Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1683

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:02.482901251Z 53 PC: 12f15 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:02.486765848Z 37 PC: 12f28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:02.488915109Z 73 PC: 12d63 | Release memory
2018-12-17T23:06:02.492776429Z 72 PC: 12d6b | Allocate memory
2018-12-17T23:06:02.498432423Z 74 PC: 12d74 | Reallocate memory
2018-12-17T23:06:02.501673697Z 72 PC: 12d7c | Allocate memory
2018-12-17T23:06:02.503764529Z 44 PC: 12d8f | Get time 0x12d8f: cmp dh, 0x22
0x12d92: jne 0x12d97
0x12d94: call 0x12eb5
0x12d97: push es
0x12d98: call 0x12fdb
0x12d9b: pop es
0x12d9c: call 0x130d7
0x12d9f: lea si, word ptr [bp + 0x2f0]
0x12da3: mov ax, dx
0x12da5: xor bx, bx
0x12da7: call 0x12edf
0x12daa: xor ax, 0x1234
0x12dad: call 0x12edf
0x12db0: mov ax, word ptr [si]
0x12db2: xor ah, ah
0x12db4: mov bl, 2
0x12db6: div bl
0x12db8: xor ah, ah
0x12dba: mov byte ptr [bp + 0x2ff], al
0x12dbe: push si
2018-12-17T23:06:02.508024077Z 26 PC: 130f8 | Set disk transfer address
2018-12-17T23:06:02.510096905Z 78 PC: 13101 | Find first file
2018-12-17T23:06:02.515361133Z 67 PC: 1316a | Get or set file attributes
2018-12-17T23:06:02.520257919Z 61 PC: 1317b | Open file (Filename = 'A*c}����f��;o\�}�h��7>Q5Z��XC/X�;QC@�a�5�����>�9�Z'|��ݾ �s������W�0�QPr����)֜��":�\�};�n���r� ')
2018-12-17T23:06:02.528006188Z 37 PC: 12f0c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:02.533289672Z 73 PC: 132b1 | Release memory
2018-12-17T23:06:02.548161704Z 76 PC: 0 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15402,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:18.651299629Z 53 PC: 12f15 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:18.653257609Z 37 PC: 12f28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:18.655060461Z 73 PC: 12d63 | Release memory
2018-12-25T12:43:18.65629101Z 72 PC: 12d6b | Allocate memory
2018-12-25T12:43:18.657979884Z 74 PC: 12d74 | Reallocate memory
2018-12-25T12:43:18.660910733Z 72 PC: 12d7c | Allocate memory
2018-12-25T12:43:18.663198782Z 44 PC: 12d8f | Get time 0x12d8f: cmp dh, 0x22
0x12d92: jne 0x12d97
0x12d94: call 0x12eb5
0x12d97: push es
0x12d98: call 0x12fdb
0x12d9b: pop es
0x12d9c: call 0x130d7
0x12d9f: lea si, word ptr [bp + 0x2f0]
0x12da3: mov ax, dx
0x12da5: xor bx, bx
0x12da7: call 0x12edf
0x12daa: xor ax, 0x1234
0x12dad: call 0x12edf
0x12db0: mov ax, word ptr [si]
0x12db2: xor ah, ah
0x12db4: mov bl, 2
0x12db6: div bl
0x12db8: xor ah, ah
0x12dba: mov byte ptr [bp + 0x2ff], al
0x12dbe: push si
2018-12-25T12:43:18.666384478Z 26 PC: 130f8 | Set disk transfer address
2018-12-25T12:43:18.668445798Z 78 PC: 13101 | Find first file
2018-12-25T12:43:18.672741102Z 67 PC: 1316a | Get or set file attributes
2018-12-25T12:43:18.676559646Z 61 PC: 1317b | Open file (Filename = 'A*c}����f��;o\�}�h��4Q5 Z��C,�QF@�a�5�����>�9�Z'|��ݾ �s������W�0�QPr����)֜��":�\�};�n���r�')
2018-12-25T12:43:18.681782511Z 37 PC: 12f0c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:18.683368664Z 73 PC: 132b1 | Release memory
2018-12-25T12:43:18.688852962Z 76 PC: 0 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":15402,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:19.010109499Z 53 PC: 12f15 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:19.011495856Z 37 PC: 12f28 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:19.013389961Z 73 PC: 12d63 | Release memory
2018-12-25T12:43:19.015191782Z 72 PC: 12d6b | Allocate memory
2018-12-25T12:43:19.017477069Z 74 PC: 12d74 | Reallocate memory
2018-12-25T12:43:19.01985169Z 72 PC: 12d7c | Allocate memory
2018-12-25T12:43:19.021982537Z 44 PC: 12d8f | Get time 0x12d8f: cmp dh, 0x22
0x12d92: jne 0x12d97
0x12d94: call 0x12eb5
0x12d97: push es
0x12d98: call 0x12fdb
0x12d9b: pop es
0x12d9c: call 0x130d7
0x12d9f: lea si, word ptr [bp + 0x2f0]
0x12da3: mov ax, dx
0x12da5: xor bx, bx
0x12da7: call 0x12edf
0x12daa: xor ax, 0x1234
0x12dad: call 0x12edf
0x12db0: mov ax, word ptr [si]
0x12db2: xor ah, ah
0x12db4: mov bl, 2
0x12db6: div bl
0x12db8: xor ah, ah
0x12dba: mov byte ptr [bp + 0x2ff], al
0x12dbe: push si
2018-12-25T12:43:19.025729123Z 26 PC: 130f8 | Set disk transfer address
2018-12-25T12:43:19.028224829Z 78 PC: 13101 | Find first file
2018-12-25T12:43:19.040703731Z 67 PC: 1316a | Get or set file attributes
2018-12-25T12:43:19.045580475Z 61 PC: 1317b | Open file (Filename = 'A*c}����f��;o\�}�h��4Q$5 $Z��=C,=�QF@�a�5�����>�9�Z'|��ݾ �s������W�0�QPr����)֜��":�\�};�n���r�  �j�����"?ّ�ڥ���f�p��Q2F��L�)4z��OT�׺� ����&��f�RF���F��Z��U\?t ��"u������')
2018-12-25T12:43:19.051394297Z 37 PC: 12f0c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:19.053268374Z 73 PC: 132b1 | Release memory
2018-12-25T12:43:19.060195206Z 76 PC: 0 | Terminate with return code (Return code = '0')