Sample viewer

vx.netlux.org/Virus.DOS.Vienna.733.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:34.545912027Z	48	PC: 12d54 \| Get DOS version
2018-12-17T22:54:34.547500162Z	47	PC: 12d60 \| Get disk transfer address
2018-12-17T22:54:34.549221738Z	26	PC: 12d73 \| Set disk transfer address
2018-12-17T22:54:34.550532717Z	78	PC: 12dff \| Find first file
2018-12-17T22:54:34.5580776Z	67	PC: 12e3d \| Get or set file attributes
2018-12-17T22:54:34.565315801Z	67	PC: 12e50 \| Get or set file attributes
2018-12-17T22:54:34.583725021Z	61	PC: 12e5b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:34.591951014Z	87	PC: 12e67 \| Get or set file date and time
2018-12-17T22:54:34.594683382Z	63	PC: 12e95 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:54:34.60290863Z	66	PC: 12ea7 \| Move file pointer
2018-12-17T22:54:34.605205677Z	64	PC: 12ecb \| Write file or device (Write 733 bytes on handle 5)
2018-12-17T22:54:34.616480174Z	66	PC: 12edd \| Move file pointer
2018-12-17T22:54:34.618179588Z	64	PC: 12eec \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:54:34.626368824Z	87	PC: 12f01 \| Get or set file date and time
2018-12-17T22:54:34.629836006Z	62	PC: 12f05 \| Close file
2018-12-17T22:54:34.641430894Z	67	PC: 12f14 \| Get or set file attributes
2018-12-17T22:54:34.652684671Z	26	PC: 12f21 \| Set disk transfer address
2018-12-17T22:54:34.656123698Z	42	PC: 12ffa \| Get date 0x12ffa: cmp dl, 2 0x12ffd: jne 0x13012 0x12fff: mov al, 0xb6 0x13001: out 0x43, al 0x13003: mov ax, 0x200 0x13006: out 0x42, al 0x13008: mov al, ah 0x1300a: out 0x42, al 0x1300c: in al, 0x61 0x1300e: or al, 3 0x13010: out 0x61, al 0x13012: xor ax, ax 0x13014: xor bx, bx 0x13016: ret 0x13017: pop si 0x13018: fisttp dword ptr [bp - 0x323d] 0x1301c: and word ptr [bx + 0xa], di 0x13020: mov ax, 0x17e 0x13023: stosw word ptr es:[di], ax 0x13024: mov ax, ds
2018-12-17T22:54:34.65938478Z	9	PC: 12b00 \| Display string (String= ' 654336 Bytes Total Memory ')
2018-12-17T22:54:34.662530411Z	9	PC: 12b51 \| Display string (String= ' 578240 Bytes Available Memory (88.37%) ')
2018-12-17T22:54:34.667552979Z	53	PC: 12b76 \| Get interrupt vector (Interrupt = '103' AKA 'Set handle count')
2018-12-17T22:54:34.670402429Z	76	PC: 12c01 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11601,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:52.504865898Z	48	PC: 12d54 \| Get DOS version
2018-12-25T12:30:52.506269648Z	47	PC: 12d60 \| Get disk transfer address
2018-12-25T12:30:52.507243418Z	26	PC: 12d73 \| Set disk transfer address
2018-12-25T12:30:52.508295213Z	78	PC: 12dff \| Find first file
2018-12-25T12:30:52.514497863Z	67	PC: 12e3d \| Get or set file attributes
2018-12-25T12:30:52.519884054Z	67	PC: 12e50 \| Get or set file attributes
2018-12-25T12:30:52.536400138Z	61	PC: 12e5b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:52.54326492Z	87	PC: 12e67 \| Get or set file date and time
2018-12-25T12:30:52.544927045Z	63	PC: 12e95 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:52.551973968Z	66	PC: 12ea7 \| Move file pointer
2018-12-25T12:30:52.554682544Z	64	PC: 12ecb \| Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:30:52.563143545Z	66	PC: 12edd \| Move file pointer
2018-12-25T12:30:52.564915365Z	64	PC: 12eec \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:52.57158574Z	87	PC: 12f01 \| Get or set file date and time
2018-12-25T12:30:52.573492011Z	62	PC: 12f05 \| Close file
2018-12-25T12:30:52.581420595Z	67	PC: 12f14 \| Get or set file attributes
2018-12-25T12:30:52.591383648Z	26	PC: 12f21 \| Set disk transfer address
2018-12-25T12:30:52.594301408Z	42	PC: 12ffa \| Get date 0x12ffa: cmp dl, 2 0x12ffd: jne 0x13012 0x12fff: mov al, 0xb6 0x13001: out 0x43, al 0x13003: mov ax, 0x200 0x13006: out 0x42, al 0x13008: mov al, ah 0x1300a: out 0x42, al 0x1300c: in al, 0x61 0x1300e: or al, 3 0x13010: out 0x61, al 0x13012: xor ax, ax 0x13014: xor bx, bx 0x13016: ret 0x13017: pop si 0x13018: fisttp dword ptr [bp - 0x323d] 0x1301c: and word ptr [bx + 0xa], di 0x13020: mov ax, 0x17e 0x13023: stosw word ptr es:[di], ax 0x13024: mov ax, ds
2018-12-25T12:30:52.596707612Z	9	PC: 12b00 \| Display string (String= ' 654336 Bytes Total Memory ')
2018-12-25T12:30:52.60081235Z	9	PC: 12b51 \| Display string (String= ' 578240 Bytes Available Memory (88.37%) ')
2018-12-25T12:30:52.60771933Z	53	PC: 12b76 \| Get interrupt vector (Interrupt = '103' AKA 'Set handle count')
2018-12-25T12:30:52.608820675Z	76	PC: 12c01 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11601,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:52.824700741Z	48	PC: 12d54 \| Get DOS version
2018-12-25T12:30:52.826792Z	47	PC: 12d60 \| Get disk transfer address
2018-12-25T12:30:52.827725426Z	26	PC: 12d73 \| Set disk transfer address
2018-12-25T12:30:52.828853549Z	78	PC: 12dff \| Find first file
2018-12-25T12:30:52.834765185Z	67	PC: 12e3d \| Get or set file attributes
2018-12-25T12:30:52.840883202Z	67	PC: 12e50 \| Get or set file attributes
2018-12-25T12:30:52.85726744Z	61	PC: 12e5b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:52.86414417Z	87	PC: 12e67 \| Get or set file date and time
2018-12-25T12:30:52.866647945Z	63	PC: 12e95 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:52.872759337Z	66	PC: 12ea7 \| Move file pointer
2018-12-25T12:30:52.874220571Z	64	PC: 12ecb \| Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:30:52.882574164Z	66	PC: 12edd \| Move file pointer
2018-12-25T12:30:52.884179776Z	64	PC: 12eec \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:52.891062919Z	87	PC: 12f01 \| Get or set file date and time
2018-12-25T12:30:52.893029834Z	62	PC: 12f05 \| Close file
2018-12-25T12:30:52.900959267Z	67	PC: 12f14 \| Get or set file attributes
2018-12-25T12:30:52.910609711Z	26	PC: 12f21 \| Set disk transfer address
2018-12-25T12:30:52.91844854Z	42	PC: 12ffa \| Get date 0x12ffa: cmp dl, 2 0x12ffd: jne 0x13012 0x12fff: mov al, 0xb6 0x13001: out 0x43, al 0x13003: mov ax, 0x200 0x13006: out 0x42, al 0x13008: mov al, ah 0x1300a: out 0x42, al 0x1300c: in al, 0x61 0x1300e: or al, 3 0x13010: out 0x61, al 0x13012: xor ax, ax 0x13014: xor bx, bx 0x13016: ret 0x13017: pop si 0x13018: fisttp dword ptr [bp - 0x323d] 0x1301c: and word ptr [bx + 0xa], di 0x13020: mov ax, 0x17e 0x13023: stosw word ptr es:[di], ax 0x13024: mov ax, ds
2018-12-25T12:30:52.920092446Z	9	PC: 12b00 \| Display string (String= ' 654336 Bytes Total Memory ')
2018-12-25T12:30:52.924540811Z	9	PC: 12b51 \| Display string (String= ' 578240 Bytes Available Memory (88.37%) ')
2018-12-25T12:30:52.930346294Z	53	PC: 12b76 \| Get interrupt vector (Interrupt = '103' AKA 'Set handle count')
2018-12-25T12:30:52.932051344Z	76	PC: 12c01 \| Terminate with return code (Return code = '0')