Sample viewer

vx.netlux.org/Virus.DOS.Vienna.743

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:11.919534564Z	48	PC: 12ba6 \| Get DOS version
2018-12-17T22:59:11.921433659Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-17T22:59:11.923924647Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-17T22:59:11.925390945Z	78	PC: 12c51 \| Find first file
2018-12-17T22:59:11.93387051Z	67	PC: 12c8f \| Get or set file attributes
2018-12-17T22:59:11.947669702Z	67	PC: 12ca2 \| Get or set file attributes
2018-12-17T22:59:11.965935953Z	61	PC: 12cad \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:11.973767077Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-17T22:59:11.976148115Z	42	PC: 12cc5 \| Get date 0x12cc5: cmp dx, 0xc08 0x12cc9: jne 0x12cda 0x12ccb: call 0x12e3c 0x12cce: jmp 0x12d3e 0x12cd0: nop 0x12cd1: add dx, 0x8a 0x12cd5: int 0x21 0x12cd7: jmp 0x12d3e 0x12cd9: nop 0x12cda: mov ah, 0x3f 0x12cdc: mov cx, 3 0x12cdf: mov dx, 0xa 0x12ce2: nop 0x12ce3: add dx, si 0x12ce5: int 0x21 0x12ce7: jb 0x12d3e 0x12ce9: cmp ax, 3 0x12cec: jne 0x12d3e 0x12cee: mov ax, 0x4202 0x12cf1: mov cx, 0
2018-12-17T22:59:11.979406745Z	63	PC: 12ce7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:11.987206068Z	66	PC: 12cf9 \| Move file pointer
2018-12-17T22:59:11.989712032Z	64	PC: 12e34 \| Write file or device (Write 743 bytes on handle 5)
2018-12-17T22:59:12.00104283Z	66	PC: 12d2f \| Move file pointer
2018-12-17T22:59:12.004657884Z	64	PC: 12d3e \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:12.012834733Z	87	PC: 12d53 \| Get or set file date and time
2018-12-17T22:59:12.016491566Z	62	PC: 12d57 \| Close file
2018-12-17T22:59:12.023431372Z	67	PC: 12d66 \| Get or set file attributes
2018-12-17T22:59:12.032335961Z	26	PC: 12d73 \| Set disk transfer address
2018-12-17T22:59:12.034112255Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:59:12.036893132Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13125,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:35.670060372Z	48	PC: 12ba6 \| Get DOS version
2018-12-25T12:37:35.671947126Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-25T12:37:35.67332603Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-25T12:37:35.674882337Z	78	PC: 12c51 \| Find first file
2018-12-25T12:37:35.681922129Z	67	PC: 12c8f \| Get or set file attributes
2018-12-25T12:37:35.687735898Z	67	PC: 12ca2 \| Get or set file attributes
2018-12-25T12:37:35.705786779Z	61	PC: 12cad \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:35.713985788Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-25T12:37:35.71569917Z	42	PC: 12cc5 \| Get date 0x12cc5: cmp dx, 0xc08 0x12cc9: jne 0x12cda 0x12ccb: call 0x12e3c 0x12cce: jmp 0x12d3e 0x12cd0: nop 0x12cd1: add dx, 0x8a 0x12cd5: int 0x21 0x12cd7: jmp 0x12d3e 0x12cd9: nop 0x12cda: mov ah, 0x3f 0x12cdc: mov cx, 3 0x12cdf: mov dx, 0xa 0x12ce2: nop 0x12ce3: add dx, si 0x12ce5: int 0x21 0x12ce7: jb 0x12d3e 0x12ce9: cmp ax, 3 0x12cec: jne 0x12d3e 0x12cee: mov ax, 0x4202 0x12cf1: mov cx, 0
2018-12-25T12:37:35.718112359Z	63	PC: 12ce7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:35.724904773Z	66	PC: 12cf9 \| Move file pointer
2018-12-25T12:37:35.727489739Z	64	PC: 12e34 \| Write file or device (Write 743 bytes on handle 5)
2018-12-25T12:37:35.736241973Z	66	PC: 12d2f \| Move file pointer
2018-12-25T12:37:35.737839142Z	64	PC: 12d3e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:35.746147222Z	87	PC: 12d53 \| Get or set file date and time
2018-12-25T12:37:35.747994744Z	62	PC: 12d57 \| Close file
2018-12-25T12:37:35.755713936Z	67	PC: 12d66 \| Get or set file attributes
2018-12-25T12:37:35.778847674Z	26	PC: 12d73 \| Set disk transfer address
2018-12-25T12:37:35.780953832Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:37:35.786523377Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":8,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13125,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:35.725802467Z	48	PC: 12ba6 \| Get DOS version
2018-12-25T12:37:35.728308898Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-25T12:37:35.729715322Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-25T12:37:35.731235554Z	78	PC: 12c51 \| Find first file
2018-12-25T12:37:35.737739337Z	67	PC: 12c8f \| Get or set file attributes
2018-12-25T12:37:35.744401275Z	67	PC: 12ca2 \| Get or set file attributes
2018-12-25T12:37:35.763207003Z	61	PC: 12cad \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:35.769859242Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-25T12:37:35.772323842Z	42	PC: 12cc5 \| Get date 0x12cc5: cmp dx, 0xc08 0x12cc9: jne 0x12cda 0x12ccb: call 0x12e3c 0x12cce: jmp 0x12d3e 0x12cd0: nop 0x12cd1: add dx, 0x8a 0x12cd5: int 0x21 0x12cd7: jmp 0x12d3e 0x12cd9: nop 0x12cda: mov ah, 0x3f 0x12cdc: mov cx, 3 0x12cdf: mov dx, 0xa 0x12ce2: nop 0x12ce3: add dx, si 0x12ce5: int 0x21 0x12ce7: jb 0x12d3e 0x12ce9: cmp ax, 3 0x12cec: jne 0x12d3e 0x12cee: mov ax, 0x4202 0x12cf1: mov cx, 0
2018-12-25T12:37:35.777151633Z	87	PC: 12d53 \| Get or set file date and time
2018-12-25T12:37:35.778964378Z	62	PC: 12d57 \| Close file
2018-12-25T12:37:35.7869341Z	67	PC: 12d66 \| Get or set file attributes
2018-12-25T12:37:35.79656472Z	26	PC: 12d73 \| Set disk transfer address
2018-12-25T12:37:35.797619563Z	9	PC: 12a82 \| Display string (Could not find end pointer)
2018-12-25T12:37:35.804109749Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')