Sample viewer

vx.netlux.org/Virus.DOS.Vienna.644.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:09.355003247Z	48	PC: 12af5 \| Get DOS version
2018-12-17T23:08:09.369217999Z	47	PC: 12b01 \| Get disk transfer address
2018-12-17T23:08:09.370672833Z	26	PC: 12b14 \| Set disk transfer address
2018-12-17T23:08:09.371875734Z	78	PC: 12ba0 \| Find first file
2018-12-17T23:08:09.377857927Z	67	PC: 12bde \| Get or set file attributes
2018-12-17T23:08:09.390132465Z	67	PC: 12bf0 \| Get or set file attributes
2018-12-17T23:08:09.405599934Z	61	PC: 12bfb \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:08:09.41224728Z	87	PC: 12c07 \| Get or set file date and time
2018-12-17T23:08:09.414428536Z	44	PC: 12c13 \| Get time 0x12c13: and dh, 7 0x12c16: jne 0x12c28 0x12c18: mov ah, 0x40 0x12c1a: mov cx, 5 0x12c1d: mov dx, si 0x12c1f: add dx, 0x89 0x12c23: int 0x21 0x12c25: jmp 0x12c8c 0x12c27: nop 0x12c28: mov ah, 0x3f 0x12c2a: mov cx, 3 0x12c2d: mov dx, 0xa 0x12c30: nop 0x12c31: add dx, si 0x12c33: int 0x21 0x12c35: jb 0x12c8c 0x12c37: cmp ax, 3 0x12c3a: jne 0x12c8c 0x12c3c: mov ax, 0x4202 0x12c3f: mov cx, 0
2018-12-17T23:08:09.416700206Z	63	PC: 12c35 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:09.423145624Z	66	PC: 12c47 \| Move file pointer
2018-12-17T23:08:09.425167968Z	64	PC: 12c6b \| Write file or device (Write 644 bytes on handle 5)
2018-12-17T23:08:09.433675539Z	66	PC: 12c7d \| Move file pointer
2018-12-17T23:08:09.435061228Z	64	PC: 12c8c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:08:09.450946737Z	87	PC: 12c9f \| Get or set file date and time
2018-12-17T23:08:09.452402586Z	62	PC: 12ca3 \| Close file
2018-12-17T23:08:09.457398819Z	67	PC: 12cb2 \| Get or set file attributes
2018-12-17T23:08:09.464490119Z	26	PC: 12cbf \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":16113,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:24.03637274Z	48	PC: 12af5 \| Get DOS version
2018-12-25T12:45:24.037844667Z	47	PC: 12b01 \| Get disk transfer address
2018-12-25T12:45:24.039082408Z	26	PC: 12b14 \| Set disk transfer address
2018-12-25T12:45:24.040362415Z	78	PC: 12ba0 \| Find first file
2018-12-25T12:45:24.047555318Z	67	PC: 12bde \| Get or set file attributes
2018-12-25T12:45:24.053885752Z	67	PC: 12bf0 \| Get or set file attributes
2018-12-25T12:45:24.073839418Z	61	PC: 12bfb \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:24.081238228Z	87	PC: 12c07 \| Get or set file date and time
2018-12-25T12:45:24.082868591Z	44	PC: 12c13 \| Get time 0x12c13: and dh, 7 0x12c16: jne 0x12c28 0x12c18: mov ah, 0x40 0x12c1a: mov cx, 5 0x12c1d: mov dx, si 0x12c1f: add dx, 0x89 0x12c23: int 0x21 0x12c25: jmp 0x12c8c 0x12c27: nop 0x12c28: mov ah, 0x3f 0x12c2a: mov cx, 3 0x12c2d: mov dx, 0xa 0x12c30: nop 0x12c31: add dx, si 0x12c33: int 0x21 0x12c35: jb 0x12c8c 0x12c37: cmp ax, 3 0x12c3a: jne 0x12c8c 0x12c3c: mov ax, 0x4202 0x12c3f: mov cx, 0
2018-12-25T12:45:24.085057628Z	63	PC: 12c35 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:45:24.091994393Z	66	PC: 12c47 \| Move file pointer
2018-12-25T12:45:24.093736014Z	64	PC: 12c6b \| Write file or device (Write 644 bytes on handle 5)
2018-12-25T12:45:24.102868731Z	66	PC: 12c7d \| Move file pointer
2018-12-25T12:45:24.104077732Z	64	PC: 12c8c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:24.111544765Z	87	PC: 12c9f \| Get or set file date and time
2018-12-25T12:45:24.113106556Z	62	PC: 12ca3 \| Close file
2018-12-25T12:45:24.121750757Z	67	PC: 12cb2 \| Get or set file attributes
2018-12-25T12:45:24.133316619Z	26	PC: 12cbf \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16113,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:24.064883394Z	48	PC: 12af5 \| Get DOS version
2018-12-25T12:45:24.066958929Z	47	PC: 12b01 \| Get disk transfer address
2018-12-25T12:45:24.068052976Z	26	PC: 12b14 \| Set disk transfer address
2018-12-25T12:45:24.069167285Z	78	PC: 12ba0 \| Find first file
2018-12-25T12:45:24.0756507Z	67	PC: 12bde \| Get or set file attributes
2018-12-25T12:45:24.081553602Z	67	PC: 12bf0 \| Get or set file attributes
2018-12-25T12:45:24.100700254Z	61	PC: 12bfb \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:24.113133546Z	87	PC: 12c07 \| Get or set file date and time
2018-12-25T12:45:24.114734408Z	44	PC: 12c13 \| Get time 0x12c13: and dh, 7 0x12c16: jne 0x12c28 0x12c18: mov ah, 0x40 0x12c1a: mov cx, 5 0x12c1d: mov dx, si 0x12c1f: add dx, 0x89 0x12c23: int 0x21 0x12c25: jmp 0x12c8c 0x12c27: nop 0x12c28: mov ah, 0x3f 0x12c2a: mov cx, 3 0x12c2d: mov dx, 0xa 0x12c30: nop 0x12c31: add dx, si 0x12c33: int 0x21 0x12c35: jb 0x12c8c 0x12c37: cmp ax, 3 0x12c3a: jne 0x12c8c 0x12c3c: mov ax, 0x4202 0x12c3f: mov cx, 0
2018-12-25T12:45:24.117086446Z	63	PC: 12c35 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:45:24.12389292Z	66	PC: 12c47 \| Move file pointer
2018-12-25T12:45:24.125285479Z	64	PC: 12c6b \| Write file or device (Write 644 bytes on handle 5)
2018-12-25T12:45:24.136126628Z	66	PC: 12c7d \| Move file pointer
2018-12-25T12:45:24.13873392Z	64	PC: 12c8c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:24.145233596Z	87	PC: 12c9f \| Get or set file date and time
2018-12-25T12:45:24.146792418Z	62	PC: 12ca3 \| Close file
2018-12-25T12:45:24.15536923Z	67	PC: 12cb2 \| Get or set file attributes
2018-12-25T12:45:24.165397981Z	26	PC: 12cbf \| Set disk transfer address