Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1864

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:53.089393909Z	53	PC: 12e6e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:53.090990244Z	37	PC: 12e81 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:53.092588047Z	73	PC: 12c68 \| Release memory
2018-12-17T22:42:53.094003511Z	72	PC: 12c75 \| Allocate memory
2018-12-17T22:42:53.095879599Z	74	PC: 12c83 \| Reallocate memory
2018-12-17T22:42:53.098198856Z	72	PC: 12c8b \| Allocate memory
2018-12-17T22:42:53.100327418Z	44	PC: 12ca3 \| Get time 0x12ca3: cmp dh, 0x22 0x12ca6: jne 0x12cae 0x12ca8: nop 0x12ca9: nop 0x12caa: nop 0x12cab: call 0x12e02 0x12cae: push es 0x12caf: call 0x12f3b 0x12cb2: pop es 0x12cb3: call 0x13076 0x12cb6: lea si, word ptr [bp + 0x2f5] 0x12cba: mov ax, dx 0x12cbc: xor bx, bx 0x12cbe: call 0x12e38 0x12cc1: xor ax, 0x1234 0x12cc4: call 0x12e38 0x12cc7: mov ax, word ptr [si] 0x12cc9: xor ah, ah 0x12ccb: mov bl, 2 0x12ccd: div bl
2018-12-17T22:42:53.105944874Z	26	PC: 13097 \| Set disk transfer address
2018-12-17T22:42:53.113579539Z	78	PC: 130a0 \| Find first file
2018-12-17T22:42:53.120633187Z	67	PC: 13117 \| Get or set file attributes
2018-12-17T22:42:53.138028715Z	61	PC: 13128 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:42:53.1524946Z	66	PC: 1313a \| Move file pointer
2018-12-17T22:42:53.154301724Z	63	PC: 13145 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:42:53.161529684Z	66	PC: 13173 \| Move file pointer
2018-12-17T22:42:53.163584574Z	64	PC: 1317e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:42:53.166595858Z	66	PC: 13188 \| Move file pointer
2018-12-17T22:42:53.16811746Z	64	PC: 13197 \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T22:42:53.171434488Z	44	PC: 1319b \| Get time 0x1319b: push ds 0x1319c: mov cx, 0x384 0x1319f: mov si, 0x8a 0x131a2: mov word ptr es:[0x23], dx 0x131a7: xor word ptr es:[si], dx 0x131aa: inc si 0x131ab: sub dx, 0xdead 0x131af: inc si 0x131b0: loop 0x131a7 0x131b2: push bx 0x131b3: xor ax, ax 0x131b5: mov al, byte ptr [bp + 0x305] 0x131b9: mov bl, 3 0x131bb: mul bl 0x131bd: add ax, 3 0x131c0: mov word ptr [bp + 0x306], ax 0x131c4: lea si, word ptr [bp + 0x2af] 0x131c8: xor di, di 0x131ca: movsb byte ptr es:[di], byte ptr [si] 0x131cb: mov bx, word ptr [bp + 0x281]

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":7684,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:21.307170599Z	53	PC: 12e6e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:21.309179408Z	37	PC: 12e81 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:21.310323246Z	73	PC: 12c68 \| Release memory
2018-12-25T12:02:21.311542755Z	72	PC: 12c75 \| Allocate memory
2018-12-25T12:02:21.313801931Z	74	PC: 12c83 \| Reallocate memory
2018-12-25T12:02:21.31524147Z	72	PC: 12c8b \| Allocate memory
2018-12-25T12:02:21.316747635Z	44	PC: 12ca3 \| Get time 0x12ca3: cmp dh, 0x22 0x12ca6: jne 0x12cae 0x12ca8: nop 0x12ca9: nop 0x12caa: nop 0x12cab: call 0x12e02 0x12cae: push es 0x12caf: call 0x12f3b 0x12cb2: pop es 0x12cb3: call 0x13076 0x12cb6: lea si, word ptr [bp + 0x2f5] 0x12cba: mov ax, dx 0x12cbc: xor bx, bx 0x12cbe: call 0x12e38 0x12cc1: xor ax, 0x1234 0x12cc4: call 0x12e38 0x12cc7: mov ax, word ptr [si] 0x12cc9: xor ah, ah 0x12ccb: mov bl, 2 0x12ccd: div bl
2018-12-25T12:02:21.319907598Z	26	PC: 13097 \| Set disk transfer address
2018-12-25T12:02:21.32199752Z	78	PC: 130a0 \| Find first file
2018-12-25T12:02:21.328651235Z	67	PC: 13117 \| Get or set file attributes
2018-12-25T12:02:21.34523189Z	61	PC: 13128 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:21.35539651Z	66	PC: 1313a \| Move file pointer
2018-12-25T12:02:21.356730541Z	63	PC: 13145 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:21.363170711Z	66	PC: 13173 \| Move file pointer
2018-12-25T12:02:21.36568587Z	64	PC: 1317e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:21.368243725Z	66	PC: 13188 \| Move file pointer
2018-12-25T12:02:21.36956962Z	64	PC: 13197 \| Write file or device (Write 65 bytes on handle 5)
2018-12-25T12:02:21.373001895Z	44	PC: 1319b \| Get time 0x1319b: push ds 0x1319c: mov cx, 0x384 0x1319f: mov si, 0x8a 0x131a2: mov word ptr es:[0x23], dx 0x131a7: xor word ptr es:[si], dx 0x131aa: inc si 0x131ab: sub dx, 0xdead 0x131af: inc si 0x131b0: loop 0x131a7 0x131b2: push bx 0x131b3: xor ax, ax 0x131b5: mov al, byte ptr [bp + 0x305] 0x131b9: mov bl, 3 0x131bb: mul bl 0x131bd: add ax, 3 0x131c0: mov word ptr [bp + 0x306], ax 0x131c4: lea si, word ptr [bp + 0x2af] 0x131c8: xor di, di 0x131ca: movsb byte ptr es:[di], byte ptr [si] 0x131cb: mov bx, word ptr [bp + 0x281]

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7684,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:21.400554636Z	53	PC: 12e6e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:21.409755111Z	37	PC: 12e81 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:21.412244203Z	73	PC: 12c68 \| Release memory
2018-12-25T12:02:21.414737791Z	72	PC: 12c75 \| Allocate memory
2018-12-25T12:02:21.417243936Z	74	PC: 12c83 \| Reallocate memory
2018-12-25T12:02:21.420956642Z	72	PC: 12c8b \| Allocate memory
2018-12-25T12:02:21.426063414Z	44	PC: 12ca3 \| Get time 0x12ca3: cmp dh, 0x22 0x12ca6: jne 0x12cae 0x12ca8: nop 0x12ca9: nop 0x12caa: nop 0x12cab: call 0x12e02 0x12cae: push es 0x12caf: call 0x12f3b 0x12cb2: pop es 0x12cb3: call 0x13076 0x12cb6: lea si, word ptr [bp + 0x2f5] 0x12cba: mov ax, dx 0x12cbc: xor bx, bx 0x12cbe: call 0x12e38 0x12cc1: xor ax, 0x1234 0x12cc4: call 0x12e38 0x12cc7: mov ax, word ptr [si] 0x12cc9: xor ah, ah 0x12ccb: mov bl, 2 0x12ccd: div bl
2018-12-25T12:02:21.435251593Z	26	PC: 13097 \| Set disk transfer address
2018-12-25T12:02:21.437200258Z	78	PC: 130a0 \| Find first file
2018-12-25T12:02:21.444407059Z	67	PC: 13117 \| Get or set file attributes
2018-12-25T12:02:21.463492665Z	61	PC: 13128 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:21.476050222Z	66	PC: 1313a \| Move file pointer
2018-12-25T12:02:21.478026463Z	63	PC: 13145 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:21.485580818Z	66	PC: 13173 \| Move file pointer
2018-12-25T12:02:21.487787264Z	64	PC: 1317e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:21.491164059Z	66	PC: 13188 \| Move file pointer
2018-12-25T12:02:21.493083752Z	64	PC: 13197 \| Write file or device (Write 39 bytes on handle 5)
2018-12-25T12:02:21.496386311Z	44	PC: 1319b \| Get time 0x1319b: push ds 0x1319c: mov cx, 0x384 0x1319f: mov si, 0x8a 0x131a2: mov word ptr es:[0x23], dx 0x131a7: xor word ptr es:[si], dx 0x131aa: inc si 0x131ab: sub dx, 0xdead 0x131af: inc si 0x131b0: loop 0x131a7 0x131b2: push bx 0x131b3: xor ax, ax 0x131b5: mov al, byte ptr [bp + 0x305] 0x131b9: mov bl, 3 0x131bb: mul bl 0x131bd: add ax, 3 0x131c0: mov word ptr [bp + 0x306], ax 0x131c4: lea si, word ptr [bp + 0x2af] 0x131c8: xor di, di 0x131ca: movsb byte ptr es:[di], byte ptr [si] 0x131cb: mov bx, word ptr [bp + 0x281]