Sample viewer

vx.netlux.org/Virus.DOS.Seeg.1844

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:47:37.1844531Z	53	PC: 12ec0 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:37.186009845Z	37	PC: 12ed3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:37.187702886Z	73	PC: 12d11 \| Release memory
2018-12-17T22:47:37.189407438Z	72	PC: 12d19 \| Allocate memory
2018-12-17T22:47:37.191536228Z	74	PC: 12d22 \| Reallocate memory
2018-12-17T22:47:37.194066211Z	72	PC: 12d2a \| Allocate memory
2018-12-17T22:47:37.195845323Z	44	PC: 12d3d \| Get time 0x12d3d: cmp dh, 0x22 0x12d40: jne 0x12d45 0x12d42: call 0x12e63 0x12d45: push es 0x12d46: call 0x12f83 0x12d49: pop es 0x12d4a: call 0x1307d 0x12d4d: lea si, word ptr [bp + 0x39e] 0x12d51: mov ax, dx 0x12d53: xor bx, bx 0x12d55: call 0x12e8d 0x12d58: xor ax, 0x1234 0x12d5b: call 0x12e8d 0x12d5e: mov ax, word ptr [si] 0x12d60: xor ah, ah 0x12d62: mov bl, 2 0x12d64: div bl 0x12d66: xor ah, ah 0x12d68: mov byte ptr [bp + 0x3ad], al 0x12d6c: push si
2018-12-17T22:47:37.199124754Z	26	PC: 1309e \| Set disk transfer address
2018-12-17T22:47:37.201421229Z	78	PC: 130a7 \| Find first file
2018-12-17T22:47:37.208122619Z	67	PC: 13110 \| Get or set file attributes
2018-12-17T22:47:37.224605786Z	61	PC: 13121 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:47:37.232614783Z	66	PC: 13130 \| Move file pointer
2018-12-17T22:47:37.234559506Z	63	PC: 1313b \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:37.242824644Z	66	PC: 13163 \| Move file pointer
2018-12-17T22:47:37.245964803Z	64	PC: 1316e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:37.249697366Z	66	PC: 13176 \| Move file pointer
2018-12-17T22:47:37.252835802Z	64	PC: 13185 \| Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:47:37.255835487Z	44	PC: 13189 \| Get time 0x13189: push ds 0x1318a: mov cx, 0x37a 0x1318d: mov si, 0x8a 0x13190: mov word ptr es:[0x23], dx 0x13195: xor word ptr es:[si], dx 0x13198: inc si 0x13199: sub dx, 0xdead 0x1319d: inc si 0x1319e: loop 0x13195 0x131a0: push bx 0x131a1: xor ax, ax 0x131a3: mov al, byte ptr [bp + 0x3ae] 0x131a7: mov bl, 3 0x131a9: mul bl 0x131ab: add ax, 3 0x131ae: mov word ptr [bp + 0x3af], ax 0x131b2: lea si, word ptr [bp + 0x2aa] 0x131b6: xor di, di 0x131b8: movsb byte ptr es:[di], byte ptr [si] 0x131b9: mov bx, word ptr [bp + 0x27c]
2018-12-17T22:47:37.262397966Z	64	PC: 13225 \| Write file or device (Write 34 bytes on handle 5)
2018-12-17T22:47:37.265495155Z	64	PC: 13230 \| Write file or device (Write 1844 bytes on handle 5)
2018-12-17T22:47:37.274623084Z	87	PC: 13245 \| Get or set file date and time
2018-12-17T22:47:37.27688286Z	62	PC: 13249 \| Close file
2018-12-17T22:47:37.285678704Z	37	PC: 12eba \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:37.287266988Z	73	PC: 13252 \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9274,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:47.396059134Z	53	PC: 12ec0 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:47.397944671Z	37	PC: 12ed3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:47.399532478Z	73	PC: 12d11 \| Release memory
2018-12-25T12:22:47.401279918Z	72	PC: 12d19 \| Allocate memory
2018-12-25T12:22:47.403448525Z	74	PC: 12d22 \| Reallocate memory
2018-12-25T12:22:47.405815195Z	72	PC: 12d2a \| Allocate memory
2018-12-25T12:22:47.407331115Z	44	PC: 12d3d \| Get time 0x12d3d: cmp dh, 0x22 0x12d40: jne 0x12d45 0x12d42: call 0x12e63 0x12d45: push es 0x12d46: call 0x12f83 0x12d49: pop es 0x12d4a: call 0x1307d 0x12d4d: lea si, word ptr [bp + 0x39e] 0x12d51: mov ax, dx 0x12d53: xor bx, bx 0x12d55: call 0x12e8d 0x12d58: xor ax, 0x1234 0x12d5b: call 0x12e8d 0x12d5e: mov ax, word ptr [si] 0x12d60: xor ah, ah 0x12d62: mov bl, 2 0x12d64: div bl 0x12d66: xor ah, ah 0x12d68: mov byte ptr [bp + 0x3ad], al 0x12d6c: push si
2018-12-25T12:22:47.41042368Z	26	PC: 1309e \| Set disk transfer address
2018-12-25T12:22:47.412275891Z	78	PC: 130a7 \| Find first file
2018-12-25T12:22:47.419233277Z	67	PC: 13110 \| Get or set file attributes
2018-12-25T12:22:47.435980219Z	61	PC: 13121 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:47.456214522Z	66	PC: 13130 \| Move file pointer
2018-12-25T12:22:47.457274086Z	63	PC: 1313b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:47.464056645Z	66	PC: 13163 \| Move file pointer
2018-12-25T12:22:47.465961308Z	64	PC: 1316e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:47.467997625Z	66	PC: 13176 \| Move file pointer
2018-12-25T12:22:47.469493676Z	64	PC: 13185 \| Write file or device (Write 39 bytes on handle 5)
2018-12-25T12:22:47.472643837Z	44	PC: 13189 \| Get time 0x13189: push ds 0x1318a: mov cx, 0x37a 0x1318d: mov si, 0x8a 0x13190: mov word ptr es:[0x23], dx 0x13195: xor word ptr es:[si], dx 0x13198: inc si 0x13199: sub dx, 0xdead 0x1319d: inc si 0x1319e: loop 0x13195 0x131a0: push bx 0x131a1: xor ax, ax 0x131a3: mov al, byte ptr [bp + 0x3ae] 0x131a7: mov bl, 3 0x131a9: mul bl 0x131ab: add ax, 3 0x131ae: mov word ptr [bp + 0x3af], ax 0x131b2: lea si, word ptr [bp + 0x2aa] 0x131b6: xor di, di 0x131b8: movsb byte ptr es:[di], byte ptr [si] 0x131b9: mov bx, word ptr [bp + 0x27c]
2018-12-25T12:22:47.475913926Z	64	PC: 13225 \| Write file or device (Write 25 bytes on handle 5)
2018-12-25T12:22:47.477763718Z	64	PC: 13230 \| Write file or device (Write 1844 bytes on handle 5)
2018-12-25T12:22:47.483893123Z	87	PC: 13245 \| Get or set file date and time
2018-12-25T12:22:47.485214268Z	62	PC: 13249 \| Close file
2018-12-25T12:22:47.491421557Z	37	PC: 12eba \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:47.492424015Z	73	PC: 13252 \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":34,"TimeBased":true,"OriginalID":9274,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:47.931966296Z	53	PC: 12ec0 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:47.933694743Z	37	PC: 12ed3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:47.93495926Z	73	PC: 12d11 \| Release memory
2018-12-25T12:22:47.936319091Z	72	PC: 12d19 \| Allocate memory
2018-12-25T12:22:47.938561168Z	74	PC: 12d22 \| Reallocate memory
2018-12-25T12:22:47.940328988Z	72	PC: 12d2a \| Allocate memory
2018-12-25T12:22:47.942190097Z	44	PC: 12d3d \| Get time 0x12d3d: cmp dh, 0x22 0x12d40: jne 0x12d45 0x12d42: call 0x12e63 0x12d45: push es 0x12d46: call 0x12f83 0x12d49: pop es 0x12d4a: call 0x1307d 0x12d4d: lea si, word ptr [bp + 0x39e] 0x12d51: mov ax, dx 0x12d53: xor bx, bx 0x12d55: call 0x12e8d 0x12d58: xor ax, 0x1234 0x12d5b: call 0x12e8d 0x12d5e: mov ax, word ptr [si] 0x12d60: xor ah, ah 0x12d62: mov bl, 2 0x12d64: div bl 0x12d66: xor ah, ah 0x12d68: mov byte ptr [bp + 0x3ad], al 0x12d6c: push si
2018-12-25T12:22:47.955428515Z	26	PC: 1309e \| Set disk transfer address
2018-12-25T12:22:47.957110889Z	78	PC: 130a7 \| Find first file
2018-12-25T12:22:47.968571188Z	67	PC: 13110 \| Get or set file attributes
2018-12-25T12:22:47.999650155Z	61	PC: 13121 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:48.006381527Z	66	PC: 13130 \| Move file pointer
2018-12-25T12:22:48.007709939Z	63	PC: 1313b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:48.020640959Z	66	PC: 13163 \| Move file pointer
2018-12-25T12:22:48.022725627Z	64	PC: 1316e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:48.025275961Z	66	PC: 13176 \| Move file pointer
2018-12-25T12:22:48.026579117Z	64	PC: 13185 \| Write file or device (Write 71 bytes on handle 5)
2018-12-25T12:22:48.041996104Z	44	PC: 13189 \| Get time 0x13189: push ds 0x1318a: mov cx, 0x37a 0x1318d: mov si, 0x8a 0x13190: mov word ptr es:[0x23], dx 0x13195: xor word ptr es:[si], dx 0x13198: inc si 0x13199: sub dx, 0xdead 0x1319d: inc si 0x1319e: loop 0x13195 0x131a0: push bx 0x131a1: xor ax, ax 0x131a3: mov al, byte ptr [bp + 0x3ae] 0x131a7: mov bl, 3 0x131a9: mul bl 0x131ab: add ax, 3 0x131ae: mov word ptr [bp + 0x3af], ax 0x131b2: lea si, word ptr [bp + 0x2aa] 0x131b6: xor di, di 0x131b8: movsb byte ptr es:[di], byte ptr [si] 0x131b9: mov bx, word ptr [bp + 0x27c]
2018-12-25T12:22:48.047283363Z	64	PC: 13225 \| Write file or device (Write 25 bytes on handle 5)
2018-12-25T12:22:48.049900779Z	64	PC: 13230 \| Write file or device (Write 1844 bytes on handle 5)
2018-12-25T12:22:48.071775399Z	87	PC: 13245 \| Get or set file date and time
2018-12-25T12:22:48.073218307Z	62	PC: 13249 \| Close file
2018-12-25T12:22:48.092903601Z	37	PC: 12eba \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:48.094556448Z	73	PC: 13252 \| Release memory