Sample viewer

vx.netlux.org/Virus.DOS.Vienna.744

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:01:15.794454773Z 48 PC: 12e52 | Get DOS version
2018-12-17T22:01:15.796145726Z 47 PC: 12e5e | Get disk transfer address
2018-12-17T22:01:15.797196611Z 26 PC: 12e71 | Set disk transfer address
2018-12-17T22:01:15.798370807Z 78 PC: 12efc | Find first file
2018-12-17T22:01:15.815687556Z 67 PC: 12f71 | Get or set file attributes
2018-12-17T22:01:15.82146408Z 67 PC: 12f83 | Get or set file attributes
2018-12-17T22:01:15.833764257Z 61 PC: 12f8d | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:01:15.841967527Z 87 PC: 12f99 | Get or set file date and time
2018-12-17T22:01:15.843323877Z 44 PC: 12fa5 | Get time 0x12fa5: and dh, 7
0x12fa8: jne 0x12fb9
0x12faa: mov ah, 0x40
0x12fac: mov cx, 5
0x12faf: mov dx, si
0x12fb1: add dx, 0x8a
0x12fb5: int 0x21
0x12fb7: jmp 0x13036
0x12fb9: mov ah, 0x3f
0x12fbb: mov cx, 3
0x12fbe: mov dx, 0xa
0x12fc1: add dx, si
0x12fc3: int 0x21
0x12fc5: jb 0x13036
0x12fc7: cmp ax, 3
0x12fca: jne 0x13036
0x12fcc: mov ax, 0x4202
0x12fcf: mov cx, 0
0x12fd2: mov dx, 0
0x12fd5: int 0x21
2018-12-17T22:01:15.845826425Z 63 PC: 12fc5 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:01:15.850179133Z 66 PC: 12fd7 | Move file pointer
2018-12-17T22:01:15.851571002Z 64 PC: 13008 | Write file or device (Write 744 bytes on handle 5)
2018-12-17T22:01:15.858447218Z 66 PC: 1301a | Move file pointer
2018-12-17T22:01:15.859613545Z 64 PC: 13036 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:01:15.863887293Z 87 PC: 1304b | Get or set file date and time
2018-12-17T22:01:15.865000352Z 62 PC: 1304f | Close file
2018-12-17T22:01:15.87031422Z 67 PC: 1305d | Get or set file attributes
2018-12-17T22:01:15.87667946Z 26 PC: 1306a | Set disk transfer address
2018-12-17T22:01:15.8774808Z 9 PC: 12a4d | Display string (String= 'Hello virus !')
2018-12-17T22:01:15.878885399Z 76 PC: 12a52 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1256,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:04.878279616Z 48 PC: 12e52 | Get DOS version
2018-12-25T11:43:04.879734537Z 47 PC: 12e5e | Get disk transfer address
2018-12-25T11:43:04.881497022Z 26 PC: 12e71 | Set disk transfer address
2018-12-25T11:43:04.882695814Z 78 PC: 12efc | Find first file
2018-12-25T11:43:04.901557477Z 67 PC: 12f71 | Get or set file attributes
2018-12-25T11:43:04.91199069Z 67 PC: 12f83 | Get or set file attributes
2018-12-25T11:43:04.922822944Z 61 PC: 12f8d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:04.930706552Z 87 PC: 12f99 | Get or set file date and time
2018-12-25T11:43:04.933823196Z 44 PC: 12fa5 | Get time 0x12fa5: and dh, 7
0x12fa8: jne 0x12fb9
0x12faa: mov ah, 0x40
0x12fac: mov cx, 5
0x12faf: mov dx, si
0x12fb1: add dx, 0x8a
0x12fb5: int 0x21
0x12fb7: jmp 0x13036
0x12fb9: mov ah, 0x3f
0x12fbb: mov cx, 3
0x12fbe: mov dx, 0xa
0x12fc1: add dx, si
0x12fc3: int 0x21
0x12fc5: jb 0x13036
0x12fc7: cmp ax, 3
0x12fca: jne 0x13036
0x12fcc: mov ax, 0x4202
0x12fcf: mov cx, 0
0x12fd2: mov dx, 0
0x12fd5: int 0x21
2018-12-25T11:43:04.936138895Z 63 PC: 12fc5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:04.943553726Z 66 PC: 12fd7 | Move file pointer
2018-12-25T11:43:04.946195236Z 64 PC: 13008 | Write file or device (Write 744 bytes on handle 5)
2018-12-25T11:43:04.957283116Z 66 PC: 1301a | Move file pointer
2018-12-25T11:43:04.959339478Z 64 PC: 13036 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:04.971250513Z 87 PC: 1304b | Get or set file date and time
2018-12-25T11:43:04.974312119Z 62 PC: 1304f | Close file
2018-12-25T11:43:04.983722506Z 67 PC: 1305d | Get or set file attributes
2018-12-25T11:43:04.994661416Z 26 PC: 1306a | Set disk transfer address
2018-12-25T11:43:04.997414995Z 9 PC: 12a4d | Display string (String= 'Hello virus !')
2018-12-25T11:43:05.000227629Z 76 PC: 12a52 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":1256,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:05.134576491Z 48 PC: 12e52 | Get DOS version
2018-12-25T11:43:05.13679051Z 47 PC: 12e5e | Get disk transfer address
2018-12-25T11:43:05.138595595Z 26 PC: 12e71 | Set disk transfer address
2018-12-25T11:43:05.140417353Z 78 PC: 12efc | Find first file
2018-12-25T11:43:05.159056637Z 67 PC: 12f71 | Get or set file attributes
2018-12-25T11:43:05.166037528Z 67 PC: 12f83 | Get or set file attributes
2018-12-25T11:43:05.177315683Z 61 PC: 12f8d | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:05.184719997Z 87 PC: 12f99 | Get or set file date and time
2018-12-25T11:43:05.187390118Z 44 PC: 12fa5 | Get time 0x12fa5: and dh, 7
0x12fa8: jne 0x12fb9
0x12faa: mov ah, 0x40
0x12fac: mov cx, 5
0x12faf: mov dx, si
0x12fb1: add dx, 0x8a
0x12fb5: int 0x21
0x12fb7: jmp 0x13036
0x12fb9: mov ah, 0x3f
0x12fbb: mov cx, 3
0x12fbe: mov dx, 0xa
0x12fc1: add dx, si
0x12fc3: int 0x21
0x12fc5: jb 0x13036
0x12fc7: cmp ax, 3
0x12fca: jne 0x13036
0x12fcc: mov ax, 0x4202
0x12fcf: mov cx, 0
0x12fd2: mov dx, 0
0x12fd5: int 0x21
2018-12-25T11:43:05.190317992Z 63 PC: 12fc5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:05.198724927Z 66 PC: 12fd7 | Move file pointer
2018-12-25T11:43:05.201820294Z 64 PC: 13008 | Write file or device (Write 744 bytes on handle 5)
2018-12-25T11:43:05.211453345Z 66 PC: 1301a | Move file pointer
2018-12-25T11:43:05.21335464Z 64 PC: 13036 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:05.220905365Z 87 PC: 1304b | Get or set file date and time
2018-12-25T11:43:05.222521002Z 62 PC: 1304f | Close file
2018-12-25T11:43:05.230001527Z 67 PC: 1305d | Get or set file attributes
2018-12-25T11:43:05.239921614Z 26 PC: 1306a | Set disk transfer address
2018-12-25T11:43:05.241486321Z 9 PC: 12a4d | Display string (String= 'Hello virus !')
2018-12-25T11:43:05.243995058Z 76 PC: 12a52 | Terminate with return code (Return code = '0')