Sample viewer

vx.netlux.org/Virus.DOS.Vienna.662

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:35.128826017Z	48	PC: 14cda \| Get DOS version
2018-12-17T23:05:35.132688034Z	42	PC: 14d11 \| Get date 0x14d11: cmp dl, 0xd 0x14d14: je 0x14d19 0x14d16: jmp 0x14d53 0x14d18: nop 0x14d19: mov bx, es 0x14d1b: mov ax, 0xf000 0x14d1e: push ax 0x14d1f: pop es 0x14d20: cmp word ptr es:[0xfffe], 0xfa 0x14d27: jle 0x14d32 0x14d29: cmp word ptr es:[0xfffe], 0xfc 0x14d30: jne 0x14d51 0x14d32: mov es, bx 0x14d34: mov dx, 0x80 0x14d37: mov cx, 1 0x14d3a: mov al, 0x11 0x14d3c: mov bx, 0x9999 0x14d3f: mov ah, 3 0x14d41: int 0x13 0x14d43: cli
2018-12-17T23:05:35.135138131Z	26	PC: 14d5e \| Set disk transfer address
2018-12-17T23:05:35.136464324Z	78	PC: 14d6d \| Find first file
2018-12-17T23:05:35.143334855Z	79	PC: 14d74 \| Find next file
2018-12-17T23:05:35.146188281Z	79	PC: 14d74 \| Find next file
2018-12-17T23:05:35.149004337Z	79	PC: 14d74 \| Find next file
2018-12-17T23:05:35.152399168Z	79	PC: 14d74 \| Find next file
2018-12-17T23:05:35.155060096Z	79	PC: 14d74 \| Find next file
2018-12-17T23:05:35.158553352Z	79	PC: 14d74 \| Find next file
2018-12-17T23:05:35.161591202Z	79	PC: 14d74 \| Find next file
2018-12-17T23:05:35.164412901Z	67	PC: 14dd6 \| Get or set file attributes
2018-12-17T23:05:35.170174696Z	67	PC: 14de6 \| Get or set file attributes
2018-12-17T23:05:35.187506977Z	61	PC: 14df0 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:05:35.195123772Z	87	PC: 14dfc \| Get or set file date and time
2018-12-17T23:05:35.196769042Z	63	PC: 14e0e \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:05:35.199789653Z	66	PC: 14e22 \| Move file pointer
2018-12-17T23:05:35.201491591Z	64	PC: 14e49 \| Write file or device (Write 662 bytes on handle 5)
2018-12-17T23:05:35.209460298Z	66	PC: 14e5e \| Move file pointer
2018-12-17T23:05:35.211101973Z	64	PC: 14e6c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:35.220011446Z	87	PC: 14e8d \| Get or set file date and time
2018-12-17T23:05:35.22203925Z	62	PC: 14e91 \| Close file
2018-12-17T23:05:35.23524905Z	67	PC: 14e99 \| Get or set file attributes
2018-12-17T23:05:35.241243316Z	26	PC: 14ea0 \| Set disk transfer address
2018-12-17T23:05:35.243225358Z	48	PC: 149bb \| Get DOS version
2018-12-17T23:05:35.347765868Z	9	PC: 13be9 \| Display string (String= 'Memory-GUARD Utility - TSR Handling, ver. 1.50 (C) 1988, P.Baudis, VUMS Praha ')
2018-12-17T23:05:35.356588232Z	240	PC: 13bee \| UNKNOWN!
2018-12-17T23:05:35.358024148Z	53	PC: 13c13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:35.359529104Z	37	PC: 13c22 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15255,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:00.239293886Z	48	PC: 14cda \| Get DOS version
2018-12-25T12:43:00.243366644Z	42	PC: 14d11 \| Get date 0x14d11: cmp dl, 0xd 0x14d14: je 0x14d19 0x14d16: jmp 0x14d53 0x14d18: nop 0x14d19: mov bx, es 0x14d1b: mov ax, 0xf000 0x14d1e: push ax 0x14d1f: pop es 0x14d20: cmp word ptr es:[0xfffe], 0xfa 0x14d27: jle 0x14d32 0x14d29: cmp word ptr es:[0xfffe], 0xfc 0x14d30: jne 0x14d51 0x14d32: mov es, bx 0x14d34: mov dx, 0x80 0x14d37: mov cx, 1 0x14d3a: mov al, 0x11 0x14d3c: mov bx, 0x9999 0x14d3f: mov ah, 3 0x14d41: int 0x13 0x14d43: cli
2018-12-25T12:43:00.245744707Z	26	PC: 14d5e \| Set disk transfer address
2018-12-25T12:43:00.246946138Z	78	PC: 14d6d \| Find first file
2018-12-25T12:43:00.253936699Z	79	PC: 14d74 \| Find next file
2018-12-25T12:43:00.256748384Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.259492767Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.262689316Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.265634593Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.26934231Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.272337Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.275587373Z	67	PC: 14dd6 \| Get or set file attributes
2018-12-25T12:43:00.282100928Z	67	PC: 14de6 \| Get or set file attributes
2018-12-25T12:43:00.299992129Z	61	PC: 14df0 \| Open file (Filename = 'TEST.COM')
2018-12-25T12:43:00.307968571Z	87	PC: 14dfc \| Get or set file date and time
2018-12-25T12:43:00.310226939Z	63	PC: 14e0e \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:00.313941409Z	66	PC: 14e22 \| Move file pointer
2018-12-25T12:43:00.316607171Z	64	PC: 14e49 \| Write file or device (Write 662 bytes on handle 5)
2018-12-25T12:43:00.327055841Z	66	PC: 14e5e \| Move file pointer
2018-12-25T12:43:00.3292644Z	64	PC: 14e6c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:00.333843943Z	87	PC: 14e8d \| Get or set file date and time
2018-12-25T12:43:00.336211753Z	62	PC: 14e91 \| Close file
2018-12-25T12:43:00.346478823Z	67	PC: 14e99 \| Get or set file attributes
2018-12-25T12:43:00.354406684Z	26	PC: 14ea0 \| Set disk transfer address
2018-12-25T12:43:00.356629811Z	48	PC: 149bb \| Get DOS version
2018-12-25T12:43:00.458111612Z	9	PC: 13be9 \| Display string (String= 'Memory-GUARD Utility - TSR Handling, ver. 1.50 (C) 1988, P.Baudis, VUMS Praha ')
2018-12-25T12:43:00.468648108Z	240	PC: 13bee \| UNKNOWN!
2018-12-25T12:43:00.470012915Z	53	PC: 13c13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:00.471352204Z	37	PC: 13c22 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15255,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:00.559311589Z	48	PC: 14cda \| Get DOS version
2018-12-25T12:43:00.562919747Z	42	PC: 14d11 \| Get date 0x14d11: cmp dl, 0xd 0x14d14: je 0x14d19 0x14d16: jmp 0x14d53 0x14d18: nop 0x14d19: mov bx, es 0x14d1b: mov ax, 0xf000 0x14d1e: push ax 0x14d1f: pop es 0x14d20: cmp word ptr es:[0xfffe], 0xfa 0x14d27: jle 0x14d32 0x14d29: cmp word ptr es:[0xfffe], 0xfc 0x14d30: jne 0x14d51 0x14d32: mov es, bx 0x14d34: mov dx, 0x80 0x14d37: mov cx, 1 0x14d3a: mov al, 0x11 0x14d3c: mov bx, 0x9999 0x14d3f: mov ah, 3 0x14d41: int 0x13 0x14d43: cli
2018-12-25T12:43:00.564959373Z	26	PC: 14d5e \| Set disk transfer address
2018-12-25T12:43:00.565962511Z	78	PC: 14d6d \| Find first file
2018-12-25T12:43:00.572946545Z	79	PC: 14d74 \| Find next file
2018-12-25T12:43:00.575348494Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.577713539Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.580989846Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.583380553Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.585712518Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.588256893Z	79	PC: 14d74 \| Find next file (See above)
2018-12-25T12:43:00.596704887Z	67	PC: 14dd6 \| Get or set file attributes
2018-12-25T12:43:00.602308422Z	67	PC: 14de6 \| Get or set file attributes
2018-12-25T12:43:00.618761483Z	61	PC: 14df0 \| Open file (Filename = 'TEST.COM')
2018-12-25T12:43:00.62647853Z	87	PC: 14dfc \| Get or set file date and time
2018-12-25T12:43:00.627693628Z	63	PC: 14e0e \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:00.629992125Z	66	PC: 14e22 \| Move file pointer
2018-12-25T12:43:00.631712181Z	64	PC: 14e49 \| Write file or device (Write 662 bytes on handle 5)
2018-12-25T12:43:00.63936783Z	66	PC: 14e5e \| Move file pointer
2018-12-25T12:43:00.64053075Z	64	PC: 14e6c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:00.64368444Z	87	PC: 14e8d \| Get or set file date and time
2018-12-25T12:43:00.645015441Z	62	PC: 14e91 \| Close file
2018-12-25T12:43:00.652642519Z	67	PC: 14e99 \| Get or set file attributes
2018-12-25T12:43:00.65911894Z	26	PC: 14ea0 \| Set disk transfer address
2018-12-25T12:43:00.661477452Z	48	PC: 149bb \| Get DOS version
2018-12-25T12:43:00.727517629Z	9	PC: 13be9 \| Display string (String= 'Memory-GUARD Utility - TSR Handling, ver. 1.50 (C) 1988, P.Baudis, VUMS Praha ')
2018-12-25T12:43:00.73832092Z	240	PC: 13bee \| UNKNOWN!
2018-12-25T12:43:00.739350721Z	53	PC: 13c13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:00.740441641Z	37	PC: 13c22 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')