Sample viewer

vx.netlux.org/Virus.DOS.Vienna.BboDong.896

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:06.515125984Z	42	PC: 12e43 \| Get date 0x12e43: cmp al, 6 0x12e45: jne 0x12ec5 0x12e47: jmp 0x12e7e 0x12e49: pop es 0x12e4a: push bx 0x12e4b: popaw 0x12e4c: je 0x12ec3 0x12e4e: jb 0x12e94 0x12e50: popaw 0x12e51: jns 0x12e7f 0x12e53: and word ptr [bx + 0x64], cx 0x12e56: inc cx 0x12e57: dec si 0x12e58: push dx 0x12e59: outsw dx, word ptr [si] 0x12e5a: push sp 0x12e5b: or cl, byte ptr [di] 0x12e5d: push dx 0x12e5e: jne 0x12ece 0x12e60: push sp
2018-12-17T23:00:06.516773092Z	47	PC: 12ecd \| Get disk transfer address
2018-12-17T23:00:06.518206139Z	26	PC: 12ee0 \| Set disk transfer address
2018-12-17T23:00:06.519365363Z	78	PC: 12f81 \| Find first file
2018-12-17T23:00:06.523534234Z	67	PC: 12fbc \| Get or set file attributes
2018-12-17T23:00:06.528324966Z	67	PC: 12fcd \| Get or set file attributes
2018-12-17T23:00:06.531007657Z	61	PC: 12fd8 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:06.53518502Z	87	PC: 12fe7 \| Get or set file date and time
2018-12-17T23:00:06.537042259Z	63	PC: 12ffa \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:00:06.543479775Z	66	PC: 1300f \| Move file pointer
2018-12-17T23:00:06.545011478Z	64	PC: 13032 \| Write file or device (Write 896 bytes on handle 5)
2018-12-17T23:00:06.562122248Z	66	PC: 13044 \| Move file pointer
2018-12-17T23:00:06.563715282Z	64	PC: 13052 \| Write file or device (Write 6 bytes on handle 5)
2018-12-17T23:00:06.575050294Z	87	PC: 13063 \| Get or set file date and time
2018-12-17T23:00:06.576606556Z	62	PC: 13067 \| Close file
2018-12-17T23:00:06.585648804Z	67	PC: 13075 \| Get or set file attributes
2018-12-17T23:00:06.597282455Z	26	PC: 1307f \| Set disk transfer address
2018-12-17T23:00:06.598553186Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13424,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:11.71057429Z	42	PC: 12e43 \| Get date 0x12e43: cmp al, 6 0x12e45: jne 0x12ec5 0x12e47: jmp 0x12e7e 0x12e49: pop es 0x12e4a: push bx 0x12e4b: popaw 0x12e4c: je 0x12ec3 0x12e4e: jb 0x12e94 0x12e50: popaw 0x12e51: jns 0x12e7f 0x12e53: and word ptr [bx + 0x64], cx 0x12e56: inc cx 0x12e57: dec si 0x12e58: push dx 0x12e59: outsw dx, word ptr [si] 0x12e5a: push sp 0x12e5b: or cl, byte ptr [di] 0x12e5d: push dx 0x12e5e: jne 0x12ece 0x12e60: push sp
2018-12-25T12:38:11.714844078Z	47	PC: 12ecd \| Get disk transfer address
2018-12-25T12:38:11.716521321Z	26	PC: 12ee0 \| Set disk transfer address
2018-12-25T12:38:11.718202803Z	78	PC: 12f81 \| Find first file
2018-12-25T12:38:11.726312707Z	67	PC: 12fbc \| Get or set file attributes
2018-12-25T12:38:11.73286944Z	67	PC: 12fcd \| Get or set file attributes
2018-12-25T12:38:11.737868323Z	61	PC: 12fd8 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:11.745949459Z	87	PC: 12fe7 \| Get or set file date and time
2018-12-25T12:38:11.748549432Z	63	PC: 12ffa \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:38:11.756259318Z	66	PC: 1300f \| Move file pointer
2018-12-25T12:38:11.75792362Z	64	PC: 13032 \| Write file or device (Write 896 bytes on handle 5)
2018-12-25T12:38:11.781075548Z	66	PC: 13044 \| Move file pointer
2018-12-25T12:38:11.782904161Z	64	PC: 13052 \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:38:11.790153105Z	87	PC: 13063 \| Get or set file date and time
2018-12-25T12:38:11.792410045Z	62	PC: 13067 \| Close file
2018-12-25T12:38:11.801110028Z	67	PC: 13075 \| Get or set file attributes
2018-12-25T12:38:11.812225338Z	26	PC: 1307f \| Set disk transfer address
2018-12-25T12:38:11.813667883Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13424,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:11.69798197Z	42	PC: 12e43 \| Get date 0x12e43: cmp al, 6 0x12e45: jne 0x12ec5 0x12e47: jmp 0x12e7e 0x12e49: pop es 0x12e4a: push bx 0x12e4b: popaw 0x12e4c: je 0x12ec3 0x12e4e: jb 0x12e94 0x12e50: popaw 0x12e51: jns 0x12e7f 0x12e53: and word ptr [bx + 0x64], cx 0x12e56: inc cx 0x12e57: dec si 0x12e58: push dx 0x12e59: outsw dx, word ptr [si] 0x12e5a: push sp 0x12e5b: or cl, byte ptr [di] 0x12e5d: push dx 0x12e5e: jne 0x12ece 0x12e60: push sp
2018-12-25T12:38:11.701449004Z	44	PC: 12e87 \| Get time 0x12e87: mov ah, 0 0x12e89: mov al, dh 0x12e8b: mov bh, 0x18 0x12e8d: div bh 0x12e8f: mov cl, ah 0x12e91: mov dh, 1 0x12e93: cmp cl, 0 0x12e96: je 0x12e9a 0x12e98: jmp 0x12ea4 0x12e9a: inc cl 0x12e9c: jmp 0x12ea4 0x12e9e: mov dh, 0 0x12ea0: mov cl, 1 0x12ea2: mov ch, 0 0x12ea4: mov ax, 0x301 0x12ea7: mov dl, 0x80 0x12ea9: pop si 0x12eaa: mov bx, word ptr [si + 0x14] 0x12ead: add bx, 0x127 0x12eb1: int 0x13
2018-12-25T12:38:12.036454843Z	9	PC: 12ebe \| Display string (String= 'SaturDay,!OdANRoT RunTime Error : Sector is BROKEN')
2018-12-25T12:38:12.041811032Z	8	PC: 12ec2 \| Console input without echo