Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1407

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:46.203476876Z 53 PC: 12f08 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:46.206084528Z 37 PC: 12f1b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:46.208913266Z 73 PC: 12d5c | Release memory
2018-12-17T22:25:46.210807221Z 72 PC: 12d64 | Allocate memory
2018-12-17T22:25:46.213012613Z 74 PC: 12d6c | Reallocate memory
2018-12-17T22:25:46.215984955Z 72 PC: 12d74 | Allocate memory
2018-12-17T22:25:46.217773081Z 44 PC: 12d87 | Get time 0x12d87: cmp dh, 0x22
0x12d8a: jne 0x12d8f
0x12d8c: call 0x12ea8
0x12d8f: call 0x12fce
0x12d92: lea si, word ptr [bp + 0x2eb]
0x12d96: mov ax, dx
0x12d98: xor bx, bx
0x12d9a: call 0x12ed2
0x12d9d: xor ax, 0x1234
0x12da0: call 0x12ed2
0x12da3: mov ax, word ptr [si]
0x12da5: xor ah, ah
0x12da7: mov bl, 2
0x12da9: div bl
0x12dab: xor ah, ah
0x12dad: mov byte ptr [bp + 0x2fa], al
0x12db1: push si
0x12db2: lea si, word ptr [bp + 0x28d]
0x12db6: call 0x12f49
0x12db9: pop si
2018-12-17T22:25:46.220767833Z 26 PC: 12fef | Set disk transfer address
2018-12-17T22:25:46.237888138Z 78 PC: 12ffb | Find first file
2018-12-17T22:25:46.254762736Z 67 PC: 13064 | Get or set file attributes
2018-12-17T22:25:46.25977775Z 61 PC: 13075 | Open file (Filename = 'A*c}����f��;o\�}�h��5CQ 5 Z��MC-M�@QG@�a�5�����>�9�Z'|��ݾ �s��)4|U��0�QPr����)֜��":�\�};�n���4�g')
2018-12-17T22:25:46.265822201Z 37 PC: 12eff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:46.267295556Z 73 PC: 1319c | Release memory
2018-12-17T22:25:46.27402142Z 76 PC: 0 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":4560,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:09.230585789Z 53 PC: 12f08 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.232341565Z 37 PC: 12f1b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.23623303Z 73 PC: 12d5c | Release memory
2018-12-25T11:52:09.237755929Z 72 PC: 12d64 | Allocate memory
2018-12-25T11:52:09.23969072Z 74 PC: 12d6c | Reallocate memory
2018-12-25T11:52:09.251111868Z 72 PC: 12d74 | Allocate memory
2018-12-25T11:52:09.254188724Z 44 PC: 12d87 | Get time 0x12d87: cmp dh, 0x22
0x12d8a: jne 0x12d8f
0x12d8c: call 0x12ea8
0x12d8f: call 0x12fce
0x12d92: lea si, word ptr [bp + 0x2eb]
0x12d96: mov ax, dx
0x12d98: xor bx, bx
0x12d9a: call 0x12ed2
0x12d9d: xor ax, 0x1234
0x12da0: call 0x12ed2
0x12da3: mov ax, word ptr [si]
0x12da5: xor ah, ah
0x12da7: mov bl, 2
0x12da9: div bl
0x12dab: xor ah, ah
0x12dad: mov byte ptr [bp + 0x2fa], al
0x12db1: push si
0x12db2: lea si, word ptr [bp + 0x28d]
0x12db6: call 0x12f49
0x12db9: pop si
2018-12-25T11:52:09.257194525Z 26 PC: 12fef | Set disk transfer address
2018-12-25T11:52:09.259102755Z 78 PC: 12ffb | Find first file
2018-12-25T11:52:09.26441409Z 67 PC: 13064 | Get or set file attributes
2018-12-25T11:52:09.273456503Z 61 PC: 13075 | Open file (Filename = 'A*c}����f��;o\�}�h��4Q$5 $Z��=C,=�QF@�a�5�����>�9�Z'|��ݾ �s��)4|U��0�QPr����)֜��":�\�};�n���4�g  �j�����"?ّ�ڥ���f�p��Q2F��L�)4z��OT��� ����&��f-F���F��Z��P\?t ��"u������')
2018-12-25T11:52:09.278983478Z 37 PC: 12eff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.280777078Z 73 PC: 1319c | Release memory
2018-12-25T11:52:09.28738408Z 76 PC: 0 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4560,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:09.455264445Z 53 PC: 12f08 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.458938619Z 37 PC: 12f1b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.460474855Z 73 PC: 12d5c | Release memory
2018-12-25T11:52:09.462667234Z 72 PC: 12d64 | Allocate memory
2018-12-25T11:52:09.465923183Z 74 PC: 12d6c | Reallocate memory
2018-12-25T11:52:09.467648328Z 72 PC: 12d74 | Allocate memory
2018-12-25T11:52:09.469548904Z 44 PC: 12d87 | Get time 0x12d87: cmp dh, 0x22
0x12d8a: jne 0x12d8f
0x12d8c: call 0x12ea8
0x12d8f: call 0x12fce
0x12d92: lea si, word ptr [bp + 0x2eb]
0x12d96: mov ax, dx
0x12d98: xor bx, bx
0x12d9a: call 0x12ed2
0x12d9d: xor ax, 0x1234
0x12da0: call 0x12ed2
0x12da3: mov ax, word ptr [si]
0x12da5: xor ah, ah
0x12da7: mov bl, 2
0x12da9: div bl
0x12dab: xor ah, ah
0x12dad: mov byte ptr [bp + 0x2fa], al
0x12db1: push si
0x12db2: lea si, word ptr [bp + 0x28d]
0x12db6: call 0x12f49
0x12db9: pop si
2018-12-25T11:52:09.472675669Z 26 PC: 12fef | Set disk transfer address
2018-12-25T11:52:09.474988926Z 78 PC: 12ffb | Find first file
2018-12-25T11:52:09.486354149Z 67 PC: 13064 | Get or set file attributes
2018-12-25T11:52:09.490582075Z 61 PC: 13075 | Open file (Filename = 'A*c}����f��;o\�}�h��4Q5 Z��C,�QF@�a�5�����>�9�Z'|��ݾ �s��)4|U��0�QPr����)֜��":�\�};�n���4�g')
2018-12-25T11:52:09.500658506Z 37 PC: 12eff | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.501781631Z 73 PC: 1319c | Release memory
2018-12-25T11:52:09.507554133Z 76 PC: 0 | Terminate with return code (Return code = '0')