Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1525

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:15:28.385151748Z	53	PC: 12e61 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:28.386213056Z	37	PC: 12e74 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:28.387638886Z	73	PC: 12c61 \| Release memory
2018-12-17T23:15:28.388623928Z	72	PC: 12c6e \| Allocate memory
2018-12-17T23:15:28.389916094Z	74	PC: 12c7b \| Reallocate memory
2018-12-17T23:15:28.391146457Z	72	PC: 12c83 \| Allocate memory
2018-12-17T23:15:28.39219263Z	44	PC: 12c9b \| Get time 0x12c9b: cmp dh, 0x22 0x12c9e: jne 0x12ca6 0x12ca0: nop 0x12ca1: nop 0x12ca2: nop 0x12ca3: call 0x12df5 0x12ca6: call 0x12f2e 0x12ca9: lea si, word ptr [bp + 0x2f0] 0x12cad: mov ax, dx 0x12caf: xor bx, bx 0x12cb1: call 0x12e2b 0x12cb4: xor ax, 0x1234 0x12cb7: call 0x12e2b 0x12cba: mov ax, word ptr [si] 0x12cbc: xor ah, ah 0x12cbe: mov bl, 2 0x12cc0: div bl 0x12cc2: xor ah, ah 0x12cc4: mov byte ptr [bp + 0x2ff], al 0x12cc8: push si
2018-12-17T23:15:28.394003212Z	26	PC: 12f4f \| Set disk transfer address
2018-12-17T23:15:28.395064546Z	78	PC: 12f5b \| Find first file
2018-12-17T23:15:28.399091646Z	67	PC: 12fd2 \| Get or set file attributes
2018-12-17T23:15:30.400536329Z	61	PC: 12fe3 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:15:30.46674912Z	66	PC: 12ff8 \| Move file pointer
2018-12-17T23:15:30.468368844Z	63	PC: 13003 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:15:30.475460295Z	66	PC: 13032 \| Move file pointer
2018-12-17T23:15:30.477836043Z	64	PC: 1303e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:15:30.480781329Z	66	PC: 13048 \| Move file pointer
2018-12-17T23:15:30.482397376Z	44	PC: 1304c \| Get time 0x1304c: push ds 0x1304d: mov cx, 0x2da 0x13050: mov si, 0x85 0x13053: mov word ptr es:[0x23], dx 0x13058: xor word ptr es:[si], dx 0x1305b: inc si 0x1305c: sub dx, 0xdead 0x13060: inc si 0x13061: loop 0x13058 0x13063: push bx 0x13064: xor ax, ax 0x13066: mov al, byte ptr [bp + 0x300] 0x1306a: mov bl, 3 0x1306c: mul bl 0x1306e: add ax, 3 0x13071: mov word ptr [bp + 0x301], ax 0x13075: lea si, word ptr [bp + 0x2aa] 0x13079: xor di, di 0x1307b: movsb byte ptr es:[di], byte ptr [si] 0x1307c: mov bx, word ptr [bp + 0x27c]

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3191,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:40.581755455Z	53	PC: 12e61 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:40.585896321Z	37	PC: 12e74 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:40.587975159Z	73	PC: 12c61 \| Release memory
2018-12-25T11:48:40.589865632Z	72	PC: 12c6e \| Allocate memory
2018-12-25T11:48:40.592195751Z	74	PC: 12c7b \| Reallocate memory
2018-12-25T11:48:40.594179204Z	72	PC: 12c83 \| Allocate memory
2018-12-25T11:48:40.596174654Z	44	PC: 12c9b \| Get time 0x12c9b: cmp dh, 0x22 0x12c9e: jne 0x12ca6 0x12ca0: nop 0x12ca1: nop 0x12ca2: nop 0x12ca3: call 0x12df5 0x12ca6: call 0x12f2e 0x12ca9: lea si, word ptr [bp + 0x2f0] 0x12cad: mov ax, dx 0x12caf: xor bx, bx 0x12cb1: call 0x12e2b 0x12cb4: xor ax, 0x1234 0x12cb7: call 0x12e2b 0x12cba: mov ax, word ptr [si] 0x12cbc: xor ah, ah 0x12cbe: mov bl, 2 0x12cc0: div bl 0x12cc2: xor ah, ah 0x12cc4: mov byte ptr [bp + 0x2ff], al 0x12cc8: push si
2018-12-25T11:48:40.599888538Z	26	PC: 12f4f \| Set disk transfer address
2018-12-25T11:48:40.601376147Z	78	PC: 12f5b \| Find first file
2018-12-25T11:48:40.607779931Z	67	PC: 12fd2 \| Get or set file attributes
2018-12-25T11:48:40.629351329Z	61	PC: 12fe3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.633748055Z	66	PC: 12ff8 \| Move file pointer
2018-12-25T11:48:40.635523198Z	63	PC: 13003 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:40.650564342Z	66	PC: 13032 \| Move file pointer
2018-12-25T11:48:40.652197108Z	64	PC: 1303e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:40.655058438Z	66	PC: 13048 \| Move file pointer
2018-12-25T11:48:40.657491915Z	44	PC: 1304c \| Get time 0x1304c: push ds 0x1304d: mov cx, 0x2da 0x13050: mov si, 0x85 0x13053: mov word ptr es:[0x23], dx 0x13058: xor word ptr es:[si], dx 0x1305b: inc si 0x1305c: sub dx, 0xdead 0x13060: inc si 0x13061: loop 0x13058 0x13063: push bx 0x13064: xor ax, ax 0x13066: mov al, byte ptr [bp + 0x300] 0x1306a: mov bl, 3 0x1306c: mul bl 0x1306e: add ax, 3 0x13071: mov word ptr [bp + 0x301], ax 0x13075: lea si, word ptr [bp + 0x2aa] 0x13079: xor di, di 0x1307b: movsb byte ptr es:[di], byte ptr [si] 0x1307c: mov bx, word ptr [bp + 0x27c]
2018-12-25T11:48:40.66421382Z	76	PC: 0 \| Terminate with return code (Return code = '0')