Sample viewer

vx.netlux.org/Virus.DOS.Vienna.353.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:09.254343145Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:09.2567093Z	37	PC: 12a85 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:09.258121884Z	26	PC: 12a8d \| Set disk transfer address
2018-12-17T23:09:09.25946683Z	78	PC: 12ad8 \| Find first file
2018-12-17T23:09:09.267456948Z	67	PC: 12b9d \| Get or set file attributes
2018-12-17T23:09:09.286590412Z	61	PC: 12b2d \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:09.295001877Z	44	PC: 12b35 \| Get time 0x12b35: and dh, 7 0x12b38: jne 0x12b42 0x12b3a: mov cx, 5 0x12b3d: lea dx, word ptr [si + 0xb] 0x12b40: jmp 0x12b6b 0x12b42: mov ah, 0x3f 0x12b44: mov cx, 3 0x12b47: lea dx, word ptr [si - 6] 0x12b4a: call 0x12b9b 0x12b4d: jb 0x12b6e 0x12b4f: mov ax, 0x4202 0x12b52: call 0x12b94 0x12b55: mov word ptr [bp - 0x7a], ax 0x12b58: mov cx, 0x161 0x12b5b: lea dx, word ptr [si - 6] 0x12b5e: call 0x12b99 0x12b61: jb 0x12b6e 0x12b63: call 0x12b91 0x12b66: mov cl, 3 0x12b68: lea dx, word ptr [bp - 0x7b]
2018-12-17T23:09:09.298038701Z	63	PC: 12b9d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:09.306719243Z	66	PC: 12b9d \| Move file pointer
2018-12-17T23:09:09.309080045Z	64	PC: 12b9d \| Write file or device (Write 353 bytes on handle 5)
2018-12-17T23:09:09.319013145Z	66	PC: 12b9d \| Move file pointer
2018-12-17T23:09:09.321646472Z	64	PC: 12b9d \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:09.329412531Z	87	PC: 12b7c \| Get or set file date and time
2018-12-17T23:09:09.331054732Z	62	PC: 12b80 \| Close file
2018-12-17T23:09:09.341407504Z	67	PC: 12b8e \| Get or set file attributes
2018-12-17T23:09:09.352545327Z	37	PC: 12af1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:09.353779305Z	26	PC: 12afa \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16433,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:56.202664825Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:56.204174815Z	37	PC: 12a85 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:56.205537452Z	26	PC: 12a8d \| Set disk transfer address
2018-12-25T12:52:56.206668191Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:52:56.21323447Z	67	PC: 12b9d \| Get or set file attributes
2018-12-25T12:52:56.365171711Z	61	PC: 12b2d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:52:56.372825812Z	44	PC: 12b35 \| Get time 0x12b35: and dh, 7 0x12b38: jne 0x12b42 0x12b3a: mov cx, 5 0x12b3d: lea dx, word ptr [si + 0xb] 0x12b40: jmp 0x12b6b 0x12b42: mov ah, 0x3f 0x12b44: mov cx, 3 0x12b47: lea dx, word ptr [si - 6] 0x12b4a: call 0x12b9b 0x12b4d: jb 0x12b6e 0x12b4f: mov ax, 0x4202 0x12b52: call 0x12b94 0x12b55: mov word ptr [bp - 0x7a], ax 0x12b58: mov cx, 0x161 0x12b5b: lea dx, word ptr [si - 6] 0x12b5e: call 0x12b99 0x12b61: jb 0x12b6e 0x12b63: call 0x12b91 0x12b66: mov cl, 3 0x12b68: lea dx, word ptr [bp - 0x7b]
2018-12-25T12:52:56.375318726Z	63	PC: 12b9d \| Read file or device (See above)
2018-12-25T12:52:56.383493508Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:52:56.385251206Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:52:56.394636187Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:52:56.397717643Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:52:56.402229011Z	87	PC: 12b7c \| Get or set file date and time
2018-12-25T12:52:56.403430331Z	62	PC: 12b80 \| Close file
2018-12-25T12:52:56.409390649Z	67	PC: 12b8e \| Get or set file attributes
2018-12-25T12:52:56.417303435Z	37	PC: 12af1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:56.418510456Z	26	PC: 12afa \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":16433,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:56.409603289Z	53	PC: 12a72 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:56.421885277Z	37	PC: 12a85 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:56.422924765Z	26	PC: 12a8d \| Set disk transfer address
2018-12-25T12:52:56.423997409Z	78	PC: 12ad8 \| Find first file
2018-12-25T12:52:56.428221758Z	67	PC: 12b9d \| Get or set file attributes
2018-12-25T12:52:56.442090957Z	61	PC: 12b2d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:52:56.449796013Z	44	PC: 12b35 \| Get time 0x12b35: and dh, 7 0x12b38: jne 0x12b42 0x12b3a: mov cx, 5 0x12b3d: lea dx, word ptr [si + 0xb] 0x12b40: jmp 0x12b6b 0x12b42: mov ah, 0x3f 0x12b44: mov cx, 3 0x12b47: lea dx, word ptr [si - 6] 0x12b4a: call 0x12b9b 0x12b4d: jb 0x12b6e 0x12b4f: mov ax, 0x4202 0x12b52: call 0x12b94 0x12b55: mov word ptr [bp - 0x7a], ax 0x12b58: mov cx, 0x161 0x12b5b: lea dx, word ptr [si - 6] 0x12b5e: call 0x12b99 0x12b61: jb 0x12b6e 0x12b63: call 0x12b91 0x12b66: mov cl, 3 0x12b68: lea dx, word ptr [bp - 0x7b]
2018-12-25T12:52:56.452510357Z	63	PC: 12b9d \| Read file or device (See above)
2018-12-25T12:52:56.460467031Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:52:56.462417085Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:52:56.47133677Z	66	PC: 12b9d \| Move file pointer (See above)
2018-12-25T12:52:56.473983321Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T12:52:56.481107733Z	87	PC: 12b7c \| Get or set file date and time
2018-12-25T12:52:56.482978872Z	62	PC: 12b80 \| Close file
2018-12-25T12:52:56.493588772Z	67	PC: 12b8e \| Get or set file attributes
2018-12-25T12:52:56.505250723Z	37	PC: 12af1 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:56.506695517Z	26	PC: 12afa \| Set disk transfer address