Sample viewer

vx.netlux.org/Trojan.DOS.AnDum.i

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:16.732593171Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:16.734329554Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:16.737238561Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:49:16.738940817Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:16.740581866Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:16.743268452Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:16.745078448Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:16.746816187Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:16.749601173Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:16.750719602Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:16.751715003Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:16.753317637Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:16.754406413Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:16.755470832Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:16.756906091Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:16.758000648Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:16.759114657Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:16.760225974Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:16.761649766Z	53	PC: 12eaa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:49:16.762926019Z	37	PC: 12ebf \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:16.764139873Z	37	PC: 12ec7 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:16.766724848Z	37	PC: 12ecf \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:16.768314336Z	37	PC: 12ed7 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:16.770536769Z	68	PC: 13768 \| I/O control for devices (Set for = 'v��nt��t��3��ơ}�؎��')
2018-12-17T22:49:16.773774325Z	65	PC: 136b9 \| Delete file (Filename = 'c:\windows\system.dat')
2018-12-17T22:49:16.789310261Z	64	PC: 132c8 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:49:16.796632374Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:16.799191121Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:49:16.800811112Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:49:16.802806951Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:16.805953296Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:16.807351134Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:16.808776055Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:49:16.810506589Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:49:16.813850964Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:49:16.815931111Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:49:16.819847064Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:49:16.822315197Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:49:16.824162401Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:49:16.826034332Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:49:16.836633612Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:49:16.842384707Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:49:16.843841316Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:49:16.845974926Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:49:16.847518109Z	37	PC: 13001 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:49:16.849115388Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.852028717Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.854252029Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.85643923Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.85979011Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.862583565Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.865402637Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.869345848Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.872409887Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.875204171Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.879089185Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.882045661Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.884632936Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.887631418Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.890934692Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.893459314Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.895951658Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.900993152Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.903481314Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.905954992Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.909575119Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.91260845Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.916544795Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.920613882Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.924058741Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.927614804Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.931539783Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.93481032Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.937804277Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.941763198Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.944355228Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.948046967Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.950262298Z	6	PC: 13088 \| Direct console I/O
2018-12-17T22:49:16.956231532Z	76	PC: 13040 \| Terminate with return code (Return code = '2')