Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1698

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:57.988946782Z 53 PC: 12e9d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:57.990431376Z 37 PC: 12eb0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:57.991509047Z 73 PC: 12cdc | Release memory
2018-12-17T22:35:57.992583973Z 72 PC: 12ce9 | Allocate memory
2018-12-17T22:35:57.994248074Z 74 PC: 12cf7 | Reallocate memory
2018-12-17T22:35:57.996019146Z 72 PC: 12cff | Allocate memory
2018-12-17T22:35:57.997468023Z 44 PC: 12d17 | Get time 0x12d17: cmp dh, 0x22
0x12d1a: jne 0x12d1f
0x12d1c: call 0x12e3d
0x12d1f: push es
0x12d20: call 0x12f63
0x12d23: pop es
0x12d24: call 0x1305f
0x12d27: lea si, word ptr [bp + 0x2f0]
0x12d2b: mov ax, dx
0x12d2d: xor bx, bx
0x12d2f: call 0x12e67
0x12d32: xor ax, 0x1234
0x12d35: call 0x12e67
0x12d38: mov ax, word ptr [si]
0x12d3a: xor ah, ah
0x12d3c: mov bl, 2
0x12d3e: div bl
0x12d40: xor ah, ah
0x12d42: mov byte ptr [bp + 0x2ff], al
0x12d46: push si
2018-12-17T22:35:58.000197121Z 26 PC: 13080 | Set disk transfer address
2018-12-17T22:35:58.001708416Z 78 PC: 13089 | Find first file
2018-12-17T22:35:58.007393758Z 67 PC: 130f2 | Get or set file attributes
2018-12-17T22:35:58.024532661Z 61 PC: 13103 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:58.031679685Z 66 PC: 13112 | Move file pointer
2018-12-17T22:35:58.032808192Z 63 PC: 1311d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:35:58.039310917Z 66 PC: 13147 | Move file pointer
2018-12-17T22:35:58.041030803Z 64 PC: 13152 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:58.04310899Z 66 PC: 1315c | Move file pointer
2018-12-17T22:35:58.044176402Z 64 PC: 1316b | Write file or device (Write 79 bytes on handle 5)
2018-12-17T22:35:58.047031747Z 44 PC: 1316f | Get time 0x1316f: push ds
0x13170: mov cx, 0x331
0x13173: mov si, 0x8a
0x13176: mov word ptr es:[0x23], dx
0x1317b: xor word ptr es:[si], dx
0x1317e: inc si
0x1317f: sub dx, 0xdead
0x13183: inc si
0x13184: loop 0x1317b
0x13186: push bx
0x13187: xor ax, ax
0x13189: mov al, byte ptr [bp + 0x300]
0x1318d: mov bl, 3
0x1318f: mul bl
0x13191: add ax, 3
0x13194: mov word ptr [bp + 0x301], ax
0x13198: lea si, word ptr [bp + 0x2aa]
0x1319c: xor di, di
0x1319e: movsb byte ptr es:[di], byte ptr [si]
0x1319f: mov bx, word ptr [bp + 0x27c]
2018-12-17T22:35:58.050119769Z 64 PC: 1320c | Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:35:58.052442976Z 64 PC: 13217 | Write file or device (Write 1698 bytes on handle 5)
2018-12-17T22:35:58.060954769Z 87 PC: 1322c | Get or set file date and time
2018-12-17T22:35:58.062897984Z 62 PC: 13230 | Close file
2018-12-17T22:35:58.071669514Z 37 PC: 12e94 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:58.072924478Z 73 PC: 13239 | Release memory
2018-12-17T22:35:58.074527755Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6492,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:39.833352434Z 53 PC: 12e9d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:39.835843866Z 37 PC: 12eb0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:39.853106713Z 73 PC: 12cdc | Release memory
2018-12-25T11:59:39.855154611Z 72 PC: 12ce9 | Allocate memory
2018-12-25T11:59:39.85783662Z 74 PC: 12cf7 | Reallocate memory
2018-12-25T11:59:39.860661073Z 72 PC: 12cff | Allocate memory
2018-12-25T11:59:39.862902144Z 44 PC: 12d17 | Get time 0x12d17: cmp dh, 0x22
0x12d1a: jne 0x12d1f
0x12d1c: call 0x12e3d
0x12d1f: push es
0x12d20: call 0x12f63
0x12d23: pop es
0x12d24: call 0x1305f
0x12d27: lea si, word ptr [bp + 0x2f0]
0x12d2b: mov ax, dx
0x12d2d: xor bx, bx
0x12d2f: call 0x12e67
0x12d32: xor ax, 0x1234
0x12d35: call 0x12e67
0x12d38: mov ax, word ptr [si]
0x12d3a: xor ah, ah
0x12d3c: mov bl, 2
0x12d3e: div bl
0x12d40: xor ah, ah
0x12d42: mov byte ptr [bp + 0x2ff], al
0x12d46: push si
2018-12-25T11:59:39.866804155Z 26 PC: 13080 | Set disk transfer address
2018-12-25T11:59:39.86996946Z 78 PC: 13089 | Find first file
2018-12-25T11:59:39.87711416Z 67 PC: 130f2 | Get or set file attributes
2018-12-25T11:59:39.89442038Z 61 PC: 13103 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:39.903473122Z 66 PC: 13112 | Move file pointer
2018-12-25T11:59:39.905224071Z 63 PC: 1311d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:39.912280286Z 66 PC: 13147 | Move file pointer
2018-12-25T11:59:39.915262775Z 64 PC: 13152 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:39.918832086Z 66 PC: 1315c | Move file pointer
2018-12-25T11:59:39.920912971Z 64 PC: 1316b | Write file or device (Write 45 bytes on handle 5)
2018-12-25T11:59:39.924544126Z 44 PC: 1316f | Get time 0x1316f: push ds
0x13170: mov cx, 0x331
0x13173: mov si, 0x8a
0x13176: mov word ptr es:[0x23], dx
0x1317b: xor word ptr es:[si], dx
0x1317e: inc si
0x1317f: sub dx, 0xdead
0x13183: inc si
0x13184: loop 0x1317b
0x13186: push bx
0x13187: xor ax, ax
0x13189: mov al, byte ptr [bp + 0x300]
0x1318d: mov bl, 3
0x1318f: mul bl
0x13191: add ax, 3
0x13194: mov word ptr [bp + 0x301], ax
0x13198: lea si, word ptr [bp + 0x2aa]
0x1319c: xor di, di
0x1319e: movsb byte ptr es:[di], byte ptr [si]
0x1319f: mov bx, word ptr [bp + 0x27c]
2018-12-25T11:59:39.93152168Z 64 PC: 1320c | Write file or device (Write 34 bytes on handle 5)
2018-12-25T11:59:39.934558409Z 64 PC: 13217 | Write file or device (Write 1698 bytes on handle 5)
2018-12-25T11:59:39.94397711Z 87 PC: 1322c | Get or set file date and time
2018-12-25T11:59:39.946527089Z 62 PC: 13230 | Close file
2018-12-25T11:59:39.955165997Z 37 PC: 12e94 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:39.956763816Z 73 PC: 13239 | Release memory
2018-12-25T11:59:39.958787044Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":6492,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:39.863007086Z 53 PC: 12e9d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:39.865370176Z 37 PC: 12eb0 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:39.867115535Z 73 PC: 12cdc | Release memory
2018-12-25T11:59:39.868909883Z 72 PC: 12ce9 | Allocate memory
2018-12-25T11:59:39.872158269Z 74 PC: 12cf7 | Reallocate memory
2018-12-25T11:59:39.876069443Z 72 PC: 12cff | Allocate memory
2018-12-25T11:59:39.877716267Z 44 PC: 12d17 | Get time 0x12d17: cmp dh, 0x22
0x12d1a: jne 0x12d1f
0x12d1c: call 0x12e3d
0x12d1f: push es
0x12d20: call 0x12f63
0x12d23: pop es
0x12d24: call 0x1305f
0x12d27: lea si, word ptr [bp + 0x2f0]
0x12d2b: mov ax, dx
0x12d2d: xor bx, bx
0x12d2f: call 0x12e67
0x12d32: xor ax, 0x1234
0x12d35: call 0x12e67
0x12d38: mov ax, word ptr [si]
0x12d3a: xor ah, ah
0x12d3c: mov bl, 2
0x12d3e: div bl
0x12d40: xor ah, ah
0x12d42: mov byte ptr [bp + 0x2ff], al
0x12d46: push si
2018-12-25T11:59:39.881053121Z 26 PC: 13080 | Set disk transfer address
2018-12-25T11:59:39.882673335Z 78 PC: 13089 | Find first file
2018-12-25T11:59:39.889488967Z 67 PC: 130f2 | Get or set file attributes
2018-12-25T11:59:39.907539863Z 61 PC: 13103 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:39.913119813Z 66 PC: 13112 | Move file pointer
2018-12-25T11:59:39.915245832Z 63 PC: 1311d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:39.922747671Z 66 PC: 13147 | Move file pointer
2018-12-25T11:59:39.925423378Z 64 PC: 13152 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:39.928428488Z 66 PC: 1315c | Move file pointer
2018-12-25T11:59:39.930152277Z 64 PC: 1316b | Write file or device (Write 71 bytes on handle 5)
2018-12-25T11:59:39.939439034Z 44 PC: 1316f | Get time 0x1316f: push ds
0x13170: mov cx, 0x331
0x13173: mov si, 0x8a
0x13176: mov word ptr es:[0x23], dx
0x1317b: xor word ptr es:[si], dx
0x1317e: inc si
0x1317f: sub dx, 0xdead
0x13183: inc si
0x13184: loop 0x1317b
0x13186: push bx
0x13187: xor ax, ax
0x13189: mov al, byte ptr [bp + 0x300]
0x1318d: mov bl, 3
0x1318f: mul bl
0x13191: add ax, 3
0x13194: mov word ptr [bp + 0x301], ax
0x13198: lea si, word ptr [bp + 0x2aa]
0x1319c: xor di, di
0x1319e: movsb byte ptr es:[di], byte ptr [si]
0x1319f: mov bx, word ptr [bp + 0x27c]
2018-12-25T11:59:39.945356281Z 64 PC: 1320c | Write file or device (Write 25 bytes on handle 5)
2018-12-25T11:59:39.948376434Z 64 PC: 13217 | Write file or device (Write 1698 bytes on handle 5)
2018-12-25T11:59:39.958237344Z 87 PC: 1322c | Get or set file date and time
2018-12-25T11:59:39.960798579Z 62 PC: 13230 | Close file
2018-12-25T11:59:39.976875455Z 37 PC: 12e94 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:39.979232859Z 73 PC: 13239 | Release memory
2018-12-25T11:59:39.980917606Z 9 PC: 12a4a | Display string (String= ' ������ 䠩�� 320 ���� ')