Sample viewer

vx.netlux.org/Virus.DOS.Vienna.435.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:58.700061244Z	48	PC: 12a79 \| Get DOS version
2018-12-17T23:09:58.702163214Z	53	PC: 12a86 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:58.704357127Z	37	PC: 12a94 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:58.705803124Z	26	PC: 12a9b \| Set disk transfer address
2018-12-17T23:09:58.707331307Z	78	PC: 12ae0 \| Find first file
2018-12-17T23:09:58.715560532Z	67	PC: 12b49 \| Get or set file attributes
2018-12-17T23:09:58.73391685Z	61	PC: 12b4e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:58.741873163Z	44	PC: 12b56 \| Get time 0x12b56: and dh, 7 0x12b59: jne 0x12b67 0x12b5b: mov ah, 0x40 0x12b5d: mov cx, 5 0x12b60: lea dx, word ptr [si + 0xe] 0x12b63: int 0x21 0x12b65: jmp 0x12bb0 0x12b67: mov ah, 0x3f 0x12b69: mov cx, 3 0x12b6c: lea dx, word ptr [si] 0x12b6e: int 0x21 0x12b70: jb 0x12bb0 0x12b72: cmp ax, 3 0x12b75: jne 0x12bb0 0x12b77: mov ax, 0x4202 0x12b7a: xor cx, cx 0x12b7c: xor dx, dx 0x12b7e: int 0x21 0x12b80: jb 0x12bb0 0x12b82: add ax, 0x10
2018-12-17T23:09:58.745377779Z	63	PC: 12b70 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:58.753283196Z	66	PC: 12b80 \| Move file pointer
2018-12-17T23:09:58.755507927Z	64	PC: 12b95 \| Write file or device (Write 435 bytes on handle 5)
2018-12-17T23:09:58.765680715Z	66	PC: 12ba5 \| Move file pointer
2018-12-17T23:09:58.77126987Z	64	PC: 12bb0 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:58.77871391Z	87	PC: 12bbe \| Get or set file date and time
2018-12-17T23:09:58.78203975Z	62	PC: 12bc2 \| Close file
2018-12-17T23:09:58.808062646Z	67	PC: 12bcf \| Get or set file attributes
2018-12-17T23:09:58.822445296Z	26	PC: 12bd6 \| Set disk transfer address
2018-12-17T23:09:58.824760407Z	37	PC: 12be2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16706,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:37.137479979Z	48	PC: 12a79 \| Get DOS version
2018-12-25T12:53:37.139392567Z	53	PC: 12a86 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:37.14128967Z	37	PC: 12a94 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:37.142609561Z	26	PC: 12a9b \| Set disk transfer address
2018-12-25T12:53:37.144011807Z	78	PC: 12ae0 \| Find first file
2018-12-25T12:53:37.152088812Z	67	PC: 12b49 \| Get or set file attributes
2018-12-25T12:53:37.168782931Z	61	PC: 12b4e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:37.176023298Z	44	PC: 12b56 \| Get time 0x12b56: and dh, 7 0x12b59: jne 0x12b67 0x12b5b: mov ah, 0x40 0x12b5d: mov cx, 5 0x12b60: lea dx, word ptr [si + 0xe] 0x12b63: int 0x21 0x12b65: jmp 0x12bb0 0x12b67: mov ah, 0x3f 0x12b69: mov cx, 3 0x12b6c: lea dx, word ptr [si] 0x12b6e: int 0x21 0x12b70: jb 0x12bb0 0x12b72: cmp ax, 3 0x12b75: jne 0x12bb0 0x12b77: mov ax, 0x4202 0x12b7a: xor cx, cx 0x12b7c: xor dx, dx 0x12b7e: int 0x21 0x12b80: jb 0x12bb0 0x12b82: add ax, 0x10
2018-12-25T12:53:37.179023673Z	63	PC: 12b70 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:37.186495541Z	66	PC: 12b80 \| Move file pointer
2018-12-25T12:53:37.188585651Z	64	PC: 12b95 \| Write file or device (Write 435 bytes on handle 5)
2018-12-25T12:53:37.198350075Z	66	PC: 12ba5 \| Move file pointer
2018-12-25T12:53:37.20012812Z	64	PC: 12bb0 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:37.207527309Z	87	PC: 12bbe \| Get or set file date and time
2018-12-25T12:53:37.209563663Z	62	PC: 12bc2 \| Close file
2018-12-25T12:53:37.21884768Z	67	PC: 12bcf \| Get or set file attributes
2018-12-25T12:53:37.230392134Z	26	PC: 12bd6 \| Set disk transfer address
2018-12-25T12:53:37.232040512Z	37	PC: 12be2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":16706,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:37.333232514Z	48	PC: 12a79 \| Get DOS version
2018-12-25T12:53:37.335351158Z	53	PC: 12a86 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:37.336421799Z	37	PC: 12a94 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:37.337402435Z	26	PC: 12a9b \| Set disk transfer address
2018-12-25T12:53:37.33890295Z	78	PC: 12ae0 \| Find first file
2018-12-25T12:53:37.344845578Z	67	PC: 12b49 \| Get or set file attributes
2018-12-25T12:53:37.577559184Z	61	PC: 12b4e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:37.590142344Z	44	PC: 12b56 \| Get time 0x12b56: and dh, 7 0x12b59: jne 0x12b67 0x12b5b: mov ah, 0x40 0x12b5d: mov cx, 5 0x12b60: lea dx, word ptr [si + 0xe] 0x12b63: int 0x21 0x12b65: jmp 0x12bb0 0x12b67: mov ah, 0x3f 0x12b69: mov cx, 3 0x12b6c: lea dx, word ptr [si] 0x12b6e: int 0x21 0x12b70: jb 0x12bb0 0x12b72: cmp ax, 3 0x12b75: jne 0x12bb0 0x12b77: mov ax, 0x4202 0x12b7a: xor cx, cx 0x12b7c: xor dx, dx 0x12b7e: int 0x21 0x12b80: jb 0x12bb0 0x12b82: add ax, 0x10
2018-12-25T12:53:37.5917946Z	63	PC: 12b70 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:37.596258368Z	66	PC: 12b80 \| Move file pointer
2018-12-25T12:53:37.597917529Z	64	PC: 12b95 \| Write file or device (Write 435 bytes on handle 5)
2018-12-25T12:53:37.605625923Z	66	PC: 12ba5 \| Move file pointer
2018-12-25T12:53:37.606970555Z	64	PC: 12bb0 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:37.615877364Z	87	PC: 12bbe \| Get or set file date and time
2018-12-25T12:53:37.617296407Z	62	PC: 12bc2 \| Close file
2018-12-25T12:53:37.900807361Z	67	PC: 12bcf \| Get or set file attributes
2018-12-25T12:53:37.929739769Z	26	PC: 12bd6 \| Set disk transfer address
2018-12-25T12:53:37.932160712Z	37	PC: 12be2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')