Sample viewer

vx.netlux.org/Virus.DOS.Vienna.453

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:21.670994099Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:21.673283216Z	37	PC: 12a85 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:21.674372932Z	26	PC: 12a8d \| Set disk transfer address
2018-12-17T23:04:21.675470449Z	78	PC: 12ad8 \| Find first file
2018-12-17T23:04:21.681749538Z	67	PC: 12b9d \| Get or set file attributes
2018-12-17T23:04:22.157937461Z	61	PC: 12b2d \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:22.164635703Z	44	PC: 12b35 \| Get time 0x12b35: and dh, 7 0x12b38: jne 0x12b42 0x12b3a: mov cx, 5 0x12b3d: lea dx, word ptr [si + 0xb] 0x12b40: jmp 0x12b6b 0x12b42: mov ah, 0x3f 0x12b44: mov cx, 3 0x12b47: lea dx, word ptr [si - 6] 0x12b4a: call 0x12b9b 0x12b4d: jb 0x12b6e 0x12b4f: mov ax, 0x4202 0x12b52: call 0x12b94 0x12b55: mov word ptr [bp - 0x7a], ax 0x12b58: mov cx, 0x161 0x12b5b: lea dx, word ptr [si - 6] 0x12b5e: call 0x12b99 0x12b61: jb 0x12b6e 0x12b63: call 0x12b91 0x12b66: mov cl, 3 0x12b68: lea dx, word ptr [bp - 0x7b]
2018-12-17T23:04:22.166333308Z	63	PC: 12b9d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:22.171467842Z	66	PC: 12b9d \| Move file pointer
2018-12-17T23:04:22.172588988Z	64	PC: 12b9d \| Write file or device (Write 353 bytes on handle 5)
2018-12-17T23:04:22.178106249Z	66	PC: 12b9d \| Move file pointer
2018-12-17T23:04:22.179668627Z	64	PC: 12b9d \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:22.184751329Z	87	PC: 12b7c \| Get or set file date and time
2018-12-17T23:04:22.186207876Z	62	PC: 12b80 \| Close file
2018-12-17T23:04:22.192962976Z	67	PC: 12b8e \| Get or set file attributes
2018-12-17T23:04:22.201606416Z	37	PC: 12af1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:22.202993832Z	26	PC: 12afa \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14843,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:47.53669663Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:47.538450306Z	37	PC: 12a85 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:47.541231287Z	26	PC: 12a8d \| Set disk transfer address
2018-12-25T12:41:47.542924899Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:41:47.550134915Z	67	PC: 12b9d \| Get or set file attributes
2018-12-25T12:41:47.56801746Z	61	PC: 12b2d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:47.581820294Z	44	PC: 12b35 \| Get time 0x12b35: and dh, 7 0x12b38: jne 0x12b42 0x12b3a: mov cx, 5 0x12b3d: lea dx, word ptr [si + 0xb] 0x12b40: jmp 0x12b6b 0x12b42: mov ah, 0x3f 0x12b44: mov cx, 3 0x12b47: lea dx, word ptr [si - 6] 0x12b4a: call 0x12b9b 0x12b4d: jb 0x12b6e 0x12b4f: mov ax, 0x4202 0x12b52: call 0x12b94 0x12b55: mov word ptr [bp - 0x7a], ax 0x12b58: mov cx, 0x161 0x12b5b: lea dx, word ptr [si - 6] 0x12b5e: call 0x12b99 0x12b61: jb 0x12b6e 0x12b63: call 0x12b91 0x12b66: mov cl, 3 0x12b68: lea dx, word ptr [bp - 0x7b]
2018-12-25T12:41:47.584390728Z	63	PC: 12b9d \| Read file or device (See above)
2018-12-25T12:41:47.592501246Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:41:47.59428326Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:41:47.603113204Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:41:47.605121328Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:41:47.613051529Z	87	PC: 12b7c \| Get or set file date and time
2018-12-25T12:41:47.614814572Z	62	PC: 12b80 \| Close file
2018-12-25T12:41:47.623621314Z	67	PC: 12b8e \| Get or set file attributes
2018-12-25T12:41:47.635763479Z	37	PC: 12af1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:47.637336448Z	26	PC: 12afa \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":14843,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:47.804380929Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:47.811225427Z	37	PC: 12a85 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:47.812804603Z	26	PC: 12a8d \| Set disk transfer address
2018-12-25T12:41:47.814515464Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:41:47.818706601Z	67	PC: 12b9d \| Get or set file attributes
2018-12-25T12:41:47.835195511Z	61	PC: 12b2d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:47.839908818Z	44	PC: 12b35 \| Get time 0x12b35: and dh, 7 0x12b38: jne 0x12b42 0x12b3a: mov cx, 5 0x12b3d: lea dx, word ptr [si + 0xb] 0x12b40: jmp 0x12b6b 0x12b42: mov ah, 0x3f 0x12b44: mov cx, 3 0x12b47: lea dx, word ptr [si - 6] 0x12b4a: call 0x12b9b 0x12b4d: jb 0x12b6e 0x12b4f: mov ax, 0x4202 0x12b52: call 0x12b94 0x12b55: mov word ptr [bp - 0x7a], ax 0x12b58: mov cx, 0x161 0x12b5b: lea dx, word ptr [si - 6] 0x12b5e: call 0x12b99 0x12b61: jb 0x12b6e 0x12b63: call 0x12b91 0x12b66: mov cl, 3 0x12b68: lea dx, word ptr [bp - 0x7b]
2018-12-25T12:41:47.841581393Z	63	PC: 12b9d \| Read file or device (See above)
2018-12-25T12:41:47.846403682Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:41:47.847584523Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:41:47.856468119Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:41:47.859321383Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:41:47.866535624Z	87	PC: 12b7c \| Get or set file date and time
2018-12-25T12:41:47.868148222Z	62	PC: 12b80 \| Close file
2018-12-25T12:41:47.877561738Z	67	PC: 12b8e \| Get or set file attributes
2018-12-25T12:41:47.889257462Z	37	PC: 12af1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:47.890863845Z	26	PC: 12afa \| Set disk transfer address