Sample viewer

vx.netlux.org/Trojan.DOS.Sleepe

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:22.69485247Z	61	PC: 18126 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:55:22.702626712Z	63	PC: 18136 \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:55:22.705370837Z	66	PC: 1813f \| Move file pointer
2018-12-17T22:55:22.706984643Z	62	PC: 18144 \| Close file
2018-12-17T22:55:22.710940472Z	48	PC: 16efc \| Get DOS version
2018-12-17T22:55:22.712282395Z	74	PC: 16f4c \| Reallocate memory
2018-12-17T22:55:22.714211249Z	48	PC: 16fb0 \| Get DOS version
2018-12-17T22:55:22.715563085Z	53	PC: 16fb8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:22.717226033Z	37	PC: 16fca \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:22.718338523Z	68	PC: 1705b \| I/O control for devices (Set for = 'WJWUWW')
2018-12-17T22:55:22.719643509Z	68	PC: 1705b \| I/O control for devices
2018-12-17T22:55:22.721930692Z	68	PC: 1705b \| I/O control for devices
2018-12-17T22:55:22.7234543Z	68	PC: 1705b \| I/O control for devices
2018-12-17T22:55:22.725036123Z	68	PC: 1705b \| I/O control for devices
2018-12-17T22:55:22.727496254Z	53	PC: 14dfa \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:22.72943617Z	53	PC: 14e07 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:55:22.730581015Z	53	PC: 14e14 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:22.732738551Z	37	PC: 14e29 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:22.734121963Z	37	PC: 14e31 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:55:22.735579514Z	37	PC: 14e39 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:22.737823881Z	53	PC: 158b8 \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:55:22.739351176Z	53	PC: 158c5 \| Get interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:55:22.740864292Z	53	PC: 158d4 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:55:22.74352363Z	37	PC: 158e1 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:55:22.744749704Z	53	PC: 158e8 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:55:22.745866657Z	37	PC: 158f5 \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:55:22.747290394Z	53	PC: 15901 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:55:22.761707464Z	48	PC: 159c3 \| Get DOS version
2018-12-17T22:55:22.763157041Z	68	PC: 14d70 \| I/O control for devices (Set for = '. ;-)�')
2018-12-17T22:55:22.765075208Z	68	PC: 14d70 \| I/O control for devices (Set for = '')
2018-12-17T22:55:22.767423213Z	51	PC: 14d8e \| Get or set Ctrl-Break
2018-12-17T22:55:22.769061071Z	51	PC: 14d9a \| Get or set Ctrl-Break
2018-12-17T22:55:22.775554617Z	57	PC: 13980 \| Create subdirectory
2018-12-17T22:55:22.794918247Z	45	PC: 13a54 \| Set time
2018-12-17T22:55:22.79842142Z	43	PC: 139d3 \| Set date
2018-12-17T22:55:22.804907582Z	61	PC: 13618 \| Open file (Filename = 'C:\WIN.BAT')
2018-12-17T22:55:22.810700988Z	60	PC: 134dd \| Create or truncate file
2018-12-17T22:55:23.171405417Z	62	PC: 1344b \| Close file
2018-12-17T22:55:23.173992799Z	61	PC: 13618 \| Open file (Filename = 'C:\WIN.BAT')
2018-12-17T22:55:23.181995139Z	68	PC: 13571 \| I/O control for devices (Set for = ' ME UP!!!')
2018-12-17T22:55:23.184939944Z	64	PC: 1343a \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:55:23.187695716Z	64	PC: 1343a \| Write file or device (Write 133 bytes on handle 5)
2018-12-17T22:55:23.19650214Z	66	PC: 131ed \| Move file pointer
2018-12-17T22:55:23.19828033Z	62	PC: 1344b \| Close file
2018-12-17T22:55:23.207097702Z	61	PC: 13618 \| Open file (Filename = 'C:\AUTOEXEC.BAT')
2018-12-17T22:55:23.214295114Z	68	PC: 13571 \| I/O control for devices (Set for = ' ME UP!!!')
2018-12-17T22:55:23.217343182Z	64	PC: 1343a \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:55:23.224873344Z	64	PC: 1343a \| Write file or device (Write 93 bytes on handle 5)
2018-12-17T22:55:23.229557493Z	66	PC: 131ed \| Move file pointer
2018-12-17T22:55:23.23145161Z	62	PC: 1344b \| Close file
2018-12-17T22:55:23.24084951Z	61	PC: 13618 \| Open file (Filename = 'C:\SLEEPER.BAT')
2018-12-17T22:55:23.2473724Z	60	PC: 134dd \| Create or truncate file
2018-12-17T22:55:23.257209068Z	62	PC: 1344b \| Close file
2018-12-17T22:55:23.25896325Z	61	PC: 13618 \| Open file (Filename = 'C:\SLEEPER.BAT')
2018-12-17T22:55:23.265629822Z	68	PC: 13571 \| I/O control for devices (Set for = ' ME UP!!!')
2018-12-17T22:55:23.268510299Z	64	PC: 1343a \| Write file or device (Write 0 bytes on handle 5)
2018-12-17T22:55:23.270854017Z	64	PC: 1343a \| Write file or device (Write 138 bytes on handle 5)
2018-12-17T22:55:23.278443697Z	66	PC: 131ed \| Move file pointer
2018-12-17T22:55:23.279801156Z	62	PC: 1344b \| Close file
2018-12-17T22:55:23.287234945Z	25	PC: 13036 \| Get default drive
2018-12-17T22:55:23.289971582Z	71	PC: 13046 \| Get current directory
2018-12-17T22:55:23.297915329Z	26	PC: 12d61 \| Set disk transfer address
2018-12-17T22:55:23.299333882Z	78	PC: 12d68 \| Find first file
2018-12-17T22:55:23.309799267Z	65	PC: 12cdf \| Delete file (Filename = 'A:\TEST.EXE')
2018-12-17T22:55:23.321224185Z	79	PC: 12ce5 \| Find next file
2018-12-17T22:55:23.326586521Z	37	PC: 15b93 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:55:23.328881998Z	53	PC: 15b9a \| Get interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:55:23.330729672Z	37	PC: 15ba7 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:55:23.332138284Z	37	PC: 15bb2 \| Set interrupt vector (Interrupt = '239' AKA 'UNKNOWN!')
2018-12-17T22:55:23.334255555Z	37	PC: 15bbd \| Set interrupt vector (Interrupt = '240' AKA 'UNKNOWN!')
2018-12-17T22:55:23.335977479Z	51	PC: 14da5 \| Get or set Ctrl-Break
2018-12-17T22:55:23.337139601Z	37	PC: 15027 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:23.339408093Z	37	PC: 15031 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:55:23.340715866Z	37	PC: 1503b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:23.342115624Z	37	PC: 1710c \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:55:23.344062357Z	76	PC: 170f5 \| Terminate with return code (Return code = '0')