Sample viewer

vx.netlux.org/Trojan.DOS.Anti-School

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:58.402982353Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:58.406537707Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:58.408218805Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:58.409720106Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:58.411333135Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:58.413787339Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:58.415755766Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:58.41762987Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:58.420926429Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:58.422873077Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:58.424854994Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:58.429324207Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:58.43074971Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:58.432117381Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:58.438151485Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:58.446440082Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:58.447833623Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:58.449391555Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:58.451035237Z	53	PC: 1324a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:58.452492379Z	37	PC: 1325f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:58.453851784Z	37	PC: 13267 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:58.455618619Z	37	PC: 1326f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:58.457041625Z	37	PC: 13277 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:58.4598294Z	68	PC: 138d5 \| I/O control for devices (Set for = 'u�5��w��)8t�')
2018-12-17T22:41:58.599582237Z	64	PC: 13668 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:41:58.601299837Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:41:58.602495128Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:41:58.604676703Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:41:58.605763929Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:58.606849627Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:41:58.608585664Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:58.60960032Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:41:58.610511815Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:41:58.612019905Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:41:58.613462299Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:41:58.614783155Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:41:58.616558343Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:41:58.617713223Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:41:58.618719896Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:41:58.619888026Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:41:58.621310923Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:41:58.622324115Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:41:58.623328982Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:41:58.625058852Z	37	PC: 133a1 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:41:58.626211451Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.627969654Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.630387037Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.631970671Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.633522139Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.635543761Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.637096475Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.638760516Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.641166766Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.642905962Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.644512853Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.646749269Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.648434135Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.650125606Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.652169294Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.656476539Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.658620158Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.66040141Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.662356976Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.663937546Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.665790822Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.66772033Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.671581155Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.674023241Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.67713803Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.679899473Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.682655838Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.686715481Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.689453591Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.692190215Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.696000086Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.698757829Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.701331527Z	6	PC: 13428 \| Direct console I/O
2018-12-17T22:41:58.706746421Z	76	PC: 133e0 \| Terminate with return code (Return code = '200')