Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1870

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:24.367612445Z 53 PC: 12f6b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:24.369624057Z 37 PC: 12f7e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:24.371098953Z 73 PC: 12daa | Release memory
2018-12-17T22:54:24.372436664Z 72 PC: 12db7 | Allocate memory
2018-12-17T22:54:24.3743025Z 74 PC: 12dc5 | Reallocate memory
2018-12-17T22:54:24.376415858Z 72 PC: 12dcd | Allocate memory
2018-12-17T22:54:24.37806933Z 44 PC: 12de5 | Get time 0x12de5: cmp dh, 0x22
0x12de8: jne 0x12ded
0x12dea: call 0x12f0b
0x12ded: push es
0x12dee: call 0x13031
0x12df1: pop es
0x12df2: call 0x1312d
0x12df5: lea si, word ptr [bp + 0x39e]
0x12df9: mov ax, dx
0x12dfb: xor bx, bx
0x12dfd: call 0x12f35
0x12e00: xor ax, 0x1234
0x12e03: call 0x12f35
0x12e06: mov ax, word ptr [si]
0x12e08: xor ah, ah
0x12e0a: mov bl, 2
0x12e0c: div bl
0x12e0e: xor ah, ah
0x12e10: mov byte ptr [bp + 0x3ad], al
0x12e14: push si
2018-12-17T22:54:24.381418412Z 26 PC: 1314e | Set disk transfer address
2018-12-17T22:54:24.383480513Z 78 PC: 13157 | Find first file
2018-12-17T22:54:24.390906477Z 67 PC: 131c0 | Get or set file attributes
2018-12-17T22:54:24.408250107Z 61 PC: 131d1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:24.415912187Z 66 PC: 131e0 | Move file pointer
2018-12-17T22:54:24.417497539Z 63 PC: 131eb | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:54:24.425153134Z 66 PC: 13215 | Move file pointer
2018-12-17T22:54:24.427013123Z 64 PC: 13220 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:54:24.43007351Z 66 PC: 13229 | Move file pointer
2018-12-17T22:54:24.431400398Z 64 PC: 13238 | Write file or device (Write 14 bytes on handle 5)
2018-12-17T22:54:24.434398369Z 44 PC: 1323c | Get time 0x1323c: push ds
0x1323d: mov cx, 0x387
0x13240: mov si, 0x8a
0x13243: mov word ptr es:[0x23], dx
0x13248: xor word ptr es:[si], dx
0x1324b: inc si
0x1324c: sub dx, 0xdead
0x13250: inc si
0x13251: loop 0x13248
0x13253: push bx
0x13254: xor ax, ax
0x13256: mov al, byte ptr [bp + 0x3ae]
0x1325a: mov bl, 3
0x1325c: mul bl
0x1325e: add ax, 3
0x13261: mov word ptr [bp + 0x3af], ax
0x13265: lea si, word ptr [bp + 0x2aa]
0x13269: xor di, di
0x1326b: movsb byte ptr es:[di], byte ptr [si]
0x1326c: mov bx, word ptr [bp + 0x27c]
2018-12-17T22:54:24.441113822Z 64 PC: 132d9 | Write file or device (Write 34 bytes on handle 5)
2018-12-17T22:54:24.44387785Z 64 PC: 132e4 | Write file or device (Write 1871 bytes on handle 5)
2018-12-17T22:54:24.452992677Z 87 PC: 132f9 | Get or set file date and time
2018-12-17T22:54:24.454995862Z 62 PC: 132fd | Close file
2018-12-17T22:54:24.464000574Z 37 PC: 12f62 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:24.465301891Z 73 PC: 13306 | Release memory
2018-12-17T22:54:24.467350244Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11544,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:50.008050826Z 53 PC: 12f6b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:50.010370824Z 37 PC: 12f7e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:50.012034064Z 73 PC: 12daa | Release memory
2018-12-25T12:30:50.013910017Z 72 PC: 12db7 | Allocate memory
2018-12-25T12:30:50.016429488Z 74 PC: 12dc5 | Reallocate memory
2018-12-25T12:30:50.018523272Z 72 PC: 12dcd | Allocate memory
2018-12-25T12:30:50.020411491Z 44 PC: 12de5 | Get time 0x12de5: cmp dh, 0x22
0x12de8: jne 0x12ded
0x12dea: call 0x12f0b
0x12ded: push es
0x12dee: call 0x13031
0x12df1: pop es
0x12df2: call 0x1312d
0x12df5: lea si, word ptr [bp + 0x39e]
0x12df9: mov ax, dx
0x12dfb: xor bx, bx
0x12dfd: call 0x12f35
0x12e00: xor ax, 0x1234
0x12e03: call 0x12f35
0x12e06: mov ax, word ptr [si]
0x12e08: xor ah, ah
0x12e0a: mov bl, 2
0x12e0c: div bl
0x12e0e: xor ah, ah
0x12e10: mov byte ptr [bp + 0x3ad], al
0x12e14: push si
2018-12-25T12:30:50.023955892Z 26 PC: 1314e | Set disk transfer address
2018-12-25T12:30:50.027024156Z 78 PC: 13157 | Find first file
2018-12-25T12:30:50.034189138Z 67 PC: 131c0 | Get or set file attributes
2018-12-25T12:30:50.060514554Z 61 PC: 131d1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:50.068393617Z 66 PC: 131e0 | Move file pointer
2018-12-25T12:30:50.070223495Z 63 PC: 131eb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:50.077912876Z 66 PC: 13215 | Move file pointer
2018-12-25T12:30:50.080649597Z 64 PC: 13220 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:50.083984465Z 66 PC: 13229 | Move file pointer
2018-12-25T12:30:50.085717897Z 64 PC: 13238 | Write file or device (Write 39 bytes on handle 5)
2018-12-25T12:30:50.090198058Z 44 PC: 1323c | Get time 0x1323c: push ds
0x1323d: mov cx, 0x387
0x13240: mov si, 0x8a
0x13243: mov word ptr es:[0x23], dx
0x13248: xor word ptr es:[si], dx
0x1324b: inc si
0x1324c: sub dx, 0xdead
0x13250: inc si
0x13251: loop 0x13248
0x13253: push bx
0x13254: xor ax, ax
0x13256: mov al, byte ptr [bp + 0x3ae]
0x1325a: mov bl, 3
0x1325c: mul bl
0x1325e: add ax, 3
0x13261: mov word ptr [bp + 0x3af], ax
0x13265: lea si, word ptr [bp + 0x2aa]
0x13269: xor di, di
0x1326b: movsb byte ptr es:[di], byte ptr [si]
0x1326c: mov bx, word ptr [bp + 0x27c]
2018-12-25T12:30:50.095804404Z 64 PC: 132d9 | Write file or device (Write 25 bytes on handle 5)
2018-12-25T12:30:50.098660256Z 64 PC: 132e4 | Write file or device (Write 1871 bytes on handle 5)
2018-12-25T12:30:50.108041925Z 87 PC: 132f9 | Get or set file date and time
2018-12-25T12:30:50.10988704Z 62 PC: 132fd | Close file
2018-12-25T12:30:50.119083293Z 37 PC: 12f62 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:50.120641614Z 73 PC: 13306 | Release memory
2018-12-25T12:30:50.122930783Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":11544,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:50.287189001Z 53 PC: 12f6b | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:50.289475831Z 37 PC: 12f7e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:50.290675209Z 73 PC: 12daa | Release memory
2018-12-25T12:30:50.292008481Z 72 PC: 12db7 | Allocate memory
2018-12-25T12:30:50.298513232Z 74 PC: 12dc5 | Reallocate memory
2018-12-25T12:30:50.29977271Z 72 PC: 12dcd | Allocate memory
2018-12-25T12:30:50.301174496Z 44 PC: 12de5 | Get time 0x12de5: cmp dh, 0x22
0x12de8: jne 0x12ded
0x12dea: call 0x12f0b
0x12ded: push es
0x12dee: call 0x13031
0x12df1: pop es
0x12df2: call 0x1312d
0x12df5: lea si, word ptr [bp + 0x39e]
0x12df9: mov ax, dx
0x12dfb: xor bx, bx
0x12dfd: call 0x12f35
0x12e00: xor ax, 0x1234
0x12e03: call 0x12f35
0x12e06: mov ax, word ptr [si]
0x12e08: xor ah, ah
0x12e0a: mov bl, 2
0x12e0c: div bl
0x12e0e: xor ah, ah
0x12e10: mov byte ptr [bp + 0x3ad], al
0x12e14: push si
2018-12-25T12:30:50.304419845Z 26 PC: 1314e | Set disk transfer address
2018-12-25T12:30:50.305680625Z 78 PC: 13157 | Find first file
2018-12-25T12:30:50.311506509Z 67 PC: 131c0 | Get or set file attributes
2018-12-25T12:30:50.32691842Z 61 PC: 131d1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:50.334409686Z 66 PC: 131e0 | Move file pointer
2018-12-25T12:30:50.335689527Z 63 PC: 131eb | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:50.341879767Z 66 PC: 13215 | Move file pointer
2018-12-25T12:30:50.343673271Z 64 PC: 13220 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:50.345982304Z 66 PC: 13229 | Move file pointer
2018-12-25T12:30:50.347127925Z 64 PC: 13238 | Write file or device (Write 71 bytes on handle 5)
2018-12-25T12:30:50.350849894Z 44 PC: 1323c | Get time 0x1323c: push ds
0x1323d: mov cx, 0x387
0x13240: mov si, 0x8a
0x13243: mov word ptr es:[0x23], dx
0x13248: xor word ptr es:[si], dx
0x1324b: inc si
0x1324c: sub dx, 0xdead
0x13250: inc si
0x13251: loop 0x13248
0x13253: push bx
0x13254: xor ax, ax
0x13256: mov al, byte ptr [bp + 0x3ae]
0x1325a: mov bl, 3
0x1325c: mul bl
0x1325e: add ax, 3
0x13261: mov word ptr [bp + 0x3af], ax
0x13265: lea si, word ptr [bp + 0x2aa]
0x13269: xor di, di
0x1326b: movsb byte ptr es:[di], byte ptr [si]
0x1326c: mov bx, word ptr [bp + 0x27c]
2018-12-25T12:30:50.356387205Z 64 PC: 132d9 | Write file or device (Write 25 bytes on handle 5)
2018-12-25T12:30:50.35926892Z 64 PC: 132e4 | Write file or device (Write 1871 bytes on handle 5)
2018-12-25T12:30:50.368453565Z 87 PC: 132f9 | Get or set file date and time
2018-12-25T12:30:50.370182718Z 62 PC: 132fd | Close file
2018-12-25T12:30:50.377984627Z 37 PC: 12f62 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:50.380360115Z 73 PC: 13306 | Release memory
2018-12-25T12:30:50.381628336Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')