Sample viewer

vx.netlux.org/Virus.DOS.Vienna.353.c

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:39.655198115Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:39.656644026Z	37	PC: 12a85 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:39.65891601Z	26	PC: 12a8d \| Set disk transfer address
2018-12-17T22:54:39.660943514Z	78	PC: 12ad8 \| Find first file
2018-12-17T22:54:39.668183744Z	67	PC: 12b9d \| Get or set file attributes
2018-12-17T22:54:39.685320963Z	61	PC: 12b2d \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:39.694282953Z	44	PC: 12b35 \| Get time 0x12b35: and dh, 7 0x12b38: jne 0x12b42 0x12b3a: mov cx, 5 0x12b3d: lea dx, word ptr [si + 0xb] 0x12b40: jmp 0x12b6b 0x12b42: mov cx, 3 0x12b45: mov ah, 0x3f 0x12b47: lea dx, word ptr [si - 6] 0x12b4a: call 0x12b9b 0x12b4d: jb 0x12b6e 0x12b4f: mov ax, 0x4202 0x12b52: call 0x12b94 0x12b55: mov word ptr [bp - 0x7a], ax 0x12b58: mov cx, 0x161 0x12b5b: lea dx, word ptr [si - 6] 0x12b5e: call 0x12b99 0x12b61: jb 0x12b6e 0x12b63: call 0x12b91 0x12b66: mov cl, 3 0x12b68: lea dx, word ptr [bp - 0x7b]
2018-12-17T22:54:39.696948468Z	63	PC: 12b9d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:54:39.704098419Z	66	PC: 12b9d \| Move file pointer
2018-12-17T22:54:39.706514384Z	64	PC: 12b9d \| Write file or device (Write 353 bytes on handle 5)
2018-12-17T22:54:39.718698125Z	66	PC: 12b9d \| Move file pointer
2018-12-17T22:54:39.720451283Z	64	PC: 12b9d \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:54:39.729098881Z	87	PC: 12b7c \| Get or set file date and time
2018-12-17T22:54:39.734756294Z	62	PC: 12b80 \| Close file
2018-12-17T22:54:39.743632152Z	67	PC: 12b8e \| Get or set file attributes
2018-12-17T22:54:39.754685566Z	37	PC: 12af1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:39.757954366Z	26	PC: 12afa \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11628,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:57.13133902Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:57.133387616Z	37	PC: 12a85 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:57.15396268Z	26	PC: 12a8d \| Set disk transfer address
2018-12-25T12:30:57.16628911Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:30:57.174326518Z	67	PC: 12b9d \| Get or set file attributes
2018-12-25T12:30:57.191704305Z	61	PC: 12b2d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:57.208781585Z	44	PC: 12b35 \| Get time 0x12b35: and dh, 7 0x12b38: jne 0x12b42 0x12b3a: mov cx, 5 0x12b3d: lea dx, word ptr [si + 0xb] 0x12b40: jmp 0x12b6b 0x12b42: mov cx, 3 0x12b45: mov ah, 0x3f 0x12b47: lea dx, word ptr [si - 6] 0x12b4a: call 0x12b9b 0x12b4d: jb 0x12b6e 0x12b4f: mov ax, 0x4202 0x12b52: call 0x12b94 0x12b55: mov word ptr [bp - 0x7a], ax 0x12b58: mov cx, 0x161 0x12b5b: lea dx, word ptr [si - 6] 0x12b5e: call 0x12b99 0x12b61: jb 0x12b6e 0x12b63: call 0x12b91 0x12b66: mov cl, 3 0x12b68: lea dx, word ptr [bp - 0x7b]
2018-12-25T12:30:57.218925897Z	63	PC: 12b9d \| Read file or device (See above)
2018-12-25T12:30:57.227786159Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:30:57.229517569Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:30:57.240746593Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:30:57.243582372Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:30:57.251003905Z	87	PC: 12b7c \| Get or set file date and time
2018-12-25T12:30:57.252737588Z	62	PC: 12b80 \| Close file
2018-12-25T12:30:57.262374791Z	67	PC: 12b8e \| Get or set file attributes
2018-12-25T12:30:57.273848068Z	37	PC: 12af1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:57.275122837Z	26	PC: 12afa \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":11628,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:57.147921526Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:57.149199034Z	37	PC: 12a85 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:57.150565886Z	26	PC: 12a8d \| Set disk transfer address
2018-12-25T12:30:57.151741228Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:30:57.15859463Z	67	PC: 12b9d \| Get or set file attributes
2018-12-25T12:30:57.180533185Z	61	PC: 12b2d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:57.192689275Z	44	PC: 12b35 \| Get time 0x12b35: and dh, 7 0x12b38: jne 0x12b42 0x12b3a: mov cx, 5 0x12b3d: lea dx, word ptr [si + 0xb] 0x12b40: jmp 0x12b6b 0x12b42: mov cx, 3 0x12b45: mov ah, 0x3f 0x12b47: lea dx, word ptr [si - 6] 0x12b4a: call 0x12b9b 0x12b4d: jb 0x12b6e 0x12b4f: mov ax, 0x4202 0x12b52: call 0x12b94 0x12b55: mov word ptr [bp - 0x7a], ax 0x12b58: mov cx, 0x161 0x12b5b: lea dx, word ptr [si - 6] 0x12b5e: call 0x12b99 0x12b61: jb 0x12b6e 0x12b63: call 0x12b91 0x12b66: mov cl, 3 0x12b68: lea dx, word ptr [bp - 0x7b]
2018-12-25T12:30:57.195067014Z	63	PC: 12b9d \| Read file or device (See above)
2018-12-25T12:30:57.203220887Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:30:57.204865963Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:30:57.216015624Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:30:57.227192329Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:30:57.234719254Z	87	PC: 12b7c \| Get or set file date and time
2018-12-25T12:30:57.236507664Z	62	PC: 12b80 \| Close file
2018-12-25T12:30:57.245595684Z	67	PC: 12b8e \| Get or set file attributes
2018-12-25T12:30:57.257647499Z	37	PC: 12af1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:57.259569062Z	26	PC: 12afa \| Set disk transfer address