Sample viewer

vx.netlux.org/Virus.DOS.Vienna.1387

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:28.002390273Z	255	PC: 12a52 \| UNKNOWN!
2018-12-17T22:53:28.003644327Z	48	PC: 12a89 \| Get DOS version
2018-12-17T22:53:28.004615894Z	44	PC: 12aad \| Get time 0x12aad: xor bx, bx 0x12aaf: add al, 0xae 0x12ab1: sub al, 0xae 0x12ab3: cmp dl, 4 0x12ab6: jle 0x12abb 0x12ab8: nop 0x12ab9: jmp 0x12ade 0x12abb: mov dl, 0x96 0x12abd: mov dl, byte ptr [bx + si + 0x97] 0x12ac1: or dl, dl 0x12ac3: jmp 0x12ac5 0x12ac5: je 0x12ade 0x12ac7: nop 0x12ac8: sub dl, 0x4b 0x12acb: mov ah, 0xc6 0x12acd: mov ah, 2 0x12acf: add al, 0xc4 0x12ad1: sub al, 0xc4 0x12ad3: int 0x21 0x12ad5: inc bx
2018-12-17T22:53:28.00615178Z	42	PC: 12ae3 \| Get date 0x12ae3: cmp dh, 3 0x12ae6: nop 0x12ae7: jne 0x12b64 0x12ae9: cmp dl, 0x18 0x12aec: jne 0x12b64 0x12aee: mov ah, 0x2c 0x12af0: int 0x21 0x12af2: xor dx, 6 0x12af5: xor dx, 6 0x12af8: cmp ch, 7 0x12afb: jne 0x12b64 0x12afd: xor cx, 0xc9 0x12b01: xor cx, 0xc9 0x12b05: cmp cl, 0x2d 0x12b08: jmp 0x12b0a 0x12b0a: jne 0x12b64 0x12b0c: xor bx, bx 0x12b0e: mov dl, byte ptr [bx + si + 0xf9] 0x12b12: jmp 0x12b14 0x12b14: or dl, dl
2018-12-17T22:53:28.007855521Z	47	PC: 12b79 \| Get disk transfer address
2018-12-17T22:53:28.009206277Z	26	PC: 12b8d \| Set disk transfer address
2018-12-17T22:53:28.010643957Z	78	PC: 12c69 \| Find first file
2018-12-17T22:53:28.018044166Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.021133976Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.023892169Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.026606345Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.029650962Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.032396511Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.035115666Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.038153827Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.040755417Z	78	PC: 12c69 \| Find first file
2018-12-17T22:53:28.050615514Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.054405528Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.057694484Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.064385354Z	79	PC: 12c78 \| Find next file
2018-12-17T22:53:28.071522299Z	26	PC: 12e3b \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11226,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:10.580092769Z	255	PC: 12a52 \| UNKNOWN!
2018-12-25T12:30:10.590633527Z	48	PC: 12a89 \| Get DOS version
2018-12-25T12:30:10.594444036Z	44	PC: 12aad \| Get time 0x12aad: xor bx, bx 0x12aaf: add al, 0xae 0x12ab1: sub al, 0xae 0x12ab3: cmp dl, 4 0x12ab6: jle 0x12abb 0x12ab8: nop 0x12ab9: jmp 0x12ade 0x12abb: mov dl, 0x96 0x12abd: mov dl, byte ptr [bx + si + 0x97] 0x12ac1: or dl, dl 0x12ac3: jmp 0x12ac5 0x12ac5: je 0x12ade 0x12ac7: nop 0x12ac8: sub dl, 0x4b 0x12acb: mov ah, 0xc6 0x12acd: mov ah, 2 0x12acf: add al, 0xc4 0x12ad1: sub al, 0xc4 0x12ad3: int 0x21 0x12ad5: inc bx
2018-12-25T12:30:10.596694707Z	42	PC: 12ae3 \| Get date 0x12ae3: cmp dh, 3 0x12ae6: nop 0x12ae7: jne 0x12b64 0x12ae9: cmp dl, 0x18 0x12aec: jne 0x12b64 0x12aee: mov ah, 0x2c 0x12af0: int 0x21 0x12af2: xor dx, 6 0x12af5: xor dx, 6 0x12af8: cmp ch, 7 0x12afb: jne 0x12b64 0x12afd: xor cx, 0xc9 0x12b01: xor cx, 0xc9 0x12b05: cmp cl, 0x2d 0x12b08: jmp 0x12b0a 0x12b0a: jne 0x12b64 0x12b0c: xor bx, bx 0x12b0e: mov dl, byte ptr [bx + si + 0xf9] 0x12b12: jmp 0x12b14 0x12b14: or dl, dl
2018-12-25T12:30:10.601783351Z	47	PC: 12b79 \| Get disk transfer address
2018-12-25T12:30:10.603784661Z	26	PC: 12b8d \| Set disk transfer address
2018-12-25T12:30:10.605991298Z	78	PC: 12c69 \| Find first file
2018-12-25T12:30:10.612020577Z	79	PC: 12c78 \| Find next file
2018-12-25T12:30:10.615626998Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.618527449Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.621409778Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.636194504Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.639706381Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.642142323Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.647091363Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.649882855Z	78	PC: 12c69 \| Find first file (See above)
2018-12-25T12:30:10.658991306Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.662785579Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.66594949Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.671932697Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.678695894Z	26	PC: 12e3b \| Set disk transfer address

{"DateBased":true,"Day":24,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11226,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:10.659273199Z	255	PC: 12a52 \| UNKNOWN!
2018-12-25T12:30:10.661786594Z	48	PC: 12a89 \| Get DOS version
2018-12-25T12:30:10.665275654Z	44	PC: 12aad \| Get time 0x12aad: xor bx, bx 0x12aaf: add al, 0xae 0x12ab1: sub al, 0xae 0x12ab3: cmp dl, 4 0x12ab6: jle 0x12abb 0x12ab8: nop 0x12ab9: jmp 0x12ade 0x12abb: mov dl, 0x96 0x12abd: mov dl, byte ptr [bx + si + 0x97] 0x12ac1: or dl, dl 0x12ac3: jmp 0x12ac5 0x12ac5: je 0x12ade 0x12ac7: nop 0x12ac8: sub dl, 0x4b 0x12acb: mov ah, 0xc6 0x12acd: mov ah, 2 0x12acf: add al, 0xc4 0x12ad1: sub al, 0xc4 0x12ad3: int 0x21 0x12ad5: inc bx
2018-12-25T12:30:10.667811507Z	42	PC: 12ae3 \| Get date 0x12ae3: cmp dh, 3 0x12ae6: nop 0x12ae7: jne 0x12b64 0x12ae9: cmp dl, 0x18 0x12aec: jne 0x12b64 0x12aee: mov ah, 0x2c 0x12af0: int 0x21 0x12af2: xor dx, 6 0x12af5: xor dx, 6 0x12af8: cmp ch, 7 0x12afb: jne 0x12b64 0x12afd: xor cx, 0xc9 0x12b01: xor cx, 0xc9 0x12b05: cmp cl, 0x2d 0x12b08: jmp 0x12b0a 0x12b0a: jne 0x12b64 0x12b0c: xor bx, bx 0x12b0e: mov dl, byte ptr [bx + si + 0xf9] 0x12b12: jmp 0x12b14 0x12b14: or dl, dl
2018-12-25T12:30:10.670283736Z	44	PC: 12af2 \| Get time 0x12af2: xor dx, 6 0x12af5: xor dx, 6 0x12af8: cmp ch, 7 0x12afb: jne 0x12b64 0x12afd: xor cx, 0xc9 0x12b01: xor cx, 0xc9 0x12b05: cmp cl, 0x2d 0x12b08: jmp 0x12b0a 0x12b0a: jne 0x12b64 0x12b0c: xor bx, bx 0x12b0e: mov dl, byte ptr [bx + si + 0xf9] 0x12b12: jmp 0x12b14 0x12b14: or dl, dl 0x12b16: xor bx, 0x70 0x12b19: xor bx, 0x70 0x12b1c: je 0x12b32 0x12b1e: sub dl, 0x4b 0x12b21: mov ah, 0xb1 0x12b23: mov ah, 2 0x12b25: int 0x21
2018-12-25T12:30:10.674020717Z	47	PC: 12b79 \| Get disk transfer address
2018-12-25T12:30:10.675287892Z	26	PC: 12b8d \| Set disk transfer address
2018-12-25T12:30:10.676712621Z	78	PC: 12c69 \| Find first file
2018-12-25T12:30:10.684327206Z	79	PC: 12c78 \| Find next file
2018-12-25T12:30:10.687616383Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.690910544Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.694978277Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.698437103Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.701845728Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.706661427Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.7098232Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.712791497Z	78	PC: 12c69 \| Find first file (See above)
2018-12-25T12:30:10.724212353Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.728326388Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.732283729Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.743330105Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:10.750347778Z	26	PC: 12e3b \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11226,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:12.331959835Z	255	PC: 12a52 \| UNKNOWN!
2018-12-25T12:30:12.334296254Z	48	PC: 12a89 \| Get DOS version
2018-12-25T12:30:12.335906733Z	44	PC: 12aad \| Get time 0x12aad: xor bx, bx 0x12aaf: add al, 0xae 0x12ab1: sub al, 0xae 0x12ab3: cmp dl, 4 0x12ab6: jle 0x12abb 0x12ab8: nop 0x12ab9: jmp 0x12ade 0x12abb: mov dl, 0x96 0x12abd: mov dl, byte ptr [bx + si + 0x97] 0x12ac1: or dl, dl 0x12ac3: jmp 0x12ac5 0x12ac5: je 0x12ade 0x12ac7: nop 0x12ac8: sub dl, 0x4b 0x12acb: mov ah, 0xc6 0x12acd: mov ah, 2 0x12acf: add al, 0xc4 0x12ad1: sub al, 0xc4 0x12ad3: int 0x21 0x12ad5: inc bx
2018-12-25T12:30:12.338255177Z	42	PC: 12ae3 \| Get date 0x12ae3: cmp dh, 3 0x12ae6: nop 0x12ae7: jne 0x12b64 0x12ae9: cmp dl, 0x18 0x12aec: jne 0x12b64 0x12aee: mov ah, 0x2c 0x12af0: int 0x21 0x12af2: xor dx, 6 0x12af5: xor dx, 6 0x12af8: cmp ch, 7 0x12afb: jne 0x12b64 0x12afd: xor cx, 0xc9 0x12b01: xor cx, 0xc9 0x12b05: cmp cl, 0x2d 0x12b08: jmp 0x12b0a 0x12b0a: jne 0x12b64 0x12b0c: xor bx, bx 0x12b0e: mov dl, byte ptr [bx + si + 0xf9] 0x12b12: jmp 0x12b14 0x12b14: or dl, dl
2018-12-25T12:30:12.34178834Z	47	PC: 12b79 \| Get disk transfer address
2018-12-25T12:30:12.343095265Z	26	PC: 12b8d \| Set disk transfer address
2018-12-25T12:30:12.344628185Z	78	PC: 12c69 \| Find first file
2018-12-25T12:30:12.351085612Z	79	PC: 12c78 \| Find next file
2018-12-25T12:30:12.354572737Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:12.357526429Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:12.360733908Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:12.364166195Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:12.366606374Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:12.369678518Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:12.373060731Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:12.375614777Z	78	PC: 12c69 \| Find first file (See above)
2018-12-25T12:30:12.38151894Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:12.390626985Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:12.393201406Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:12.397512311Z	79	PC: 12c78 \| Find next file (See above)
2018-12-25T12:30:12.405836842Z	26	PC: 12e3b \| Set disk transfer address