Sample viewer

vx.netlux.org/Virus.DOS.Seeg.2025

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:59.382222021Z	53	PC: 12f19 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:59.384973625Z	37	PC: 12f2c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:59.387551092Z	73	PC: 12d16 \| Release memory
2018-12-17T23:08:59.390208881Z	72	PC: 12d23 \| Allocate memory
2018-12-17T23:08:59.393108845Z	74	PC: 12d31 \| Reallocate memory
2018-12-17T23:08:59.396168869Z	72	PC: 12d39 \| Allocate memory
2018-12-17T23:08:59.398985915Z	44	PC: 12d51 \| Get time 0x12d51: cmp dh, 0x22 0x12d54: jne 0x12d5c 0x12d56: nop 0x12d57: nop 0x12d58: nop 0x12d59: call 0x12eb0 0x12d5c: push es 0x12d5d: call 0x12fe3 0x12d60: pop es 0x12d61: call 0x1311c 0x12d64: lea si, word ptr [bp + 0x3a3] 0x12d68: mov ax, dx 0x12d6a: xor bx, bx 0x12d6c: call 0x12ee6 0x12d6f: xor ax, 0x1234 0x12d72: call 0x12ee6 0x12d75: mov ax, word ptr [si] 0x12d77: xor ah, ah 0x12d79: mov bl, 2 0x12d7b: div bl
2018-12-17T23:08:59.402803425Z	26	PC: 1313d \| Set disk transfer address
2018-12-17T23:08:59.404719811Z	78	PC: 13146 \| Find first file
2018-12-17T23:08:59.412995297Z	67	PC: 131bd \| Get or set file attributes
2018-12-17T23:08:59.431520073Z	61	PC: 131ce \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:08:59.439327147Z	66	PC: 131e0 \| Move file pointer
2018-12-17T23:08:59.441576611Z	63	PC: 131eb \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:59.448721452Z	66	PC: 13217 \| Move file pointer
2018-12-17T23:08:59.451154151Z	64	PC: 13222 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:08:59.454417129Z	66	PC: 1322a \| Move file pointer
2018-12-17T23:08:59.45614849Z	64	PC: 13239 \| Write file or device (Write 122 bytes on handle 5)
2018-12-17T23:08:59.464973562Z	44	PC: 1323d \| Get time 0x1323d: push ds 0x1323e: mov cx, 0x3d4 0x13241: mov si, 0x8a 0x13244: mov word ptr es:[0x23], dx 0x13249: xor word ptr es:[si], dx 0x1324c: inc si 0x1324d: sub dx, 0xdead 0x13251: inc si 0x13252: loop 0x13249 0x13254: push bx 0x13255: xor ax, ax 0x13257: mov al, byte ptr [bp + 0x3b3] 0x1325b: mov bl, 3 0x1325d: mul bl 0x1325f: add ax, 3 0x13262: mov word ptr [bp + 0x3b4], ax 0x13266: lea si, word ptr [bp + 0x2af] 0x1326a: xor di, di 0x1326c: movsb byte ptr es:[di], byte ptr [si] 0x1326d: mov bx, word ptr [bp + 0x281]

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16378,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:09:44.077123904Z	53	PC: 12f19 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:09:44.078934415Z	37	PC: 12f2c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:09:44.080418791Z	73	PC: 12d16 \| Release memory
2018-12-25T13:09:44.082093874Z	72	PC: 12d23 \| Allocate memory
2018-12-25T13:09:44.085550719Z	74	PC: 12d31 \| Reallocate memory
2018-12-25T13:09:44.08708501Z	72	PC: 12d39 \| Allocate memory
2018-12-25T13:09:44.088812804Z	44	PC: 12d51 \| Get time 0x12d51: cmp dh, 0x22 0x12d54: jne 0x12d5c 0x12d56: nop 0x12d57: nop 0x12d58: nop 0x12d59: call 0x12eb0 0x12d5c: push es 0x12d5d: call 0x12fe3 0x12d60: pop es 0x12d61: call 0x1311c 0x12d64: lea si, word ptr [bp + 0x3a3] 0x12d68: mov ax, dx 0x12d6a: xor bx, bx 0x12d6c: call 0x12ee6 0x12d6f: xor ax, 0x1234 0x12d72: call 0x12ee6 0x12d75: mov ax, word ptr [si] 0x12d77: xor ah, ah 0x12d79: mov bl, 2 0x12d7b: div bl
2018-12-25T13:09:44.092450459Z	26	PC: 1313d \| Set disk transfer address
2018-12-25T13:09:44.093794722Z	78	PC: 13146 \| Find first file
2018-12-25T13:09:44.100417066Z	67	PC: 131bd \| Get or set file attributes
2018-12-25T13:09:44.117732647Z	61	PC: 131ce \| Open file (Filename = 'SLEEP.COM')
2018-12-25T13:09:44.125749733Z	66	PC: 131e0 \| Move file pointer
2018-12-25T13:09:44.127622239Z	63	PC: 131eb \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T13:09:44.139028876Z	66	PC: 13217 \| Move file pointer
2018-12-25T13:09:44.141498043Z	64	PC: 13222 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T13:09:44.14436862Z	66	PC: 1322a \| Move file pointer
2018-12-25T13:09:44.145703004Z	64	PC: 13239 \| Write file or device (Write 39 bytes on handle 5)
2018-12-25T13:09:44.162200123Z	44	PC: 1323d \| Get time 0x1323d: push ds 0x1323e: mov cx, 0x3d4 0x13241: mov si, 0x8a 0x13244: mov word ptr es:[0x23], dx 0x13249: xor word ptr es:[si], dx 0x1324c: inc si 0x1324d: sub dx, 0xdead 0x13251: inc si 0x13252: loop 0x13249 0x13254: push bx 0x13255: xor ax, ax 0x13257: mov al, byte ptr [bp + 0x3b3] 0x1325b: mov bl, 3 0x1325d: mul bl 0x1325f: add ax, 3 0x13262: mov word ptr [bp + 0x3b4], ax 0x13266: lea si, word ptr [bp + 0x2af] 0x1326a: xor di, di 0x1326c: movsb byte ptr es:[di], byte ptr [si] 0x1326d: mov bx, word ptr [bp + 0x281]

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":16378,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:38.06657655Z	53	PC: 12f19 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:38.068466251Z	37	PC: 12f2c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:38.069467527Z	73	PC: 12d16 \| Release memory
2018-12-25T12:52:38.070540441Z	72	PC: 12d23 \| Allocate memory
2018-12-25T12:52:38.072275356Z	74	PC: 12d31 \| Reallocate memory
2018-12-25T12:52:38.07346304Z	72	PC: 12d39 \| Allocate memory
2018-12-25T12:52:38.074752485Z	44	PC: 12d51 \| Get time 0x12d51: cmp dh, 0x22 0x12d54: jne 0x12d5c 0x12d56: nop 0x12d57: nop 0x12d58: nop 0x12d59: call 0x12eb0 0x12d5c: push es 0x12d5d: call 0x12fe3 0x12d60: pop es 0x12d61: call 0x1311c 0x12d64: lea si, word ptr [bp + 0x3a3] 0x12d68: mov ax, dx 0x12d6a: xor bx, bx 0x12d6c: call 0x12ee6 0x12d6f: xor ax, 0x1234 0x12d72: call 0x12ee6 0x12d75: mov ax, word ptr [si] 0x12d77: xor ah, ah 0x12d79: mov bl, 2 0x12d7b: div bl
2018-12-25T12:52:38.077476144Z	26	PC: 1313d \| Set disk transfer address
2018-12-25T12:52:38.078493108Z	78	PC: 13146 \| Find first file
2018-12-25T12:52:38.084206751Z	67	PC: 131bd \| Get or set file attributes
2018-12-25T12:52:38.099214063Z	61	PC: 131ce \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:52:38.106733495Z	66	PC: 131e0 \| Move file pointer
2018-12-25T12:52:38.107957197Z	63	PC: 131eb \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:52:38.114141387Z	66	PC: 13217 \| Move file pointer
2018-12-25T12:52:38.116260446Z	64	PC: 13222 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:52:38.118933197Z	66	PC: 1322a \| Move file pointer
2018-12-25T12:52:38.120198038Z	64	PC: 13239 \| Write file or device (Write 65 bytes on handle 5)
2018-12-25T12:52:38.123365089Z	44	PC: 1323d \| Get time 0x1323d: push ds 0x1323e: mov cx, 0x3d4 0x13241: mov si, 0x8a 0x13244: mov word ptr es:[0x23], dx 0x13249: xor word ptr es:[si], dx 0x1324c: inc si 0x1324d: sub dx, 0xdead 0x13251: inc si 0x13252: loop 0x13249 0x13254: push bx 0x13255: xor ax, ax 0x13257: mov al, byte ptr [bp + 0x3b3] 0x1325b: mov bl, 3 0x1325d: mul bl 0x1325f: add ax, 3 0x13262: mov word ptr [bp + 0x3b4], ax 0x13266: lea si, word ptr [bp + 0x2af] 0x1326a: xor di, di 0x1326c: movsb byte ptr es:[di], byte ptr [si] 0x1326d: mov bx, word ptr [bp + 0x281]