Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1851

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:26.970301461Z	53	PC: 12ec2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:26.972201793Z	37	PC: 12ed5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:26.973639329Z	73	PC: 12d13 \| Release memory
2018-12-17T22:43:26.975084308Z	72	PC: 12d1b \| Allocate memory
2018-12-17T22:43:26.977115725Z	74	PC: 12d24 \| Reallocate memory
2018-12-17T22:43:26.9790365Z	72	PC: 12d2c \| Allocate memory
2018-12-17T22:43:26.98058358Z	44	PC: 12d3f \| Get time 0x12d3f: cmp dh, 0x22 0x12d42: jne 0x12d47 0x12d44: call 0x12e65 0x12d47: push es 0x12d48: call 0x12f86 0x12d4b: pop es 0x12d4c: call 0x13080 0x12d4f: lea si, word ptr [bp + 0x3a0] 0x12d53: mov ax, dx 0x12d55: xor bx, bx 0x12d57: call 0x12e8f 0x12d5a: xor ax, 0x1234 0x12d5d: call 0x12e8f 0x12d60: mov ax, word ptr [si] 0x12d62: xor ah, ah 0x12d64: mov bl, 2 0x12d66: div bl 0x12d68: xor ah, ah 0x12d6a: mov byte ptr [bp + 0x3af], al 0x12d6e: push si
2018-12-17T22:43:26.983830586Z	26	PC: 130a1 \| Set disk transfer address
2018-12-17T22:43:26.986731857Z	78	PC: 130aa \| Find first file
2018-12-17T22:43:26.993908303Z	67	PC: 13115 \| Get or set file attributes
2018-12-17T22:43:27.016921931Z	61	PC: 13126 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:27.026846967Z	66	PC: 13135 \| Move file pointer
2018-12-17T22:43:27.028571273Z	63	PC: 13140 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:27.036347098Z	66	PC: 13169 \| Move file pointer
2018-12-17T22:43:27.039852216Z	64	PC: 13174 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:27.043656988Z	66	PC: 1317c \| Move file pointer
2018-12-17T22:43:27.045687905Z	64	PC: 1318b \| Write file or device (Write 45 bytes on handle 5)
2018-12-17T22:43:27.050229037Z	44	PC: 1318f \| Get time 0x1318f: push ds 0x13190: mov cx, 0x37d 0x13193: mov si, 0x8a 0x13196: mov word ptr es:[0x23], dx 0x1319b: xor word ptr es:[si], dx 0x1319e: inc si 0x1319f: sub dx, 0xdead 0x131a3: inc si 0x131a4: loop 0x1319b 0x131a6: push bx 0x131a7: xor ax, ax 0x131a9: mov al, byte ptr [bp + 0x3b0] 0x131ad: mov bl, 3 0x131af: mul bl 0x131b1: add ax, 3 0x131b4: mov word ptr [bp + 0x3b1], ax 0x131b8: lea si, word ptr [bp + 0x2ac] 0x131bc: xor di, di 0x131be: movsb byte ptr es:[di], byte ptr [si] 0x131bf: mov bx, word ptr [bp + 0x27e]
2018-12-17T22:43:27.057802518Z	64	PC: 1322b \| Write file or device (Write 34 bytes on handle 5)
2018-12-17T22:43:27.060788093Z	64	PC: 13237 \| Write file or device (Write 1851 bytes on handle 5)
2018-12-17T22:43:27.070948847Z	87	PC: 1324c \| Get or set file date and time
2018-12-17T22:43:27.073670082Z	62	PC: 13250 \| Close file
2018-12-17T22:43:27.082673236Z	37	PC: 12ebc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:27.084390706Z	73	PC: 13259 \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7884,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:52.811813045Z	53	PC: 12ec2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:52.813245821Z	37	PC: 12ed5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:52.814933068Z	73	PC: 12d13 \| Release memory
2018-12-25T12:02:52.816354517Z	72	PC: 12d1b \| Allocate memory
2018-12-25T12:02:52.818132007Z	74	PC: 12d24 \| Reallocate memory
2018-12-25T12:02:52.820054235Z	72	PC: 12d2c \| Allocate memory
2018-12-25T12:02:52.821605701Z	44	PC: 12d3f \| Get time 0x12d3f: cmp dh, 0x22 0x12d42: jne 0x12d47 0x12d44: call 0x12e65 0x12d47: push es 0x12d48: call 0x12f86 0x12d4b: pop es 0x12d4c: call 0x13080 0x12d4f: lea si, word ptr [bp + 0x3a0] 0x12d53: mov ax, dx 0x12d55: xor bx, bx 0x12d57: call 0x12e8f 0x12d5a: xor ax, 0x1234 0x12d5d: call 0x12e8f 0x12d60: mov ax, word ptr [si] 0x12d62: xor ah, ah 0x12d64: mov bl, 2 0x12d66: div bl 0x12d68: xor ah, ah 0x12d6a: mov byte ptr [bp + 0x3af], al 0x12d6e: push si
2018-12-25T12:02:52.824863079Z	26	PC: 130a1 \| Set disk transfer address
2018-12-25T12:02:52.826496803Z	78	PC: 130aa \| Find first file
2018-12-25T12:02:52.833227115Z	67	PC: 13115 \| Get or set file attributes
2018-12-25T12:02:52.846275886Z	61	PC: 13126 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:52.856163303Z	66	PC: 13135 \| Move file pointer
2018-12-25T12:02:52.857689632Z	63	PC: 13140 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:52.864423187Z	66	PC: 13169 \| Move file pointer
2018-12-25T12:02:52.866831875Z	64	PC: 13174 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:52.870020889Z	66	PC: 1317c \| Move file pointer
2018-12-25T12:02:52.871563658Z	64	PC: 1318b \| Write file or device (Write 39 bytes on handle 5)
2018-12-25T12:02:52.874463433Z	44	PC: 1318f \| Get time 0x1318f: push ds 0x13190: mov cx, 0x37d 0x13193: mov si, 0x8a 0x13196: mov word ptr es:[0x23], dx 0x1319b: xor word ptr es:[si], dx 0x1319e: inc si 0x1319f: sub dx, 0xdead 0x131a3: inc si 0x131a4: loop 0x1319b 0x131a6: push bx 0x131a7: xor ax, ax 0x131a9: mov al, byte ptr [bp + 0x3b0] 0x131ad: mov bl, 3 0x131af: mul bl 0x131b1: add ax, 3 0x131b4: mov word ptr [bp + 0x3b1], ax 0x131b8: lea si, word ptr [bp + 0x2ac] 0x131bc: xor di, di 0x131be: movsb byte ptr es:[di], byte ptr [si] 0x131bf: mov bx, word ptr [bp + 0x27e]
2018-12-25T12:02:52.880838279Z	64	PC: 1322b \| Write file or device (Write 25 bytes on handle 5)
2018-12-25T12:02:52.884115427Z	64	PC: 13237 \| Write file or device (Write 1851 bytes on handle 5)
2018-12-25T12:02:52.896813148Z	87	PC: 1324c \| Get or set file date and time
2018-12-25T12:02:52.900007522Z	62	PC: 13250 \| Close file
2018-12-25T12:02:52.908783378Z	37	PC: 12ebc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:52.910155299Z	73	PC: 13259 \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":7884,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:53.021207526Z	53	PC: 12ec2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:53.023671187Z	37	PC: 12ed5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:53.025183851Z	73	PC: 12d13 \| Release memory
2018-12-25T12:02:53.026877785Z	72	PC: 12d1b \| Allocate memory
2018-12-25T12:02:53.029964691Z	74	PC: 12d24 \| Reallocate memory
2018-12-25T12:02:53.031672957Z	72	PC: 12d2c \| Allocate memory
2018-12-25T12:02:53.033435184Z	44	PC: 12d3f \| Get time 0x12d3f: cmp dh, 0x22 0x12d42: jne 0x12d47 0x12d44: call 0x12e65 0x12d47: push es 0x12d48: call 0x12f86 0x12d4b: pop es 0x12d4c: call 0x13080 0x12d4f: lea si, word ptr [bp + 0x3a0] 0x12d53: mov ax, dx 0x12d55: xor bx, bx 0x12d57: call 0x12e8f 0x12d5a: xor ax, 0x1234 0x12d5d: call 0x12e8f 0x12d60: mov ax, word ptr [si] 0x12d62: xor ah, ah 0x12d64: mov bl, 2 0x12d66: div bl 0x12d68: xor ah, ah 0x12d6a: mov byte ptr [bp + 0x3af], al 0x12d6e: push si
2018-12-25T12:02:53.036569877Z	26	PC: 130a1 \| Set disk transfer address
2018-12-25T12:02:53.03910341Z	78	PC: 130aa \| Find first file
2018-12-25T12:02:53.045440388Z	67	PC: 13115 \| Get or set file attributes
2018-12-25T12:02:53.060944003Z	61	PC: 13126 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:53.07286698Z	66	PC: 13135 \| Move file pointer
2018-12-25T12:02:53.074485245Z	63	PC: 13140 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:53.080766119Z	66	PC: 13169 \| Move file pointer
2018-12-25T12:02:53.082542903Z	64	PC: 13174 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:53.08515622Z	66	PC: 1317c \| Move file pointer
2018-12-25T12:02:53.086357056Z	64	PC: 1318b \| Write file or device (Write 65 bytes on handle 5)
2018-12-25T12:02:53.089471704Z	44	PC: 1318f \| Get time 0x1318f: push ds 0x13190: mov cx, 0x37d 0x13193: mov si, 0x8a 0x13196: mov word ptr es:[0x23], dx 0x1319b: xor word ptr es:[si], dx 0x1319e: inc si 0x1319f: sub dx, 0xdead 0x131a3: inc si 0x131a4: loop 0x1319b 0x131a6: push bx 0x131a7: xor ax, ax 0x131a9: mov al, byte ptr [bp + 0x3b0] 0x131ad: mov bl, 3 0x131af: mul bl 0x131b1: add ax, 3 0x131b4: mov word ptr [bp + 0x3b1], ax 0x131b8: lea si, word ptr [bp + 0x2ac] 0x131bc: xor di, di 0x131be: movsb byte ptr es:[di], byte ptr [si] 0x131bf: mov bx, word ptr [bp + 0x27e]
2018-12-25T12:02:53.092973628Z	64	PC: 1322b \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:02:53.095497269Z	64	PC: 13237 \| Write file or device (Write 1851 bytes on handle 5)
2018-12-25T12:02:53.105232091Z	87	PC: 1324c \| Get or set file date and time
2018-12-25T12:02:53.107066627Z	62	PC: 13250 \| Close file
2018-12-25T12:02:53.115962725Z	37	PC: 12ebc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:53.118203646Z	73	PC: 13259 \| Release memory