Sample viewer

vx.netlux.org/Trojan.DOS.DelSystem.g

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:12.168959095Z	53	PC: 131da \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:12.170712107Z	53	PC: 131da \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:12.172548566Z	53	PC: 131da \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:12.182841719Z	53	PC: 131da \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:12.184153032Z	53	PC: 131da \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:12.194193059Z	53	PC: 131da \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:12.19561497Z	53	PC: 131da \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:12.196943224Z	53	PC: 131da \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:12.198870814Z	53	PC: 131da \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:12.201400195Z	53	PC: 131da \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:12.203971284Z	53	PC: 131da \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:12.206539558Z	53	PC: 131da \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:12.214618481Z	53	PC: 131da \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:12.217318282Z	53	PC: 131da \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:12.219694355Z	53	PC: 131da \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:12.222030502Z	53	PC: 131da \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:12.233643473Z	53	PC: 131da \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:12.236749487Z	53	PC: 131da \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:12.238463857Z	53	PC: 131da \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:12.24678747Z	37	PC: 131ef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:12.252708611Z	37	PC: 131f7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:12.255282355Z	37	PC: 131ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:12.256910974Z	37	PC: 13207 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:12.270287116Z	68	PC: 136d6 \| I/O control for devices (Set for = '��t6��&�')
2018-12-17T22:43:12.372772061Z	37	PC: 12c01 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:12.375208517Z	67	PC: 12b52 \| Get or set file attributes
2018-12-17T22:43:12.724919795Z	67	PC: 12b52 \| Get or set file attributes
2018-12-17T22:43:12.735462286Z	67	PC: 12b52 \| Get or set file attributes
2018-12-17T22:43:12.745848102Z	65	PC: 13627 \| Delete file (Filename = 'c:\AUTOEXEC.BAT')
2018-12-17T22:43:12.757704711Z	65	PC: 13627 \| Delete file (Filename = 'c:\MSDOS.SYS')
2018-12-17T22:43:12.774022118Z	65	PC: 13627 \| Delete file (Filename = 'c:\IO.SYS')
2018-12-17T22:43:12.785603239Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:43:12.787279507Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:43:12.790139979Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:43:12.791792213Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:12.793152097Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:43:12.795261419Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:12.796834683Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:43:12.79842485Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:43:12.800138709Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:43:12.801909265Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:43:12.803186984Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:43:12.804408458Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:43:12.80627821Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:43:12.807614029Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:43:12.809033565Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:43:12.811381826Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:43:12.812851045Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:43:12.814314483Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:43:12.816647335Z	37	PC: 13331 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:43:12.818150307Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.82100531Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.824071769Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.826376408Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.828726502Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.832121358Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.838381295Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.840637533Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.843171642Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.846025332Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.848383802Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.850615163Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.853228261Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.85581005Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.858409632Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.862861152Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.865217208Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.867554477Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.870380745Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.87245425Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.874529398Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.877101909Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.879366282Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.881516361Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.884299928Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.886968911Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.88947037Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.892775036Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.895088411Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.897240583Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.899585086Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.902381639Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.904726432Z	6	PC: 133b8 \| Direct console I/O
2018-12-17T22:43:12.90861174Z	76	PC: 13370 \| Terminate with return code (Return code = '103')