Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1707

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:30.896815397Z	53	PC: 12ead \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:30.898834691Z	37	PC: 12ec0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:30.900223948Z	73	PC: 12cec \| Release memory
2018-12-17T22:43:30.901501955Z	72	PC: 12cf9 \| Allocate memory
2018-12-17T22:43:30.902848799Z	74	PC: 12d07 \| Reallocate memory
2018-12-17T22:43:30.904779452Z	72	PC: 12d0f \| Allocate memory
2018-12-17T22:43:30.906164324Z	44	PC: 12d27 \| Get time 0x12d27: cmp dh, 0x22 0x12d2a: jne 0x12d2f 0x12d2c: call 0x12e4d 0x12d2f: push es 0x12d30: call 0x12f73 0x12d33: pop es 0x12d34: call 0x1306f 0x12d37: lea si, word ptr [bp + 0x2f0] 0x12d3b: mov ax, dx 0x12d3d: xor bx, bx 0x12d3f: call 0x12e77 0x12d42: xor ax, 0x1234 0x12d45: call 0x12e77 0x12d48: mov ax, word ptr [si] 0x12d4a: xor ah, ah 0x12d4c: mov bl, 2 0x12d4e: div bl 0x12d50: xor ah, ah 0x12d52: mov byte ptr [bp + 0x2ff], al 0x12d56: push si
2018-12-17T22:43:30.908548277Z	26	PC: 13090 \| Set disk transfer address
2018-12-17T22:43:30.910162715Z	78	PC: 1309c \| Find first file
2018-12-17T22:43:30.914428683Z	67	PC: 13105 \| Get or set file attributes
2018-12-17T22:43:30.934487166Z	61	PC: 13116 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:30.943169311Z	66	PC: 13128 \| Move file pointer
2018-12-17T22:43:30.950471296Z	63	PC: 13133 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:30.965322135Z	66	PC: 1315e \| Move file pointer
2018-12-17T22:43:30.967965191Z	64	PC: 1316a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:30.970845153Z	66	PC: 13174 \| Move file pointer
2018-12-17T22:43:30.972320306Z	64	PC: 13183 \| Write file or device (Write 105 bytes on handle 5)
2018-12-17T22:43:30.9753102Z	44	PC: 13187 \| Get time 0x13187: push ds 0x13188: mov cx, 0x335 0x1318b: mov si, 0x8a 0x1318e: mov word ptr es:[0x23], dx 0x13193: xor word ptr es:[si], dx 0x13196: inc si 0x13197: sub dx, 0xdead 0x1319b: inc si 0x1319c: loop 0x13193 0x1319e: push bx 0x1319f: xor ax, ax 0x131a1: mov al, byte ptr [bp + 0x300] 0x131a5: mov bl, 3 0x131a7: mul bl 0x131a9: add ax, 3 0x131ac: mov word ptr [bp + 0x301], ax 0x131b0: lea si, word ptr [bp + 0x2aa] 0x131b4: xor di, di 0x131b6: movsb byte ptr es:[di], byte ptr [si] 0x131b7: mov bx, word ptr [bp + 0x27c]
2018-12-17T22:43:30.98269518Z	64	PC: 13224 \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T22:43:30.990032762Z	64	PC: 1322f \| Write file or device (Write 1707 bytes on handle 5)
2018-12-17T22:43:30.997937523Z	87	PC: 13244 \| Get or set file date and time
2018-12-17T22:43:31.010072577Z	62	PC: 13248 \| Close file
2018-12-17T22:43:31.017480666Z	37	PC: 12ea4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7913,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:55.604522902Z	53	PC: 12ead \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:55.606700977Z	37	PC: 12ec0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:55.607987205Z	73	PC: 12cec \| Release memory
2018-12-25T12:02:55.609473573Z	72	PC: 12cf9 \| Allocate memory
2018-12-25T12:02:55.613057822Z	74	PC: 12d07 \| Reallocate memory
2018-12-25T12:02:55.614899441Z	72	PC: 12d0f \| Allocate memory
2018-12-25T12:02:55.616674874Z	44	PC: 12d27 \| Get time 0x12d27: cmp dh, 0x22 0x12d2a: jne 0x12d2f 0x12d2c: call 0x12e4d 0x12d2f: push es 0x12d30: call 0x12f73 0x12d33: pop es 0x12d34: call 0x1306f 0x12d37: lea si, word ptr [bp + 0x2f0] 0x12d3b: mov ax, dx 0x12d3d: xor bx, bx 0x12d3f: call 0x12e77 0x12d42: xor ax, 0x1234 0x12d45: call 0x12e77 0x12d48: mov ax, word ptr [si] 0x12d4a: xor ah, ah 0x12d4c: mov bl, 2 0x12d4e: div bl 0x12d50: xor ah, ah 0x12d52: mov byte ptr [bp + 0x2ff], al 0x12d56: push si
2018-12-25T12:02:55.619904283Z	26	PC: 13090 \| Set disk transfer address
2018-12-25T12:02:55.621306479Z	78	PC: 1309c \| Find first file
2018-12-25T12:02:55.627674673Z	67	PC: 13105 \| Get or set file attributes
2018-12-25T12:02:55.922929195Z	61	PC: 13116 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:55.931076101Z	66	PC: 13128 \| Move file pointer
2018-12-25T12:02:55.933427512Z	63	PC: 13133 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:55.940401762Z	66	PC: 1315e \| Move file pointer
2018-12-25T12:02:55.950670759Z	64	PC: 1316a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:55.953382386Z	66	PC: 13174 \| Move file pointer
2018-12-25T12:02:55.954986083Z	64	PC: 13183 \| Write file or device (Write 39 bytes on handle 5)
2018-12-25T12:02:55.958205742Z	44	PC: 13187 \| Get time 0x13187: push ds 0x13188: mov cx, 0x335 0x1318b: mov si, 0x8a 0x1318e: mov word ptr es:[0x23], dx 0x13193: xor word ptr es:[si], dx 0x13196: inc si 0x13197: sub dx, 0xdead 0x1319b: inc si 0x1319c: loop 0x13193 0x1319e: push bx 0x1319f: xor ax, ax 0x131a1: mov al, byte ptr [bp + 0x300] 0x131a5: mov bl, 3 0x131a7: mul bl 0x131a9: add ax, 3 0x131ac: mov word ptr [bp + 0x301], ax 0x131b0: lea si, word ptr [bp + 0x2aa] 0x131b4: xor di, di 0x131b6: movsb byte ptr es:[di], byte ptr [si] 0x131b7: mov bx, word ptr [bp + 0x27c]
2018-12-25T12:02:55.963332083Z	64	PC: 13224 \| Write file or device (Write 25 bytes on handle 5)
2018-12-25T12:02:55.966321631Z	64	PC: 1322f \| Write file or device (Write 1707 bytes on handle 5)
2018-12-25T12:02:55.97606488Z	87	PC: 13244 \| Get or set file date and time
2018-12-25T12:02:55.978363967Z	62	PC: 13248 \| Close file
2018-12-25T12:02:55.987499346Z	37	PC: 12ea4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":7913,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:55.878292688Z	53	PC: 12ead \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:55.880749522Z	37	PC: 12ec0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:55.882235054Z	73	PC: 12cec \| Release memory
2018-12-25T12:02:55.884325888Z	72	PC: 12cf9 \| Allocate memory
2018-12-25T12:02:55.886674932Z	74	PC: 12d07 \| Reallocate memory
2018-12-25T12:02:55.889592657Z	72	PC: 12d0f \| Allocate memory
2018-12-25T12:02:55.891742943Z	44	PC: 12d27 \| Get time 0x12d27: cmp dh, 0x22 0x12d2a: jne 0x12d2f 0x12d2c: call 0x12e4d 0x12d2f: push es 0x12d30: call 0x12f73 0x12d33: pop es 0x12d34: call 0x1306f 0x12d37: lea si, word ptr [bp + 0x2f0] 0x12d3b: mov ax, dx 0x12d3d: xor bx, bx 0x12d3f: call 0x12e77 0x12d42: xor ax, 0x1234 0x12d45: call 0x12e77 0x12d48: mov ax, word ptr [si] 0x12d4a: xor ah, ah 0x12d4c: mov bl, 2 0x12d4e: div bl 0x12d50: xor ah, ah 0x12d52: mov byte ptr [bp + 0x2ff], al 0x12d56: push si
2018-12-25T12:02:55.89570918Z	26	PC: 13090 \| Set disk transfer address
2018-12-25T12:02:55.898511148Z	78	PC: 1309c \| Find first file
2018-12-25T12:02:55.906071391Z	67	PC: 13105 \| Get or set file attributes
2018-12-25T12:02:55.924229332Z	61	PC: 13116 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:55.932521504Z	66	PC: 13128 \| Move file pointer
2018-12-25T12:02:55.934286707Z	63	PC: 13133 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:55.941789767Z	66	PC: 1315e \| Move file pointer
2018-12-25T12:02:55.9444692Z	64	PC: 1316a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:55.948877623Z	66	PC: 13174 \| Move file pointer
2018-12-25T12:02:55.950710736Z	64	PC: 13183 \| Write file or device (Write 77 bytes on handle 5)
2018-12-25T12:02:55.954208641Z	44	PC: 13187 \| Get time 0x13187: push ds 0x13188: mov cx, 0x335 0x1318b: mov si, 0x8a 0x1318e: mov word ptr es:[0x23], dx 0x13193: xor word ptr es:[si], dx 0x13196: inc si 0x13197: sub dx, 0xdead 0x1319b: inc si 0x1319c: loop 0x13193 0x1319e: push bx 0x1319f: xor ax, ax 0x131a1: mov al, byte ptr [bp + 0x300] 0x131a5: mov bl, 3 0x131a7: mul bl 0x131a9: add ax, 3 0x131ac: mov word ptr [bp + 0x301], ax 0x131b0: lea si, word ptr [bp + 0x2aa] 0x131b4: xor di, di 0x131b6: movsb byte ptr es:[di], byte ptr [si] 0x131b7: mov bx, word ptr [bp + 0x27c]
2018-12-25T12:02:55.962378554Z	64	PC: 13224 \| Write file or device (Write 34 bytes on handle 5)
2018-12-25T12:02:55.971309328Z	64	PC: 1322f \| Write file or device (Write 1707 bytes on handle 5)
2018-12-25T12:02:55.980848619Z	87	PC: 13244 \| Get or set file date and time
2018-12-25T12:02:55.982619915Z	62	PC: 13248 \| Close file
2018-12-25T12:02:55.991139897Z	37	PC: 12ea4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')