Sample viewer

vx.netlux.org/Virus.DOS.Sieg.1711

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:32:09.439590103Z 157 PC: 12a71 | UNKNOWN!
2018-12-17T22:32:09.441775973Z 74 PC: 12a8e | Reallocate memory
2018-12-17T22:32:09.444684494Z 88 PC: 12a93 | case 0xGet or set allocation strateg:
2018-12-17T22:32:09.446132938Z 88 PC: 12a9d | case 0xGet or set allocation strateg:
2018-12-17T22:32:09.447670805Z 72 PC: 12aa4 | Allocate memory
2018-12-17T22:32:09.455202534Z 88 PC: 12abd | case 0xGet or set allocation strateg:
2018-12-17T22:32:09.457068799Z 53 PC: 12ac4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:09.458964086Z 37 PC: 12ad3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:09.461039771Z 42 PC: 12ada | Get date 0x12ada: cmp dx, 0x31e
0x12ade: jne 0x12ae4
0x12ae0: mov dx, si
0x12ae2: jmp 0x12b2a
0x12ae4: add si, 0xd4
0x12ae8: mov ax, es
0x12aea: add word ptr cs:[si], ax
0x12aed: add word ptr cs:[si], 0x10
0x12af1: cli
0x12af2: mov ax, es
0x12af4: add ax, 0x10
0x12af7: add ax, 0
0x12afa: mov ss, ax
0x12afc: mov sp, 0
0x12aff: sti
0x12b00: sub ax, ax
0x12b02: xor bx, bx
0x12b04: sub cx, cx
0x12b06: xor dx, dx
0x12b08: sub di, di

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5745,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:19.50871503Z 157 PC: 12a71 | UNKNOWN!
2018-12-25T11:55:19.511134487Z 74 PC: 12a8e | Reallocate memory
2018-12-25T11:55:19.513133515Z 88 PC: 12a93 | case 0xGet or set allocation strateg:
2018-12-25T11:55:19.514845627Z 88 PC: 12a9d | case 0xGet or set allocation strateg:
2018-12-25T11:55:19.516597007Z 72 PC: 12aa4 | Allocate memory
2018-12-25T11:55:19.519318931Z 88 PC: 12abd | case 0xGet or set allocation strateg:
2018-12-25T11:55:19.521474191Z 53 PC: 12ac4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:19.523028529Z 37 PC: 12ad3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:19.5257169Z 42 PC: 12ada | Get date 0x12ada: cmp dx, 0x31e
0x12ade: jne 0x12ae4
0x12ae0: mov dx, si
0x12ae2: jmp 0x12b2a
0x12ae4: add si, 0xd4
0x12ae8: mov ax, es
0x12aea: add word ptr cs:[si], ax
0x12aed: add word ptr cs:[si], 0x10
0x12af1: cli
0x12af2: mov ax, es
0x12af4: add ax, 0x10
0x12af7: add ax, 0
0x12afa: mov ss, ax
0x12afc: mov sp, 0
0x12aff: sti
0x12b00: sub ax, ax
0x12b02: xor bx, bx
0x12b04: sub cx, cx
0x12b06: xor dx, dx
0x12b08: sub di, di

{"DateBased":true,"Day":30,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5745,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:19.646619375Z 157 PC: 12a71 | UNKNOWN!
2018-12-25T11:55:19.648397328Z 74 PC: 12a8e | Reallocate memory
2018-12-25T11:55:19.650074275Z 88 PC: 12a93 | case 0xGet or set allocation strateg:
2018-12-25T11:55:19.651968643Z 88 PC: 12a9d | case 0xGet or set allocation strateg:
2018-12-25T11:55:19.655531895Z 72 PC: 12aa4 | Allocate memory
2018-12-25T11:55:19.657112535Z 88 PC: 12abd | case 0xGet or set allocation strateg:
2018-12-25T11:55:19.658217491Z 53 PC: 12ac4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:19.660265404Z 37 PC: 12ad3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:19.661606033Z 42 PC: 12ada | Get date 0x12ada: cmp dx, 0x31e
0x12ade: jne 0x12ae4
0x12ae0: mov dx, si
0x12ae2: jmp 0x12b2a
0x12ae4: add si, 0xd4
0x12ae8: mov ax, es
0x12aea: add word ptr cs:[si], ax
0x12aed: add word ptr cs:[si], 0x10
0x12af1: cli
0x12af2: mov ax, es
0x12af4: add ax, 0x10
0x12af7: add ax, 0
0x12afa: mov ss, ax
0x12afc: mov sp, 0
0x12aff: sti
0x12b00: sub ax, ax
0x12b02: xor bx, bx
0x12b04: sub cx, cx
0x12b06: xor dx, dx
0x12b08: sub di, di