Sample viewer

vx.netlux.org/Virus.DOS.Vienna.533.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:56.957345161Z	48	PC: 12ba6 \| Get DOS version
2018-12-17T22:54:56.959111381Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-17T22:54:56.960271259Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-17T22:54:56.961312958Z	78	PC: 12c59 \| Find first file
2018-12-17T22:54:56.965687899Z	67	PC: 12c97 \| Get or set file attributes
2018-12-17T22:54:56.971608389Z	67	PC: 12ca9 \| Get or set file attributes
2018-12-17T22:54:56.989694641Z	61	PC: 12cb4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:56.995611064Z	87	PC: 12cc0 \| Get or set file date and time
2018-12-17T22:54:56.997226633Z	44	PC: 12ccc \| Get time 0x12ccc: and dh, 7 0x12ccf: jne 0x12ce1 0x12cd1: mov ah, 0x40 0x12cd3: mov cx, 5 0x12cd6: mov dx, si 0x12cd8: add dx, 0xe 0x12cdb: nop 0x12cdc: int 0x21 0x12cde: jmp 0x12d46 0x12ce0: nop 0x12ce1: mov ah, 0x3f 0x12ce3: mov cx, 3 0x12ce6: mov dx, 0 0x12ce9: nop 0x12cea: add dx, si 0x12cec: int 0x21 0x12cee: jb 0x12d46 0x12cf0: cmp ax, 3 0x12cf3: jne 0x12d46 0x12cf5: mov ax, 0x4202
2018-12-17T22:54:56.999341537Z	63	PC: 12cee \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:54:57.006957613Z	66	PC: 12d00 \| Move file pointer
2018-12-17T22:54:57.009366732Z	64	PC: 12d25 \| Write file or device (Write 533 bytes on handle 5)
2018-12-17T22:54:57.017468664Z	66	PC: 12d37 \| Move file pointer
2018-12-17T22:54:57.019074785Z	64	PC: 12d46 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:54:57.026217247Z	87	PC: 12d59 \| Get or set file date and time
2018-12-17T22:54:57.027693899Z	62	PC: 12d5d \| Close file
2018-12-17T22:54:57.035535087Z	67	PC: 12d6c \| Get or set file attributes
2018-12-17T22:54:57.04694945Z	26	PC: 12d79 \| Set disk transfer address
2018-12-17T22:54:57.048322529Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:54:57.052925499Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11727,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:14.256416688Z	48	PC: 12ba6 \| Get DOS version
2018-12-25T12:31:14.258138674Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-25T12:31:14.259242577Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-25T12:31:14.260376268Z	78	PC: 12c59 \| Find first file
2018-12-25T12:31:14.266674987Z	67	PC: 12c97 \| Get or set file attributes
2018-12-25T12:31:14.279421938Z	67	PC: 12ca9 \| Get or set file attributes
2018-12-25T12:31:14.295400463Z	61	PC: 12cb4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:14.307307697Z	87	PC: 12cc0 \| Get or set file date and time
2018-12-25T12:31:14.308629263Z	44	PC: 12ccc \| Get time 0x12ccc: and dh, 7 0x12ccf: jne 0x12ce1 0x12cd1: mov ah, 0x40 0x12cd3: mov cx, 5 0x12cd6: mov dx, si 0x12cd8: add dx, 0xe 0x12cdb: nop 0x12cdc: int 0x21 0x12cde: jmp 0x12d46 0x12ce0: nop 0x12ce1: mov ah, 0x3f 0x12ce3: mov cx, 3 0x12ce6: mov dx, 0 0x12ce9: nop 0x12cea: add dx, si 0x12cec: int 0x21 0x12cee: jb 0x12d46 0x12cf0: cmp ax, 3 0x12cf3: jne 0x12d46 0x12cf5: mov ax, 0x4202
2018-12-25T12:31:14.310665454Z	63	PC: 12cee \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:31:14.317308289Z	66	PC: 12d00 \| Move file pointer
2018-12-25T12:31:14.318600507Z	64	PC: 12d25 \| Write file or device (Write 533 bytes on handle 5)
2018-12-25T12:31:14.326192614Z	66	PC: 12d37 \| Move file pointer
2018-12-25T12:31:14.328020791Z	64	PC: 12d46 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:31:14.334981199Z	87	PC: 12d59 \| Get or set file date and time
2018-12-25T12:31:14.337094446Z	62	PC: 12d5d \| Close file
2018-12-25T12:31:14.351613478Z	67	PC: 12d6c \| Get or set file attributes
2018-12-25T12:31:14.361762517Z	26	PC: 12d79 \| Set disk transfer address
2018-12-25T12:31:14.363124181Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:31:14.36928806Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":11727,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:14.306534782Z	48	PC: 12ba6 \| Get DOS version
2018-12-25T12:31:14.308879246Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-25T12:31:14.313097337Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-25T12:31:14.314580003Z	78	PC: 12c59 \| Find first file
2018-12-25T12:31:14.320921585Z	67	PC: 12c97 \| Get or set file attributes
2018-12-25T12:31:14.329825484Z	67	PC: 12ca9 \| Get or set file attributes
2018-12-25T12:31:14.347819598Z	61	PC: 12cb4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:14.354207645Z	87	PC: 12cc0 \| Get or set file date and time
2018-12-25T12:31:14.356186227Z	44	PC: 12ccc \| Get time 0x12ccc: and dh, 7 0x12ccf: jne 0x12ce1 0x12cd1: mov ah, 0x40 0x12cd3: mov cx, 5 0x12cd6: mov dx, si 0x12cd8: add dx, 0xe 0x12cdb: nop 0x12cdc: int 0x21 0x12cde: jmp 0x12d46 0x12ce0: nop 0x12ce1: mov ah, 0x3f 0x12ce3: mov cx, 3 0x12ce6: mov dx, 0 0x12ce9: nop 0x12cea: add dx, si 0x12cec: int 0x21 0x12cee: jb 0x12d46 0x12cf0: cmp ax, 3 0x12cf3: jne 0x12d46 0x12cf5: mov ax, 0x4202
2018-12-25T12:31:14.358074477Z	63	PC: 12cee \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:31:14.364147413Z	66	PC: 12d00 \| Move file pointer
2018-12-25T12:31:14.366195493Z	64	PC: 12d25 \| Write file or device (Write 533 bytes on handle 5)
2018-12-25T12:31:14.374087796Z	66	PC: 12d37 \| Move file pointer
2018-12-25T12:31:14.376470128Z	64	PC: 12d46 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:31:14.383760824Z	87	PC: 12d59 \| Get or set file date and time
2018-12-25T12:31:14.385140997Z	62	PC: 12d5d \| Close file
2018-12-25T12:31:14.392502483Z	67	PC: 12d6c \| Get or set file attributes
2018-12-25T12:31:14.402526722Z	26	PC: 12d79 \| Set disk transfer address
2018-12-25T12:31:14.403635033Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:31:14.409371532Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')