Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1395

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:38.122474763Z	73	PC: 12c16 \| Release memory
2018-12-17T22:44:38.124994455Z	72	PC: 12c23 \| Allocate memory
2018-12-17T22:44:38.133218021Z	74	PC: 12c30 \| Reallocate memory
2018-12-17T22:44:38.1351028Z	72	PC: 12c38 \| Allocate memory
2018-12-17T22:44:38.137166456Z	44	PC: 12c50 \| Get time 0x12c50: cmp dh, 0x22 0x12c53: jne 0x12c5b 0x12c55: nop 0x12c56: nop 0x12c57: nop 0x12c58: call 0x12daa 0x12c5b: call 0x12eb2 0x12c5e: lea si, word ptr [bp + 0x2b2] 0x12c62: mov ax, dx 0x12c64: xor bx, bx 0x12c66: call 0x12de0 0x12c69: xor ax, 0x1234 0x12c6c: call 0x12de0 0x12c6f: mov ax, word ptr [si] 0x12c71: xor ah, ah 0x12c73: mov bl, 2 0x12c75: div bl 0x12c77: xor ah, ah 0x12c79: mov byte ptr [bp + 0x2bf], al 0x12c7d: push si
2018-12-17T22:44:38.142345333Z	26	PC: 12ed3 \| Set disk transfer address
2018-12-17T22:44:38.143981847Z	78	PC: 12edf \| Find first file
2018-12-17T22:44:38.151030214Z	67	PC: 12f58 \| Get or set file attributes
2018-12-17T22:44:38.170720165Z	61	PC: 12f69 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:44:38.179386001Z	66	PC: 12f7e \| Move file pointer
2018-12-17T22:44:38.181473421Z	63	PC: 12f89 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:38.191137833Z	66	PC: 12fb8 \| Move file pointer
2018-12-17T22:44:38.192787881Z	64	PC: 12fc4 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:38.19586458Z	66	PC: 12fce \| Move file pointer
2018-12-17T22:44:38.198014448Z	44	PC: 12fd2 \| Get time 0x12fd2: push ds 0x12fd3: mov cx, 0x2b9 0x12fd6: mov si, 0x49 0x12fd9: mov word ptr es:[0x23], dx 0x12fde: xor word ptr es:[si], dx 0x12fe1: inc si 0x12fe2: inc si 0x12fe3: loop 0x12fde 0x12fe5: push bx 0x12fe6: xor ax, ax 0x12fe8: mov al, byte ptr [bp + 0x2c0] 0x12fec: mov bl, 3 0x12fee: mul bl 0x12ff0: add ax, 3 0x12ff3: mov word ptr [bp + 0x2c1], ax 0x12ff7: lea si, word ptr [bp + 0x26c] 0x12ffb: xor di, di 0x12ffd: movsb byte ptr es:[di], byte ptr [si] 0x12ffe: mov bx, word ptr [bp + 0x23e] 0x13002: add bx, ax
2018-12-17T22:44:38.203416484Z	64	PC: 13066 \| Write file or device (Write 34 bytes on handle 5)
2018-12-17T22:44:38.207510964Z	64	PC: 13072 \| Write file or device (Write 1395 bytes on handle 5)
2018-12-17T22:44:38.217062954Z	87	PC: 13088 \| Get or set file date and time
2018-12-17T22:44:38.22032997Z	62	PC: 1308c \| Close file
2018-12-17T22:44:38.228504463Z	73	PC: 13092 \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8280,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:04:02.825253871Z	73	PC: 12c16 \| Release memory
2018-12-25T12:04:02.827109636Z	72	PC: 12c23 \| Allocate memory
2018-12-25T12:04:02.828989234Z	74	PC: 12c30 \| Reallocate memory
2018-12-25T12:04:02.830847314Z	72	PC: 12c38 \| Allocate memory
2018-12-25T12:04:02.832866479Z	44	PC: 12c50 \| Get time 0x12c50: cmp dh, 0x22 0x12c53: jne 0x12c5b 0x12c55: nop 0x12c56: nop 0x12c57: nop 0x12c58: call 0x12daa 0x12c5b: call 0x12eb2 0x12c5e: lea si, word ptr [bp + 0x2b2] 0x12c62: mov ax, dx 0x12c64: xor bx, bx 0x12c66: call 0x12de0 0x12c69: xor ax, 0x1234 0x12c6c: call 0x12de0 0x12c6f: mov ax, word ptr [si] 0x12c71: xor ah, ah 0x12c73: mov bl, 2 0x12c75: div bl 0x12c77: xor ah, ah 0x12c79: mov byte ptr [bp + 0x2bf], al 0x12c7d: push si
2018-12-25T12:04:02.836053595Z	26	PC: 12ed3 \| Set disk transfer address
2018-12-25T12:04:02.837018265Z	78	PC: 12edf \| Find first file
2018-12-25T12:04:02.84373834Z	67	PC: 12f58 \| Get or set file attributes
2018-12-25T12:04:02.861921908Z	61	PC: 12f69 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:04:02.86909044Z	66	PC: 12f7e \| Move file pointer
2018-12-25T12:04:02.870421286Z	63	PC: 12f89 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:02.877642077Z	66	PC: 12fb8 \| Move file pointer
2018-12-25T12:04:02.879029126Z	64	PC: 12fc4 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:02.881720406Z	66	PC: 12fce \| Move file pointer
2018-12-25T12:04:02.883611373Z	44	PC: 12fd2 \| Get time 0x12fd2: push ds 0x12fd3: mov cx, 0x2b9 0x12fd6: mov si, 0x49 0x12fd9: mov word ptr es:[0x23], dx 0x12fde: xor word ptr es:[si], dx 0x12fe1: inc si 0x12fe2: inc si 0x12fe3: loop 0x12fde 0x12fe5: push bx 0x12fe6: xor ax, ax 0x12fe8: mov al, byte ptr [bp + 0x2c0] 0x12fec: mov bl, 3 0x12fee: mul bl 0x12ff0: add ax, 3 0x12ff3: mov word ptr [bp + 0x2c1], ax 0x12ff7: lea si, word ptr [bp + 0x26c] 0x12ffb: xor di, di 0x12ffd: movsb byte ptr es:[di], byte ptr [si] 0x12ffe: mov bx, word ptr [bp + 0x23e] 0x13002: add bx, ax
2018-12-25T12:04:02.888204495Z	64	PC: 13066 \| Write file or device (Write 25 bytes on handle 5)
2018-12-25T12:04:02.891030548Z	64	PC: 13072 \| Write file or device (Write 1395 bytes on handle 5)
2018-12-25T12:04:02.901345116Z	87	PC: 13088 \| Get or set file date and time
2018-12-25T12:04:02.902898414Z	62	PC: 1308c \| Close file
2018-12-25T12:04:02.912089169Z	73	PC: 13092 \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":8280,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:04:03.585338574Z	73	PC: 12c16 \| Release memory
2018-12-25T12:04:03.587855823Z	72	PC: 12c23 \| Allocate memory
2018-12-25T12:04:03.589643007Z	74	PC: 12c30 \| Reallocate memory
2018-12-25T12:04:03.591017708Z	72	PC: 12c38 \| Allocate memory
2018-12-25T12:04:03.59245935Z	44	PC: 12c50 \| Get time 0x12c50: cmp dh, 0x22 0x12c53: jne 0x12c5b 0x12c55: nop 0x12c56: nop 0x12c57: nop 0x12c58: call 0x12daa 0x12c5b: call 0x12eb2 0x12c5e: lea si, word ptr [bp + 0x2b2] 0x12c62: mov ax, dx 0x12c64: xor bx, bx 0x12c66: call 0x12de0 0x12c69: xor ax, 0x1234 0x12c6c: call 0x12de0 0x12c6f: mov ax, word ptr [si] 0x12c71: xor ah, ah 0x12c73: mov bl, 2 0x12c75: div bl 0x12c77: xor ah, ah 0x12c79: mov byte ptr [bp + 0x2bf], al 0x12c7d: push si
2018-12-25T12:04:03.595796128Z	26	PC: 12ed3 \| Set disk transfer address
2018-12-25T12:04:03.596951843Z	78	PC: 12edf \| Find first file
2018-12-25T12:04:03.602951996Z	67	PC: 12f58 \| Get or set file attributes
2018-12-25T12:04:03.622014507Z	61	PC: 12f69 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:04:03.628905272Z	66	PC: 12f7e \| Move file pointer
2018-12-25T12:04:03.630164274Z	63	PC: 12f89 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:03.637706744Z	66	PC: 12fb8 \| Move file pointer
2018-12-25T12:04:03.639030357Z	64	PC: 12fc4 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:03.641538464Z	66	PC: 12fce \| Move file pointer
2018-12-25T12:04:03.643844211Z	44	PC: 12fd2 \| Get time 0x12fd2: push ds 0x12fd3: mov cx, 0x2b9 0x12fd6: mov si, 0x49 0x12fd9: mov word ptr es:[0x23], dx 0x12fde: xor word ptr es:[si], dx 0x12fe1: inc si 0x12fe2: inc si 0x12fe3: loop 0x12fde 0x12fe5: push bx 0x12fe6: xor ax, ax 0x12fe8: mov al, byte ptr [bp + 0x2c0] 0x12fec: mov bl, 3 0x12fee: mul bl 0x12ff0: add ax, 3 0x12ff3: mov word ptr [bp + 0x2c1], ax 0x12ff7: lea si, word ptr [bp + 0x26c] 0x12ffb: xor di, di 0x12ffd: movsb byte ptr es:[di], byte ptr [si] 0x12ffe: mov bx, word ptr [bp + 0x23e] 0x13002: add bx, ax
2018-12-25T12:04:03.647606311Z	64	PC: 13066 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:04:03.65044253Z	64	PC: 13072 \| Write file or device (Write 1395 bytes on handle 5)
2018-12-25T12:04:03.659878726Z	87	PC: 13088 \| Get or set file date and time
2018-12-25T12:04:03.661614655Z	62	PC: 1308c \| Close file
2018-12-25T12:04:03.669122114Z	73	PC: 13092 \| Release memory