Sample viewer

vx.netlux.org/Virus.DOS.Vienna.520

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:18.826966394Z	48	PC: 12ac9 \| Get DOS version
2018-12-17T22:51:18.828148856Z	47	PC: 12ad5 \| Get disk transfer address
2018-12-17T22:51:18.829626251Z	26	PC: 12ae2 \| Set disk transfer address
2018-12-17T22:51:18.830856172Z	78	PC: 12b55 \| Find first file
2018-12-17T22:51:18.837185502Z	67	PC: 12bc0 \| Get or set file attributes
2018-12-17T22:51:18.844345733Z	67	PC: 12bce \| Get or set file attributes
2018-12-17T22:51:18.8611761Z	61	PC: 12bd6 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:51:18.868127049Z	87	PC: 12be2 \| Get or set file date and time
2018-12-17T22:51:18.870681147Z	44	PC: 12bec \| Get time 0x12bec: mov ah, 0x3f 0x12bee: mov cx, 3 0x12bf1: lea dx, word ptr [si + 0x13] 0x12bf4: int 0x21 0x12bf6: jb 0x12c3f 0x12bf8: cmp ax, 3 0x12bfb: jne 0x12c3f 0x12bfd: mov ax, 0x4202 0x12c00: xor cx, cx 0x12c02: xor dx, dx 0x12c04: int 0x21 0x12c06: jb 0x12c3f 0x12c08: mov cx, ax 0x12c0a: sub ax, 3 0x12c0d: mov word ptr [si + 0x17], ax 0x12c10: add cx, 0x2e4 0x12c14: mov word ptr [si - 0x1e3], cx 0x12c18: mov ah, 0x40 0x12c1a: mov cx, 0x208 0x12c1d: nop
2018-12-17T22:51:18.872884516Z	63	PC: 12bf6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:51:18.879525501Z	66	PC: 12c06 \| Move file pointer
2018-12-17T22:51:18.88126016Z	64	PC: 12c24 \| Write file or device (Write 520 bytes on handle 5)
2018-12-17T22:51:18.889723519Z	66	PC: 12c33 \| Move file pointer
2018-12-17T22:51:18.891054069Z	64	PC: 12c3f \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:51:18.89732011Z	87	PC: 12c50 \| Get or set file date and time
2018-12-17T22:51:18.899989925Z	62	PC: 12c54 \| Close file
2018-12-17T22:51:18.912806743Z	67	PC: 12c5f \| Get or set file attributes
2018-12-17T22:51:18.924463361Z	26	PC: 12c6a \| Set disk transfer address
2018-12-17T22:51:18.926890571Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')