/O control for devices (Set for = '�uÎ��ؿ')
2018-12-17T21:56:27.620806857Z	65	PC: 134ca \| Delete file (Filename = 'c:\autoexec.bat')
2018-12-17T21:56:27.973119951Z	60	PC: 1355d \| Create or truncate file
2018-12-17T21:56:27.984017485Z	68	PC: 13579 \| I/O control for devices (Set for = '�uÎ��ؿ')
2018-12-17T21:56:27.987325606Z	64	PC: 13273 \| Write file or device (Write 128 bytes on handle 5)
2018-12-17T21:56:27.996625111Z	64	PC: 13273 \| Write file or device (Write 128 bytes on handle 5)
2018-12-17T21:56:28.000389546Z	64	PC: 13273 \| Write file or device (Write 128 bytes on handle 5)
2018-12-17T21:56:28.009579835Z	64	PC: 13273 \| Write file or device (Write 8 bytes on handle 5)
2018-12-17T21:56:28.012191481Z	62	PC: 132b2 \| Close file
2018-12-17T21:56:28.020622287Z	60	PC: 1355d \| Create or truncate file
2018-12-17T21:56:28.028495718Z	68	PC: 13579 \| I/O control for devices (Set for = '�uÎ��ؿ')
2018-12-17T21:56:28.030029009Z	64	PC: 13273 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:56:28.033001814Z	62	PC: 132b2 \| Close file
2018-12-17T21:56:28.038850026Z	41	PC: 12de1 \| Parse filename
2018-12-17T21:56:28.040096688Z	41	PC: 12def \| Parse filename
2018-12-17T21:56:28.041310842Z	75	PC: 12dfa \| Execute program