Sample viewer

vx.netlux.org/Virus.DOS.Seeg.2036

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:46.325087333Z	53	PC: 12f1c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:46.327681296Z	37	PC: 12f2f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:46.329620589Z	73	PC: 12d16 \| Release memory
2018-12-17T22:50:46.331821223Z	72	PC: 12d23 \| Allocate memory
2018-12-17T22:50:46.336101063Z	74	PC: 12d31 \| Reallocate memory
2018-12-17T22:50:46.337936892Z	72	PC: 12d39 \| Allocate memory
2018-12-17T22:50:46.339864142Z	44	PC: 12d51 \| Get time 0x12d51: cmp dh, 0x22 0x12d54: jne 0x12d5c 0x12d56: nop 0x12d57: nop 0x12d58: nop 0x12d59: call 0x12eb0 0x12d5c: push es 0x12d5d: call 0x12fe9 0x12d60: pop es 0x12d61: call 0x13124 0x12d64: lea si, word ptr [bp + 0x3a3] 0x12d68: mov ax, dx 0x12d6a: xor bx, bx 0x12d6c: call 0x12ee6 0x12d6f: xor ax, 0x1234 0x12d72: call 0x12ee6 0x12d75: mov ax, word ptr [si] 0x12d77: xor ah, ah 0x12d79: mov bl, 2 0x12d7b: div bl
2018-12-17T22:50:46.343833169Z	26	PC: 13145 \| Set disk transfer address
2018-12-17T22:50:46.345951619Z	78	PC: 1314e \| Find first file
2018-12-17T22:50:46.352774888Z	67	PC: 131c5 \| Get or set file attributes
2018-12-17T22:50:46.370023301Z	61	PC: 131d6 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:46.378308025Z	66	PC: 131e8 \| Move file pointer
2018-12-17T22:50:46.380113797Z	63	PC: 131f3 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:46.387299727Z	66	PC: 13221 \| Move file pointer
2018-12-17T22:50:46.389881518Z	64	PC: 1322c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:46.393303727Z	66	PC: 13235 \| Move file pointer
2018-12-17T22:50:46.395315115Z	64	PC: 13244 \| Write file or device (Write 169 bytes on handle 5)
2018-12-17T22:50:46.405037901Z	44	PC: 13248 \| Get time 0x13248: push ds 0x13249: mov cx, 0x3da 0x1324c: mov si, 0x8a 0x1324f: mov word ptr es:[0x23], dx 0x13254: xor word ptr es:[si], dx 0x13257: inc si 0x13258: sub dx, 0xdead 0x1325c: inc si 0x1325d: loop 0x13254 0x1325f: push bx 0x13260: xor ax, ax 0x13262: mov al, byte ptr [bp + 0x3b3] 0x13266: mov bl, 3 0x13268: mul bl 0x1326a: add ax, 3 0x1326d: mov word ptr [bp + 0x3b4], ax 0x13271: lea si, word ptr [bp + 0x2af] 0x13275: xor di, di 0x13277: movsb byte ptr es:[di], byte ptr [si] 0x13278: mov bx, word ptr [bp + 0x281]

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10336,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:07:13.76396996Z	53	PC: 12f1c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:13.766785243Z	37	PC: 12f2f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:13.76846824Z	73	PC: 12d16 \| Release memory
2018-12-25T13:07:13.769938808Z	72	PC: 12d23 \| Allocate memory
2018-12-25T13:07:13.772117502Z	74	PC: 12d31 \| Reallocate memory
2018-12-25T13:07:13.774915115Z	72	PC: 12d39 \| Allocate memory
2018-12-25T13:07:13.777017756Z	44	PC: 12d51 \| Get time 0x12d51: cmp dh, 0x22 0x12d54: jne 0x12d5c 0x12d56: nop 0x12d57: nop 0x12d58: nop 0x12d59: call 0x12eb0 0x12d5c: push es 0x12d5d: call 0x12fe9 0x12d60: pop es 0x12d61: call 0x13124 0x12d64: lea si, word ptr [bp + 0x3a3] 0x12d68: mov ax, dx 0x12d6a: xor bx, bx 0x12d6c: call 0x12ee6 0x12d6f: xor ax, 0x1234 0x12d72: call 0x12ee6 0x12d75: mov ax, word ptr [si] 0x12d77: xor ah, ah 0x12d79: mov bl, 2 0x12d7b: div bl
2018-12-25T13:07:13.780312201Z	26	PC: 13145 \| Set disk transfer address
2018-12-25T13:07:13.781925102Z	78	PC: 1314e \| Find first file
2018-12-25T13:07:13.788869701Z	67	PC: 131c5 \| Get or set file attributes
2018-12-25T13:07:13.954162553Z	61	PC: 131d6 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T13:07:13.962810909Z	66	PC: 131e8 \| Move file pointer
2018-12-25T13:07:13.964959828Z	63	PC: 131f3 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T13:07:13.973946364Z	66	PC: 13221 \| Move file pointer
2018-12-25T13:07:13.977020257Z	64	PC: 1322c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T13:07:13.983519442Z	66	PC: 13235 \| Move file pointer
2018-12-25T13:07:13.985228239Z	64	PC: 13244 \| Write file or device (Write 39 bytes on handle 5)
2018-12-25T13:07:13.988472271Z	44	PC: 13248 \| Get time 0x13248: push ds 0x13249: mov cx, 0x3da 0x1324c: mov si, 0x8a 0x1324f: mov word ptr es:[0x23], dx 0x13254: xor word ptr es:[si], dx 0x13257: inc si 0x13258: sub dx, 0xdead 0x1325c: inc si 0x1325d: loop 0x13254 0x1325f: push bx 0x13260: xor ax, ax 0x13262: mov al, byte ptr [bp + 0x3b3] 0x13266: mov bl, 3 0x13268: mul bl 0x1326a: add ax, 3 0x1326d: mov word ptr [bp + 0x3b4], ax 0x13271: lea si, word ptr [bp + 0x2af] 0x13275: xor di, di 0x13277: movsb byte ptr es:[di], byte ptr [si] 0x13278: mov bx, word ptr [bp + 0x281]

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":10336,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:43.713283157Z	53	PC: 12f1c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:43.715344185Z	37	PC: 12f2f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:43.716528708Z	73	PC: 12d16 \| Release memory
2018-12-25T12:27:43.717842561Z	72	PC: 12d23 \| Allocate memory
2018-12-25T12:27:43.719924439Z	74	PC: 12d31 \| Reallocate memory
2018-12-25T12:27:43.721099897Z	72	PC: 12d39 \| Allocate memory
2018-12-25T12:27:43.722446978Z	44	PC: 12d51 \| Get time 0x12d51: cmp dh, 0x22 0x12d54: jne 0x12d5c 0x12d56: nop 0x12d57: nop 0x12d58: nop 0x12d59: call 0x12eb0 0x12d5c: push es 0x12d5d: call 0x12fe9 0x12d60: pop es 0x12d61: call 0x13124 0x12d64: lea si, word ptr [bp + 0x3a3] 0x12d68: mov ax, dx 0x12d6a: xor bx, bx 0x12d6c: call 0x12ee6 0x12d6f: xor ax, 0x1234 0x12d72: call 0x12ee6 0x12d75: mov ax, word ptr [si] 0x12d77: xor ah, ah 0x12d79: mov bl, 2 0x12d7b: div bl
2018-12-25T12:27:43.725391182Z	26	PC: 13145 \| Set disk transfer address
2018-12-25T12:27:43.727277178Z	78	PC: 1314e \| Find first file
2018-12-25T12:27:43.73390618Z	67	PC: 131c5 \| Get or set file attributes
2018-12-25T12:27:43.749800764Z	61	PC: 131d6 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:43.75729603Z	66	PC: 131e8 \| Move file pointer
2018-12-25T12:27:43.758609063Z	63	PC: 131f3 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:43.764888652Z	66	PC: 13221 \| Move file pointer
2018-12-25T12:27:43.767021031Z	64	PC: 1322c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:43.769742149Z	66	PC: 13235 \| Move file pointer
2018-12-25T12:27:43.771288988Z	64	PC: 13244 \| Write file or device (Write 65 bytes on handle 5)
2018-12-25T12:27:43.774805772Z	44	PC: 13248 \| Get time 0x13248: push ds 0x13249: mov cx, 0x3da 0x1324c: mov si, 0x8a 0x1324f: mov word ptr es:[0x23], dx 0x13254: xor word ptr es:[si], dx 0x13257: inc si 0x13258: sub dx, 0xdead 0x1325c: inc si 0x1325d: loop 0x13254 0x1325f: push bx 0x13260: xor ax, ax 0x13262: mov al, byte ptr [bp + 0x3b3] 0x13266: mov bl, 3 0x13268: mul bl 0x1326a: add ax, 3 0x1326d: mov word ptr [bp + 0x3b4], ax 0x13271: lea si, word ptr [bp + 0x2af] 0x13275: xor di, di 0x13277: movsb byte ptr es:[di], byte ptr [si] 0x13278: mov bx, word ptr [bp + 0x281]