Sample viewer

vx.netlux.org/Trojan.DOS.DelSystem.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:20.596632378Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:20.598137848Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:20.599058188Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:20.599950757Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:20.601561334Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:20.602885524Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:20.604137767Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:20.605838773Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:20.606942474Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:20.607981108Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:20.609526643Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:20.611681565Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:20.61398729Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:20.616549211Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:20.617991213Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:20.619238072Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:20.620492912Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:20.623105597Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:20.625570162Z	53	PC: 137ca \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:20.627937974Z	37	PC: 137df \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:20.629832276Z	37	PC: 137e7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:20.63079028Z	37	PC: 137ef \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:20.631720285Z	37	PC: 137f7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:20.63340711Z	68	PC: 14014 \| I/O control for devices (Set for = 'dd]��>��$�� u��>��;�!�W��2��_��V�w�^��1��7�u�9�&�G&�W3�5�;�=�Ìَ��.��tD��')
2018-12-17T22:48:20.811448085Z	64	PC: 13be8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:48:20.813493872Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:48:20.816186964Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:48:20.817566813Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:48:20.818891351Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:20.826207891Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:20.827521599Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:20.82876772Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:48:20.83056335Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:48:20.832666171Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:48:20.834004282Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:48:20.835547285Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:48:20.836928715Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:48:20.838267131Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:48:20.839509674Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:48:20.841253604Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:48:20.842961485Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:48:20.844674615Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:48:20.846455581Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:48:20.847832012Z	37	PC: 13921 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:48:20.849099962Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.860258103Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.862664102Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.865242744Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.868591653Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.870929909Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.873220549Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.876159132Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.879014809Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.881223936Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.884267736Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.886617224Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.890834127Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.8941197Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.8987932Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.901674909Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.904584723Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.907397892Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.910214746Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.91290321Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.918197525Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.921077469Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.924520762Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.928641294Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.931020888Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.933473709Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.939188519Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.942016904Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.948994819Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.952897171Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.955956555Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.958534614Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.961803156Z	6	PC: 139a8 \| Direct console I/O
2018-12-17T22:48:20.96655434Z	76	PC: 13960 \| Terminate with return code (Return code = '200')