Sample viewer

vx.netlux.org/Virus.DOS.Vienna.679.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:20.812696135Z 48 PC: 13034 | Get DOS version
2018-12-17T22:50:20.815160966Z 42 PC: 1303f | Get date 0x1303f: cmp cx, 0x7bc
0x13043: jne 0x1304c
0x13045: mov byte ptr [0x52a], 1
0x1304a: jmp 0x13073
0x1304c: mov bh, byte ptr [0x529]
0x13050: mov byte ptr [0x529], dh
0x13054: cmp dh, bh
0x13056: ja 0x1305b
0x13058: add dh, 0xc
0x1305b: sub dh, bh
0x1305d: add al, 2
0x1305f: add si, word ptr [bp + si + 7]
0x13062: mov byte ptr [0x52a], 2
0x13067: jmp 0x13073
0x13069: cmp dl, 0x1f
0x1306c: jne 0x13073
0x1306e: mov byte ptr [0x52a], 3
0x13073: mov dx, 0x2c
0x13076: add dx, di
0x13078: mov bx, dx
2018-12-17T22:50:20.818159629Z 26 PC: 1307e | Set disk transfer address
2018-12-17T22:50:20.819639199Z 78 PC: 1308d | Find first file
2018-12-17T22:50:20.826598223Z 67 PC: 130e8 | Get or set file attributes
2018-12-17T22:50:20.834446948Z 67 PC: 130f8 | Get or set file attributes
2018-12-17T22:50:20.850926228Z 61 PC: 13102 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:20.858390902Z 87 PC: 1310e | Get or set file date and time
2018-12-17T22:50:20.861316307Z 63 PC: 13120 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:20.868635629Z 66 PC: 13134 | Move file pointer
2018-12-17T22:50:20.870604658Z 64 PC: 13164 | Write file or device (Write 679 bytes on handle 5)
2018-12-17T22:50:20.881426749Z 66 PC: 13178 | Move file pointer
2018-12-17T22:50:20.883289809Z 64 PC: 13186 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:20.890584384Z 87 PC: 13199 | Get or set file date and time
2018-12-17T22:50:20.894051437Z 62 PC: 1319d | Close file
2018-12-17T22:50:20.90301139Z 67 PC: 131a5 | Get or set file attributes
2018-12-17T22:50:20.907851883Z 26 PC: 131ac | Set disk transfer address
2018-12-17T22:50:20.910384271Z 9 PC: 131d2 | Display string (String= ' BE CAERFULL!!! IN YOUR COMPUTER IS ONE POWERFULL CREEPER!!!')
2018-12-17T22:50:20.914943336Z 76 PC: 131c4 | Terminate with return code (Return code = '19')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10191,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:26.383609124Z 48 PC: 13034 | Get DOS version
2018-12-25T12:27:26.385163663Z 42 PC: 1303f | Get date 0x1303f: cmp cx, 0x7bc
0x13043: jne 0x1304c
0x13045: mov byte ptr [0x52a], 1
0x1304a: jmp 0x13073
0x1304c: mov bh, byte ptr [0x529]
0x13050: mov byte ptr [0x529], dh
0x13054: cmp dh, bh
0x13056: ja 0x1305b
0x13058: add dh, 0xc
0x1305b: sub dh, bh
0x1305d: add al, 2
0x1305f: add si, word ptr [bp + si + 7]
0x13062: mov byte ptr [0x52a], 2
0x13067: jmp 0x13073
0x13069: cmp dl, 0x1f
0x1306c: jne 0x13073
0x1306e: mov byte ptr [0x52a], 3
0x13073: mov dx, 0x2c
0x13076: add dx, di
0x13078: mov bx, dx
2018-12-25T12:27:26.386691404Z 26 PC: 1307e | Set disk transfer address
2018-12-25T12:27:26.387561716Z 78 PC: 1308d | Find first file
2018-12-25T12:27:26.391846352Z 67 PC: 130e8 | Get or set file attributes
2018-12-25T12:27:26.395851293Z 67 PC: 130f8 | Get or set file attributes
2018-12-25T12:27:26.983666267Z 61 PC: 13102 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:26.990986189Z 87 PC: 1310e | Get or set file date and time
2018-12-25T12:27:26.992551569Z 63 PC: 13120 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:26.99884306Z 66 PC: 13134 | Move file pointer
2018-12-25T12:27:27.000818319Z 64 PC: 13164 | Write file or device (Write 679 bytes on handle 5)
2018-12-25T12:27:27.009249561Z 66 PC: 13178 | Move file pointer
2018-12-25T12:27:27.010848236Z 64 PC: 13186 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:27.017883423Z 87 PC: 13199 | Get or set file date and time
2018-12-25T12:27:27.01929517Z 62 PC: 1319d | Close file
2018-12-25T12:27:27.026771598Z 67 PC: 131a5 | Get or set file attributes
2018-12-25T12:27:27.031121085Z 26 PC: 131ac | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10191,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:26.683211767Z 48 PC: 13034 | Get DOS version
2018-12-25T12:27:26.69091731Z 42 PC: 1303f | Get date 0x1303f: cmp cx, 0x7bc
0x13043: jne 0x1304c
0x13045: mov byte ptr [0x52a], 1
0x1304a: jmp 0x13073
0x1304c: mov bh, byte ptr [0x529]
0x13050: mov byte ptr [0x529], dh
0x13054: cmp dh, bh
0x13056: ja 0x1305b
0x13058: add dh, 0xc
0x1305b: sub dh, bh
0x1305d: add al, 2
0x1305f: add si, word ptr [bp + si + 7]
0x13062: mov byte ptr [0x52a], 2
0x13067: jmp 0x13073
0x13069: cmp dl, 0x1f
0x1306c: jne 0x13073
0x1306e: mov byte ptr [0x52a], 3
0x13073: mov dx, 0x2c
0x13076: add dx, di
0x13078: mov bx, dx
2018-12-25T12:27:26.693162845Z 26 PC: 1307e | Set disk transfer address
2018-12-25T12:27:26.694183413Z 78 PC: 1308d | Find first file
2018-12-25T12:27:26.700764961Z 67 PC: 130e8 | Get or set file attributes
2018-12-25T12:27:26.706350197Z 67 PC: 130f8 | Get or set file attributes
2018-12-25T12:27:26.985108114Z 61 PC: 13102 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:26.992896038Z 87 PC: 1310e | Get or set file date and time
2018-12-25T12:27:26.994592457Z 63 PC: 13120 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:27.001109327Z 66 PC: 13134 | Move file pointer
2018-12-25T12:27:27.002868034Z 64 PC: 13164 | Write file or device (Write 679 bytes on handle 5)
2018-12-25T12:27:27.01359104Z 66 PC: 13178 | Move file pointer
2018-12-25T12:27:27.015381475Z 64 PC: 13186 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:27.022793108Z 87 PC: 13199 | Get or set file date and time
2018-12-25T12:27:27.025477948Z 62 PC: 1319d | Close file
2018-12-25T12:27:27.045249752Z 67 PC: 131a5 | Get or set file attributes
2018-12-25T12:27:27.049630834Z 26 PC: 131ac | Set disk transfer address
2018-12-25T12:27:27.053117114Z 9 PC: 131d2 | Display string (String= ' BE CAERFULL!!! IN YOUR COMPUTER IS ONE POWERFULL CREEPER!!!')
2018-12-25T12:27:27.05709725Z 76 PC: 131c4 | Terminate with return code (Return code = '19')