Sample viewer

vx.netlux.org/Trojan.DOS.DiskEraser.e

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:57:09.263230252Z 61 PC: 157be | Open file (Filename = 'KIRILL21.COM')
2018-12-17T21:57:09.270357414Z 66 PC: 157ca | Move file pointer
2018-12-17T21:57:09.272518096Z 64 PC: 157d6 | Write file or device (Write 1 bytes on handle 2)
2018-12-17T21:57:09.276935283Z 53 PC: 1571f | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:57:09.278996816Z 53 PC: 1571f | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T21:57:09.280839025Z 53 PC: 1571f | Get interrupt vector (Interrupt = '68' AKA 'I/O control for devices')
2018-12-17T21:57:09.282469457Z 53 PC: 1571f | Get interrupt vector (Interrupt = '31' AKA 'Get disk parameter block for default drive')
2018-12-17T21:57:09.284321541Z 53 PC: 1550d | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:57:09.286332429Z 53 PC: 1551c | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T21:57:09.287432913Z 37 PC: 15530 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T21:57:09.288487728Z 37 PC: 15539 | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T21:57:09.290366878Z 37 PC: 15542 | Set interrupt vector (Interrupt = '68' AKA 'I/O control for devices')
2018-12-17T21:57:09.292006531Z 37 PC: 1554f | Set interrupt vector (Interrupt = '31' AKA 'Get disk parameter block for default drive')
2018-12-17T21:57:09.303890644Z 49 PC: 155bd | Terminate and stay resident (Return code = '0' | Memory size = '690')