Sample viewer

vx.netlux.org/Virus.DOS.Vienna.833.f

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:59.043060638Z	48	PC: 12be6 \| Get DOS version
2018-12-17T23:01:59.045591509Z	53	PC: 12bf3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:59.047007012Z	47	PC: 12bff \| Get disk transfer address
2018-12-17T23:01:59.048350868Z	37	PC: 12c12 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:59.055411104Z	26	PC: 12c1c \| Set disk transfer address
2018-12-17T23:01:59.056580942Z	78	PC: 12ca8 \| Find first file
2018-12-17T23:01:59.06232114Z	67	PC: 12ce6 \| Get or set file attributes
2018-12-17T23:01:59.068433771Z	67	PC: 12cf8 \| Get or set file attributes
2018-12-17T23:01:59.08759652Z	61	PC: 12d11 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:59.094561559Z	87	PC: 12d1d \| Get or set file date and time
2018-12-17T23:01:59.096289469Z	63	PC: 12d32 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:59.104054567Z	66	PC: 12d44 \| Move file pointer
2018-12-17T23:01:59.105746976Z	44	PC: 12d5e \| Get time 0x12d5e: and dh, 7 0x12d61: jne 0x12d73 0x12d63: mov cx, 0xab 0x12d66: mov di, si 0x12d68: sub di, 3 0x12d6b: cld 0x12d6c: mov ax, 0xcccc 0x12d6f: stosw word ptr es:[di], ax 0x12d70: stosb byte ptr es:[di], al 0x12d71: jmp 0x12d76 0x12d73: mov cx, 0x341 0x12d76: mov dx, si 0x12d78: sub dx, 0x14 0x12d7b: mov ah, 0x40 0x12d7d: int 0x21 0x12d7f: jb 0x12d9b 0x12d81: mov ax, 0x4200 0x12d84: mov cx, 0 0x12d87: mov dx, 0 0x12d8a: int 0x21
2018-12-17T23:01:59.10817422Z	64	PC: 12d7f \| Write file or device (Write 833 bytes on handle 5)
2018-12-17T23:01:59.117708846Z	66	PC: 12d8c \| Move file pointer
2018-12-17T23:01:59.127402524Z	64	PC: 12d9b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:59.133813351Z	87	PC: 12dae \| Get or set file date and time
2018-12-17T23:01:59.136582147Z	62	PC: 12db2 \| Close file
2018-12-17T23:01:59.14481413Z	67	PC: 12dc1 \| Get or set file attributes
2018-12-17T23:01:59.15560161Z	37	PC: 12dd3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:59.158140653Z	26	PC: 12de1 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14062,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:44.855604538Z	48	PC: 12be6 \| Get DOS version
2018-12-25T12:39:44.857067178Z	53	PC: 12bf3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:44.858158946Z	47	PC: 12bff \| Get disk transfer address
2018-12-25T12:39:44.858996319Z	37	PC: 12c12 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:44.860371013Z	26	PC: 12c1c \| Set disk transfer address
2018-12-25T12:39:44.861418286Z	78	PC: 12ca8 \| Find first file
2018-12-25T12:39:44.86544555Z	67	PC: 12ce6 \| Get or set file attributes
2018-12-25T12:39:44.86945551Z	67	PC: 12cf8 \| Get or set file attributes
2018-12-25T12:39:44.88211416Z	61	PC: 12d11 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:44.888902933Z	87	PC: 12d1d \| Get or set file date and time
2018-12-25T12:39:44.890626249Z	63	PC: 12d32 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:39:44.897420335Z	66	PC: 12d44 \| Move file pointer
2018-12-25T12:39:44.898693659Z	44	PC: 12d5e \| Get time 0x12d5e: and dh, 7 0x12d61: jne 0x12d73 0x12d63: mov cx, 0xab 0x12d66: mov di, si 0x12d68: sub di, 3 0x12d6b: cld 0x12d6c: mov ax, 0xcccc 0x12d6f: stosw word ptr es:[di], ax 0x12d70: stosb byte ptr es:[di], al 0x12d71: jmp 0x12d76 0x12d73: mov cx, 0x341 0x12d76: mov dx, si 0x12d78: sub dx, 0x14 0x12d7b: mov ah, 0x40 0x12d7d: int 0x21 0x12d7f: jb 0x12d9b 0x12d81: mov ax, 0x4200 0x12d84: mov cx, 0 0x12d87: mov dx, 0 0x12d8a: int 0x21
2018-12-25T12:39:44.90068629Z	64	PC: 12d7f \| Write file or device (Write 833 bytes on handle 5)
2018-12-25T12:39:44.909388042Z	66	PC: 12d8c \| Move file pointer
2018-12-25T12:39:44.910938115Z	64	PC: 12d9b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:39:44.9173727Z	87	PC: 12dae \| Get or set file date and time
2018-12-25T12:39:44.920063637Z	62	PC: 12db2 \| Close file
2018-12-25T12:39:44.929468039Z	67	PC: 12dc1 \| Get or set file attributes
2018-12-25T12:39:44.952538618Z	37	PC: 12dd3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:44.955342595Z	26	PC: 12de1 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":14062,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:44.898685925Z	48	PC: 12be6 \| Get DOS version
2018-12-25T12:39:44.901219471Z	53	PC: 12bf3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:44.902487692Z	47	PC: 12bff \| Get disk transfer address
2018-12-25T12:39:44.903625127Z	37	PC: 12c12 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:44.905440017Z	26	PC: 12c1c \| Set disk transfer address
2018-12-25T12:39:44.908116264Z	78	PC: 12ca8 \| Find first file
2018-12-25T12:39:44.914329884Z	67	PC: 12ce6 \| Get or set file attributes
2018-12-25T12:39:44.920105606Z	67	PC: 12cf8 \| Get or set file attributes
2018-12-25T12:39:44.936394936Z	61	PC: 12d11 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:44.942872275Z	87	PC: 12d1d \| Get or set file date and time
2018-12-25T12:39:44.944984752Z	63	PC: 12d32 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:39:44.952679737Z	66	PC: 12d44 \| Move file pointer
2018-12-25T12:39:44.95407665Z	44	PC: 12d5e \| Get time 0x12d5e: and dh, 7 0x12d61: jne 0x12d73 0x12d63: mov cx, 0xab 0x12d66: mov di, si 0x12d68: sub di, 3 0x12d6b: cld 0x12d6c: mov ax, 0xcccc 0x12d6f: stosw word ptr es:[di], ax 0x12d70: stosb byte ptr es:[di], al 0x12d71: jmp 0x12d76 0x12d73: mov cx, 0x341 0x12d76: mov dx, si 0x12d78: sub dx, 0x14 0x12d7b: mov ah, 0x40 0x12d7d: int 0x21 0x12d7f: jb 0x12d9b 0x12d81: mov ax, 0x4200 0x12d84: mov cx, 0 0x12d87: mov dx, 0 0x12d8a: int 0x21
2018-12-25T12:39:44.956515748Z	64	PC: 12d7f \| Write file or device (Write 833 bytes on handle 5)
2018-12-25T12:39:44.965697321Z	66	PC: 12d8c \| Move file pointer
2018-12-25T12:39:44.967059625Z	64	PC: 12d9b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:39:44.973534509Z	87	PC: 12dae \| Get or set file date and time
2018-12-25T12:39:44.975789177Z	62	PC: 12db2 \| Close file
2018-12-25T12:39:44.9842081Z	67	PC: 12dc1 \| Get or set file attributes
2018-12-25T12:39:44.993850838Z	37	PC: 12dd3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:44.996206423Z	26	PC: 12de1 \| Set disk transfer address