Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Ender.1120.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:34.87678728Z 44 PC: 12a56 | Get time 0x12a56: and dh, 7
0x12a59: jne 0x12a5e
0x12a5b: jmp 0x12c30
0x12a5e: push cx
0x12a5f: mov dx, 0x4c9
0x12a62: cld
0x12a63: mov si, dx
0x12a65: add si, 0xd
0x12a68: or dl, byte ptr [bx + si + 0xbf]
0x12a6c: add word ptr [bx + di + 3], di
0x12a70: rep movsb byte ptr es:[di], byte ptr [si]
0x12a72: mov si, dx
0x12a74: push es
0x12a75: mov ah, 0x2f
0x12a77: int 0x21
0x12a79: mov word ptr [si], bx
0x12a7b: nop
0x12a7c: nop
0x12a7d: mov word ptr [si + 2], es
0x12a80: nop
2018-12-17T23:03:34.879721119Z 47 PC: 12a79 | Get disk transfer address
2018-12-17T23:03:34.882422041Z 26 PC: 12a8c | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14595,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:02.357345312Z 44 PC: 12a56 | Get time 0x12a56: and dh, 7
0x12a59: jne 0x12a5e
0x12a5b: jmp 0x12c30
0x12a5e: push cx
0x12a5f: mov dx, 0x4c9
0x12a62: cld
0x12a63: mov si, dx
0x12a65: add si, 0xd
0x12a68: or dl, byte ptr [bx + si + 0xbf]
0x12a6c: add word ptr [bx + di + 3], di
0x12a70: rep movsb byte ptr es:[di], byte ptr [si]
0x12a72: mov si, dx
0x12a74: push es
0x12a75: mov ah, 0x2f
0x12a77: int 0x21
0x12a79: mov word ptr [si], bx
0x12a7b: nop
0x12a7c: nop
0x12a7d: mov word ptr [si + 2], es
0x12a80: nop
2018-12-25T12:41:02.360618859Z 47 PC: 12a79 | Get disk transfer address
2018-12-25T12:41:02.361873183Z 26 PC: 12a8c | Set disk transfer address
2018-12-25T12:41:02.363311793Z 78 PC: 12b19 | Find first file
2018-12-25T12:41:02.370108114Z 0 PC: 12c14 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":14595,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:02.616332587Z 44 PC: 12a56 | Get time 0x12a56: and dh, 7
0x12a59: jne 0x12a5e
0x12a5b: jmp 0x12c30
0x12a5e: push cx
0x12a5f: mov dx, 0x4c9
0x12a62: cld
0x12a63: mov si, dx
0x12a65: add si, 0xd
0x12a68: or dl, byte ptr [bx + si + 0xbf]
0x12a6c: add word ptr [bx + di + 3], di
0x12a70: rep movsb byte ptr es:[di], byte ptr [si]
0x12a72: mov si, dx
0x12a74: push es
0x12a75: mov ah, 0x2f
0x12a77: int 0x21
0x12a79: mov word ptr [si], bx
0x12a7b: nop
0x12a7c: nop
0x12a7d: mov word ptr [si + 2], es
0x12a80: nop
2018-12-25T12:41:02.619514642Z 47 PC: 12a79 | Get disk transfer address
2018-12-25T12:41:02.620807415Z 26 PC: 12a8c | Set disk transfer address
2018-12-25T12:41:02.622133014Z 78 PC: 12b19 | Find first file
2018-12-25T12:41:02.628071898Z 0 PC: 12c14 | Program terminate