Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1414

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:32.572076088Z 53 PC: 12f0a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:32.574136153Z 37 PC: 12f1d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:32.575913487Z 73 PC: 12d5e | Release memory
2018-12-17T23:10:32.577702943Z 72 PC: 12d66 | Allocate memory
2018-12-17T23:10:32.579979576Z 74 PC: 12d6e | Reallocate memory
2018-12-17T23:10:32.583077854Z 72 PC: 12d76 | Allocate memory
2018-12-17T23:10:32.585516031Z 44 PC: 12d89 | Get time 0x12d89: cmp dh, 0x22
0x12d8c: jne 0x12d91
0x12d8e: call 0x12eaa
0x12d91: call 0x12fd1
0x12d94: lea si, word ptr [bp + 0x2ed]
0x12d98: mov ax, dx
0x12d9a: xor bx, bx
0x12d9c: call 0x12ed4
0x12d9f: xor ax, 0x1234
0x12da2: call 0x12ed4
0x12da5: mov ax, word ptr [si]
0x12da7: xor ah, ah
0x12da9: mov bl, 2
0x12dab: div bl
0x12dad: xor ah, ah
0x12daf: mov byte ptr [bp + 0x2fc], al
0x12db3: push si
0x12db4: lea si, word ptr [bp + 0x28f]
0x12db8: call 0x12f4b
0x12dbb: pop si
2018-12-17T23:10:32.588680975Z 26 PC: 12ff2 | Set disk transfer address
2018-12-17T23:10:32.591095337Z 78 PC: 12ffe | Find first file
2018-12-17T23:10:32.59858179Z 67 PC: 13069 | Get or set file attributes
2018-12-17T23:10:32.605761687Z 61 PC: 1307a | Open file (Filename = 'A*c}����f��;o\�}�h��5@Q85 8Z��xC-x�=QG@�a�5�����>�9�Z'|��ݾ �s��)4|�W�0�QPr����)֜��":�\�};�n���4�g')
2018-12-17T23:10:32.615216823Z 37 PC: 12f01 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:32.617020046Z 73 PC: 131a3 | Release memory
2018-12-17T23:10:32.626078015Z 76 PC: 0 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16888,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:09.561127015Z 53 PC: 12f0a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.562426755Z 37 PC: 12f1d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.563247398Z 73 PC: 12d5e | Release memory
2018-12-25T12:54:09.564062959Z 72 PC: 12d66 | Allocate memory
2018-12-25T12:54:09.566098575Z 74 PC: 12d6e | Reallocate memory
2018-12-25T12:54:09.567991524Z 72 PC: 12d76 | Allocate memory
2018-12-25T12:54:09.569450832Z 44 PC: 12d89 | Get time 0x12d89: cmp dh, 0x22
0x12d8c: jne 0x12d91
0x12d8e: call 0x12eaa
0x12d91: call 0x12fd1
0x12d94: lea si, word ptr [bp + 0x2ed]
0x12d98: mov ax, dx
0x12d9a: xor bx, bx
0x12d9c: call 0x12ed4
0x12d9f: xor ax, 0x1234
0x12da2: call 0x12ed4
0x12da5: mov ax, word ptr [si]
0x12da7: xor ah, ah
0x12da9: mov bl, 2
0x12dab: div bl
0x12dad: xor ah, ah
0x12daf: mov byte ptr [bp + 0x2fc], al
0x12db3: push si
0x12db4: lea si, word ptr [bp + 0x28f]
0x12db8: call 0x12f4b
0x12dbb: pop si
2018-12-25T12:54:09.572381478Z 26 PC: 12ff2 | Set disk transfer address
2018-12-25T12:54:09.573481918Z 78 PC: 12ffe | Find first file
2018-12-25T12:54:09.577012288Z 67 PC: 13069 | Get or set file attributes
2018-12-25T12:54:09.581106643Z 61 PC: 1307a | Open file (Filename = 'A*c}����f��;o\�}�h��4Q5 Z��C,�QF@�a�5�����>�9�Z'|��ݾ �s��)4|�W�0�QPr����)֜��":�\�};�n���4�g')
2018-12-25T12:54:09.586648194Z 37 PC: 12f01 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.587417131Z 73 PC: 131a3 | Release memory
2018-12-25T12:54:09.590887669Z 76 PC: 0 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":16888,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:09.798613837Z 53 PC: 12f0a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.800242083Z 37 PC: 12f1d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.801092091Z 73 PC: 12d5e | Release memory
2018-12-25T12:54:09.801986962Z 72 PC: 12d66 | Allocate memory
2018-12-25T12:54:09.803715289Z 74 PC: 12d6e | Reallocate memory
2018-12-25T12:54:09.80467244Z 72 PC: 12d76 | Allocate memory
2018-12-25T12:54:09.80586956Z 44 PC: 12d89 | Get time 0x12d89: cmp dh, 0x22
0x12d8c: jne 0x12d91
0x12d8e: call 0x12eaa
0x12d91: call 0x12fd1
0x12d94: lea si, word ptr [bp + 0x2ed]
0x12d98: mov ax, dx
0x12d9a: xor bx, bx
0x12d9c: call 0x12ed4
0x12d9f: xor ax, 0x1234
0x12da2: call 0x12ed4
0x12da5: mov ax, word ptr [si]
0x12da7: xor ah, ah
0x12da9: mov bl, 2
0x12dab: div bl
0x12dad: xor ah, ah
0x12daf: mov byte ptr [bp + 0x2fc], al
0x12db3: push si
0x12db4: lea si, word ptr [bp + 0x28f]
0x12db8: call 0x12f4b
0x12dbb: pop si
2018-12-25T12:54:09.808274434Z 26 PC: 12ff2 | Set disk transfer address
2018-12-25T12:54:09.809118723Z 78 PC: 12ffe | Find first file
2018-12-25T12:54:09.812487028Z 67 PC: 13069 | Get or set file attributes
2018-12-25T12:54:09.815355668Z 61 PC: 1307a | Open file (Filename = 'A*c}����f��;o\�}�h��4Q$5 $Z��2C,2� QF@�a�5�����>�9�Z'|��ݾ �s��)4|�W�0�QPr����)֜��":�\�};�n���4�g ���ƒ�OO�]ቄ�*Eӑ5� Q��MR?�-A�l��2��g��8�Y!�&��f)F���F��Z��R\?t ��"u������')
2018-12-25T12:54:09.819548671Z 37 PC: 12f01 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.820525942Z 73 PC: 131a3 | Release memory
2018-12-25T12:54:09.826011843Z 76 PC: 0 | Terminate with return code (Return code = '0')