Sample viewer

vx.netlux.org/Trojan.DOS.Kupa

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:06:15.206119146Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:06:15.207932789Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:06:15.209101595Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:06:15.210164761Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:06:15.211662905Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:15.212630878Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:15.213549413Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:06:15.215258458Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:06:15.216455945Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:06:15.217349399Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:06:15.218564407Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:06:15.220319751Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:06:15.221599284Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:06:15.222777726Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:06:15.22412114Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:06:15.225154936Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:06:15.22623318Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:06:15.228003848Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:06:15.229203639Z	53	PC: 131fa \| Get interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:06:15.23048737Z	37	PC: 1320f \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:06:15.233749691Z	37	PC: 13217 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:15.234930972Z	37	PC: 1321f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:15.235988974Z	37	PC: 13227 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:06:15.238045923Z	68	PC: 13885 \| I/O control for devices (Set for = '&�>�')
2018-12-17T22:06:15.335237902Z	64	PC: 13618 \| Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:06:15.337251229Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:06:15.339631431Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '2' AKA 'Character output')
2018-12-17T22:06:15.341274756Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:06:15.342889574Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:06:15.345800281Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:06:15.347460204Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:06:15.349051263Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '52' AKA 'Get InDOS flag pointer')
2018-12-17T22:06:15.351517047Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '53' AKA 'Get interrupt vector')
2018-12-17T22:06:15.353190725Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '54' AKA 'Get free disk space')
2018-12-17T22:06:15.354739783Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '55' AKA 'Get or set switch character')
2018-12-17T22:06:15.356477954Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '56' AKA 'Get or set country info')
2018-12-17T22:06:15.35855047Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '57' AKA 'Create subdirectory')
2018-12-17T22:06:15.359796965Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '58' AKA 'Remove subdirectory')
2018-12-17T22:06:15.361067303Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '59' AKA 'Change current directory')
2018-12-17T22:06:15.362337871Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '60' AKA 'Create or truncate file')
2018-12-17T22:06:15.363428034Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '61' AKA 'Open file')
2018-12-17T22:06:15.364500434Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '62' AKA 'Close file')
2018-12-17T22:06:15.366012945Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '63' AKA 'Read file or device')
2018-12-17T22:06:15.367332674Z	37	PC: 13351 \| Set interrupt vector (Interrupt = '117' AKA 'UNKNOWN!')
2018-12-17T22:06:15.368663175Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.370983314Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.373711185Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.375715234Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.379655063Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.381650163Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.383952355Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.386206755Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.38895792Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.391278304Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.394321131Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.396794944Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.399769257Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.403480687Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.405920025Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.407896201Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.4104224Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.41239878Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.41446527Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.416899978Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.418971699Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.420981331Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.423586134Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.4256417Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.427588047Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.430370238Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.432251429Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.435381911Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.437824561Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.439786819Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.441754479Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.449512204Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.451385911Z	6	PC: 133d8 \| Direct console I/O
2018-12-17T22:06:15.454794833Z	76	PC: 13390 \| Terminate with return code (Return code = '200')