Sample viewer

vx.netlux.org/Virus.DOS.Vienna.582

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:42.006378115Z	47	PC: 12a68 \| Get disk transfer address
2018-12-17T23:09:42.00872249Z	26	PC: 12a77 \| Set disk transfer address
2018-12-17T23:09:42.011150533Z	78	PC: 12af5 \| Find first file
2018-12-17T23:09:42.018632682Z	67	PC: 12b2d \| Get or set file attributes
2018-12-17T23:09:42.02560003Z	67	PC: 12b3d \| Get or set file attributes
2018-12-17T23:09:42.043766402Z	61	PC: 12b47 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:42.051496084Z	87	PC: 12b53 \| Get or set file date and time
2018-12-17T23:09:42.053416494Z	44	PC: 12b5d \| Get time 0x12b5d: and dh, 7 0x12b60: jne 0x12b72 0x12b62: mov ah, 0x40 0x12b64: mov cx, 5 0x12b67: mov dx, si 0x12b69: add dx, 0x8a 0x12b6d: int 0x21 0x12b6f: jmp 0x12bf2 0x12b72: mov ah, 0x3f 0x12b74: mov cx, 3 0x12b77: mov dx, 0xa 0x12b7a: add dx, si 0x12b7c: int 0x21 0x12b7e: jb 0x12bf2 0x12b80: cmp ax, 3 0x12b83: jne 0x12bf2 0x12b85: mov ax, 0x4202 0x12b88: mov cx, 0 0x12b8b: mov dx, 0 0x12b8e: int 0x21
2018-12-17T23:09:42.056702125Z	63	PC: 12b7e \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:42.063940309Z	66	PC: 12b90 \| Move file pointer
2018-12-17T23:09:42.065665119Z	64	PC: 12bb3 \| Write file or device (Write 582 bytes on handle 5)
2018-12-17T23:09:42.075675606Z	66	PC: 12bc5 \| Move file pointer
2018-12-17T23:09:42.077297855Z	64	PC: 12bd3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:42.084618775Z	87	PC: 12be1 \| Get or set file date and time
2018-12-17T23:09:42.086837269Z	62	PC: 12be5 \| Close file
2018-12-17T23:09:42.095921326Z	67	PC: 12bf2 \| Get or set file attributes
2018-12-17T23:09:42.108106858Z	26	PC: 12bfd \| Set disk transfer address
2018-12-17T23:09:42.110603367Z	76	PC: 12a50 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16615,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:33.764687698Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T12:53:33.766210485Z	26	PC: 12a77 \| Set disk transfer address
2018-12-25T12:53:33.767426914Z	78	PC: 12af5 \| Find first file
2018-12-25T12:53:33.774137177Z	67	PC: 12b2d \| Get or set file attributes
2018-12-25T12:53:33.780450303Z	67	PC: 12b3d \| Get or set file attributes
2018-12-25T12:53:33.798296619Z	61	PC: 12b47 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:33.80592864Z	87	PC: 12b53 \| Get or set file date and time
2018-12-25T12:53:33.807274889Z	44	PC: 12b5d \| Get time 0x12b5d: and dh, 7 0x12b60: jne 0x12b72 0x12b62: mov ah, 0x40 0x12b64: mov cx, 5 0x12b67: mov dx, si 0x12b69: add dx, 0x8a 0x12b6d: int 0x21 0x12b6f: jmp 0x12bf2 0x12b72: mov ah, 0x3f 0x12b74: mov cx, 3 0x12b77: mov dx, 0xa 0x12b7a: add dx, si 0x12b7c: int 0x21 0x12b7e: jb 0x12bf2 0x12b80: cmp ax, 3 0x12b83: jne 0x12bf2 0x12b85: mov ax, 0x4202 0x12b88: mov cx, 0 0x12b8b: mov dx, 0 0x12b8e: int 0x21
2018-12-25T12:53:33.811913876Z	63	PC: 12b7e \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:33.818735939Z	66	PC: 12b90 \| Move file pointer
2018-12-25T12:53:33.820330579Z	64	PC: 12bb3 \| Write file or device (Write 582 bytes on handle 5)
2018-12-25T12:53:33.830692861Z	66	PC: 12bc5 \| Move file pointer
2018-12-25T12:53:33.832375327Z	64	PC: 12bd3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:33.839503987Z	87	PC: 12be1 \| Get or set file date and time
2018-12-25T12:53:33.842472734Z	62	PC: 12be5 \| Close file
2018-12-25T12:53:33.853741731Z	67	PC: 12bf2 \| Get or set file attributes
2018-12-25T12:53:33.865977882Z	26	PC: 12bfd \| Set disk transfer address
2018-12-25T12:53:33.86855847Z	76	PC: 12a50 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":16615,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:33.795928488Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T12:53:33.797753475Z	26	PC: 12a77 \| Set disk transfer address
2018-12-25T12:53:33.799514515Z	78	PC: 12af5 \| Find first file
2018-12-25T12:53:33.806157475Z	67	PC: 12b2d \| Get or set file attributes
2018-12-25T12:53:33.813075493Z	67	PC: 12b3d \| Get or set file attributes
2018-12-25T12:53:33.834233214Z	61	PC: 12b47 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:33.841771021Z	87	PC: 12b53 \| Get or set file date and time
2018-12-25T12:53:33.843290153Z	44	PC: 12b5d \| Get time 0x12b5d: and dh, 7 0x12b60: jne 0x12b72 0x12b62: mov ah, 0x40 0x12b64: mov cx, 5 0x12b67: mov dx, si 0x12b69: add dx, 0x8a 0x12b6d: int 0x21 0x12b6f: jmp 0x12bf2 0x12b72: mov ah, 0x3f 0x12b74: mov cx, 3 0x12b77: mov dx, 0xa 0x12b7a: add dx, si 0x12b7c: int 0x21 0x12b7e: jb 0x12bf2 0x12b80: cmp ax, 3 0x12b83: jne 0x12bf2 0x12b85: mov ax, 0x4202 0x12b88: mov cx, 0 0x12b8b: mov dx, 0 0x12b8e: int 0x21
2018-12-25T12:53:33.846642004Z	63	PC: 12b7e \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:33.853529725Z	66	PC: 12b90 \| Move file pointer
2018-12-25T12:53:33.854860388Z	64	PC: 12bb3 \| Write file or device (Write 582 bytes on handle 5)
2018-12-25T12:53:33.865105315Z	66	PC: 12bc5 \| Move file pointer
2018-12-25T12:53:33.866936889Z	64	PC: 12bd3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:33.874680679Z	87	PC: 12be1 \| Get or set file date and time
2018-12-25T12:53:33.876581858Z	62	PC: 12be5 \| Close file
2018-12-25T12:53:33.886425227Z	67	PC: 12bf2 \| Get or set file attributes
2018-12-25T12:53:33.898129372Z	26	PC: 12bfd \| Set disk transfer address
2018-12-25T12:53:33.900209606Z	76	PC: 12a50 \| Terminate with return code (Return code = '0')