Sample viewer

vx.netlux.org/Virus.DOS.Vienna.637.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:56.706249824Z	48	PC: 12a60 \| Get DOS version
2018-12-17T23:04:56.707488189Z	47	PC: 12a6c \| Get disk transfer address
2018-12-17T23:04:56.710451279Z	26	PC: 12a7f \| Set disk transfer address
2018-12-17T23:04:56.71198435Z	78	PC: 12b06 \| Find first file
2018-12-17T23:04:56.719086422Z	67	PC: 12b43 \| Get or set file attributes
2018-12-17T23:04:56.726824898Z	67	PC: 12b55 \| Get or set file attributes
2018-12-17T23:04:56.751560371Z	61	PC: 12b60 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:56.759919928Z	87	PC: 12b6c \| Get or set file date and time
2018-12-17T23:04:56.763170361Z	44	PC: 12b78 \| Get time 0x12b78: and dh, 7 0x12b7b: jne 0x12b8d 0x12b7d: mov ah, 0x40 0x12b7f: mov cx, 5 0x12b82: mov dx, si 0x12b84: add dx, 0x8a 0x12b88: int 0x21 0x12b8a: jmp 0x12bf0 0x12b8c: nop 0x12b8d: mov ah, 0x3f 0x12b8f: mov cx, 3 0x12b92: mov dx, 0xa 0x12b95: nop 0x12b96: add dx, si 0x12b98: int 0x21 0x12b9a: jb 0x12bf0 0x12b9c: cmp ax, 3 0x12b9f: jne 0x12bf0 0x12ba1: mov ax, 0x4202 0x12ba4: mov cx, 0
2018-12-17T23:04:56.766031262Z	63	PC: 12b9a \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:56.773881188Z	66	PC: 12bac \| Move file pointer
2018-12-17T23:04:56.776154436Z	64	PC: 12bd0 \| Write file or device (Write 637 bytes on handle 5)
2018-12-17T23:04:56.786513507Z	66	PC: 12be2 \| Move file pointer
2018-12-17T23:04:56.787963203Z	64	PC: 12bf0 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:04:56.795449144Z	87	PC: 12c03 \| Get or set file date and time
2018-12-17T23:04:56.797386542Z	62	PC: 12c07 \| Close file
2018-12-17T23:04:56.805984624Z	67	PC: 12c16 \| Get or set file attributes
2018-12-17T23:04:56.816744108Z	26	PC: 12c23 \| Set disk transfer address
2018-12-17T23:04:56.818468969Z	76	PC: 12a48 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15036,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:27.702687367Z	48	PC: 12a60 \| Get DOS version
2018-12-25T12:42:27.703700802Z	47	PC: 12a6c \| Get disk transfer address
2018-12-25T12:42:27.705083668Z	26	PC: 12a7f \| Set disk transfer address
2018-12-25T12:42:27.706463748Z	78	PC: 12b06 \| Find first file
2018-12-25T12:42:27.715234319Z	67	PC: 12b43 \| Get or set file attributes
2018-12-25T12:42:27.722194653Z	67	PC: 12b55 \| Get or set file attributes
2018-12-25T12:42:27.741792326Z	61	PC: 12b60 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:27.74956032Z	87	PC: 12b6c \| Get or set file date and time
2018-12-25T12:42:27.754256131Z	44	PC: 12b78 \| Get time 0x12b78: and dh, 7 0x12b7b: jne 0x12b8d 0x12b7d: mov ah, 0x40 0x12b7f: mov cx, 5 0x12b82: mov dx, si 0x12b84: add dx, 0x8a 0x12b88: int 0x21 0x12b8a: jmp 0x12bf0 0x12b8c: nop 0x12b8d: mov ah, 0x3f 0x12b8f: mov cx, 3 0x12b92: mov dx, 0xa 0x12b95: nop 0x12b96: add dx, si 0x12b98: int 0x21 0x12b9a: jb 0x12bf0 0x12b9c: cmp ax, 3 0x12b9f: jne 0x12bf0 0x12ba1: mov ax, 0x4202 0x12ba4: mov cx, 0
2018-12-25T12:42:27.756680862Z	63	PC: 12b9a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:27.763750042Z	66	PC: 12bac \| Move file pointer
2018-12-25T12:42:27.765438931Z	64	PC: 12bd0 \| Write file or device (Write 637 bytes on handle 5)
2018-12-25T12:42:27.776188751Z	66	PC: 12be2 \| Move file pointer
2018-12-25T12:42:27.780819951Z	64	PC: 12bf0 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:27.792222885Z	87	PC: 12c03 \| Get or set file date and time
2018-12-25T12:42:27.794092983Z	62	PC: 12c07 \| Close file
2018-12-25T12:42:27.803453488Z	67	PC: 12c16 \| Get or set file attributes
2018-12-25T12:42:27.814305777Z	26	PC: 12c23 \| Set disk transfer address
2018-12-25T12:42:27.816427004Z	76	PC: 12a48 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":15036,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:27.76515477Z	48	PC: 12a60 \| Get DOS version
2018-12-25T12:42:27.766438293Z	47	PC: 12a6c \| Get disk transfer address
2018-12-25T12:42:27.772574291Z	26	PC: 12a7f \| Set disk transfer address
2018-12-25T12:42:27.773748511Z	78	PC: 12b06 \| Find first file
2018-12-25T12:42:27.780124352Z	67	PC: 12b43 \| Get or set file attributes
2018-12-25T12:42:27.787272714Z	67	PC: 12b55 \| Get or set file attributes
2018-12-25T12:42:27.803630284Z	61	PC: 12b60 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:27.811004572Z	87	PC: 12b6c \| Get or set file date and time
2018-12-25T12:42:27.81286028Z	44	PC: 12b78 \| Get time 0x12b78: and dh, 7 0x12b7b: jne 0x12b8d 0x12b7d: mov ah, 0x40 0x12b7f: mov cx, 5 0x12b82: mov dx, si 0x12b84: add dx, 0x8a 0x12b88: int 0x21 0x12b8a: jmp 0x12bf0 0x12b8c: nop 0x12b8d: mov ah, 0x3f 0x12b8f: mov cx, 3 0x12b92: mov dx, 0xa 0x12b95: nop 0x12b96: add dx, si 0x12b98: int 0x21 0x12b9a: jb 0x12bf0 0x12b9c: cmp ax, 3 0x12b9f: jne 0x12bf0 0x12ba1: mov ax, 0x4202 0x12ba4: mov cx, 0
2018-12-25T12:42:27.81534039Z	63	PC: 12b9a \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:27.822477001Z	66	PC: 12bac \| Move file pointer
2018-12-25T12:42:27.82427401Z	64	PC: 12bd0 \| Write file or device (Write 637 bytes on handle 5)
2018-12-25T12:42:27.834538528Z	66	PC: 12be2 \| Move file pointer
2018-12-25T12:42:27.836112968Z	64	PC: 12bf0 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:27.844169804Z	87	PC: 12c03 \| Get or set file date and time
2018-12-25T12:42:27.846521065Z	62	PC: 12c07 \| Close file
2018-12-25T12:42:27.855377369Z	67	PC: 12c16 \| Get or set file attributes
2018-12-25T12:42:27.867250407Z	26	PC: 12c23 \| Set disk transfer address
2018-12-25T12:42:27.869379279Z	76	PC: 12a48 \| Terminate with return code (Return code = '0')