Sample viewer

vx.netlux.org/Virus.DOS.Vienna.535.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:50.7941258Z	48	PC: 13ed1 \| Get DOS version
2018-12-17T22:57:50.804355409Z	47	PC: 13edd \| Get disk transfer address
2018-12-17T22:57:50.806385846Z	26	PC: 13ef2 \| Set disk transfer address
2018-12-17T22:57:50.80927636Z	78	PC: 13f78 \| Find first file
2018-12-17T22:57:50.816966405Z	67	PC: 13fb7 \| Get or set file attributes
2018-12-17T22:57:50.823328825Z	67	PC: 13fca \| Get or set file attributes
2018-12-17T22:57:50.839799848Z	61	PC: 13fd5 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:50.848201Z	87	PC: 13fe1 \| Get or set file date and time
2018-12-17T22:57:50.852584059Z	44	PC: 13fed \| Get time 0x13fed: and dh, 7 0x13ff0: jne 0x14002 0x13ff2: mov ah, 0x40 0x13ff4: mov cx, 5 0x13ff7: mov dx, si 0x13ff9: add dx, 0x2b 0x13ffd: int 0x21 0x13fff: jmp 0x14060 0x14001: nop 0x14002: mov ah, 0x3f 0x14004: mov cx, 3 0x14007: mov dx, si 0x14009: int 0x21 0x1400b: jb 0x14060 0x1400d: cmp ax, 3 0x14010: jne 0x14060 0x14012: mov ax, 0x4202 0x14015: xor cx, cx 0x14017: xor dx, dx 0x14019: int 0x21
2018-12-17T22:57:50.857247025Z	63	PC: 1400b \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:50.881141281Z	66	PC: 1401b \| Move file pointer
2018-12-17T22:57:50.882822721Z	64	PC: 14040 \| Write file or device (Write 535 bytes on handle 5)
2018-12-17T22:57:50.905004708Z	66	PC: 14051 \| Move file pointer
2018-12-17T22:57:50.907543741Z	64	PC: 14060 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:50.915478387Z	87	PC: 14075 \| Get or set file date and time
2018-12-17T22:57:50.917239507Z	62	PC: 14079 \| Close file
2018-12-17T22:57:50.945842756Z	67	PC: 14088 \| Get or set file attributes
2018-12-17T22:57:50.968073003Z	26	PC: 14091 \| Set disk transfer address
2018-12-17T22:57:50.978305278Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:07:23.074622664Z	48	PC: 13ed1 \| Get DOS version
2018-12-25T13:07:23.076397448Z	47	PC: 13edd \| Get disk transfer address
2018-12-25T13:07:23.077824036Z	26	PC: 13ef2 \| Set disk transfer address
2018-12-25T13:07:23.079268311Z	78	PC: 13f78 \| Find first file
2018-12-25T13:07:23.087211016Z	67	PC: 13fb7 \| Get or set file attributes
2018-12-25T13:07:23.095080769Z	67	PC: 13fca \| Get or set file attributes
2018-12-25T13:07:23.114612313Z	61	PC: 13fd5 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T13:07:23.122451534Z	87	PC: 13fe1 \| Get or set file date and time
2018-12-25T13:07:23.125450968Z	44	PC: 13fed \| Get time 0x13fed: and dh, 7 0x13ff0: jne 0x14002 0x13ff2: mov ah, 0x40 0x13ff4: mov cx, 5 0x13ff7: mov dx, si 0x13ff9: add dx, 0x2b 0x13ffd: int 0x21 0x13fff: jmp 0x14060 0x14001: nop 0x14002: mov ah, 0x3f 0x14004: mov cx, 3 0x14007: mov dx, si 0x14009: int 0x21 0x1400b: jb 0x14060 0x1400d: cmp ax, 3 0x14010: jne 0x14060 0x14012: mov ax, 0x4202 0x14015: xor cx, cx 0x14017: xor dx, dx 0x14019: int 0x21
2018-12-25T13:07:23.12808053Z	63	PC: 1400b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T13:07:23.135717331Z	66	PC: 1401b \| Move file pointer
2018-12-25T13:07:23.13914604Z	64	PC: 14040 \| Write file or device (Write 535 bytes on handle 5)
2018-12-25T13:07:23.14846766Z	66	PC: 14051 \| Move file pointer
2018-12-25T13:07:23.150155841Z	64	PC: 14060 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T13:07:23.164525955Z	87	PC: 14075 \| Get or set file date and time
2018-12-25T13:07:23.167264235Z	62	PC: 14079 \| Close file
2018-12-25T13:07:23.178629497Z	67	PC: 14088 \| Get or set file attributes
2018-12-25T13:07:23.190752486Z	26	PC: 14091 \| Set disk transfer address
2018-12-25T13:07:23.192042908Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":12686,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:58.766323467Z	48	PC: 13ed1 \| Get DOS version
2018-12-25T12:35:58.776676004Z	47	PC: 13edd \| Get disk transfer address
2018-12-25T12:35:58.778410344Z	26	PC: 13ef2 \| Set disk transfer address
2018-12-25T12:35:58.780001719Z	78	PC: 13f78 \| Find first file
2018-12-25T12:35:58.801729708Z	67	PC: 13fb7 \| Get or set file attributes
2018-12-25T12:35:58.809365973Z	67	PC: 13fca \| Get or set file attributes
2018-12-25T12:35:58.834161289Z	61	PC: 13fd5 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:58.839179729Z	87	PC: 13fe1 \| Get or set file date and time
2018-12-25T12:35:58.841791837Z	44	PC: 13fed \| Get time 0x13fed: and dh, 7 0x13ff0: jne 0x14002 0x13ff2: mov ah, 0x40 0x13ff4: mov cx, 5 0x13ff7: mov dx, si 0x13ff9: add dx, 0x2b 0x13ffd: int 0x21 0x13fff: jmp 0x14060 0x14001: nop 0x14002: mov ah, 0x3f 0x14004: mov cx, 3 0x14007: mov dx, si 0x14009: int 0x21 0x1400b: jb 0x14060 0x1400d: cmp ax, 3 0x14010: jne 0x14060 0x14012: mov ax, 0x4202 0x14015: xor cx, cx 0x14017: xor dx, dx 0x14019: int 0x21
2018-12-25T12:35:58.844457273Z	63	PC: 1400b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:35:58.851779348Z	66	PC: 1401b \| Move file pointer
2018-12-25T12:35:58.860660445Z	64	PC: 14040 \| Write file or device (Write 535 bytes on handle 5)
2018-12-25T12:35:58.870517031Z	66	PC: 14051 \| Move file pointer
2018-12-25T12:35:58.872185519Z	64	PC: 14060 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:35:58.878871702Z	87	PC: 14075 \| Get or set file date and time
2018-12-25T12:35:58.88280067Z	62	PC: 14079 \| Close file
2018-12-25T12:35:58.900151063Z	67	PC: 14088 \| Get or set file attributes
2018-12-25T12:35:58.914162912Z	26	PC: 14091 \| Set disk transfer address
2018-12-25T12:35:58.923284267Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')