Sample viewer

vx.netlux.org/Virus.DOS.Vienna.311

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:23.128024169Z	48	PC: 12aba \| Get DOS version
2018-12-17T22:52:23.129816216Z	26	PC: 12ac7 \| Set disk transfer address
2018-12-17T22:52:23.132145231Z	78	PC: 12ad3 \| Find first file
2018-12-17T22:52:23.139099945Z	67	PC: 12b05 \| Get or set file attributes
2018-12-17T22:52:23.156926673Z	61	PC: 12b0a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:52:23.165580359Z	63	PC: 12b1d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:23.17369385Z	66	PC: 12b2c \| Move file pointer
2018-12-17T22:52:23.175645606Z	64	PC: 12b50 \| Write file or device (Write 311 bytes on handle 5)
2018-12-17T22:52:23.185811974Z	66	PC: 12b5a \| Move file pointer
2018-12-17T22:52:23.187799618Z	64	PC: 12b71 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:23.195223103Z	87	PC: 12b7c \| Get or set file date and time
2018-12-17T22:52:23.198121727Z	62	PC: 12b80 \| Close file
2018-12-17T22:52:23.20741202Z	67	PC: 12b8a \| Get or set file attributes
2018-12-17T22:52:23.218433383Z	26	PC: 12b91 \| Set disk transfer address
2018-12-17T22:52:23.220430705Z	44	PC: 12b95 \| Get time 0x12b95: and dh, 0xa 0x12b98: cmp dh, 0 0x12b9b: jne 0x12baf 0x12b9d: push es 0x12b9e: mov ax, ds 0x12ba0: mov es, ax 0x12ba2: sub di, 0x4b 0x12ba5: mov dx, di 0x12ba7: add di, 0xc 0x12baa: mov ah, 0x56 0x12bac: int 0x21 0x12bae: pop es 0x12baf: pop ax 0x12bb0: mov dx, 0x100 0x12bb3: push dx 0x12bb4: ret 0x12bb5: inc bx 0x12bb6: dec di 0x12bb7: dec bp 0x12bb8: dec bp

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":2,"TimeBased":true,"OriginalID":10865,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:24.058500932Z	48	PC: 12aba \| Get DOS version
2018-12-25T12:29:24.069561529Z	26	PC: 12ac7 \| Set disk transfer address
2018-12-25T12:29:24.071477771Z	78	PC: 12ad3 \| Find first file
2018-12-25T12:29:24.078674736Z	67	PC: 12b05 \| Get or set file attributes
2018-12-25T12:29:24.097964347Z	61	PC: 12b0a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:24.105729719Z	63	PC: 12b1d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:24.113841492Z	66	PC: 12b2c \| Move file pointer
2018-12-25T12:29:24.116194161Z	64	PC: 12b50 \| Write file or device (Write 311 bytes on handle 5)
2018-12-25T12:29:24.126148447Z	66	PC: 12b5a \| Move file pointer
2018-12-25T12:29:24.128260893Z	64	PC: 12b71 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:24.136802612Z	87	PC: 12b7c \| Get or set file date and time
2018-12-25T12:29:24.139895395Z	62	PC: 12b80 \| Close file
2018-12-25T12:29:24.149391952Z	67	PC: 12b8a \| Get or set file attributes
2018-12-25T12:29:24.171170761Z	26	PC: 12b91 \| Set disk transfer address
2018-12-25T12:29:24.173482078Z	44	PC: 12b95 \| Get time 0x12b95: and dh, 0xa 0x12b98: cmp dh, 0 0x12b9b: jne 0x12baf 0x12b9d: push es 0x12b9e: mov ax, ds 0x12ba0: mov es, ax 0x12ba2: sub di, 0x4b 0x12ba5: mov dx, di 0x12ba7: add di, 0xc 0x12baa: mov ah, 0x56 0x12bac: int 0x21 0x12bae: pop es 0x12baf: pop ax 0x12bb0: mov dx, 0x100 0x12bb3: push dx 0x12bb4: ret 0x12bb5: inc bx 0x12bb6: dec di 0x12bb7: dec bp 0x12bb8: dec bp
2018-12-25T12:29:24.176577081Z	86	PC: 12bae \| Rename file

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10865,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:24.107027142Z	48	PC: 12aba \| Get DOS version
2018-12-25T12:29:24.109636111Z	26	PC: 12ac7 \| Set disk transfer address
2018-12-25T12:29:24.111034707Z	78	PC: 12ad3 \| Find first file
2018-12-25T12:29:24.117223713Z	67	PC: 12b05 \| Get or set file attributes
2018-12-25T12:29:24.132257269Z	61	PC: 12b0a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:24.154878018Z	63	PC: 12b1d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:24.16172625Z	66	PC: 12b2c \| Move file pointer
2018-12-25T12:29:24.163293292Z	64	PC: 12b50 \| Write file or device (Write 311 bytes on handle 5)
2018-12-25T12:29:24.171817317Z	66	PC: 12b5a \| Move file pointer
2018-12-25T12:29:24.173351248Z	64	PC: 12b71 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:24.179796416Z	87	PC: 12b7c \| Get or set file date and time
2018-12-25T12:29:24.182348483Z	62	PC: 12b80 \| Close file
2018-12-25T12:29:24.196032321Z	67	PC: 12b8a \| Get or set file attributes
2018-12-25T12:29:24.206871641Z	26	PC: 12b91 \| Set disk transfer address
2018-12-25T12:29:24.21531059Z	44	PC: 12b95 \| Get time 0x12b95: and dh, 0xa 0x12b98: cmp dh, 0 0x12b9b: jne 0x12baf 0x12b9d: push es 0x12b9e: mov ax, ds 0x12ba0: mov es, ax 0x12ba2: sub di, 0x4b 0x12ba5: mov dx, di 0x12ba7: add di, 0xc 0x12baa: mov ah, 0x56 0x12bac: int 0x21 0x12bae: pop es 0x12baf: pop ax 0x12bb0: mov dx, 0x100 0x12bb3: push dx 0x12bb4: ret 0x12bb5: inc bx 0x12bb6: dec di 0x12bb7: dec bp 0x12bb8: dec bp