Sample viewer

vx.netlux.org/Virus.DOS.Sieg.1721

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:25.934590108Z 157 PC: 12a71 | UNKNOWN!
2018-12-17T22:42:25.935425668Z 74 PC: 12a8f | Reallocate memory
2018-12-17T22:42:25.937092308Z 88 PC: 12a94 | case 0xGet or set allocation strateg:
2018-12-17T22:42:25.938267665Z 88 PC: 12a9e | case 0xGet or set allocation strateg:
2018-12-17T22:42:25.939531309Z 72 PC: 12aa5 | Allocate memory
2018-12-17T22:42:25.941942678Z 88 PC: 12abe | case 0xGet or set allocation strateg:
2018-12-17T22:42:25.943589661Z 53 PC: 12ac5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:25.945210916Z 37 PC: 12ad4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:25.94767278Z 42 PC: 12adb | Get date 0x12adb: cmp dx, 0x31e
0x12adf: jne 0x12ae6
0x12ae1: mov dx, si
0x12ae3: jmp 0x12b2c
0x12ae5: nop
0x12ae6: add si, 0xd6
0x12aea: mov ax, es
0x12aec: add word ptr cs:[si], ax
0x12aef: add word ptr cs:[si], 0x10
0x12af3: cli
0x12af4: mov ax, es
0x12af6: add ax, 0x10
0x12af9: add ax, 0
0x12afc: mov ss, ax
0x12afe: mov sp, 0
0x12b01: sti
0x12b02: sub ax, ax
0x12b04: xor bx, bx
0x12b06: sub cx, cx
0x12b08: xor dx, dx

{"DateBased":true,"Day":30,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7545,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:50.268913087Z 157 PC: 12a71 | UNKNOWN!
2018-12-25T12:01:50.270021202Z 74 PC: 12a8f | Reallocate memory
2018-12-25T12:01:50.271559003Z 88 PC: 12a94 | case 0xGet or set allocation strateg:
2018-12-25T12:01:50.272724716Z 88 PC: 12a9e | case 0xGet or set allocation strateg:
2018-12-25T12:01:50.274237244Z 72 PC: 12aa5 | Allocate memory
2018-12-25T12:01:50.275777499Z 88 PC: 12abe | case 0xGet or set allocation strateg:
2018-12-25T12:01:50.276917987Z 53 PC: 12ac5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:50.279164542Z 37 PC: 12ad4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:50.280361884Z 42 PC: 12adb | Get date 0x12adb: cmp dx, 0x31e
0x12adf: jne 0x12ae6
0x12ae1: mov dx, si
0x12ae3: jmp 0x12b2c
0x12ae5: nop
0x12ae6: add si, 0xd6
0x12aea: mov ax, es
0x12aec: add word ptr cs:[si], ax
0x12aef: add word ptr cs:[si], 0x10
0x12af3: cli
0x12af4: mov ax, es
0x12af6: add ax, 0x10
0x12af9: add ax, 0
0x12afc: mov ss, ax
0x12afe: mov sp, 0
0x12b01: sti
0x12b02: sub ax, ax
0x12b04: xor bx, bx
0x12b06: sub cx, cx
0x12b08: xor dx, dx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7545,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:50.397328509Z 157 PC: 12a71 | UNKNOWN!
2018-12-25T12:01:50.399398445Z 74 PC: 12a8f | Reallocate memory
2018-12-25T12:01:50.40120177Z 88 PC: 12a94 | case 0xGet or set allocation strateg:
2018-12-25T12:01:50.402626524Z 88 PC: 12a9e | case 0xGet or set allocation strateg:
2018-12-25T12:01:50.404564903Z 72 PC: 12aa5 | Allocate memory
2018-12-25T12:01:50.406632524Z 88 PC: 12abe | case 0xGet or set allocation strateg:
2018-12-25T12:01:50.408061868Z 53 PC: 12ac5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:50.409462757Z 37 PC: 12ad4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:50.411822352Z 42 PC: 12adb | Get date 0x12adb: cmp dx, 0x31e
0x12adf: jne 0x12ae6
0x12ae1: mov dx, si
0x12ae3: jmp 0x12b2c
0x12ae5: nop
0x12ae6: add si, 0xd6
0x12aea: mov ax, es
0x12aec: add word ptr cs:[si], ax
0x12aef: add word ptr cs:[si], 0x10
0x12af3: cli
0x12af4: mov ax, es
0x12af6: add ax, 0x10
0x12af9: add ax, 0
0x12afc: mov ss, ax
0x12afe: mov sp, 0
0x12b01: sti
0x12b02: sub ax, ax
0x12b04: xor bx, bx
0x12b06: sub cx, cx
0x12b08: xor dx, dx