Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1705

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:02.964828803Z	53	PC: 12e26 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:02.970966167Z	37	PC: 12e39 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:02.972800011Z	73	PC: 12c65 \| Release memory
2018-12-17T23:02:02.975360569Z	72	PC: 12c72 \| Allocate memory
2018-12-17T23:02:02.977784491Z	74	PC: 12c80 \| Reallocate memory
2018-12-17T23:02:02.981369366Z	72	PC: 12c88 \| Allocate memory
2018-12-17T23:02:02.982802957Z	44	PC: 12ca0 \| Get time 0x12ca0: cmp dh, 0x22 0x12ca3: jne 0x12ca8 0x12ca5: call 0x12dc6 0x12ca8: push es 0x12ca9: call 0x12eed 0x12cac: pop es 0x12cad: call 0x12fe9 0x12cb0: lea si, word ptr [bp + 0x2f2] 0x12cb4: mov ax, dx 0x12cb6: xor bx, bx 0x12cb8: call 0x12df0 0x12cbb: xor ax, 0x1234 0x12cbe: call 0x12df0 0x12cc1: mov ax, word ptr [si] 0x12cc3: xor ah, ah 0x12cc5: mov bl, 2 0x12cc7: div bl 0x12cc9: xor ah, ah 0x12ccb: mov byte ptr [bp + 0x301], al 0x12ccf: push si
2018-12-17T23:02:02.984797567Z	26	PC: 1300a \| Set disk transfer address
2018-12-17T23:02:02.986564931Z	78	PC: 13013 \| Find first file
2018-12-17T23:02:02.99067085Z	67	PC: 1307e \| Get or set file attributes
2018-12-17T23:02:03.003169753Z	61	PC: 1308f \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:02:03.007835094Z	66	PC: 1309e \| Move file pointer
2018-12-17T23:02:03.008990349Z	63	PC: 130a9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:02:03.014530328Z	66	PC: 130d4 \| Move file pointer
2018-12-17T23:02:03.016767963Z	64	PC: 130df \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:03.018907125Z	66	PC: 130e9 \| Move file pointer
2018-12-17T23:02:03.019961143Z	64	PC: 130f8 \| Write file or device (Write 186 bytes on handle 5)
2018-12-17T23:02:03.025514698Z	44	PC: 130fc \| Get time 0x130fc: push ds 0x130fd: mov cx, 0x334 0x13100: mov si, 0x8a 0x13103: mov word ptr es:[0x23], dx 0x13108: xor word ptr es:[si], dx 0x1310b: inc si 0x1310c: sub dx, 0xdead 0x13110: inc si 0x13111: loop 0x13108 0x13113: push bx 0x13114: xor ax, ax 0x13116: mov al, byte ptr [bp + 0x302] 0x1311a: mov bl, 3 0x1311c: mul bl 0x1311e: add ax, 3 0x13121: mov word ptr [bp + 0x303], ax 0x13125: lea si, word ptr [bp + 0x2ac] 0x13129: xor di, di 0x1312b: movsb byte ptr es:[di], byte ptr [si] 0x1312c: mov bx, word ptr [bp + 0x27e]
2018-12-17T23:02:03.036217614Z	64	PC: 13199 \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T23:02:03.038194999Z	64	PC: 131a5 \| Write file or device (Write 1705 bytes on handle 5)
2018-12-17T23:02:03.047908533Z	87	PC: 131ba \| Get or set file date and time
2018-12-17T23:02:03.048997472Z	62	PC: 131be \| Close file
2018-12-17T23:02:03.053895836Z	37	PC: 12e1d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:03.05535087Z	73	PC: 131c7 \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14084,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:45.512244528Z	53	PC: 12e26 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:45.513661931Z	37	PC: 12e39 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:45.5148921Z	73	PC: 12c65 \| Release memory
2018-12-25T12:39:45.515993Z	72	PC: 12c72 \| Allocate memory
2018-12-25T12:39:45.517653145Z	74	PC: 12c80 \| Reallocate memory
2018-12-25T12:39:45.519033389Z	72	PC: 12c88 \| Allocate memory
2018-12-25T12:39:45.520457941Z	44	PC: 12ca0 \| Get time 0x12ca0: cmp dh, 0x22 0x12ca3: jne 0x12ca8 0x12ca5: call 0x12dc6 0x12ca8: push es 0x12ca9: call 0x12eed 0x12cac: pop es 0x12cad: call 0x12fe9 0x12cb0: lea si, word ptr [bp + 0x2f2] 0x12cb4: mov ax, dx 0x12cb6: xor bx, bx 0x12cb8: call 0x12df0 0x12cbb: xor ax, 0x1234 0x12cbe: call 0x12df0 0x12cc1: mov ax, word ptr [si] 0x12cc3: xor ah, ah 0x12cc5: mov bl, 2 0x12cc7: div bl 0x12cc9: xor ah, ah 0x12ccb: mov byte ptr [bp + 0x301], al 0x12ccf: push si
2018-12-25T12:39:45.523191941Z	26	PC: 1300a \| Set disk transfer address
2018-12-25T12:39:45.525060952Z	78	PC: 13013 \| Find first file
2018-12-25T12:39:45.530787473Z	67	PC: 1307e \| Get or set file attributes
2018-12-25T12:39:45.701557588Z	61	PC: 1308f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:45.709490893Z	66	PC: 1309e \| Move file pointer
2018-12-25T12:39:45.711335356Z	63	PC: 130a9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:39:45.717957473Z	66	PC: 130d4 \| Move file pointer
2018-12-25T12:39:45.720464104Z	64	PC: 130df \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:39:45.724547279Z	66	PC: 130e9 \| Move file pointer
2018-12-25T12:39:45.726928141Z	64	PC: 130f8 \| Write file or device (Write 33 bytes on handle 5)
2018-12-25T12:39:45.730229002Z	44	PC: 130fc \| Get time 0x130fc: push ds 0x130fd: mov cx, 0x334 0x13100: mov si, 0x8a 0x13103: mov word ptr es:[0x23], dx 0x13108: xor word ptr es:[si], dx 0x1310b: inc si 0x1310c: sub dx, 0xdead 0x13110: inc si 0x13111: loop 0x13108 0x13113: push bx 0x13114: xor ax, ax 0x13116: mov al, byte ptr [bp + 0x302] 0x1311a: mov bl, 3 0x1311c: mul bl 0x1311e: add ax, 3 0x13121: mov word ptr [bp + 0x303], ax 0x13125: lea si, word ptr [bp + 0x2ac] 0x13129: xor di, di 0x1312b: movsb byte ptr es:[di], byte ptr [si] 0x1312c: mov bx, word ptr [bp + 0x27e]
2018-12-25T12:39:45.734654189Z	64	PC: 13199 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:39:45.737580536Z	64	PC: 131a5 \| Write file or device (Write 1705 bytes on handle 5)
2018-12-25T12:39:45.746221668Z	87	PC: 131ba \| Get or set file date and time
2018-12-25T12:39:45.748643144Z	62	PC: 131be \| Close file
2018-12-25T12:39:45.756510663Z	37	PC: 12e1d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:45.75839825Z	73	PC: 131c7 \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":14084,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:45.640260156Z	53	PC: 12e26 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:45.64153832Z	37	PC: 12e39 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:45.643144227Z	73	PC: 12c65 \| Release memory
2018-12-25T12:39:45.644456081Z	72	PC: 12c72 \| Allocate memory
2018-12-25T12:39:45.646201824Z	74	PC: 12c80 \| Reallocate memory
2018-12-25T12:39:45.64774128Z	72	PC: 12c88 \| Allocate memory
2018-12-25T12:39:45.649336462Z	44	PC: 12ca0 \| Get time 0x12ca0: cmp dh, 0x22 0x12ca3: jne 0x12ca8 0x12ca5: call 0x12dc6 0x12ca8: push es 0x12ca9: call 0x12eed 0x12cac: pop es 0x12cad: call 0x12fe9 0x12cb0: lea si, word ptr [bp + 0x2f2] 0x12cb4: mov ax, dx 0x12cb6: xor bx, bx 0x12cb8: call 0x12df0 0x12cbb: xor ax, 0x1234 0x12cbe: call 0x12df0 0x12cc1: mov ax, word ptr [si] 0x12cc3: xor ah, ah 0x12cc5: mov bl, 2 0x12cc7: div bl 0x12cc9: xor ah, ah 0x12ccb: mov byte ptr [bp + 0x301], al 0x12ccf: push si
2018-12-25T12:39:45.652419344Z	26	PC: 1300a \| Set disk transfer address
2018-12-25T12:39:45.654404737Z	78	PC: 13013 \| Find first file
2018-12-25T12:39:45.661193442Z	67	PC: 1307e \| Get or set file attributes
2018-12-25T12:39:45.699081386Z	61	PC: 1308f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:45.707759184Z	66	PC: 1309e \| Move file pointer
2018-12-25T12:39:45.709316613Z	63	PC: 130a9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:39:45.716921569Z	66	PC: 130d4 \| Move file pointer
2018-12-25T12:39:45.718715Z	64	PC: 130df \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:39:45.721656159Z	66	PC: 130e9 \| Move file pointer
2018-12-25T12:39:45.723097768Z	64	PC: 130f8 \| Write file or device (Write 65 bytes on handle 5)
2018-12-25T12:39:45.726436533Z	44	PC: 130fc \| Get time 0x130fc: push ds 0x130fd: mov cx, 0x334 0x13100: mov si, 0x8a 0x13103: mov word ptr es:[0x23], dx 0x13108: xor word ptr es:[si], dx 0x1310b: inc si 0x1310c: sub dx, 0xdead 0x13110: inc si 0x13111: loop 0x13108 0x13113: push bx 0x13114: xor ax, ax 0x13116: mov al, byte ptr [bp + 0x302] 0x1311a: mov bl, 3 0x1311c: mul bl 0x1311e: add ax, 3 0x13121: mov word ptr [bp + 0x303], ax 0x13125: lea si, word ptr [bp + 0x2ac] 0x13129: xor di, di 0x1312b: movsb byte ptr es:[di], byte ptr [si] 0x1312c: mov bx, word ptr [bp + 0x27e]
2018-12-25T12:39:45.732565818Z	64	PC: 13199 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:39:45.735401266Z	64	PC: 131a5 \| Write file or device (Write 1705 bytes on handle 5)
2018-12-25T12:39:45.744842754Z	87	PC: 131ba \| Get or set file date and time
2018-12-25T12:39:45.74652288Z	62	PC: 131be \| Close file
2018-12-25T12:39:45.754546556Z	37	PC: 12e1d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:45.755729938Z	73	PC: 131c7 \| Release memory