Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1422

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:55:50.702994143Z 53 PC: 12e83 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:50.704773903Z 37 PC: 12e96 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:50.705782224Z 73 PC: 12cc8 | Release memory
2018-12-17T21:55:50.706815779Z 72 PC: 12cd5 | Allocate memory
2018-12-17T21:55:50.708585956Z 74 PC: 12ce2 | Reallocate memory
2018-12-17T21:55:50.70973491Z 72 PC: 12cea | Allocate memory
2018-12-17T21:55:50.710949823Z 44 PC: 12d02 | Get time 0x12d02: cmp dh, 0x22
0x12d05: jne 0x12d0a
0x12d07: call 0x12e23
0x12d0a: call 0x12f49
0x12d0d: lea si, word ptr [bp + 0x2eb]
0x12d11: mov ax, dx
0x12d13: xor bx, bx
0x12d15: call 0x12e4d
0x12d18: xor ax, 0x1234
0x12d1b: call 0x12e4d
0x12d1e: mov ax, word ptr [si]
0x12d20: xor ah, ah
0x12d22: mov bl, 2
0x12d24: div bl
0x12d26: xor ah, ah
0x12d28: mov byte ptr [bp + 0x2fa], al
0x12d2c: push si
0x12d2d: lea si, word ptr [bp + 0x28d]
0x12d31: call 0x12ec4
0x12d34: pop si
2018-12-17T21:55:50.712920263Z 26 PC: 12f6a | Set disk transfer address
2018-12-17T21:55:50.714424502Z 78 PC: 12f76 | Find first file
2018-12-17T21:55:50.720405994Z 67 PC: 12fdf | Get or set file attributes
2018-12-17T21:55:50.737252322Z 61 PC: 12ff0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:55:50.75132741Z 66 PC: 13002 | Move file pointer
2018-12-17T21:55:50.754670733Z 63 PC: 1300d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:55:50.766195485Z 66 PC: 13038 | Move file pointer
2018-12-17T21:55:50.769338322Z 64 PC: 13044 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:55:50.77211547Z 66 PC: 1304e | Move file pointer
2018-12-17T21:55:50.773582346Z 44 PC: 13052 | Get time 0x13052: push ds
0x13053: mov cx, 0x2a7
0x13056: mov si, 0x85
0x13059: mov word ptr es:[0x23], dx
0x1305e: xor word ptr es:[si], dx
0x13061: inc si
0x13062: sub dx, 0xdead
0x13066: inc si
0x13067: loop 0x1305e
0x13069: push bx
0x1306a: xor ax, ax
0x1306c: mov al, byte ptr [bp + 0x2fb]
0x13070: mov bl, 3
0x13072: mul bl
0x13074: add ax, 3
0x13077: mov word ptr [bp + 0x2fc], ax
0x1307b: lea si, word ptr [bp + 0x2a5]
0x1307f: xor di, di
0x13081: movsb byte ptr es:[di], byte ptr [si]
0x13082: mov bx, word ptr [bp + 0x277]
2018-12-17T21:55:50.778206835Z 64 PC: 130ea | Write file or device (Write 16 bytes on handle 5)
2018-12-17T21:55:50.781117524Z 64 PC: 130f5 | Write file or device (Write 1422 bytes on handle 5)
2018-12-17T21:55:50.789710151Z 87 PC: 1310a | Get or set file date and time
2018-12-17T21:55:50.792677804Z 62 PC: 1310e | Close file
2018-12-17T21:55:50.800249601Z 37 PC: 12e7a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:55:50.801684891Z 73 PC: 13117 | Release memory
2018-12-17T21:55:50.803972926Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":637,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:24.175330563Z 53 PC: 12e83 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.176906276Z 37 PC: 12e96 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.178282649Z 73 PC: 12cc8 | Release memory
2018-12-25T11:41:24.179677483Z 72 PC: 12cd5 | Allocate memory
2018-12-25T11:41:24.182220282Z 74 PC: 12ce2 | Reallocate memory
2018-12-25T11:41:24.183768718Z 72 PC: 12cea | Allocate memory
2018-12-25T11:41:24.185469076Z 44 PC: 12d02 | Get time 0x12d02: cmp dh, 0x22
0x12d05: jne 0x12d0a
0x12d07: call 0x12e23
0x12d0a: call 0x12f49
0x12d0d: lea si, word ptr [bp + 0x2eb]
0x12d11: mov ax, dx
0x12d13: xor bx, bx
0x12d15: call 0x12e4d
0x12d18: xor ax, 0x1234
0x12d1b: call 0x12e4d
0x12d1e: mov ax, word ptr [si]
0x12d20: xor ah, ah
0x12d22: mov bl, 2
0x12d24: div bl
0x12d26: xor ah, ah
0x12d28: mov byte ptr [bp + 0x2fa], al
0x12d2c: push si
0x12d2d: lea si, word ptr [bp + 0x28d]
0x12d31: call 0x12ec4
0x12d34: pop si
2018-12-25T11:41:24.188415643Z 26 PC: 12f6a | Set disk transfer address
2018-12-25T11:41:24.190082981Z 78 PC: 12f76 | Find first file
2018-12-25T11:41:24.195849149Z 67 PC: 12fdf | Get or set file attributes
2018-12-25T11:41:24.211992311Z 61 PC: 12ff0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:24.21867813Z 66 PC: 13002 | Move file pointer
2018-12-25T11:41:24.219854673Z 63 PC: 1300d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:24.226036741Z 66 PC: 13038 | Move file pointer
2018-12-25T11:41:24.227746363Z 64 PC: 13044 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:24.230251457Z 66 PC: 1304e | Move file pointer
2018-12-25T11:41:24.231512225Z 44 PC: 13052 | Get time 0x13052: push ds
0x13053: mov cx, 0x2a7
0x13056: mov si, 0x85
0x13059: mov word ptr es:[0x23], dx
0x1305e: xor word ptr es:[si], dx
0x13061: inc si
0x13062: sub dx, 0xdead
0x13066: inc si
0x13067: loop 0x1305e
0x13069: push bx
0x1306a: xor ax, ax
0x1306c: mov al, byte ptr [bp + 0x2fb]
0x13070: mov bl, 3
0x13072: mul bl
0x13074: add ax, 3
0x13077: mov word ptr [bp + 0x2fc], ax
0x1307b: lea si, word ptr [bp + 0x2a5]
0x1307f: xor di, di
0x13081: movsb byte ptr es:[di], byte ptr [si]
0x13082: mov bx, word ptr [bp + 0x277]
2018-12-25T11:41:24.241701037Z 64 PC: 130ea | Write file or device (Write 25 bytes on handle 5)
2018-12-25T11:41:24.244174754Z 64 PC: 130f5 | Write file or device (Write 1422 bytes on handle 5)
2018-12-25T11:41:24.252810563Z 87 PC: 1310a | Get or set file date and time
2018-12-25T11:41:24.255364277Z 62 PC: 1310e | Close file
2018-12-25T11:41:24.262485548Z 37 PC: 12e7a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.263540517Z 73 PC: 13117 | Release memory
2018-12-25T11:41:24.273252635Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":637,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:24.169362671Z 53 PC: 12e83 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.171148355Z 37 PC: 12e96 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.172453323Z 73 PC: 12cc8 | Release memory
2018-12-25T11:41:24.173952002Z 72 PC: 12cd5 | Allocate memory
2018-12-25T11:41:24.176570273Z 74 PC: 12ce2 | Reallocate memory
2018-12-25T11:41:24.17795602Z 72 PC: 12cea | Allocate memory
2018-12-25T11:41:24.17945599Z 44 PC: 12d02 | Get time 0x12d02: cmp dh, 0x22
0x12d05: jne 0x12d0a
0x12d07: call 0x12e23
0x12d0a: call 0x12f49
0x12d0d: lea si, word ptr [bp + 0x2eb]
0x12d11: mov ax, dx
0x12d13: xor bx, bx
0x12d15: call 0x12e4d
0x12d18: xor ax, 0x1234
0x12d1b: call 0x12e4d
0x12d1e: mov ax, word ptr [si]
0x12d20: xor ah, ah
0x12d22: mov bl, 2
0x12d24: div bl
0x12d26: xor ah, ah
0x12d28: mov byte ptr [bp + 0x2fa], al
0x12d2c: push si
0x12d2d: lea si, word ptr [bp + 0x28d]
0x12d31: call 0x12ec4
0x12d34: pop si
2018-12-25T11:41:24.183136303Z 26 PC: 12f6a | Set disk transfer address
2018-12-25T11:41:24.184065719Z 78 PC: 12f76 | Find first file
2018-12-25T11:41:24.189653614Z 67 PC: 12fdf | Get or set file attributes
2018-12-25T11:41:24.207992559Z 61 PC: 12ff0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:24.214299145Z 66 PC: 13002 | Move file pointer
2018-12-25T11:41:24.215495316Z 63 PC: 1300d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:24.222544935Z 66 PC: 13038 | Move file pointer
2018-12-25T11:41:24.223846882Z 64 PC: 13044 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:24.2262818Z 66 PC: 1304e | Move file pointer
2018-12-25T11:41:24.228103998Z 44 PC: 13052 | Get time 0x13052: push ds
0x13053: mov cx, 0x2a7
0x13056: mov si, 0x85
0x13059: mov word ptr es:[0x23], dx
0x1305e: xor word ptr es:[si], dx
0x13061: inc si
0x13062: sub dx, 0xdead
0x13066: inc si
0x13067: loop 0x1305e
0x13069: push bx
0x1306a: xor ax, ax
0x1306c: mov al, byte ptr [bp + 0x2fb]
0x13070: mov bl, 3
0x13072: mul bl
0x13074: add ax, 3
0x13077: mov word ptr [bp + 0x2fc], ax
0x1307b: lea si, word ptr [bp + 0x2a5]
0x1307f: xor di, di
0x13081: movsb byte ptr es:[di], byte ptr [si]
0x13082: mov bx, word ptr [bp + 0x277]
2018-12-25T11:41:24.233598256Z 64 PC: 130ea | Write file or device (Write 25 bytes on handle 5)
2018-12-25T11:41:24.236079107Z 64 PC: 130f5 | Write file or device (Write 1422 bytes on handle 5)
2018-12-25T11:41:24.244428844Z 87 PC: 1310a | Get or set file date and time
2018-12-25T11:41:24.24633177Z 62 PC: 1310e | Close file
2018-12-25T11:41:24.253838267Z 37 PC: 12e7a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:24.255211277Z 73 PC: 13117 | Release memory
2018-12-25T11:41:24.257057704Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')