Sample viewer

vx.netlux.org/Trojan.DOS.Welzel

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:15:37.47911587Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:15:37.480994791Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:15:37.483358606Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:15:37.484572324Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:37.486538921Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:15:37.48776643Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:37.489093338Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:15:37.490735033Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:15:37.492153924Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:15:37.494549144Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:15:37.4960278Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:15:37.498019483Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:15:37.499321846Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:15:37.500578078Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:15:37.502960277Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:15:37.504088982Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:15:37.505190509Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:15:37.50716734Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:15:37.508380758Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:15:37.509518453Z	37	PC: 1320f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:15:37.516378716Z	37	PC: 13217 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:15:37.518276214Z	37	PC: 1321f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:37.519607991Z	37	PC: 13227 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:15:37.521947735Z	68	PC: 139fc \| I/O control for devices (Set for = '��')
2018-12-17T23:15:37.523924282Z	60	PC: 139e0 \| Create or truncate file
2018-12-17T23:15:39.381845426Z	68	PC: 139fc \| I/O control for devices (Set for = '��')
2018-12-17T23:15:39.385899666Z	64	PC: 13618 \| Write file or device (Write 23 bytes on handle 1)
2018-12-17T23:15:39.390585279Z	64	PC: 13618 \| Write file or device (Write 22 bytes on handle 1)
2018-12-17T23:15:39.395311892Z	64	PC: 13618 \| Write file or device (Write 21 bytes on handle 1)
2018-12-17T23:15:39.401497373Z	64	PC: 13618 \| Write file or device (Write 21 bytes on handle 1)
2018-12-17T23:15:39.406321399Z	64	PC: 13618 \| Write file or device (Write 29 bytes on handle 1)
2018-12-17T23:15:39.413592179Z	64	PC: 13618 \| Write file or device (Write 23 bytes on handle 1)
2018-12-17T23:15:39.419802487Z	64	PC: 13618 \| Write file or device (Write 24 bytes on handle 1)
2018-12-17T23:15:39.430113139Z	64	PC: 13618 \| Write file or device (Write 26 bytes on handle 1)
2018-12-17T23:15:39.436165045Z	64	PC: 13618 \| Write file or device (Write 29 bytes on handle 1)
2018-12-17T23:15:39.441654386Z	64	PC: 13618 \| Write file or device (Write 57 bytes on handle 1)
2018-12-17T23:15:39.448296106Z	64	PC: 13618 \| Write file or device (Write 26 bytes on handle 1)
2018-12-17T23:15:39.453210016Z	64	PC: 13618 \| Write file or device (Write 16 bytes on handle 1)
2018-12-17T23:15:39.45932073Z	64	PC: 13618 \| Write file or device (Write 52 bytes on handle 1)
2018-12-17T23:15:39.465282551Z	14	PC: 1393e \| Set default drive (Drive = 'C')
2018-12-17T23:15:39.467280052Z	25	PC: 13942 \| Get default drive
2018-12-17T23:15:39.468275109Z	59	PC: 139ac \| Change current directory
2018-12-17T23:15:39.473228808Z	60	PC: 139e0 \| Create or truncate file
2018-12-17T23:15:39.57917269Z	68	PC: 139fc \| I/O control for devices (Set for = '��')
2018-12-17T23:15:39.581474389Z	64	PC: 135f3 \| Write file or device (Write 128 bytes on handle 6)
2018-12-17T23:15:39.590081234Z	64	PC: 135f3 \| Write file or device (Write 21 bytes on handle 6)
2018-12-17T23:15:39.592284043Z	62	PC: 13632 \| Close file
2018-12-17T23:15:39.650768666Z	60	PC: 139e0 \| Create or truncate file
2018-12-17T23:15:39.738416955Z	68	PC: 139fc \| I/O control for devices (Set for = '��')
2018-12-17T23:15:39.740195024Z	64	PC: 135f3 \| Write file or device (Write 123 bytes on handle 6)
2018-12-17T23:15:39.749595441Z	62	PC: 13632 \| Close file
2018-12-17T23:15:39.807892675Z	60	PC: 139e0 \| Create or truncate file
2018-12-17T23:15:39.861284184Z	68	PC: 139fc \| I/O control for devices (Set for = '��')
2018-12-17T23:15:39.863321658Z	64	PC: 135f3 \| Write file or device (Write 51 bytes on handle 6)
2018-12-17T23:15:39.872610827Z	62	PC: 13632 \| Close file
2018-12-17T23:15:39.914115607Z	60	PC: 139e0 \| Create or truncate file
2018-12-17T23:15:39.96195224Z	68	PC: 139fc \| I/O control for devices (Set for = '��')
2018-12-17T23:15:39.965493748Z	64	PC: 135f3 \| Write file or device (Write 68 bytes on handle 6)
2018-12-17T23:15:39.969713153Z	62	PC: 13632 \| Close file
2018-12-17T23:15:39.987251478Z	64	PC: 13618 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T23:15:39.99159944Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:15:39.993259113Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T23:15:39.995454381Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:15:39.998525276Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:40.003936008Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:15:40.006060587Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:40.015396962Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T23:15:40.01653145Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T23:15:40.017722496Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T23:15:40.0200405Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T23:15:40.029540007Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T23:15:40.030781719Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T23:15:40.032886823Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T23:15:40.034351156Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T23:15:40.035689525Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T23:15:40.038080977Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T23:15:40.041082156Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T23:15:40.04345858Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T23:15:40.045813505Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T23:15:40.047739922Z	76	PC: 13390 \| Terminate with return code (Return code = '0')