Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1291

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:19:04.462085884Z	73	PC: 12c13 \| Release memory
2018-12-17T22:19:04.464320136Z	72	PC: 12c20 \| Allocate memory
2018-12-17T22:19:04.466298727Z	74	PC: 12c2d \| Reallocate memory
2018-12-17T22:19:04.468006214Z	72	PC: 12c35 \| Allocate memory
2018-12-17T22:19:04.470838088Z	44	PC: 12c4d \| Get time 0x12c4d: cmp dh, 0x22 0x12c50: jne 0x12c55 0x12c52: call 0x12d6b 0x12c55: call 0x12e60 0x12c58: lea si, word ptr [bp + 0x2af] 0x12c5c: mov ax, dx 0x12c5e: xor bx, bx 0x12c60: call 0x12d95 0x12c63: xor ax, 0x1234 0x12c66: call 0x12d95 0x12c69: mov ax, word ptr [si] 0x12c6b: xor ah, ah 0x12c6d: mov bl, 2 0x12c6f: div bl 0x12c71: xor ah, ah 0x12c73: mov byte ptr [bp + 0x2bc], al 0x12c77: push si 0x12c78: lea si, word ptr [bp + 0x251] 0x12c7c: call 0x12ddb 0x12c7f: pop si
2018-12-17T22:19:04.473960349Z	26	PC: 12e81 \| Set disk transfer address
2018-12-17T22:19:04.475567424Z	78	PC: 12e8d \| Find first file
2018-12-17T22:19:04.482408505Z	67	PC: 12ef8 \| Get or set file attributes
2018-12-17T22:19:04.499480138Z	61	PC: 12f09 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:19:04.506805995Z	66	PC: 12f1b \| Move file pointer
2018-12-17T22:19:04.508310817Z	63	PC: 12f26 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:19:04.515928392Z	66	PC: 12f51 \| Move file pointer
2018-12-17T22:19:04.523493498Z	64	PC: 12f5d \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:19:04.526339088Z	66	PC: 12f67 \| Move file pointer
2018-12-17T22:19:04.528482825Z	44	PC: 12f6b \| Get time 0x12f6b: push ds 0x12f6c: mov cx, 0x285 0x12f6f: mov si, 0x49 0x12f72: mov word ptr es:[0x23], dx 0x12f77: xor word ptr es:[si], dx 0x12f7a: inc si 0x12f7b: inc si 0x12f7c: loop 0x12f77 0x12f7e: push bx 0x12f7f: xor ax, ax 0x12f81: mov al, byte ptr [bp + 0x2bd] 0x12f85: mov bl, 3 0x12f87: mul bl 0x12f89: add ax, 3 0x12f8c: mov word ptr [bp + 0x2be], ax 0x12f90: lea si, word ptr [bp + 0x269] 0x12f94: xor di, di 0x12f96: movsb byte ptr es:[di], byte ptr [si] 0x12f97: mov bx, word ptr [bp + 0x23b] 0x12f9b: add bx, ax
2018-12-17T22:19:04.537252055Z	64	PC: 12fff \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:19:04.540274837Z	64	PC: 1300a \| Write file or device (Write 1291 bytes on handle 5)
2018-12-17T22:19:04.55071459Z	87	PC: 13020 \| Get or set file date and time
2018-12-17T22:19:04.552362592Z	62	PC: 13024 \| Close file
2018-12-17T22:19:04.560904366Z	73	PC: 1302a \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3281,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:45.606851559Z	73	PC: 12c13 \| Release memory
2018-12-25T11:48:45.60847409Z	72	PC: 12c20 \| Allocate memory
2018-12-25T11:48:45.610156075Z	74	PC: 12c2d \| Reallocate memory
2018-12-25T11:48:45.611458959Z	72	PC: 12c35 \| Allocate memory
2018-12-25T11:48:45.6275296Z	44	PC: 12c4d \| Get time 0x12c4d: cmp dh, 0x22 0x12c50: jne 0x12c55 0x12c52: call 0x12d6b 0x12c55: call 0x12e60 0x12c58: lea si, word ptr [bp + 0x2af] 0x12c5c: mov ax, dx 0x12c5e: xor bx, bx 0x12c60: call 0x12d95 0x12c63: xor ax, 0x1234 0x12c66: call 0x12d95 0x12c69: mov ax, word ptr [si] 0x12c6b: xor ah, ah 0x12c6d: mov bl, 2 0x12c6f: div bl 0x12c71: xor ah, ah 0x12c73: mov byte ptr [bp + 0x2bc], al 0x12c77: push si 0x12c78: lea si, word ptr [bp + 0x251] 0x12c7c: call 0x12ddb 0x12c7f: pop si
2018-12-25T11:48:45.633102373Z	26	PC: 12e81 \| Set disk transfer address
2018-12-25T11:48:45.63414222Z	78	PC: 12e8d \| Find first file
2018-12-25T11:48:45.640647918Z	67	PC: 12ef8 \| Get or set file attributes
2018-12-25T11:48:48.357491714Z	61	PC: 12f09 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:48.365184448Z	66	PC: 12f1b \| Move file pointer
2018-12-25T11:48:48.367525028Z	63	PC: 12f26 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:48.373577244Z	66	PC: 12f51 \| Move file pointer
2018-12-25T11:48:48.382300364Z	64	PC: 12f5d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:48.385997356Z	66	PC: 12f67 \| Move file pointer
2018-12-25T11:48:48.388174733Z	44	PC: 12f6b \| Get time 0x12f6b: push ds 0x12f6c: mov cx, 0x285 0x12f6f: mov si, 0x49 0x12f72: mov word ptr es:[0x23], dx 0x12f77: xor word ptr es:[si], dx 0x12f7a: inc si 0x12f7b: inc si 0x12f7c: loop 0x12f77 0x12f7e: push bx 0x12f7f: xor ax, ax 0x12f81: mov al, byte ptr [bp + 0x2bd] 0x12f85: mov bl, 3 0x12f87: mul bl 0x12f89: add ax, 3 0x12f8c: mov word ptr [bp + 0x2be], ax 0x12f90: lea si, word ptr [bp + 0x269] 0x12f94: xor di, di 0x12f96: movsb byte ptr es:[di], byte ptr [si] 0x12f97: mov bx, word ptr [bp + 0x23b] 0x12f9b: add bx, ax
2018-12-25T11:48:48.391658601Z	64	PC: 12fff \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:48:48.395437244Z	64	PC: 1300a \| Write file or device (Write 1291 bytes on handle 5)
2018-12-25T11:48:48.405598758Z	87	PC: 13020 \| Get or set file date and time
2018-12-25T11:48:48.407800848Z	62	PC: 13024 \| Close file
2018-12-25T11:48:48.415556485Z	73	PC: 1302a \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":3281,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:45.78975716Z	73	PC: 12c13 \| Release memory
2018-12-25T11:48:45.791500136Z	72	PC: 12c20 \| Allocate memory
2018-12-25T11:48:45.792999437Z	74	PC: 12c2d \| Reallocate memory
2018-12-25T11:48:45.794244082Z	72	PC: 12c35 \| Allocate memory
2018-12-25T11:48:45.796775616Z	44	PC: 12c4d \| Get time 0x12c4d: cmp dh, 0x22 0x12c50: jne 0x12c55 0x12c52: call 0x12d6b 0x12c55: call 0x12e60 0x12c58: lea si, word ptr [bp + 0x2af] 0x12c5c: mov ax, dx 0x12c5e: xor bx, bx 0x12c60: call 0x12d95 0x12c63: xor ax, 0x1234 0x12c66: call 0x12d95 0x12c69: mov ax, word ptr [si] 0x12c6b: xor ah, ah 0x12c6d: mov bl, 2 0x12c6f: div bl 0x12c71: xor ah, ah 0x12c73: mov byte ptr [bp + 0x2bc], al 0x12c77: push si 0x12c78: lea si, word ptr [bp + 0x251] 0x12c7c: call 0x12ddb 0x12c7f: pop si
2018-12-25T11:48:45.799327535Z	26	PC: 12e81 \| Set disk transfer address
2018-12-25T11:48:45.800281823Z	78	PC: 12e8d \| Find first file
2018-12-25T11:48:45.806493718Z	67	PC: 12ef8 \| Get or set file attributes
2018-12-25T11:48:48.361320108Z	61	PC: 12f09 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:48.36665751Z	66	PC: 12f1b \| Move file pointer
2018-12-25T11:48:48.368401185Z	63	PC: 12f26 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:48.3803426Z	66	PC: 12f51 \| Move file pointer
2018-12-25T11:48:48.382571953Z	64	PC: 12f5d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:48.385617387Z	66	PC: 12f67 \| Move file pointer
2018-12-25T11:48:48.38983349Z	44	PC: 12f6b \| Get time 0x12f6b: push ds 0x12f6c: mov cx, 0x285 0x12f6f: mov si, 0x49 0x12f72: mov word ptr es:[0x23], dx 0x12f77: xor word ptr es:[si], dx 0x12f7a: inc si 0x12f7b: inc si 0x12f7c: loop 0x12f77 0x12f7e: push bx 0x12f7f: xor ax, ax 0x12f81: mov al, byte ptr [bp + 0x2bd] 0x12f85: mov bl, 3 0x12f87: mul bl 0x12f89: add ax, 3 0x12f8c: mov word ptr [bp + 0x2be], ax 0x12f90: lea si, word ptr [bp + 0x269] 0x12f94: xor di, di 0x12f96: movsb byte ptr es:[di], byte ptr [si] 0x12f97: mov bx, word ptr [bp + 0x23b] 0x12f9b: add bx, ax
2018-12-25T11:48:48.394572494Z	64	PC: 12fff \| Write file or device (Write 25 bytes on handle 5)
2018-12-25T11:48:48.39744122Z	64	PC: 1300a \| Write file or device (Write 1291 bytes on handle 5)
2018-12-25T11:48:48.413746113Z	87	PC: 13020 \| Get or set file date and time
2018-12-25T11:48:48.415589468Z	62	PC: 13024 \| Close file
2018-12-25T11:48:48.423225992Z	73	PC: 1302a \| Release memory