Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1289

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:33.110950572Z	73	PC: 12c76 \| Release memory
2018-12-17T22:35:33.112737934Z	72	PC: 12c83 \| Allocate memory
2018-12-17T22:35:33.115402421Z	74	PC: 12c90 \| Reallocate memory
2018-12-17T22:35:33.11691096Z	72	PC: 12c98 \| Allocate memory
2018-12-17T22:35:33.118822866Z	44	PC: 12cb0 \| Get time 0x12cb0: cmp dh, 0x22 0x12cb3: jne 0x12cb8 0x12cb5: call 0x12dcc 0x12cb8: call 0x12ec1 0x12cbb: lea si, word ptr [bp + 0x2af] 0x12cbf: mov ax, dx 0x12cc1: xor bx, bx 0x12cc3: call 0x12df6 0x12cc6: xor ax, 0x1234 0x12cc9: call 0x12df6 0x12ccc: mov ax, word ptr [si] 0x12cce: xor ah, ah 0x12cd0: mov bl, 2 0x12cd2: div bl 0x12cd4: xor ah, ah 0x12cd6: mov byte ptr [bp + 0x2bc], al 0x12cda: push si 0x12cdb: lea si, word ptr [bp + 0x251] 0x12cdf: call 0x12e3c 0x12ce2: pop si
2018-12-17T22:35:33.122598287Z	26	PC: 12ee2 \| Set disk transfer address
2018-12-17T22:35:33.123680216Z	78	PC: 12eee \| Find first file
2018-12-17T22:35:33.128415527Z	67	PC: 12f59 \| Get or set file attributes
2018-12-17T22:35:33.144549585Z	61	PC: 12f6a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:33.149321004Z	66	PC: 12f7c \| Move file pointer
2018-12-17T22:35:33.150440443Z	63	PC: 12f87 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:35:33.156332944Z	66	PC: 12fb2 \| Move file pointer
2018-12-17T22:35:33.157832246Z	64	PC: 12fbe \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:33.160419448Z	66	PC: 12fc8 \| Move file pointer
2018-12-17T22:35:33.161994352Z	44	PC: 12fcc \| Get time 0x12fcc: push ds 0x12fcd: mov cx, 0x284 0x12fd0: mov si, 0x49 0x12fd3: mov word ptr es:[0x23], dx 0x12fd8: xor word ptr es:[si], dx 0x12fdb: inc si 0x12fdc: inc si 0x12fdd: loop 0x12fd8 0x12fdf: push bx 0x12fe0: xor ax, ax 0x12fe2: mov al, byte ptr [bp + 0x2bd] 0x12fe6: mov bl, 3 0x12fe8: mul bl 0x12fea: add ax, 3 0x12fed: mov word ptr [bp + 0x2be], ax 0x12ff1: lea si, word ptr [bp + 0x269] 0x12ff5: xor di, di 0x12ff7: movsb byte ptr es:[di], byte ptr [si] 0x12ff8: mov bx, word ptr [bp + 0x23b] 0x12ffc: add bx, ax
2018-12-17T22:35:33.165008836Z	64	PC: 13060 \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:35:33.167619512Z	64	PC: 1306b \| Write file or device (Write 1289 bytes on handle 5)
2018-12-17T22:35:33.183171298Z	87	PC: 13081 \| Get or set file date and time
2018-12-17T22:35:33.185481591Z	62	PC: 13085 \| Close file
2018-12-17T22:35:33.193883659Z	73	PC: 1308b \| Release memory
2018-12-17T22:35:33.195620266Z	9	PC: 12a4a \| Display string (String= ' �� 䠩�� 320 �� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6404,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:17.84532917Z	73	PC: 12c76 \| Release memory
2018-12-25T11:59:17.846981221Z	72	PC: 12c83 \| Allocate memory
2018-12-25T11:59:17.848761293Z	74	PC: 12c90 \| Reallocate memory
2018-12-25T11:59:17.849994081Z	72	PC: 12c98 \| Allocate memory
2018-12-25T11:59:17.851767844Z	44	PC: 12cb0 \| Get time 0x12cb0: cmp dh, 0x22 0x12cb3: jne 0x12cb8 0x12cb5: call 0x12dcc 0x12cb8: call 0x12ec1 0x12cbb: lea si, word ptr [bp + 0x2af] 0x12cbf: mov ax, dx 0x12cc1: xor bx, bx 0x12cc3: call 0x12df6 0x12cc6: xor ax, 0x1234 0x12cc9: call 0x12df6 0x12ccc: mov ax, word ptr [si] 0x12cce: xor ah, ah 0x12cd0: mov bl, 2 0x12cd2: div bl 0x12cd4: xor ah, ah 0x12cd6: mov byte ptr [bp + 0x2bc], al 0x12cda: push si 0x12cdb: lea si, word ptr [bp + 0x251] 0x12cdf: call 0x12e3c 0x12ce2: pop si
2018-12-25T11:59:17.854626002Z	26	PC: 12ee2 \| Set disk transfer address
2018-12-25T11:59:17.855674968Z	78	PC: 12eee \| Find first file
2018-12-25T11:59:17.86237211Z	67	PC: 12f59 \| Get or set file attributes
2018-12-25T11:59:18.010531968Z	61	PC: 12f6a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:18.016184618Z	66	PC: 12f7c \| Move file pointer
2018-12-25T11:59:18.018090124Z	63	PC: 12f87 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:18.02269536Z	66	PC: 12fb2 \| Move file pointer
2018-12-25T11:59:18.023798095Z	64	PC: 12fbe \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:18.025672612Z	66	PC: 12fc8 \| Move file pointer
2018-12-25T11:59:18.02753044Z	44	PC: 12fcc \| Get time 0x12fcc: push ds 0x12fcd: mov cx, 0x284 0x12fd0: mov si, 0x49 0x12fd3: mov word ptr es:[0x23], dx 0x12fd8: xor word ptr es:[si], dx 0x12fdb: inc si 0x12fdc: inc si 0x12fdd: loop 0x12fd8 0x12fdf: push bx 0x12fe0: xor ax, ax 0x12fe2: mov al, byte ptr [bp + 0x2bd] 0x12fe6: mov bl, 3 0x12fe8: mul bl 0x12fea: add ax, 3 0x12fed: mov word ptr [bp + 0x2be], ax 0x12ff1: lea si, word ptr [bp + 0x269] 0x12ff5: xor di, di 0x12ff7: movsb byte ptr es:[di], byte ptr [si] 0x12ff8: mov bx, word ptr [bp + 0x23b] 0x12ffc: add bx, ax
2018-12-25T11:59:18.030157169Z	64	PC: 13060 \| Write file or device (Write 25 bytes on handle 5)
2018-12-25T11:59:18.032294557Z	64	PC: 1306b \| Write file or device (Write 1289 bytes on handle 5)
2018-12-25T11:59:18.038586091Z	87	PC: 13081 \| Get or set file date and time
2018-12-25T11:59:18.04037992Z	62	PC: 13085 \| Close file
2018-12-25T11:59:18.046305375Z	73	PC: 1308b \| Release memory
2018-12-25T11:59:18.047989129Z	9	PC: 12a4a \| Display string (String= ' �� 䠩�� 320 �� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":6404,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:18.156633723Z	73	PC: 12c76 \| Release memory
2018-12-25T11:59:18.158865697Z	72	PC: 12c83 \| Allocate memory
2018-12-25T11:59:18.161139291Z	74	PC: 12c90 \| Reallocate memory
2018-12-25T11:59:18.162929051Z	72	PC: 12c98 \| Allocate memory
2018-12-25T11:59:18.164960197Z	44	PC: 12cb0 \| Get time 0x12cb0: cmp dh, 0x22 0x12cb3: jne 0x12cb8 0x12cb5: call 0x12dcc 0x12cb8: call 0x12ec1 0x12cbb: lea si, word ptr [bp + 0x2af] 0x12cbf: mov ax, dx 0x12cc1: xor bx, bx 0x12cc3: call 0x12df6 0x12cc6: xor ax, 0x1234 0x12cc9: call 0x12df6 0x12ccc: mov ax, word ptr [si] 0x12cce: xor ah, ah 0x12cd0: mov bl, 2 0x12cd2: div bl 0x12cd4: xor ah, ah 0x12cd6: mov byte ptr [bp + 0x2bc], al 0x12cda: push si 0x12cdb: lea si, word ptr [bp + 0x251] 0x12cdf: call 0x12e3c 0x12ce2: pop si
2018-12-25T11:59:18.168317955Z	26	PC: 12ee2 \| Set disk transfer address
2018-12-25T11:59:18.1694945Z	78	PC: 12eee \| Find first file
2018-12-25T11:59:18.176219738Z	67	PC: 12f59 \| Get or set file attributes
2018-12-25T11:59:18.193494022Z	61	PC: 12f6a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:18.200946196Z	66	PC: 12f7c \| Move file pointer
2018-12-25T11:59:18.202420538Z	63	PC: 12f87 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:18.210213747Z	66	PC: 12fb2 \| Move file pointer
2018-12-25T11:59:18.211691166Z	64	PC: 12fbe \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:18.214526173Z	66	PC: 12fc8 \| Move file pointer
2018-12-25T11:59:18.216589049Z	44	PC: 12fcc \| Get time 0x12fcc: push ds 0x12fcd: mov cx, 0x284 0x12fd0: mov si, 0x49 0x12fd3: mov word ptr es:[0x23], dx 0x12fd8: xor word ptr es:[si], dx 0x12fdb: inc si 0x12fdc: inc si 0x12fdd: loop 0x12fd8 0x12fdf: push bx 0x12fe0: xor ax, ax 0x12fe2: mov al, byte ptr [bp + 0x2bd] 0x12fe6: mov bl, 3 0x12fe8: mul bl 0x12fea: add ax, 3 0x12fed: mov word ptr [bp + 0x2be], ax 0x12ff1: lea si, word ptr [bp + 0x269] 0x12ff5: xor di, di 0x12ff7: movsb byte ptr es:[di], byte ptr [si] 0x12ff8: mov bx, word ptr [bp + 0x23b] 0x12ffc: add bx, ax
2018-12-25T11:59:18.220234465Z	64	PC: 13060 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:59:18.223159834Z	64	PC: 1306b \| Write file or device (Write 1289 bytes on handle 5)
2018-12-25T11:59:18.239239349Z	87	PC: 13081 \| Get or set file date and time
2018-12-25T11:59:18.240953074Z	62	PC: 13085 \| Close file
2018-12-25T11:59:18.249483529Z	73	PC: 1308b \| Release memory
2018-12-25T11:59:18.251294692Z	9	PC: 12a4a \| Display string (String= ' �� 䠩�� 320 �� ')