Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1862

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:52.35307843Z	53	PC: 12ec5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:52.354734541Z	37	PC: 12ed8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:52.356981984Z	73	PC: 12d13 \| Release memory
2018-12-17T22:50:52.358676998Z	72	PC: 12d1b \| Allocate memory
2018-12-17T22:50:52.360768186Z	74	PC: 12d24 \| Reallocate memory
2018-12-17T22:50:52.364071442Z	72	PC: 12d2c \| Allocate memory
2018-12-17T22:50:52.366305448Z	44	PC: 12d3f \| Get time 0x12d3f: cmp dh, 0x22 0x12d42: jne 0x12d47 0x12d44: call 0x12e65 0x12d47: push es 0x12d48: call 0x12f8c 0x12d4b: pop es 0x12d4c: call 0x13088 0x12d4f: lea si, word ptr [bp + 0x3a0] 0x12d53: mov ax, dx 0x12d55: xor bx, bx 0x12d57: call 0x12e8f 0x12d5a: xor ax, 0x1234 0x12d5d: call 0x12e8f 0x12d60: mov ax, word ptr [si] 0x12d62: xor ah, ah 0x12d64: mov bl, 2 0x12d66: div bl 0x12d68: xor ah, ah 0x12d6a: mov byte ptr [bp + 0x3af], al 0x12d6e: push si
2018-12-17T22:50:52.369519868Z	26	PC: 130a9 \| Set disk transfer address
2018-12-17T22:50:52.372170106Z	78	PC: 130b2 \| Find first file
2018-12-17T22:50:52.378918264Z	67	PC: 1311d \| Get or set file attributes
2018-12-17T22:50:52.395792083Z	61	PC: 1312e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:52.403470528Z	66	PC: 1313d \| Move file pointer
2018-12-17T22:50:52.405982768Z	63	PC: 13148 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:52.412572648Z	66	PC: 13173 \| Move file pointer
2018-12-17T22:50:52.414386576Z	64	PC: 1317e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:52.422541436Z	66	PC: 13187 \| Move file pointer
2018-12-17T22:50:52.424321379Z	64	PC: 13196 \| Write file or device (Write 11 bytes on handle 5)
2018-12-17T22:50:52.42718027Z	44	PC: 1319a \| Get time 0x1319a: push ds 0x1319b: mov cx, 0x383 0x1319e: mov si, 0x8a 0x131a1: mov word ptr es:[0x23], dx 0x131a6: xor word ptr es:[si], dx 0x131a9: inc si 0x131aa: sub dx, 0xdead 0x131ae: inc si 0x131af: loop 0x131a6 0x131b1: push bx 0x131b2: xor ax, ax 0x131b4: mov al, byte ptr [bp + 0x3b0] 0x131b8: mov bl, 3 0x131ba: mul bl 0x131bc: add ax, 3 0x131bf: mov word ptr [bp + 0x3b1], ax 0x131c3: lea si, word ptr [bp + 0x2ac] 0x131c7: xor di, di 0x131c9: movsb byte ptr es:[di], byte ptr [si] 0x131ca: mov bx, word ptr [bp + 0x27e]
2018-12-17T22:50:52.44224945Z	64	PC: 13236 \| Write file or device (Write 34 bytes on handle 5)
2018-12-17T22:50:52.446902832Z	64	PC: 13242 \| Write file or device (Write 1862 bytes on handle 5)
2018-12-17T22:50:52.458113894Z	87	PC: 13257 \| Get or set file date and time
2018-12-17T22:50:52.460763361Z	62	PC: 1325b \| Close file
2018-12-17T22:50:52.469862705Z	37	PC: 12ebc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:52.471188876Z	73	PC: 13264 \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10365,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:51.585097136Z	53	PC: 12ec5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:51.587782457Z	37	PC: 12ed8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:51.589222466Z	73	PC: 12d13 \| Release memory
2018-12-25T12:27:51.590819318Z	72	PC: 12d1b \| Allocate memory
2018-12-25T12:27:51.593529721Z	74	PC: 12d24 \| Reallocate memory
2018-12-25T12:27:51.595551585Z	72	PC: 12d2c \| Allocate memory
2018-12-25T12:27:51.597563523Z	44	PC: 12d3f \| Get time 0x12d3f: cmp dh, 0x22 0x12d42: jne 0x12d47 0x12d44: call 0x12e65 0x12d47: push es 0x12d48: call 0x12f8c 0x12d4b: pop es 0x12d4c: call 0x13088 0x12d4f: lea si, word ptr [bp + 0x3a0] 0x12d53: mov ax, dx 0x12d55: xor bx, bx 0x12d57: call 0x12e8f 0x12d5a: xor ax, 0x1234 0x12d5d: call 0x12e8f 0x12d60: mov ax, word ptr [si] 0x12d62: xor ah, ah 0x12d64: mov bl, 2 0x12d66: div bl 0x12d68: xor ah, ah 0x12d6a: mov byte ptr [bp + 0x3af], al 0x12d6e: push si
2018-12-25T12:27:51.601151112Z	26	PC: 130a9 \| Set disk transfer address
2018-12-25T12:27:51.603020404Z	78	PC: 130b2 \| Find first file
2018-12-25T12:27:51.610389402Z	67	PC: 1311d \| Get or set file attributes
2018-12-25T12:27:51.625535352Z	61	PC: 1312e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:51.632803024Z	66	PC: 1313d \| Move file pointer
2018-12-25T12:27:51.640848633Z	63	PC: 13148 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:51.647547559Z	66	PC: 13173 \| Move file pointer
2018-12-25T12:27:51.650310107Z	64	PC: 1317e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:51.653199576Z	66	PC: 13187 \| Move file pointer
2018-12-25T12:27:51.654866183Z	64	PC: 13196 \| Write file or device (Write 33 bytes on handle 5)
2018-12-25T12:27:51.65877479Z	44	PC: 1319a \| Get time 0x1319a: push ds 0x1319b: mov cx, 0x383 0x1319e: mov si, 0x8a 0x131a1: mov word ptr es:[0x23], dx 0x131a6: xor word ptr es:[si], dx 0x131a9: inc si 0x131aa: sub dx, 0xdead 0x131ae: inc si 0x131af: loop 0x131a6 0x131b1: push bx 0x131b2: xor ax, ax 0x131b4: mov al, byte ptr [bp + 0x3b0] 0x131b8: mov bl, 3 0x131ba: mul bl 0x131bc: add ax, 3 0x131bf: mov word ptr [bp + 0x3b1], ax 0x131c3: lea si, word ptr [bp + 0x2ac] 0x131c7: xor di, di 0x131c9: movsb byte ptr es:[di], byte ptr [si] 0x131ca: mov bx, word ptr [bp + 0x27e]
2018-12-25T12:27:51.663067539Z	64	PC: 13236 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:27:51.666345563Z	64	PC: 13242 \| Write file or device (Write 1862 bytes on handle 5)
2018-12-25T12:27:51.680612099Z	87	PC: 13257 \| Get or set file date and time
2018-12-25T12:27:51.682317927Z	62	PC: 1325b \| Close file
2018-12-25T12:27:51.690293124Z	37	PC: 12ebc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:51.692012963Z	73	PC: 13264 \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":10365,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:51.618857628Z	53	PC: 12ec5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:51.621362578Z	37	PC: 12ed8 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:51.622886393Z	73	PC: 12d13 \| Release memory
2018-12-25T12:27:51.624477213Z	72	PC: 12d1b \| Allocate memory
2018-12-25T12:27:51.627382367Z	74	PC: 12d24 \| Reallocate memory
2018-12-25T12:27:51.63146705Z	72	PC: 12d2c \| Allocate memory
2018-12-25T12:27:51.633208646Z	44	PC: 12d3f \| Get time 0x12d3f: cmp dh, 0x22 0x12d42: jne 0x12d47 0x12d44: call 0x12e65 0x12d47: push es 0x12d48: call 0x12f8c 0x12d4b: pop es 0x12d4c: call 0x13088 0x12d4f: lea si, word ptr [bp + 0x3a0] 0x12d53: mov ax, dx 0x12d55: xor bx, bx 0x12d57: call 0x12e8f 0x12d5a: xor ax, 0x1234 0x12d5d: call 0x12e8f 0x12d60: mov ax, word ptr [si] 0x12d62: xor ah, ah 0x12d64: mov bl, 2 0x12d66: div bl 0x12d68: xor ah, ah 0x12d6a: mov byte ptr [bp + 0x3af], al 0x12d6e: push si
2018-12-25T12:27:51.636327651Z	26	PC: 130a9 \| Set disk transfer address
2018-12-25T12:27:51.637722804Z	78	PC: 130b2 \| Find first file
2018-12-25T12:27:51.643756944Z	67	PC: 1311d \| Get or set file attributes
2018-12-25T12:27:51.659695972Z	61	PC: 1312e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:51.667666593Z	66	PC: 1313d \| Move file pointer
2018-12-25T12:27:51.669069566Z	63	PC: 13148 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:51.677797802Z	66	PC: 13173 \| Move file pointer
2018-12-25T12:27:51.681291861Z	64	PC: 1317e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:51.685162708Z	66	PC: 13187 \| Move file pointer
2018-12-25T12:27:51.686875368Z	64	PC: 13196 \| Write file or device (Write 65 bytes on handle 5)
2018-12-25T12:27:51.691510715Z	44	PC: 1319a \| Get time 0x1319a: push ds 0x1319b: mov cx, 0x383 0x1319e: mov si, 0x8a 0x131a1: mov word ptr es:[0x23], dx 0x131a6: xor word ptr es:[si], dx 0x131a9: inc si 0x131aa: sub dx, 0xdead 0x131ae: inc si 0x131af: loop 0x131a6 0x131b1: push bx 0x131b2: xor ax, ax 0x131b4: mov al, byte ptr [bp + 0x3b0] 0x131b8: mov bl, 3 0x131ba: mul bl 0x131bc: add ax, 3 0x131bf: mov word ptr [bp + 0x3b1], ax 0x131c3: lea si, word ptr [bp + 0x2ac] 0x131c7: xor di, di 0x131c9: movsb byte ptr es:[di], byte ptr [si] 0x131ca: mov bx, word ptr [bp + 0x27e]
2018-12-25T12:27:51.695155417Z	64	PC: 13236 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:27:51.698035304Z	64	PC: 13242 \| Write file or device (Write 1862 bytes on handle 5)
2018-12-25T12:27:51.707119863Z	87	PC: 13257 \| Get or set file date and time
2018-12-25T12:27:51.708923808Z	62	PC: 1325b \| Close file
2018-12-25T12:27:51.71841287Z	37	PC: 12ebc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:51.720505716Z	73	PC: 13264 \| Release memory