Sample viewer

vx.netlux.org/Virus.DOS.Vienna.355

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:24.189285147Z	53	PC: 1517d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:24.191418958Z	37	PC: 15190 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:24.193797779Z	26	PC: 15198 \| Set disk transfer address
2018-12-17T23:09:24.196228396Z	78	PC: 151e3 \| Find first file
2018-12-17T23:09:24.202972051Z	67	PC: 152aa \| Get or set file attributes
2018-12-17T23:09:24.220555568Z	61	PC: 15238 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:24.233998563Z	44	PC: 15240 \| Get time 0x15240: and dh, 7 0x15243: jne 0x1524d 0x15245: mov cx, 5 0x15248: lea dx, word ptr [si + 0xb] 0x1524b: jmp 0x15277 0x1524d: mov ah, 0x3f 0x1524f: mov cx, 3 0x15252: lea dx, word ptr [si - 6] 0x15255: call 0x152a8 0x15258: jb 0x1527a 0x1525a: mov ax, 0x4202 0x1525d: call 0x152a1 0x15260: mov word ptr [bp - 0x7a], ax 0x15263: mov cx, 0x163 0x15266: nop 0x15267: lea dx, word ptr [si - 6] 0x1526a: call 0x152a6 0x1526d: jb 0x1527a 0x1526f: call 0x1529e 0x15272: mov cl, 3
2018-12-17T23:09:24.236643754Z	64	PC: 152aa \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:09:24.244826884Z	87	PC: 15288 \| Get or set file date and time
2018-12-17T23:09:24.246462688Z	62	PC: 1528c \| Close file
2018-12-17T23:09:24.254873566Z	67	PC: 1529b \| Get or set file attributes
2018-12-17T23:09:24.26693817Z	37	PC: 151fc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:24.268416218Z	26	PC: 15205 \| Set disk transfer address
2018-12-17T23:09:24.2723332Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T23:09:24.275256714Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T23:09:24.286647843Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16511,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:06.210849532Z	53	PC: 1517d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:06.212284395Z	37	PC: 15190 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:06.213067836Z	26	PC: 15198 \| Set disk transfer address
2018-12-25T12:53:06.213868731Z	78	PC: 151e3 \| Find first file
2018-12-25T12:53:06.218380796Z	67	PC: 152aa \| Get or set file attributes
2018-12-25T12:53:06.231199307Z	61	PC: 15238 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:06.237314654Z	44	PC: 15240 \| Get time 0x15240: and dh, 7 0x15243: jne 0x1524d 0x15245: mov cx, 5 0x15248: lea dx, word ptr [si + 0xb] 0x1524b: jmp 0x15277 0x1524d: mov ah, 0x3f 0x1524f: mov cx, 3 0x15252: lea dx, word ptr [si - 6] 0x15255: call 0x152a8 0x15258: jb 0x1527a 0x1525a: mov ax, 0x4202 0x1525d: call 0x152a1 0x15260: mov word ptr [bp - 0x7a], ax 0x15263: mov cx, 0x163 0x15266: nop 0x15267: lea dx, word ptr [si - 6] 0x1526a: call 0x152a6 0x1526d: jb 0x1527a 0x1526f: call 0x1529e 0x15272: mov cl, 3
2018-12-25T12:53:06.239748102Z	63	PC: 152aa \| Read file or device (See above)
2018-12-25T12:53:06.245774303Z	66	PC: 152aa \| Move file pointer (See above)
2018-12-25T12:53:06.246832568Z	64	PC: 152aa \| Write file or device (See above)
2018-12-25T12:53:06.254782534Z	66	PC: 152aa \| Move file pointer (See above)
2018-12-25T12:53:06.25633289Z	64	PC: 152aa \| Write file or device (See above)
2018-12-25T12:53:06.263201262Z	87	PC: 15288 \| Get or set file date and time
2018-12-25T12:53:06.265003563Z	62	PC: 1528c \| Close file
2018-12-25T12:53:06.27283296Z	67	PC: 1529b \| Get or set file attributes
2018-12-25T12:53:06.283018995Z	37	PC: 151fc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:06.284749174Z	26	PC: 15205 \| Set disk transfer address
2018-12-25T12:53:06.288414387Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:53:06.290247364Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:53:06.30100006Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":16511,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:06.398082799Z	53	PC: 1517d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:06.399942375Z	37	PC: 15190 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:06.401224326Z	26	PC: 15198 \| Set disk transfer address
2018-12-25T12:53:06.402248015Z	78	PC: 151e3 \| Find first file
2018-12-25T12:53:06.408818488Z	67	PC: 152aa \| Get or set file attributes
2018-12-25T12:53:06.423726365Z	61	PC: 15238 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:06.430084215Z	44	PC: 15240 \| Get time 0x15240: and dh, 7 0x15243: jne 0x1524d 0x15245: mov cx, 5 0x15248: lea dx, word ptr [si + 0xb] 0x1524b: jmp 0x15277 0x1524d: mov ah, 0x3f 0x1524f: mov cx, 3 0x15252: lea dx, word ptr [si - 6] 0x15255: call 0x152a8 0x15258: jb 0x1527a 0x1525a: mov ax, 0x4202 0x1525d: call 0x152a1 0x15260: mov word ptr [bp - 0x7a], ax 0x15263: mov cx, 0x163 0x15266: nop 0x15267: lea dx, word ptr [si - 6] 0x1526a: call 0x152a6 0x1526d: jb 0x1527a 0x1526f: call 0x1529e 0x15272: mov cl, 3
2018-12-25T12:53:06.432722349Z	63	PC: 152aa \| Read file or device (See above)
2018-12-25T12:53:06.438951524Z	66	PC: 152aa \| Move file pointer (See above)
2018-12-25T12:53:06.440307335Z	64	PC: 152aa \| Write file or device (See above)
2018-12-25T12:53:06.449944783Z	66	PC: 152aa \| Move file pointer (See above)
2018-12-25T12:53:06.451792298Z	64	PC: 152aa \| Write file or device (See above)
2018-12-25T12:53:06.459115335Z	87	PC: 15288 \| Get or set file date and time
2018-12-25T12:53:06.461822028Z	62	PC: 1528c \| Close file
2018-12-25T12:53:06.469967942Z	67	PC: 1529b \| Get or set file attributes
2018-12-25T12:53:06.4800093Z	37	PC: 151fc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:06.481850699Z	26	PC: 15205 \| Set disk transfer address
2018-12-25T12:53:06.485110797Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:53:06.487204276Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:53:06.502570902Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')