Sample viewer

vx.netlux.org/Virus.DOS.Vienna.W13.600

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:40.148506669Z	37	PC: 13e5a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:40.150150082Z	42	PC: 13e5e \| Get date 0x13e5e: cmp dx, 0x704 0x13e62: jne 0x13e86 0x13e64: cli 0x13e65: push ds 0x13e66: push es 0x13e67: mov ax, 0x3513 0x13e6a: int 0x21 0x13e6c: push es 0x13e6d: pop ds 0x13e6e: push bx 0x13e6f: pop dx 0x13e70: mov ax, 0x2578 0x13e73: int 0x21 0x13e75: pop es 0x13e76: pop ds 0x13e77: sti 0x13e78: mov ax, 0x502 0x13e7b: mov dx, 0 0x13e7e: mov cx, 0 0x13e81: mov bx, 0
2018-12-17T22:56:40.152848834Z	26	PC: 13eab \| Set disk transfer address
2018-12-17T22:56:40.154037823Z	78	PC: 13ec2 \| Find first file
2018-12-17T22:56:40.161370192Z	67	PC: 13f21 \| Get or set file attributes
2018-12-17T22:56:40.16583036Z	67	PC: 13f33 \| Get or set file attributes
2018-12-17T22:56:40.185181281Z	61	PC: 13f3e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:56:40.192830221Z	87	PC: 13f4a \| Get or set file date and time
2018-12-17T22:56:40.200285673Z	63	PC: 13f5b \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:40.207642595Z	66	PC: 13f6e \| Move file pointer
2018-12-17T22:56:40.20935671Z	64	PC: 13fa0 \| Write file or device (Write 600 bytes on handle 5)
2018-12-17T22:56:40.216492137Z	66	PC: 13fb4 \| Move file pointer
2018-12-17T22:56:40.217966483Z	64	PC: 13fc3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:56:40.225119895Z	87	PC: 13fd6 \| Get or set file date and time
2018-12-17T22:56:40.227211239Z	62	PC: 13fda \| Close file
2018-12-17T22:56:40.23604927Z	67	PC: 13fe3 \| Get or set file attributes
2018-12-17T22:56:40.240676367Z	26	PC: 13fea \| Set disk transfer address
2018-12-17T22:56:40.243412622Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:56:40.250558827Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12294,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:26.087595299Z	37	PC: 13e5a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:26.089657989Z	42	PC: 13e5e \| Get date 0x13e5e: cmp dx, 0x704 0x13e62: jne 0x13e86 0x13e64: cli 0x13e65: push ds 0x13e66: push es 0x13e67: mov ax, 0x3513 0x13e6a: int 0x21 0x13e6c: push es 0x13e6d: pop ds 0x13e6e: push bx 0x13e6f: pop dx 0x13e70: mov ax, 0x2578 0x13e73: int 0x21 0x13e75: pop es 0x13e76: pop ds 0x13e77: sti 0x13e78: mov ax, 0x502 0x13e7b: mov dx, 0 0x13e7e: mov cx, 0 0x13e81: mov bx, 0
2018-12-25T12:32:26.091991956Z	26	PC: 13eab \| Set disk transfer address
2018-12-25T12:32:26.093124828Z	78	PC: 13ec2 \| Find first file
2018-12-25T12:32:26.099906562Z	67	PC: 13f21 \| Get or set file attributes
2018-12-25T12:32:26.105830882Z	67	PC: 13f33 \| Get or set file attributes
2018-12-25T12:32:26.124957349Z	61	PC: 13f3e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:32:26.131668237Z	87	PC: 13f4a \| Get or set file date and time
2018-12-25T12:32:26.13369085Z	63	PC: 13f5b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:32:26.139700184Z	66	PC: 13f6e \| Move file pointer
2018-12-25T12:32:26.141344969Z	64	PC: 13fa0 \| Write file or device (Write 600 bytes on handle 5)
2018-12-25T12:32:26.150084068Z	66	PC: 13fb4 \| Move file pointer
2018-12-25T12:32:26.151399241Z	64	PC: 13fc3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:32:26.157833345Z	87	PC: 13fd6 \| Get or set file date and time
2018-12-25T12:32:26.159956339Z	62	PC: 13fda \| Close file
2018-12-25T12:32:26.168283217Z	67	PC: 13fe3 \| Get or set file attributes
2018-12-25T12:32:26.172488301Z	26	PC: 13fea \| Set disk transfer address
2018-12-25T12:32:26.175184861Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:32:26.180605704Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":4,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12294,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:26.324919235Z	37	PC: 13e5a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:26.326594158Z	42	PC: 13e5e \| Get date 0x13e5e: cmp dx, 0x704 0x13e62: jne 0x13e86 0x13e64: cli 0x13e65: push ds 0x13e66: push es 0x13e67: mov ax, 0x3513 0x13e6a: int 0x21 0x13e6c: push es 0x13e6d: pop ds 0x13e6e: push bx 0x13e6f: pop dx 0x13e70: mov ax, 0x2578 0x13e73: int 0x21 0x13e75: pop es 0x13e76: pop ds 0x13e77: sti 0x13e78: mov ax, 0x502 0x13e7b: mov dx, 0 0x13e7e: mov cx, 0 0x13e81: mov bx, 0
2018-12-25T12:32:26.328984968Z	53	PC: 13e6c \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:32:26.330326733Z	37	PC: 13e75 \| Set interrupt vector (Interrupt = '120' AKA 'UNKNOWN!')
2018-12-25T12:32:26.335229056Z	26	PC: 13eab \| Set disk transfer address
2018-12-25T12:32:26.336438531Z	78	PC: 13ec2 \| Find first file
2018-12-25T12:32:26.342889923Z	67	PC: 13f21 \| Get or set file attributes
2018-12-25T12:32:26.349187842Z	67	PC: 13f33 \| Get or set file attributes
2018-12-25T12:32:26.367705014Z	61	PC: 13f3e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:32:26.374671303Z	87	PC: 13f4a \| Get or set file date and time
2018-12-25T12:32:26.3802042Z	63	PC: 13f5b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:32:26.469859017Z	66	PC: 13f6e \| Move file pointer
2018-12-25T12:32:26.471514242Z	64	PC: 13fa0 \| Write file or device (Write 600 bytes on handle 5)
2018-12-25T12:32:26.581788057Z	66	PC: 13fb4 \| Move file pointer
2018-12-25T12:32:26.5836444Z	64	PC: 13fc3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:32:26.690906686Z	87	PC: 13fd6 \| Get or set file date and time
2018-12-25T12:32:26.692467627Z	62	PC: 13fda \| Close file
2018-12-25T12:32:27.03622621Z	67	PC: 13fe3 \| Get or set file attributes
2018-12-25T12:32:27.041875977Z	26	PC: 13fea \| Set disk transfer address
2018-12-25T12:32:27.043266061Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:32:27.050993017Z	0	PC: 12a89 \| Program terminate