Sample viewer

vx.netlux.org/Virus.DOS.Vienna.565

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:03.833810888Z	48	PC: 12b47 \| Get DOS version
2018-12-17T23:06:03.835366058Z	47	PC: 12b53 \| Get disk transfer address
2018-12-17T23:06:03.83672281Z	26	PC: 12b5f \| Set disk transfer address
2018-12-17T23:06:03.837999564Z	78	PC: 12bd3 \| Find first file
2018-12-17T23:06:03.845066397Z	67	PC: 12c09 \| Get or set file attributes
2018-12-17T23:06:03.85291082Z	67	PC: 12c17 \| Get or set file attributes
2018-12-17T23:06:03.869791741Z	61	PC: 12c1f \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:03.876966028Z	87	PC: 12c2b \| Get or set file date and time
2018-12-17T23:06:03.879102868Z	44	PC: 12c35 \| Get time 0x12c35: and dh, 7 0x12c38: jne 0x12c47 0x12c3a: mov ah, 0x40 0x12c3c: mov cx, 5 0x12c3f: lea dx, word ptr [si + 0x8a] 0x12c43: int 0x21 0x12c45: jmp 0x12c9a 0x12c47: mov ah, 0x3f 0x12c49: mov cx, 3 0x12c4c: lea dx, word ptr [si + 0xa] 0x12c4f: int 0x21 0x12c51: jb 0x12c9a 0x12c53: cmp ax, 3 0x12c56: jne 0x12c9a 0x12c58: sub cx, cx 0x12c5a: mov ax, 0x4202 0x12c5d: sub dx, dx 0x12c5f: int 0x21 0x12c61: jb 0x12c9a 0x12c63: mov cx, ax
2018-12-17T23:06:03.881387744Z	63	PC: 12c51 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:03.888336863Z	66	PC: 12c61 \| Move file pointer
2018-12-17T23:06:03.890588603Z	64	PC: 12c7e \| Write file or device (Write 565 bytes on handle 5)
2018-12-17T23:06:03.905362752Z	66	PC: 12c8e \| Move file pointer
2018-12-17T23:06:03.906868427Z	64	PC: 12c9a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:06:03.915039917Z	87	PC: 12cab \| Get or set file date and time
2018-12-17T23:06:03.916853784Z	62	PC: 12caf \| Close file
2018-12-17T23:06:03.925663642Z	67	PC: 12cba \| Get or set file attributes
2018-12-17T23:06:03.937065623Z	26	PC: 12cc4 \| Set disk transfer address
2018-12-17T23:06:03.940082439Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15409,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:20.379364521Z	48	PC: 12b47 \| Get DOS version
2018-12-25T12:43:20.38178826Z	47	PC: 12b53 \| Get disk transfer address
2018-12-25T12:43:20.382904424Z	26	PC: 12b5f \| Set disk transfer address
2018-12-25T12:43:20.384184867Z	78	PC: 12bd3 \| Find first file
2018-12-25T12:43:20.391571747Z	67	PC: 12c09 \| Get or set file attributes
2018-12-25T12:43:20.398079902Z	67	PC: 12c17 \| Get or set file attributes
2018-12-25T12:43:20.57095686Z	61	PC: 12c1f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:20.588530993Z	87	PC: 12c2b \| Get or set file date and time
2018-12-25T12:43:20.590629383Z	44	PC: 12c35 \| Get time 0x12c35: and dh, 7 0x12c38: jne 0x12c47 0x12c3a: mov ah, 0x40 0x12c3c: mov cx, 5 0x12c3f: lea dx, word ptr [si + 0x8a] 0x12c43: int 0x21 0x12c45: jmp 0x12c9a 0x12c47: mov ah, 0x3f 0x12c49: mov cx, 3 0x12c4c: lea dx, word ptr [si + 0xa] 0x12c4f: int 0x21 0x12c51: jb 0x12c9a 0x12c53: cmp ax, 3 0x12c56: jne 0x12c9a 0x12c58: sub cx, cx 0x12c5a: mov ax, 0x4202 0x12c5d: sub dx, dx 0x12c5f: int 0x21 0x12c61: jb 0x12c9a 0x12c63: mov cx, ax
2018-12-25T12:43:20.593139358Z	63	PC: 12c51 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:20.597778526Z	66	PC: 12c61 \| Move file pointer
2018-12-25T12:43:20.599269Z	64	PC: 12c7e \| Write file or device (Write 565 bytes on handle 5)
2018-12-25T12:43:20.604580866Z	66	PC: 12c8e \| Move file pointer
2018-12-25T12:43:20.606276279Z	64	PC: 12c9a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:20.613003928Z	87	PC: 12cab \| Get or set file date and time
2018-12-25T12:43:20.616160546Z	62	PC: 12caf \| Close file
2018-12-25T12:43:20.625451896Z	67	PC: 12cba \| Get or set file attributes
2018-12-25T12:43:20.645692128Z	26	PC: 12cc4 \| Set disk transfer address
2018-12-25T12:43:20.647081913Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":15409,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:20.513687249Z	48	PC: 12b47 \| Get DOS version
2018-12-25T12:43:20.515450069Z	47	PC: 12b53 \| Get disk transfer address
2018-12-25T12:43:20.517397472Z	26	PC: 12b5f \| Set disk transfer address
2018-12-25T12:43:20.519586454Z	78	PC: 12bd3 \| Find first file
2018-12-25T12:43:20.526829869Z	67	PC: 12c09 \| Get or set file attributes
2018-12-25T12:43:20.533788482Z	67	PC: 12c17 \| Get or set file attributes
2018-12-25T12:43:20.551133134Z	61	PC: 12c1f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:20.558494719Z	87	PC: 12c2b \| Get or set file date and time
2018-12-25T12:43:20.560716105Z	44	PC: 12c35 \| Get time 0x12c35: and dh, 7 0x12c38: jne 0x12c47 0x12c3a: mov ah, 0x40 0x12c3c: mov cx, 5 0x12c3f: lea dx, word ptr [si + 0x8a] 0x12c43: int 0x21 0x12c45: jmp 0x12c9a 0x12c47: mov ah, 0x3f 0x12c49: mov cx, 3 0x12c4c: lea dx, word ptr [si + 0xa] 0x12c4f: int 0x21 0x12c51: jb 0x12c9a 0x12c53: cmp ax, 3 0x12c56: jne 0x12c9a 0x12c58: sub cx, cx 0x12c5a: mov ax, 0x4202 0x12c5d: sub dx, dx 0x12c5f: int 0x21 0x12c61: jb 0x12c9a 0x12c63: mov cx, ax
2018-12-25T12:43:20.563588521Z	63	PC: 12c51 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:20.572170397Z	66	PC: 12c61 \| Move file pointer
2018-12-25T12:43:20.57466485Z	64	PC: 12c7e \| Write file or device (Write 565 bytes on handle 5)
2018-12-25T12:43:20.584237997Z	66	PC: 12c8e \| Move file pointer
2018-12-25T12:43:20.590113336Z	64	PC: 12c9a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:20.598803108Z	87	PC: 12cab \| Get or set file date and time
2018-12-25T12:43:20.602896169Z	62	PC: 12caf \| Close file
2018-12-25T12:43:20.613508665Z	67	PC: 12cba \| Get or set file attributes
2018-12-25T12:43:20.625065755Z	26	PC: 12cc4 \| Set disk transfer address
2018-12-25T12:43:20.629387105Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')