Sample viewer

vx.netlux.org/Virus.DOS.Vienna.354

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:35.416056314Z	53	PC: 1517d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:35.418184161Z	37	PC: 15190 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:35.420242893Z	26	PC: 15198 \| Set disk transfer address
2018-12-17T23:06:35.421495351Z	78	PC: 151e3 \| Find first file
2018-12-17T23:06:35.428201647Z	67	PC: 152a9 \| Get or set file attributes
2018-12-17T23:06:35.443826865Z	61	PC: 15238 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:35.451142894Z	44	PC: 15240 \| Get time 0x15240: and dh, 7 0x15243: jne 0x1524d 0x15245: mov cx, 5 0x15248: lea dx, word ptr [si + 0xb] 0x1524b: jmp 0x15277 0x1524d: mov ah, 0x3f 0x1524f: mov cx, 3 0x15252: lea dx, word ptr [si - 6] 0x15255: call 0x152a7 0x15258: jb 0x1527a 0x1525a: mov ax, 0x4202 0x1525d: call 0x152a0 0x15260: mov word ptr [bp - 0x7a], ax 0x15263: mov cx, 0x162 0x15266: nop 0x15267: lea dx, word ptr [si - 6] 0x1526a: call 0x152a5 0x1526d: jb 0x1527a 0x1526f: call 0x1529d 0x15272: mov cl, 3
2018-12-17T23:06:35.454337087Z	63	PC: 152a9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:35.462532365Z	66	PC: 152a9 \| Move file pointer
2018-12-17T23:06:35.466235508Z	64	PC: 152a9 \| Write file or device (Write 354 bytes on handle 5)
2018-12-17T23:06:35.47506252Z	66	PC: 152a9 \| Move file pointer
2018-12-17T23:06:35.47721411Z	64	PC: 152a9 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:06:35.484493862Z	87	PC: 15288 \| Get or set file date and time
2018-12-17T23:06:35.487592366Z	62	PC: 1528c \| Close file
2018-12-17T23:06:35.495675135Z	67	PC: 1529a \| Get or set file attributes
2018-12-17T23:06:35.505790525Z	37	PC: 151fc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:35.507591956Z	26	PC: 15205 \| Set disk transfer address
2018-12-17T23:06:35.515247988Z	9	PC: 12a5d \| Display string (String= '')
2018-12-17T23:06:35.517878929Z	9	PC: 12a64 \| Display string (Could not find end pointer)
2018-12-17T23:06:35.528349725Z	76	PC: 12a7a \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15586,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:53.673675925Z	53	PC: 1517d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:53.680309316Z	37	PC: 15190 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:53.681860737Z	26	PC: 15198 \| Set disk transfer address
2018-12-25T12:43:53.6834576Z	78	PC: 151e3 \| Find first file
2018-12-25T12:43:53.690381442Z	67	PC: 152a9 \| Get or set file attributes
2018-12-25T12:43:53.720061721Z	61	PC: 15238 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:53.727016312Z	44	PC: 15240 \| Get time 0x15240: and dh, 7 0x15243: jne 0x1524d 0x15245: mov cx, 5 0x15248: lea dx, word ptr [si + 0xb] 0x1524b: jmp 0x15277 0x1524d: mov ah, 0x3f 0x1524f: mov cx, 3 0x15252: lea dx, word ptr [si - 6] 0x15255: call 0x152a7 0x15258: jb 0x1527a 0x1525a: mov ax, 0x4202 0x1525d: call 0x152a0 0x15260: mov word ptr [bp - 0x7a], ax 0x15263: mov cx, 0x162 0x15266: nop 0x15267: lea dx, word ptr [si - 6] 0x1526a: call 0x152a5 0x1526d: jb 0x1527a 0x1526f: call 0x1529d 0x15272: mov cl, 3
2018-12-25T12:43:53.729760624Z	63	PC: 152a9 \| Read file or device (See above)
2018-12-25T12:43:53.736516667Z	66	PC: 152a9 \| Move file pointer (See above)
2018-12-25T12:43:53.737904364Z	64	PC: 152a9 \| Write file or device (See above)
2018-12-25T12:43:53.746317287Z	66	PC: 152a9 \| Move file pointer (See above)
2018-12-25T12:43:53.760204072Z	64	PC: 152a9 \| Write file or device (See above)
2018-12-25T12:43:53.777009976Z	87	PC: 15288 \| Get or set file date and time
2018-12-25T12:43:53.779156553Z	62	PC: 1528c \| Close file
2018-12-25T12:43:53.794702638Z	67	PC: 1529a \| Get or set file attributes
2018-12-25T12:43:53.83837844Z	37	PC: 151fc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:53.840035637Z	26	PC: 15205 \| Set disk transfer address
2018-12-25T12:43:53.844201167Z	9	PC: 12a5d \| Display string (String= '')
2018-12-25T12:43:53.846510646Z	9	PC: 12a64 \| Display string (Could not find end pointer)
2018-12-25T12:43:53.85728588Z	76	PC: 12a7a \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":15586,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:54.206256428Z	53	PC: 1517d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:54.209667599Z	37	PC: 15190 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:54.21161661Z	26	PC: 15198 \| Set disk transfer address
2018-12-25T12:43:54.213274364Z	78	PC: 151e3 \| Find first file
2018-12-25T12:43:54.220824654Z	67	PC: 152a9 \| Get or set file attributes
2018-12-25T12:43:55.196087018Z	61	PC: 15238 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:55.20410255Z	44	PC: 15240 \| Get time 0x15240: and dh, 7 0x15243: jne 0x1524d 0x15245: mov cx, 5 0x15248: lea dx, word ptr [si + 0xb] 0x1524b: jmp 0x15277 0x1524d: mov ah, 0x3f 0x1524f: mov cx, 3 0x15252: lea dx, word ptr [si - 6] 0x15255: call 0x152a7 0x15258: jb 0x1527a 0x1525a: mov ax, 0x4202 0x1525d: call 0x152a0 0x15260: mov word ptr [bp - 0x7a], ax 0x15263: mov cx, 0x162 0x15266: nop 0x15267: lea dx, word ptr [si - 6] 0x1526a: call 0x152a5 0x1526d: jb 0x1527a 0x1526f: call 0x1529d 0x15272: mov cl, 3
2018-12-25T12:43:55.206999197Z	63	PC: 152a9 \| Read file or device (See above)
2018-12-25T12:43:55.215823244Z	66	PC: 152a9 \| Move file pointer (See above)
2018-12-25T12:43:55.217595487Z	64	PC: 152a9 \| Write file or device (See above)
2018-12-25T12:43:55.226696161Z	66	PC: 152a9 \| Move file pointer (See above)
2018-12-25T12:43:55.230359422Z	64	PC: 152a9 \| Write file or device (See above)
2018-12-25T12:43:55.248813319Z	87	PC: 15288 \| Get or set file date and time
2018-12-25T12:43:55.250958487Z	62	PC: 1528c \| Close file
2018-12-25T12:43:55.260760792Z	67	PC: 1529a \| Get or set file attributes
2018-12-25T12:43:55.272229573Z	37	PC: 151fc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:55.273957647Z	26	PC: 15205 \| Set disk transfer address
2018-12-25T12:43:55.278174462Z	9	PC: 12a5d \| Display string (String= '')
2018-12-25T12:43:55.292644533Z	9	PC: 12a64 \| Display string (Could not find end pointer)
2018-12-25T12:43:55.305860799Z	76	PC: 12a7a \| Terminate with return code (Return code = '0')