Sample viewer

vx.netlux.org/Virus.DOS.Vienna.648.h

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:51.826649031Z	48	PC: 12a5e \| Get DOS version
2018-12-17T22:56:51.831335757Z	47	PC: 12a6a \| Get disk transfer address
2018-12-17T22:56:51.834029481Z	26	PC: 12a7d \| Set disk transfer address
2018-12-17T22:56:51.835875945Z	78	PC: 12b09 \| Find first file
2018-12-17T22:56:51.843794578Z	67	PC: 12b47 \| Get or set file attributes
2018-12-17T22:56:51.851047429Z	67	PC: 12b5a \| Get or set file attributes
2018-12-17T22:56:51.875472937Z	61	PC: 12b65 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:56:51.883020732Z	87	PC: 12b71 \| Get or set file date and time
2018-12-17T22:56:51.885339287Z	44	PC: 12b7d \| Get time 0x12b7d: and dh, 7 0x12b80: jne 0x12b92 0x12b82: mov ah, 0x40 0x12b84: mov cx, 5 0x12b87: mov dx, si 0x12b89: add dx, 0x8a 0x12b8d: int 0x21 0x12b8f: jmp 0x12bf6 0x12b91: nop 0x12b92: mov ah, 0x3f 0x12b94: mov cx, 3 0x12b97: mov dx, 0xa 0x12b9a: nop 0x12b9b: add dx, si 0x12b9d: int 0x21 0x12b9f: jb 0x12bf6 0x12ba1: cmp ax, 3 0x12ba4: jne 0x12bf6 0x12ba6: mov ax, 0x4202 0x12ba9: mov cx, 0
2018-12-17T22:56:51.887604201Z	63	PC: 12b9f \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:51.894912056Z	66	PC: 12bb1 \| Move file pointer
2018-12-17T22:56:51.897000563Z	64	PC: 12bd5 \| Write file or device (Write 648 bytes on handle 5)
2018-12-17T22:56:51.905997811Z	66	PC: 12be7 \| Move file pointer
2018-12-17T22:56:51.907517473Z	64	PC: 12bf6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:56:51.915032682Z	87	PC: 12c0b \| Get or set file date and time
2018-12-17T22:56:51.917138148Z	62	PC: 12c0f \| Close file
2018-12-17T22:56:51.926245635Z	67	PC: 12c1e \| Get or set file attributes
2018-12-17T22:56:51.938292087Z	26	PC: 12c2b \| Set disk transfer address
2018-12-17T22:56:51.94065832Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12364,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:33.020967787Z	48	PC: 12a5e \| Get DOS version
2018-12-25T12:32:33.023883924Z	47	PC: 12a6a \| Get disk transfer address
2018-12-25T12:32:33.025035528Z	26	PC: 12a7d \| Set disk transfer address
2018-12-25T12:32:33.02621763Z	78	PC: 12b09 \| Find first file
2018-12-25T12:32:33.032802344Z	67	PC: 12b47 \| Get or set file attributes
2018-12-25T12:32:33.038703998Z	67	PC: 12b5a \| Get or set file attributes
2018-12-25T12:32:33.059210144Z	61	PC: 12b65 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:32:33.06572365Z	87	PC: 12b71 \| Get or set file date and time
2018-12-25T12:32:33.067696002Z	44	PC: 12b7d \| Get time 0x12b7d: and dh, 7 0x12b80: jne 0x12b92 0x12b82: mov ah, 0x40 0x12b84: mov cx, 5 0x12b87: mov dx, si 0x12b89: add dx, 0x8a 0x12b8d: int 0x21 0x12b8f: jmp 0x12bf6 0x12b91: nop 0x12b92: mov ah, 0x3f 0x12b94: mov cx, 3 0x12b97: mov dx, 0xa 0x12b9a: nop 0x12b9b: add dx, si 0x12b9d: int 0x21 0x12b9f: jb 0x12bf6 0x12ba1: cmp ax, 3 0x12ba4: jne 0x12bf6 0x12ba6: mov ax, 0x4202 0x12ba9: mov cx, 0
2018-12-25T12:32:33.070448138Z	63	PC: 12b9f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:32:33.077038194Z	66	PC: 12bb1 \| Move file pointer
2018-12-25T12:32:33.079609756Z	64	PC: 12bd5 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T12:32:33.088124538Z	66	PC: 12be7 \| Move file pointer
2018-12-25T12:32:33.08964228Z	64	PC: 12bf6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:32:33.098915051Z	87	PC: 12c0b \| Get or set file date and time
2018-12-25T12:32:33.100506167Z	62	PC: 12c0f \| Close file
2018-12-25T12:32:33.10815866Z	67	PC: 12c1e \| Get or set file attributes
2018-12-25T12:32:33.118555935Z	26	PC: 12c2b \| Set disk transfer address
2018-12-25T12:32:33.119924419Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":12364,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:33.711118415Z	48	PC: 12a5e \| Get DOS version
2018-12-25T12:32:33.713037563Z	47	PC: 12a6a \| Get disk transfer address
2018-12-25T12:32:33.7144068Z	26	PC: 12a7d \| Set disk transfer address
2018-12-25T12:32:33.71551915Z	78	PC: 12b09 \| Find first file
2018-12-25T12:32:33.719529285Z	67	PC: 12b47 \| Get or set file attributes
2018-12-25T12:32:33.724776168Z	67	PC: 12b5a \| Get or set file attributes
2018-12-25T12:32:34.088359173Z	61	PC: 12b65 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:32:34.098383799Z	87	PC: 12b71 \| Get or set file date and time
2018-12-25T12:32:34.100665849Z	44	PC: 12b7d \| Get time 0x12b7d: and dh, 7 0x12b80: jne 0x12b92 0x12b82: mov ah, 0x40 0x12b84: mov cx, 5 0x12b87: mov dx, si 0x12b89: add dx, 0x8a 0x12b8d: int 0x21 0x12b8f: jmp 0x12bf6 0x12b91: nop 0x12b92: mov ah, 0x3f 0x12b94: mov cx, 3 0x12b97: mov dx, 0xa 0x12b9a: nop 0x12b9b: add dx, si 0x12b9d: int 0x21 0x12b9f: jb 0x12bf6 0x12ba1: cmp ax, 3 0x12ba4: jne 0x12bf6 0x12ba6: mov ax, 0x4202 0x12ba9: mov cx, 0
2018-12-25T12:32:34.107333238Z	63	PC: 12b9f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:32:34.113833355Z	66	PC: 12bb1 \| Move file pointer
2018-12-25T12:32:34.117630012Z	64	PC: 12bd5 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T12:32:34.126468661Z	66	PC: 12be7 \| Move file pointer
2018-12-25T12:32:34.128691297Z	64	PC: 12bf6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:32:34.136856019Z	87	PC: 12c0b \| Get or set file date and time
2018-12-25T12:32:34.138405664Z	62	PC: 12c0f \| Close file
2018-12-25T12:32:34.145495387Z	67	PC: 12c1e \| Get or set file attributes
2018-12-25T12:32:34.154262106Z	26	PC: 12c2b \| Set disk transfer address
2018-12-25T12:32:34.155563309Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')