Sample viewer

vx.netlux.org/Trojan.DOS.KillFiles.o

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:58:49.089389594Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:58:49.091623431Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T21:58:49.093137505Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:58:49.094633474Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:58:49.096738954Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:58:49.098100672Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:58:49.099200714Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T21:58:49.10282794Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T21:58:49.104428622Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T21:58:49.105813421Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T21:58:49.107857471Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T21:58:49.110905773Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T21:58:49.114281898Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T21:58:49.116446736Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T21:58:49.119148731Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T21:58:49.121535533Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T21:58:49.124319857Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T21:58:49.127530501Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:58:49.130008264Z	53	PC: 1347a \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T21:58:49.131528438Z	37	PC: 1348f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:58:49.133311447Z	37	PC: 13497 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:58:49.134518421Z	37	PC: 1349f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:58:49.136788105Z	37	PC: 134a7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T21:58:49.139500428Z	68	PC: 13dad \| I/O control for devices (Set for = '�')
2018-12-17T21:58:49.294933629Z	37	PC: 12e9c \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T21:58:49.296419672Z	44	PC: 13ee4 \| Get time 0x13ee4: mov word ptr [0x3e], cx 0x13ee8: mov word ptr [0x40], dx 0x13eec: retf 0x13eed: mov di, 0x52 0x13ef0: push ds 0x13ef1: pop es 0x13ef2: mov cx, 0x4b8 0x13ef5: sub cx, di 0x13ef7: shr cx, 1 0x13ef9: xor ax, ax 0x13efb: cld 0x13efc: rep stosd dword ptr es:[di], eax 0x13efe: ret 0x13eff: add byte ptr [bx + si], al 0x13f01: add byte ptr [bx + si], al 0x13f03: add byte ptr [bx + si], al 0x13f05: add byte ptr [bx + si], al 0x13f07: add byte ptr [bx + si], al 0x13f09: add byte ptr [si], bh 0x13f0b: sbb byte ptr [si], bh
2018-12-17T21:58:49.298667814Z	67	PC: 12dd6 \| Get or set file attributes
2018-12-17T21:58:49.848682275Z	61	PC: 13d91 \| Open file (Filename = 'c:\msdos.sys')
2018-12-17T21:58:49.855208231Z	62	PC: 138b2 \| Close file
2018-12-17T21:58:49.857089911Z	61	PC: 13d91 \| Open file (Filename = 'c:\msdos.sys')
2018-12-17T21:58:49.863020595Z	68	PC: 13dad \| I/O control for devices (Set for = '�')
2018-12-17T21:58:49.865825178Z	66	PC: 13dfc \| Move file pointer
2018-12-17T21:58:49.867732408Z	66	PC: 13e13 \| Move file pointer
2018-12-17T21:58:49.869716128Z	63	PC: 13e20 \| Read file or device (Read 128 bytes on handle 5)
2018-12-17T21:58:49.877013115Z	66	PC: 13e42 \| Move file pointer
2018-12-17T21:58:49.878360713Z	64	PC: 13e4a \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T21:58:49.883062663Z	64	PC: 13873 \| Write file or device (Write 128 bytes on handle 5)
2018-12-17T21:58:49.886090915Z	64	PC: 13873 \| Write file or device (Write 95 bytes on handle 5)
2018-12-17T21:58:49.889458125Z	62	PC: 138b2 \| Close file
2018-12-17T21:58:49.899437488Z	67	PC: 12dd6 \| Get or set file attributes