Sample viewer

vx.netlux.org/Virus.DOS.Vienna.637

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:49.387062071Z	48	PC: 12abd \| Get DOS version
2018-12-17T22:58:49.388908659Z	47	PC: 12ac9 \| Get disk transfer address
2018-12-17T22:58:49.390192455Z	26	PC: 12adb \| Set disk transfer address
2018-12-17T22:58:49.391429905Z	78	PC: 12b66 \| Find first file
2018-12-17T22:58:49.397998582Z	67	PC: 12ba3 \| Get or set file attributes
2018-12-17T22:58:49.403460069Z	67	PC: 12bb4 \| Get or set file attributes
2018-12-17T22:58:49.62816793Z	61	PC: 12bbe \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:49.636023776Z	87	PC: 12bca \| Get or set file date and time
2018-12-17T22:58:49.638012054Z	44	PC: 12bd6 \| Get time 0x12bd6: and dh, 7 0x12bd9: jne 0x12beb 0x12bdb: mov ah, 0x40 0x12bdd: mov cx, 5 0x12be0: mov dx, si 0x12be2: add dx, 0x89 0x12be6: int 0x21 0x12be8: jmp 0x12c4e 0x12bea: nop 0x12beb: mov ah, 0x3f 0x12bed: mov cx, 3 0x12bf0: mov dx, 0xa 0x12bf3: add dx, si 0x12bf5: int 0x21 0x12bf7: jb 0x12c4e 0x12bf9: cmp ax, 3 0x12bfc: jne 0x12c4e 0x12bfe: mov ax, 0x4202 0x12c01: mov cx, 0 0x12c04: mov dx, 0
2018-12-17T22:58:49.640170403Z	63	PC: 12bf7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:49.648273278Z	66	PC: 12c09 \| Move file pointer
2018-12-17T22:58:49.650344636Z	64	PC: 12c2d \| Write file or device (Write 637 bytes on handle 5)
2018-12-17T22:58:49.659125285Z	66	PC: 12c3f \| Move file pointer
2018-12-17T22:58:49.661230974Z	64	PC: 12c4e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:49.667853215Z	87	PC: 12c61 \| Get or set file date and time
2018-12-17T22:58:49.669583831Z	62	PC: 12c65 \| Close file
2018-12-17T22:58:49.68161008Z	67	PC: 12c73 \| Get or set file attributes
2018-12-17T22:58:49.692445719Z	26	PC: 12c80 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13003,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:08.225343379Z	48	PC: 12abd \| Get DOS version
2018-12-25T12:37:08.226810721Z	47	PC: 12ac9 \| Get disk transfer address
2018-12-25T12:37:08.22915541Z	26	PC: 12adb \| Set disk transfer address
2018-12-25T12:37:08.231024774Z	78	PC: 12b66 \| Find first file
2018-12-25T12:37:08.238777485Z	67	PC: 12ba3 \| Get or set file attributes
2018-12-25T12:37:08.246052995Z	67	PC: 12bb4 \| Get or set file attributes
2018-12-25T12:37:08.269338564Z	61	PC: 12bbe \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:08.277654993Z	87	PC: 12bca \| Get or set file date and time
2018-12-25T12:37:08.280410583Z	44	PC: 12bd6 \| Get time 0x12bd6: and dh, 7 0x12bd9: jne 0x12beb 0x12bdb: mov ah, 0x40 0x12bdd: mov cx, 5 0x12be0: mov dx, si 0x12be2: add dx, 0x89 0x12be6: int 0x21 0x12be8: jmp 0x12c4e 0x12bea: nop 0x12beb: mov ah, 0x3f 0x12bed: mov cx, 3 0x12bf0: mov dx, 0xa 0x12bf3: add dx, si 0x12bf5: int 0x21 0x12bf7: jb 0x12c4e 0x12bf9: cmp ax, 3 0x12bfc: jne 0x12c4e 0x12bfe: mov ax, 0x4202 0x12c01: mov cx, 0 0x12c04: mov dx, 0
2018-12-25T12:37:08.28310057Z	63	PC: 12bf7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:08.290561447Z	66	PC: 12c09 \| Move file pointer
2018-12-25T12:37:08.292829965Z	64	PC: 12c2d \| Write file or device (Write 637 bytes on handle 5)
2018-12-25T12:37:08.302692069Z	66	PC: 12c3f \| Move file pointer
2018-12-25T12:37:08.304190283Z	64	PC: 12c4e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:08.312180055Z	87	PC: 12c61 \| Get or set file date and time
2018-12-25T12:37:08.314216407Z	62	PC: 12c65 \| Close file
2018-12-25T12:37:08.322953091Z	67	PC: 12c73 \| Get or set file attributes
2018-12-25T12:37:08.334818776Z	26	PC: 12c80 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":13003,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:08.36903354Z	48	PC: 12abd \| Get DOS version
2018-12-25T12:37:08.370837912Z	47	PC: 12ac9 \| Get disk transfer address
2018-12-25T12:37:08.373363272Z	26	PC: 12adb \| Set disk transfer address
2018-12-25T12:37:08.374890147Z	78	PC: 12b66 \| Find first file
2018-12-25T12:37:08.381813292Z	67	PC: 12ba3 \| Get or set file attributes
2018-12-25T12:37:08.388705071Z	67	PC: 12bb4 \| Get or set file attributes
2018-12-25T12:37:08.405543873Z	61	PC: 12bbe \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:08.413333335Z	87	PC: 12bca \| Get or set file date and time
2018-12-25T12:37:08.4153697Z	44	PC: 12bd6 \| Get time 0x12bd6: and dh, 7 0x12bd9: jne 0x12beb 0x12bdb: mov ah, 0x40 0x12bdd: mov cx, 5 0x12be0: mov dx, si 0x12be2: add dx, 0x89 0x12be6: int 0x21 0x12be8: jmp 0x12c4e 0x12bea: nop 0x12beb: mov ah, 0x3f 0x12bed: mov cx, 3 0x12bf0: mov dx, 0xa 0x12bf3: add dx, si 0x12bf5: int 0x21 0x12bf7: jb 0x12c4e 0x12bf9: cmp ax, 3 0x12bfc: jne 0x12c4e 0x12bfe: mov ax, 0x4202 0x12c01: mov cx, 0 0x12c04: mov dx, 0
2018-12-25T12:37:08.418163839Z	63	PC: 12bf7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:08.425423183Z	66	PC: 12c09 \| Move file pointer
2018-12-25T12:37:08.427337276Z	64	PC: 12c2d \| Write file or device (Write 637 bytes on handle 5)
2018-12-25T12:37:08.437640708Z	66	PC: 12c3f \| Move file pointer
2018-12-25T12:37:08.439336817Z	64	PC: 12c4e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:08.446977591Z	87	PC: 12c61 \| Get or set file date and time
2018-12-25T12:37:08.449309291Z	62	PC: 12c65 \| Close file
2018-12-25T12:37:08.458094456Z	67	PC: 12c73 \| Get or set file attributes
2018-12-25T12:37:08.469376313Z	26	PC: 12c80 \| Set disk transfer address