Sample viewer

vx.netlux.org/Virus.DOS.Vienna.621

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:23.230471992Z	48	PC: 12b4f \| Get DOS version
2018-12-17T22:59:23.231972863Z	47	PC: 12b5b \| Get disk transfer address
2018-12-17T22:59:23.234655093Z	53	PC: 12b65 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:23.236294094Z	37	PC: 12b79 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:23.237907817Z	26	PC: 12b82 \| Set disk transfer address
2018-12-17T22:59:23.240955855Z	78	PC: 12bfa \| Find first file
2018-12-17T22:59:23.247725858Z	67	PC: 12c32 \| Get or set file attributes
2018-12-17T22:59:23.254378511Z	67	PC: 12c3d \| Get or set file attributes
2018-12-17T22:59:23.272641996Z	61	PC: 12c42 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:23.280611353Z	87	PC: 12c4e \| Get or set file date and time
2018-12-17T22:59:23.28242966Z	44	PC: 12c58 \| Get time 0x12c58: and dh, 7 0x12c5b: jne 0x12c6c 0x12c5d: mov ah, 0x40 0x12c5f: mov cx, 5 0x12c62: mov dx, si 0x12c64: add dx, 0x8a 0x12c68: int 0x21 0x12c6a: jmp 0x12cc2 0x12c6c: mov ah, 0x3f 0x12c6e: mov cx, 3 0x12c71: mov dx, 0xa 0x12c74: add dx, si 0x12c76: int 0x21 0x12c78: jb 0x12cc2 0x12c7a: cmp ax, 3 0x12c7d: jne 0x12cc2 0x12c7f: mov ax, 0x4202 0x12c82: xor cx, cx 0x12c84: xor dx, dx 0x12c86: int 0x21
2018-12-17T22:59:23.287059782Z	63	PC: 12c78 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:23.29366226Z	66	PC: 12c88 \| Move file pointer
2018-12-17T22:59:23.295645918Z	64	PC: 12ca5 \| Write file or device (Write 621 bytes on handle 5)
2018-12-17T22:59:23.305012953Z	66	PC: 12cb5 \| Move file pointer
2018-12-17T22:59:23.315609578Z	64	PC: 12cc2 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:23.322497733Z	87	PC: 12cd3 \| Get or set file date and time
2018-12-17T22:59:23.324247873Z	62	PC: 12cd7 \| Close file
2018-12-17T22:59:23.335251232Z	67	PC: 12ce4 \| Get or set file attributes
2018-12-17T22:59:23.345509342Z	26	PC: 12cee \| Set disk transfer address
2018-12-17T22:59:23.346906207Z	37	PC: 12cfb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:23.349607894Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13199,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.920267181Z	48	PC: 12b4f \| Get DOS version
2018-12-25T12:37:37.929724214Z	47	PC: 12b5b \| Get disk transfer address
2018-12-25T12:37:37.930690366Z	53	PC: 12b65 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:37.931694318Z	37	PC: 12b79 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:37.933063953Z	26	PC: 12b82 \| Set disk transfer address
2018-12-25T12:37:37.934426134Z	78	PC: 12bfa \| Find first file
2018-12-25T12:37:37.940189001Z	67	PC: 12c32 \| Get or set file attributes
2018-12-25T12:37:37.945952196Z	67	PC: 12c3d \| Get or set file attributes
2018-12-25T12:37:39.143689997Z	61	PC: 12c42 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:39.150427139Z	87	PC: 12c4e \| Get or set file date and time
2018-12-25T12:37:39.152101815Z	44	PC: 12c58 \| Get time 0x12c58: and dh, 7 0x12c5b: jne 0x12c6c 0x12c5d: mov ah, 0x40 0x12c5f: mov cx, 5 0x12c62: mov dx, si 0x12c64: add dx, 0x8a 0x12c68: int 0x21 0x12c6a: jmp 0x12cc2 0x12c6c: mov ah, 0x3f 0x12c6e: mov cx, 3 0x12c71: mov dx, 0xa 0x12c74: add dx, si 0x12c76: int 0x21 0x12c78: jb 0x12cc2 0x12c7a: cmp ax, 3 0x12c7d: jne 0x12cc2 0x12c7f: mov ax, 0x4202 0x12c82: xor cx, cx 0x12c84: xor dx, dx 0x12c86: int 0x21
2018-12-25T12:37:39.166746732Z	63	PC: 12c78 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:39.17318845Z	66	PC: 12c88 \| Move file pointer
2018-12-25T12:37:39.175048778Z	64	PC: 12ca5 \| Write file or device (Write 621 bytes on handle 5)
2018-12-25T12:37:39.192650582Z	66	PC: 12cb5 \| Move file pointer
2018-12-25T12:37:39.194367577Z	64	PC: 12cc2 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:39.208870724Z	87	PC: 12cd3 \| Get or set file date and time
2018-12-25T12:37:39.212085499Z	62	PC: 12cd7 \| Close file
2018-12-25T12:37:39.226003209Z	67	PC: 12ce4 \| Get or set file attributes
2018-12-25T12:37:39.236575512Z	26	PC: 12cee \| Set disk transfer address
2018-12-25T12:37:39.239318968Z	37	PC: 12cfb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:39.240565989Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":13199,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.995883184Z	48	PC: 12b4f \| Get DOS version
2018-12-25T12:37:37.997714496Z	47	PC: 12b5b \| Get disk transfer address
2018-12-25T12:37:37.998726657Z	53	PC: 12b65 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:37.999630342Z	37	PC: 12b79 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:38.000946711Z	26	PC: 12b82 \| Set disk transfer address
2018-12-25T12:37:38.002232255Z	78	PC: 12bfa \| Find first file
2018-12-25T12:37:38.006751624Z	67	PC: 12c32 \| Get or set file attributes
2018-12-25T12:37:38.010295341Z	67	PC: 12c3d \| Get or set file attributes
2018-12-25T12:37:39.145555983Z	61	PC: 12c42 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:39.149932389Z	87	PC: 12c4e \| Get or set file date and time
2018-12-25T12:37:39.151203473Z	44	PC: 12c58 \| Get time 0x12c58: and dh, 7 0x12c5b: jne 0x12c6c 0x12c5d: mov ah, 0x40 0x12c5f: mov cx, 5 0x12c62: mov dx, si 0x12c64: add dx, 0x8a 0x12c68: int 0x21 0x12c6a: jmp 0x12cc2 0x12c6c: mov ah, 0x3f 0x12c6e: mov cx, 3 0x12c71: mov dx, 0xa 0x12c74: add dx, si 0x12c76: int 0x21 0x12c78: jb 0x12cc2 0x12c7a: cmp ax, 3 0x12c7d: jne 0x12cc2 0x12c7f: mov ax, 0x4202 0x12c82: xor cx, cx 0x12c84: xor dx, dx 0x12c86: int 0x21
2018-12-25T12:37:39.153527907Z	63	PC: 12c78 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:39.15779261Z	66	PC: 12c88 \| Move file pointer
2018-12-25T12:37:39.159265844Z	64	PC: 12ca5 \| Write file or device (Write 621 bytes on handle 5)
2018-12-25T12:37:39.165579709Z	66	PC: 12cb5 \| Move file pointer
2018-12-25T12:37:39.167242215Z	64	PC: 12cc2 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:39.179181446Z	87	PC: 12cd3 \| Get or set file date and time
2018-12-25T12:37:39.182258665Z	62	PC: 12cd7 \| Close file
2018-12-25T12:37:39.188093834Z	67	PC: 12ce4 \| Get or set file attributes
2018-12-25T12:37:39.208928582Z	26	PC: 12cee \| Set disk transfer address
2018-12-25T12:37:39.210628176Z	37	PC: 12cfb \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:39.217137974Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')