Sample viewer

vx.netlux.org/Virus.DOS.Vienna.595

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:57.045948754Z	47	PC: 1322b \| Get disk transfer address
2018-12-17T23:08:57.047863481Z	26	PC: 1323e \| Set disk transfer address
2018-12-17T23:08:57.049148276Z	78	PC: 132ba \| Find first file
2018-12-17T23:08:57.055048517Z	67	PC: 13309 \| Get or set file attributes
2018-12-17T23:08:57.0734566Z	61	PC: 1330e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:08:57.077673554Z	44	PC: 13319 \| Get time 0x13319: and dh, 3 0x1331c: jne 0x1332a 0x1331e: mov cx, 2 0x13321: nop 0x13322: mov dx, si 0x13324: add dx, 0x88 0x13328: jmp 0x1338f 0x1332a: mov cx, 5 0x1332d: nop 0x1332e: mov dx, 9 0x13331: nop 0x13332: add dx, si 0x13334: mov ah, 0x3f 0x13336: int 0x21 0x13338: jb 0x13393 0x1333a: cmp ax, 5 0x1333d: nop 0x1333e: jne 0x13393 0x13340: xor cx, cx 0x13342: xor dx, dx
2018-12-17T23:08:57.079733007Z	63	PC: 13338 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:08:57.088566465Z	66	PC: 13349 \| Move file pointer
2018-12-17T23:08:57.090304827Z	64	PC: 13372 \| Write file or device (Write 595 bytes on handle 5)
2018-12-17T23:08:57.098272562Z	66	PC: 13383 \| Move file pointer
2018-12-17T23:08:57.100194387Z	64	PC: 13393 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:08:57.108082887Z	87	PC: 133a3 \| Get or set file date and time
2018-12-17T23:08:57.109724787Z	62	PC: 133a7 \| Close file
2018-12-17T23:08:57.118952835Z	67	PC: 133b8 \| Get or set file attributes
2018-12-17T23:08:57.129878188Z	26	PC: 133c5 \| Set disk transfer address
2018-12-17T23:08:57.131276294Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=000007D0h/0000002000d bytes. ')
2018-12-17T23:08:57.137504724Z	48	PC: 12a8f \| Get DOS version
2018-12-17T23:08:57.139602574Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T23:08:57.146830142Z	93	PC: 12afe \| File sharing functions
2018-12-17T23:08:57.150738458Z	9	PC: 12a86 \| Display string (String= 'Size change=0273h/00627d. ')
2018-12-17T23:08:57.156771189Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16363,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:35.489072822Z	47	PC: 1322b \| Get disk transfer address
2018-12-25T12:52:35.490886328Z	26	PC: 1323e \| Set disk transfer address
2018-12-25T12:52:35.49189448Z	78	PC: 132ba \| Find first file
2018-12-25T12:52:35.497576549Z	67	PC: 13309 \| Get or set file attributes
2018-12-25T12:52:35.514463185Z	61	PC: 1330e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:52:35.521616616Z	44	PC: 13319 \| Get time 0x13319: and dh, 3 0x1331c: jne 0x1332a 0x1331e: mov cx, 2 0x13321: nop 0x13322: mov dx, si 0x13324: add dx, 0x88 0x13328: jmp 0x1338f 0x1332a: mov cx, 5 0x1332d: nop 0x1332e: mov dx, 9 0x13331: nop 0x13332: add dx, si 0x13334: mov ah, 0x3f 0x13336: int 0x21 0x13338: jb 0x13393 0x1333a: cmp ax, 5 0x1333d: nop 0x1333e: jne 0x13393 0x13340: xor cx, cx 0x13342: xor dx, dx
2018-12-25T12:52:35.523640311Z	63	PC: 13338 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:52:35.530473136Z	66	PC: 13349 \| Move file pointer
2018-12-25T12:52:35.532463504Z	64	PC: 13372 \| Write file or device (Write 595 bytes on handle 5)
2018-12-25T12:52:35.540251725Z	66	PC: 13383 \| Move file pointer
2018-12-25T12:52:35.541490558Z	64	PC: 13393 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:52:35.548031181Z	87	PC: 133a3 \| Get or set file date and time
2018-12-25T12:52:35.549010609Z	62	PC: 133a7 \| Close file
2018-12-25T12:52:35.55433553Z	67	PC: 133b8 \| Get or set file attributes
2018-12-25T12:52:35.560879868Z	26	PC: 133c5 \| Set disk transfer address
2018-12-25T12:52:35.561747144Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=000007D0h/0000002000d bytes. ')
2018-12-25T12:52:35.564834701Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:52:35.566196601Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:52:35.570192119Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:52:35.571424129Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:52:35.574265911Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":3,"TimeBased":true,"OriginalID":16363,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:35.779960222Z	47	PC: 1322b \| Get disk transfer address
2018-12-25T12:52:35.781400673Z	26	PC: 1323e \| Set disk transfer address
2018-12-25T12:52:35.78249114Z	78	PC: 132ba \| Find first file
2018-12-25T12:52:35.788541595Z	67	PC: 13309 \| Get or set file attributes
2018-12-25T12:52:35.804145289Z	61	PC: 1330e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:52:35.811129286Z	44	PC: 13319 \| Get time 0x13319: and dh, 3 0x1331c: jne 0x1332a 0x1331e: mov cx, 2 0x13321: nop 0x13322: mov dx, si 0x13324: add dx, 0x88 0x13328: jmp 0x1338f 0x1332a: mov cx, 5 0x1332d: nop 0x1332e: mov dx, 9 0x13331: nop 0x13332: add dx, si 0x13334: mov ah, 0x3f 0x13336: int 0x21 0x13338: jb 0x13393 0x1333a: cmp ax, 5 0x1333d: nop 0x1333e: jne 0x13393 0x13340: xor cx, cx 0x13342: xor dx, dx
2018-12-25T12:52:35.813024901Z	63	PC: 13338 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:52:35.819779845Z	66	PC: 13349 \| Move file pointer
2018-12-25T12:52:35.82112983Z	64	PC: 13372 \| Write file or device (Write 595 bytes on handle 5)
2018-12-25T12:52:35.828787884Z	66	PC: 13383 \| Move file pointer
2018-12-25T12:52:35.830000425Z	64	PC: 13393 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:52:35.836389257Z	87	PC: 133a3 \| Get or set file date and time
2018-12-25T12:52:35.837693241Z	62	PC: 133a7 \| Close file
2018-12-25T12:52:35.845087017Z	67	PC: 133b8 \| Get or set file attributes
2018-12-25T12:52:35.854475176Z	26	PC: 133c5 \| Set disk transfer address
2018-12-25T12:52:35.855408891Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=000007D0h/0000002000d bytes. ')
2018-12-25T12:52:35.861408921Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:52:35.862758081Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:52:35.869711529Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:52:35.871324497Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:52:35.875482427Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')