Sample viewer

vx.netlux.org/Trojan.DOS.HellBell

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:17.594889372Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:17.59737436Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:17.599061178Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:17.600721426Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:17.602767639Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:17.604634785Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:17.606216817Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:17.607789411Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:17.610012396Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:17.611648058Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:17.613165418Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:17.615702142Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:17.617097343Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:17.618654978Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:17.620997928Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:17.622640914Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:17.624383597Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:17.629256039Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:17.631948115Z	53	PC: 1371a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:17.633448432Z	37	PC: 1372f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:17.635562032Z	37	PC: 13737 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:17.637137631Z	37	PC: 1373f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:17.638299303Z	37	PC: 13747 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:17.640919384Z	68	PC: 1407a \| I/O control for devices (Set for = '��V�w� �t
2018-12-17T22:44:17.786212107Z	64	PC: 13b38 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:44:17.788174322Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:44:17.78966948Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:44:17.791710514Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:44:17.793405407Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:17.795068561Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:44:17.797860765Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:17.799749832Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:44:17.801573267Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:44:17.803900067Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:44:17.805528246Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:44:17.807128511Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:44:17.809237452Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:44:17.810730456Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:44:17.812202882Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:44:17.814507069Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:44:17.815843219Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:44:17.816934077Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:44:17.818147376Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:44:17.819434684Z	37	PC: 13871 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:44:17.820611103Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.822672926Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.825067233Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.827078701Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.82904824Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.831518289Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.833673767Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.835824146Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.838508538Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.841128859Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.843635136Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.84700742Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.849258377Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.851390111Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.854102365Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.856321433Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.85852418Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.861752984Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.864143985Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.866486846Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.869183811Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.871648029Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.873817583Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.875968654Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.880012378Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.88256386Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.885162931Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.887948343Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.890005006Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.891660896Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.894451908Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.896617345Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.898544956Z	6	PC: 138f8 \| Direct console I/O
2018-12-17T22:44:17.902959627Z	76	PC: 138b0 \| Terminate with return code (Return code = '200')