Sample viewer

vx.netlux.org/Virus.DOS.Vienna.849

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:36.87492326Z	42	PC: 12a6b \| Get date 0x12a6b: cmp cx, 0x7bc 0x12a6f: jle 0x12a90 0x12a71: jmp 0x12a74 0x12a73: nop 0x12a74: mov ah, 0x2a 0x12a76: int 0x21 0x12a78: cmp dh, 6 0x12a7b: jge 0x12a80 0x12a7d: jmp 0x12ac4 0x12a7f: nop 0x12a80: cmp dl, 0x1c 0x12a83: jge 0x12a88 0x12a85: jmp 0x12ac4 0x12a87: nop 0x12a88: cmp dl, 0x1e 0x12a8b: jle 0x12a9c 0x12a8d: jmp 0x12ac4 0x12a8f: nop 0x12a90: mov ah, 0x2c 0x12a92: int 0x21
2018-12-17T23:09:36.878393248Z	42	PC: 12a78 \| Get date 0x12a78: cmp dh, 6 0x12a7b: jge 0x12a80 0x12a7d: jmp 0x12ac4 0x12a7f: nop 0x12a80: cmp dl, 0x1c 0x12a83: jge 0x12a88 0x12a85: jmp 0x12ac4 0x12a87: nop 0x12a88: cmp dl, 0x1e 0x12a8b: jle 0x12a9c 0x12a8d: jmp 0x12ac4 0x12a8f: nop 0x12a90: mov ah, 0x2c 0x12a92: int 0x21 0x12a94: cmp cl, 0xf 0x12a97: jae 0x12aa6 0x12a99: jmp 0x12ac4 0x12a9b: nop 0x12a9c: mov ah, 9 0x12a9e: mov dx, si
2018-12-17T23:09:36.880728574Z	47	PC: 12ac9 \| Get disk transfer address
2018-12-17T23:09:36.882081889Z	26	PC: 12adc \| Set disk transfer address
2018-12-17T23:09:36.884688411Z	78	PC: 12b68 \| Find first file
2018-12-17T23:09:36.890757321Z	79	PC: 12b6e \| Find next file
2018-12-17T23:09:36.893479076Z	79	PC: 12b6e \| Find next file
2018-12-17T23:09:36.896887253Z	79	PC: 12b6e \| Find next file
2018-12-17T23:09:36.899940857Z	79	PC: 12b6e \| Find next file
2018-12-17T23:09:36.906801614Z	79	PC: 12b6e \| Find next file
2018-12-17T23:09:36.909519182Z	79	PC: 12b6e \| Find next file
2018-12-17T23:09:36.912990485Z	79	PC: 12b6e \| Find next file
2018-12-17T23:09:36.915439514Z	79	PC: 12b6e \| Find next file
2018-12-17T23:09:36.918037057Z	78	PC: 12b68 \| Find first file
2018-12-17T23:09:36.927227522Z	79	PC: 12b6e \| Find next file
2018-12-17T23:09:36.93024888Z	67	PC: 12ba7 \| Get or set file attributes
2018-12-17T23:09:36.936113527Z	67	PC: 12bb9 \| Get or set file attributes
2018-12-17T23:09:37.592878914Z	61	PC: 12bc4 \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T23:09:37.600890033Z	87	PC: 12bd0 \| Get or set file date and time
2018-12-17T23:09:37.602886004Z	44	PC: 12bdc \| Get time 0x12bdc: mov ah, 0x3f 0x12bde: mov cx, 3 0x12be1: mov dx, 0x9c 0x12be4: nop 0x12be5: add dx, si 0x12be7: int 0x21 0x12be9: jb 0x12c41 0x12beb: cmp ax, 3 0x12bee: jne 0x12c41 0x12bf0: mov ax, 0x4202 0x12bf3: mov cx, 0 0x12bf6: mov dx, 0 0x12bf9: int 0x21 0x12bfb: jb 0x12c41 0x12bfd: mov cx, ax 0x12bff: sub ax, 3 0x12c02: mov word ptr [si + 0xa0], ax 0x12c06: add cx, 0x335 0x12c0a: mov di, si 0x12c0c: sub di, 0x233
2018-12-17T23:09:37.606958587Z	63	PC: 12be9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:37.613216381Z	66	PC: 12bfb \| Move file pointer
2018-12-17T23:09:37.615709323Z	64	PC: 12c20 \| Write file or device (Write 849 bytes on handle 5)
2018-12-17T23:09:37.623835226Z	66	PC: 12c32 \| Move file pointer
2018-12-17T23:09:37.625774429Z	64	PC: 12c41 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:37.628882996Z	87	PC: 12c54 \| Get or set file date and time
2018-12-17T23:09:37.631462867Z	62	PC: 12c58 \| Close file
2018-12-17T23:09:37.639585289Z	67	PC: 12c67 \| Get or set file attributes
2018-12-17T23:09:37.649783703Z	26	PC: 12c74 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16592,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:28.391909881Z	42	PC: 12a6b \| Get date 0x12a6b: cmp cx, 0x7bc 0x12a6f: jle 0x12a90 0x12a71: jmp 0x12a74 0x12a73: nop 0x12a74: mov ah, 0x2a 0x12a76: int 0x21 0x12a78: cmp dh, 6 0x12a7b: jge 0x12a80 0x12a7d: jmp 0x12ac4 0x12a7f: nop 0x12a80: cmp dl, 0x1c 0x12a83: jge 0x12a88 0x12a85: jmp 0x12ac4 0x12a87: nop 0x12a88: cmp dl, 0x1e 0x12a8b: jle 0x12a9c 0x12a8d: jmp 0x12ac4 0x12a8f: nop 0x12a90: mov ah, 0x2c 0x12a92: int 0x21
2018-12-25T12:53:28.39406754Z	44	PC: 12a94 \| Get time 0x12a94: cmp cl, 0xf 0x12a97: jae 0x12aa6 0x12a99: jmp 0x12ac4 0x12a9b: nop 0x12a9c: mov ah, 9 0x12a9e: mov dx, si 0x12aa0: add dx, 0x36 0x12aa3: nop 0x12aa4: int 0x21 0x12aa6: cmp byte ptr [si], 0xa 0x12aa9: nop 0x12aaa: nop 0x12aab: ja 0x12ac4 0x12aad: pushf 0x12aae: mov al, byte ptr [si] 0x12ab0: nop 0x12ab1: nop 0x12ab2: mov cx, 0x100 0x12ab5: mov dx, 0 0x12ab8: mov bx, 1
2018-12-25T12:53:28.396507525Z	47	PC: 12ac9 \| Get disk transfer address
2018-12-25T12:53:28.397447815Z	26	PC: 12adc \| Set disk transfer address
2018-12-25T12:53:28.398439601Z	78	PC: 12b68 \| Find first file
2018-12-25T12:53:28.40279706Z	79	PC: 12b6e \| Find next file
2018-12-25T12:53:28.404635229Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.40644861Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.408771156Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.410640471Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.412455118Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.414729963Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.416484455Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.418198326Z	78	PC: 12b68 \| Find first file (See above)
2018-12-25T12:53:28.424522185Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.427883525Z	67	PC: 12ba7 \| Get or set file attributes
2018-12-25T12:53:28.43456928Z	67	PC: 12bb9 \| Get or set file attributes
2018-12-25T12:53:28.773281846Z	61	PC: 12bc4 \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T12:53:28.781287773Z	87	PC: 12bd0 \| Get or set file date and time
2018-12-25T12:53:28.78292067Z	44	PC: 12bdc \| Get time 0x12bdc: mov ah, 0x3f 0x12bde: mov cx, 3 0x12be1: mov dx, 0x9c 0x12be4: nop 0x12be5: add dx, si 0x12be7: int 0x21 0x12be9: jb 0x12c41 0x12beb: cmp ax, 3 0x12bee: jne 0x12c41 0x12bf0: mov ax, 0x4202 0x12bf3: mov cx, 0 0x12bf6: mov dx, 0 0x12bf9: int 0x21 0x12bfb: jb 0x12c41 0x12bfd: mov cx, ax 0x12bff: sub ax, 3 0x12c02: mov word ptr [si + 0xa0], ax 0x12c06: add cx, 0x335 0x12c0a: mov di, si 0x12c0c: sub di, 0x233
2018-12-25T12:53:28.786376254Z	63	PC: 12be9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:28.793448332Z	66	PC: 12bfb \| Move file pointer
2018-12-25T12:53:28.794949762Z	64	PC: 12c20 \| Write file or device (Write 849 bytes on handle 5)
2018-12-25T12:53:28.803764635Z	66	PC: 12c32 \| Move file pointer
2018-12-25T12:53:28.806547858Z	64	PC: 12c41 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:28.810044088Z	87	PC: 12c54 \| Get or set file date and time
2018-12-25T12:53:28.812089692Z	62	PC: 12c58 \| Close file
2018-12-25T12:53:28.820458614Z	67	PC: 12c67 \| Get or set file attributes
2018-12-25T12:53:28.831207265Z	26	PC: 12c74 \| Set disk transfer address

{"DateBased":true,"Day":28,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16592,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:28.757608971Z	42	PC: 12a6b \| Get date 0x12a6b: cmp cx, 0x7bc 0x12a6f: jle 0x12a90 0x12a71: jmp 0x12a74 0x12a73: nop 0x12a74: mov ah, 0x2a 0x12a76: int 0x21 0x12a78: cmp dh, 6 0x12a7b: jge 0x12a80 0x12a7d: jmp 0x12ac4 0x12a7f: nop 0x12a80: cmp dl, 0x1c 0x12a83: jge 0x12a88 0x12a85: jmp 0x12ac4 0x12a87: nop 0x12a88: cmp dl, 0x1e 0x12a8b: jle 0x12a9c 0x12a8d: jmp 0x12ac4 0x12a8f: nop 0x12a90: mov ah, 0x2c 0x12a92: int 0x21
2018-12-25T12:53:28.760898197Z	44	PC: 12a94 \| Get time 0x12a94: cmp cl, 0xf 0x12a97: jae 0x12aa6 0x12a99: jmp 0x12ac4 0x12a9b: nop 0x12a9c: mov ah, 9 0x12a9e: mov dx, si 0x12aa0: add dx, 0x36 0x12aa3: nop 0x12aa4: int 0x21 0x12aa6: cmp byte ptr [si], 0xa 0x12aa9: nop 0x12aaa: nop 0x12aab: ja 0x12ac4 0x12aad: pushf 0x12aae: mov al, byte ptr [si] 0x12ab0: nop 0x12ab1: nop 0x12ab2: mov cx, 0x100 0x12ab5: mov dx, 0 0x12ab8: mov bx, 1
2018-12-25T12:53:28.764181398Z	47	PC: 12ac9 \| Get disk transfer address
2018-12-25T12:53:28.765460823Z	26	PC: 12adc \| Set disk transfer address
2018-12-25T12:53:28.767648006Z	78	PC: 12b68 \| Find first file
2018-12-25T12:53:28.774485328Z	79	PC: 12b6e \| Find next file
2018-12-25T12:53:28.777359046Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.780188388Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.784296672Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.786713707Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.788683325Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.791180014Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.793635344Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.796418379Z	78	PC: 12b68 \| Find first file (See above)
2018-12-25T12:53:28.809299326Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:28.813026951Z	67	PC: 12ba7 \| Get or set file attributes
2018-12-25T12:53:28.819914833Z	67	PC: 12bb9 \| Get or set file attributes
2018-12-25T12:53:29.491376028Z	61	PC: 12bc4 \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T12:53:29.499976543Z	87	PC: 12bd0 \| Get or set file date and time
2018-12-25T12:53:29.503148284Z	44	PC: 12bdc \| Get time 0x12bdc: mov ah, 0x3f 0x12bde: mov cx, 3 0x12be1: mov dx, 0x9c 0x12be4: nop 0x12be5: add dx, si 0x12be7: int 0x21 0x12be9: jb 0x12c41 0x12beb: cmp ax, 3 0x12bee: jne 0x12c41 0x12bf0: mov ax, 0x4202 0x12bf3: mov cx, 0 0x12bf6: mov dx, 0 0x12bf9: int 0x21 0x12bfb: jb 0x12c41 0x12bfd: mov cx, ax 0x12bff: sub ax, 3 0x12c02: mov word ptr [si + 0xa0], ax 0x12c06: add cx, 0x335 0x12c0a: mov di, si 0x12c0c: sub di, 0x233
2018-12-25T12:53:29.505625035Z	63	PC: 12be9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:29.512724877Z	66	PC: 12bfb \| Move file pointer
2018-12-25T12:53:29.514828704Z	64	PC: 12c20 \| Write file or device (Write 849 bytes on handle 5)
2018-12-25T12:53:29.523907928Z	66	PC: 12c32 \| Move file pointer
2018-12-25T12:53:29.527015737Z	64	PC: 12c41 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:29.530314949Z	87	PC: 12c54 \| Get or set file date and time
2018-12-25T12:53:29.532267043Z	62	PC: 12c58 \| Close file
2018-12-25T12:53:29.542078336Z	67	PC: 12c67 \| Get or set file attributes
2018-12-25T12:53:29.554072389Z	26	PC: 12c74 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16592,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:28.965573544Z	42	PC: 12a6b \| Get date 0x12a6b: cmp cx, 0x7bc 0x12a6f: jle 0x12a90 0x12a71: jmp 0x12a74 0x12a73: nop 0x12a74: mov ah, 0x2a 0x12a76: int 0x21 0x12a78: cmp dh, 6 0x12a7b: jge 0x12a80 0x12a7d: jmp 0x12ac4 0x12a7f: nop 0x12a80: cmp dl, 0x1c 0x12a83: jge 0x12a88 0x12a85: jmp 0x12ac4 0x12a87: nop 0x12a88: cmp dl, 0x1e 0x12a8b: jle 0x12a9c 0x12a8d: jmp 0x12ac4 0x12a8f: nop 0x12a90: mov ah, 0x2c 0x12a92: int 0x21
2018-12-25T12:53:28.969481186Z	44	PC: 12a94 \| Get time 0x12a94: cmp cl, 0xf 0x12a97: jae 0x12aa6 0x12a99: jmp 0x12ac4 0x12a9b: nop 0x12a9c: mov ah, 9 0x12a9e: mov dx, si 0x12aa0: add dx, 0x36 0x12aa3: nop 0x12aa4: int 0x21 0x12aa6: cmp byte ptr [si], 0xa 0x12aa9: nop 0x12aaa: nop 0x12aab: ja 0x12ac4 0x12aad: pushf 0x12aae: mov al, byte ptr [si] 0x12ab0: nop 0x12ab1: nop 0x12ab2: mov cx, 0x100 0x12ab5: mov dx, 0 0x12ab8: mov bx, 1
2018-12-25T12:53:28.972788686Z	47	PC: 12ac9 \| Get disk transfer address
2018-12-25T12:53:28.974223862Z	26	PC: 12adc \| Set disk transfer address
2018-12-25T12:53:28.976008182Z	78	PC: 12b68 \| Find first file
2018-12-25T12:53:28.998794357Z	79	PC: 12b6e \| Find next file
2018-12-25T12:53:29.0015748Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:29.004355435Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:29.00773499Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:29.010491744Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:29.01318735Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:29.016847342Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:29.020766027Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:29.02450107Z	78	PC: 12b68 \| Find first file (See above)
2018-12-25T12:53:29.036567653Z	79	PC: 12b6e \| Find next file (See above)
2018-12-25T12:53:29.040010016Z	67	PC: 12ba7 \| Get or set file attributes
2018-12-25T12:53:29.048096503Z	67	PC: 12bb9 \| Get or set file attributes
2018-12-25T12:53:29.491345315Z	61	PC: 12bc4 \| Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T12:53:29.49960036Z	87	PC: 12bd0 \| Get or set file date and time
2018-12-25T12:53:29.501292891Z	44	PC: 12bdc \| Get time 0x12bdc: mov ah, 0x3f 0x12bde: mov cx, 3 0x12be1: mov dx, 0x9c 0x12be4: nop 0x12be5: add dx, si 0x12be7: int 0x21 0x12be9: jb 0x12c41 0x12beb: cmp ax, 3 0x12bee: jne 0x12c41 0x12bf0: mov ax, 0x4202 0x12bf3: mov cx, 0 0x12bf6: mov dx, 0 0x12bf9: int 0x21 0x12bfb: jb 0x12c41 0x12bfd: mov cx, ax 0x12bff: sub ax, 3 0x12c02: mov word ptr [si + 0xa0], ax 0x12c06: add cx, 0x335 0x12c0a: mov di, si 0x12c0c: sub di, 0x233
2018-12-25T12:53:29.504118691Z	63	PC: 12be9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:29.512458538Z	66	PC: 12bfb \| Move file pointer
2018-12-25T12:53:29.514568744Z	64	PC: 12c20 \| Write file or device (Write 849 bytes on handle 5)
2018-12-25T12:53:29.523473411Z	66	PC: 12c32 \| Move file pointer
2018-12-25T12:53:29.52708694Z	64	PC: 12c41 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:29.530346966Z	87	PC: 12c54 \| Get or set file date and time
2018-12-25T12:53:29.532450928Z	62	PC: 12c58 \| Close file
2018-12-25T12:53:29.542892397Z	67	PC: 12c67 \| Get or set file attributes
2018-12-25T12:53:29.555997887Z	26	PC: 12c74 \| Set disk transfer address