Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1414

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:32.572076088Z	53	PC: 12f0a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:32.574136153Z	37	PC: 12f1d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:32.575913487Z	73	PC: 12d5e \| Release memory
2018-12-17T23:10:32.577702943Z	72	PC: 12d66 \| Allocate memory
2018-12-17T23:10:32.579979576Z	74	PC: 12d6e \| Reallocate memory
2018-12-17T23:10:32.583077854Z	72	PC: 12d76 \| Allocate memory
2018-12-17T23:10:32.585516031Z	44	PC: 12d89 \| Get time 0x12d89: cmp dh, 0x22 0x12d8c: jne 0x12d91 0x12d8e: call 0x12eaa 0x12d91: call 0x12fd1 0x12d94: lea si, word ptr [bp + 0x2ed] 0x12d98: mov ax, dx 0x12d9a: xor bx, bx 0x12d9c: call 0x12ed4 0x12d9f: xor ax, 0x1234 0x12da2: call 0x12ed4 0x12da5: mov ax, word ptr [si] 0x12da7: xor ah, ah 0x12da9: mov bl, 2 0x12dab: div bl 0x12dad: xor ah, ah 0x12daf: mov byte ptr [bp + 0x2fc], al 0x12db3: push si 0x12db4: lea si, word ptr [bp + 0x28f] 0x12db8: call 0x12f4b 0x12dbb: pop si
2018-12-17T23:10:32.588680975Z	26	PC: 12ff2 \| Set disk transfer address
2018-12-17T23:10:32.591095337Z	78	PC: 12ffe \| Find first file
2018-12-17T23:10:32.59858179Z	67	PC: 13069 \| Get or set file attributes
2018-12-17T23:10:32.605761687Z	61	PC: 1307a \| Open file (Filename = 'A*c}��f��;o\�}�h��5@Q85 8Z��xC-x�=QG@�a�5��>�9�Z'\|��ݾ �s��)4\|�W�0�QPr��)֜��":�\�};�n��4�g')
2018-12-17T23:10:32.615216823Z	37	PC: 12f01 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:32.617020046Z	73	PC: 131a3 \| Release memory
2018-12-17T23:10:32.626078015Z	76	PC: 0 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16888,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:09.561127015Z	53	PC: 12f0a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.562426755Z	37	PC: 12f1d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.563247398Z	73	PC: 12d5e \| Release memory
2018-12-25T12:54:09.564062959Z	72	PC: 12d66 \| Allocate memory
2018-12-25T12:54:09.566098575Z	74	PC: 12d6e \| Reallocate memory
2018-12-25T12:54:09.567991524Z	72	PC: 12d76 \| Allocate memory
2018-12-25T12:54:09.569450832Z	44	PC: 12d89 \| Get time 0x12d89: cmp dh, 0x22 0x12d8c: jne 0x12d91 0x12d8e: call 0x12eaa 0x12d91: call 0x12fd1 0x12d94: lea si, word ptr [bp + 0x2ed] 0x12d98: mov ax, dx 0x12d9a: xor bx, bx 0x12d9c: call 0x12ed4 0x12d9f: xor ax, 0x1234 0x12da2: call 0x12ed4 0x12da5: mov ax, word ptr [si] 0x12da7: xor ah, ah 0x12da9: mov bl, 2 0x12dab: div bl 0x12dad: xor ah, ah 0x12daf: mov byte ptr [bp + 0x2fc], al 0x12db3: push si 0x12db4: lea si, word ptr [bp + 0x28f] 0x12db8: call 0x12f4b 0x12dbb: pop si
2018-12-25T12:54:09.572381478Z	26	PC: 12ff2 \| Set disk transfer address
2018-12-25T12:54:09.573481918Z	78	PC: 12ffe \| Find first file
2018-12-25T12:54:09.577012288Z	67	PC: 13069 \| Get or set file attributes
2018-12-25T12:54:09.581106643Z	61	PC: 1307a \| Open file (Filename = 'A*c}��f��;o\�}�h��4Q5 Z��C,�QF@�a�5��>�9�Z'\|��ݾ �s��)4\|�W�0�QPr��)֜��":�\�};�n��4�g')
2018-12-25T12:54:09.586648194Z	37	PC: 12f01 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.587417131Z	73	PC: 131a3 \| Release memory
2018-12-25T12:54:09.590887669Z	76	PC: 0 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":16888,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:09.798613837Z	53	PC: 12f0a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.800242083Z	37	PC: 12f1d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.801092091Z	73	PC: 12d5e \| Release memory
2018-12-25T12:54:09.801986962Z	72	PC: 12d66 \| Allocate memory
2018-12-25T12:54:09.803715289Z	74	PC: 12d6e \| Reallocate memory
2018-12-25T12:54:09.80467244Z	72	PC: 12d76 \| Allocate memory
2018-12-25T12:54:09.80586956Z	44	PC: 12d89 \| Get time 0x12d89: cmp dh, 0x22 0x12d8c: jne 0x12d91 0x12d8e: call 0x12eaa 0x12d91: call 0x12fd1 0x12d94: lea si, word ptr [bp + 0x2ed] 0x12d98: mov ax, dx 0x12d9a: xor bx, bx 0x12d9c: call 0x12ed4 0x12d9f: xor ax, 0x1234 0x12da2: call 0x12ed4 0x12da5: mov ax, word ptr [si] 0x12da7: xor ah, ah 0x12da9: mov bl, 2 0x12dab: div bl 0x12dad: xor ah, ah 0x12daf: mov byte ptr [bp + 0x2fc], al 0x12db3: push si 0x12db4: lea si, word ptr [bp + 0x28f] 0x12db8: call 0x12f4b 0x12dbb: pop si
2018-12-25T12:54:09.808274434Z	26	PC: 12ff2 \| Set disk transfer address
2018-12-25T12:54:09.809118723Z	78	PC: 12ffe \| Find first file
2018-12-25T12:54:09.812487028Z	67	PC: 13069 \| Get or set file attributes
2018-12-25T12:54:09.815355668Z	61	PC: 1307a \| Open file (Filename = 'Ac}��f��;o\�}�h��4Q$5 $Z��2C,2�QF@�a�5��>�9�Z'\|��ݾ �s��)4\|�W�0�QPr��)֜��":�\�};�n��4�g ��OO�]ቄ�Eӑ5� Q��MR?�-A�l��2��g��8�Y!�&��f)F��F��Z��R\?t ��"u��')
2018-12-25T12:54:09.819548671Z	37	PC: 12f01 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:09.820525942Z	73	PC: 131a3 \| Release memory
2018-12-25T12:54:09.826011843Z	76	PC: 0 \| Terminate with return code (Return code = '0')