Sample viewer

vx.netlux.org/Virus.DOS.Vienna.367.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:25.045452287Z	53	PC: 12a75 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:25.046891881Z	37	PC: 12a88 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:25.049664591Z	26	PC: 12a8f \| Set disk transfer address
2018-12-17T23:02:25.051040837Z	78	PC: 12ae3 \| Find first file
2018-12-17T23:02:25.058317158Z	67	PC: 12bab \| Get or set file attributes
2018-12-17T23:02:25.077567207Z	61	PC: 12b3a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:02:25.086151086Z	44	PC: 12b42 \| Get time 0x12b42: and dh, 7 0x12b45: jne 0x12b4f 0x12b47: mov cx, 5 0x12b4a: lea dx, word ptr [si + 0xe] 0x12b4d: jmp 0x12b79 0x12b4f: mov ah, 0x3f 0x12b51: mov cx, 3 0x12b54: lea dx, word ptr [si] 0x12b56: call 0x12ba9 0x12b59: jb 0x12b7c 0x12b5b: mov ax, 0x4202 0x12b5e: call 0x12ba2 0x12b61: add ax, 0x10 0x12b64: mov word ptr [bp - 0x7a], ax 0x12b67: mov cx, 0x16f 0x12b6a: mov dx, si 0x12b6c: call 0x12ba7 0x12b6f: jb 0x12b7c 0x12b71: call 0x12b9f 0x12b74: mov cl, 3
2018-12-17T23:02:25.089219471Z	63	PC: 12bab \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:02:25.096955707Z	66	PC: 12bab \| Move file pointer
2018-12-17T23:02:25.099736111Z	64	PC: 12bab \| Write file or device (Write 367 bytes on handle 5)
2018-12-17T23:02:25.112355262Z	66	PC: 12bab \| Move file pointer
2018-12-17T23:02:25.114213393Z	64	PC: 12bab \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:02:25.122952022Z	87	PC: 12b8a \| Get or set file date and time
2018-12-17T23:02:25.124693664Z	62	PC: 12b8e \| Close file
2018-12-17T23:02:25.133436472Z	67	PC: 12b9c \| Get or set file attributes
2018-12-17T23:02:25.145278431Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:25.146979077Z	26	PC: 12afd \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14201,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:07.898750153Z	53	PC: 12a75 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:07.900712102Z	37	PC: 12a88 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:07.902162689Z	26	PC: 12a8f \| Set disk transfer address
2018-12-25T12:40:07.903311603Z	78	PC: 12ae3 \| Find first file
2018-12-25T12:40:07.910119667Z	67	PC: 12bab \| Get or set file attributes
2018-12-25T12:40:07.927816034Z	61	PC: 12b3a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:07.935220612Z	44	PC: 12b42 \| Get time 0x12b42: and dh, 7 0x12b45: jne 0x12b4f 0x12b47: mov cx, 5 0x12b4a: lea dx, word ptr [si + 0xe] 0x12b4d: jmp 0x12b79 0x12b4f: mov ah, 0x3f 0x12b51: mov cx, 3 0x12b54: lea dx, word ptr [si] 0x12b56: call 0x12ba9 0x12b59: jb 0x12b7c 0x12b5b: mov ax, 0x4202 0x12b5e: call 0x12ba2 0x12b61: add ax, 0x10 0x12b64: mov word ptr [bp - 0x7a], ax 0x12b67: mov cx, 0x16f 0x12b6a: mov dx, si 0x12b6c: call 0x12ba7 0x12b6f: jb 0x12b7c 0x12b71: call 0x12b9f 0x12b74: mov cl, 3
2018-12-25T12:40:07.937484275Z	63	PC: 12bab \| Read file or device (See above)
2018-12-25T12:40:07.945289586Z	66	PC: 12bab \| Move file pointer (See above)
2018-12-25T12:40:07.956513875Z	64	PC: 12bab \| Write file or device (See above)
2018-12-25T12:40:07.976501402Z	66	PC: 12bab \| Move file pointer (See above)
2018-12-25T12:40:07.979231479Z	64	PC: 12bab \| Write file or device (See above)
2018-12-25T12:40:07.986189889Z	87	PC: 12b8a \| Get or set file date and time
2018-12-25T12:40:07.988372403Z	62	PC: 12b8e \| Close file
2018-12-25T12:40:07.996765563Z	67	PC: 12b9c \| Get or set file attributes
2018-12-25T12:40:08.005717477Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:08.006734089Z	26	PC: 12afd \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":14201,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:08.138594159Z	53	PC: 12a75 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:08.140779575Z	37	PC: 12a88 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:08.142144842Z	26	PC: 12a8f \| Set disk transfer address
2018-12-25T12:40:08.143548009Z	78	PC: 12ae3 \| Find first file
2018-12-25T12:40:08.151144499Z	67	PC: 12bab \| Get or set file attributes
2018-12-25T12:40:08.166843651Z	61	PC: 12b3a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:08.173116833Z	44	PC: 12b42 \| Get time 0x12b42: and dh, 7 0x12b45: jne 0x12b4f 0x12b47: mov cx, 5 0x12b4a: lea dx, word ptr [si + 0xe] 0x12b4d: jmp 0x12b79 0x12b4f: mov ah, 0x3f 0x12b51: mov cx, 3 0x12b54: lea dx, word ptr [si] 0x12b56: call 0x12ba9 0x12b59: jb 0x12b7c 0x12b5b: mov ax, 0x4202 0x12b5e: call 0x12ba2 0x12b61: add ax, 0x10 0x12b64: mov word ptr [bp - 0x7a], ax 0x12b67: mov cx, 0x16f 0x12b6a: mov dx, si 0x12b6c: call 0x12ba7 0x12b6f: jb 0x12b7c 0x12b71: call 0x12b9f 0x12b74: mov cl, 3
2018-12-25T12:40:08.17625835Z	63	PC: 12bab \| Read file or device (See above)
2018-12-25T12:40:08.182067123Z	66	PC: 12bab \| Move file pointer (See above)
2018-12-25T12:40:08.183411473Z	64	PC: 12bab \| Write file or device (See above)
2018-12-25T12:40:08.191646574Z	66	PC: 12bab \| Move file pointer (See above)
2018-12-25T12:40:08.193720964Z	64	PC: 12bab \| Write file or device (See above)
2018-12-25T12:40:08.199742253Z	87	PC: 12b8a \| Get or set file date and time
2018-12-25T12:40:08.201042132Z	62	PC: 12b8e \| Close file
2018-12-25T12:40:08.209116659Z	67	PC: 12b9c \| Get or set file attributes
2018-12-25T12:40:08.218587935Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:08.219633168Z	26	PC: 12afd \| Set disk transfer address