Sample viewer

vx.netlux.org/Virus.DOS.Vienna.583.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:22.688787398Z	47	PC: 12ba6 \| Get disk transfer address
2018-12-17T23:12:22.691134451Z	26	PC: 12bb5 \| Set disk transfer address
2018-12-17T23:12:22.693265348Z	78	PC: 12c33 \| Find first file
2018-12-17T23:12:22.700539717Z	67	PC: 12c6b \| Get or set file attributes
2018-12-17T23:12:22.707106034Z	67	PC: 12c7b \| Get or set file attributes
2018-12-17T23:12:22.729198187Z	61	PC: 12c85 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:12:22.743098886Z	87	PC: 12c91 \| Get or set file date and time
2018-12-17T23:12:22.745208222Z	44	PC: 12c9b \| Get time 0x12c9b: and dh, 7 0x12c9e: jne 0x12cb0 0x12ca0: mov ah, 0x40 0x12ca2: mov cx, 5 0x12ca5: mov dx, si 0x12ca7: add dx, 0x8a 0x12cab: int 0x21 0x12cad: jmp 0x12d30 0x12cb0: mov ah, 0x3f 0x12cb2: mov cx, 3 0x12cb5: mov dx, 0xa 0x12cb8: add dx, si 0x12cba: int 0x21 0x12cbc: jb 0x12d30 0x12cbe: cmp ax, 3 0x12cc1: jne 0x12d30 0x12cc3: mov ax, 0x4202 0x12cc6: mov cx, 0 0x12cc9: mov dx, 0 0x12ccc: int 0x21
2018-12-17T23:12:22.748705959Z	63	PC: 12cbc \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:22.759072724Z	66	PC: 12cce \| Move file pointer
2018-12-17T23:12:22.762454072Z	64	PC: 12cf1 \| Write file or device (Write 583 bytes on handle 5)
2018-12-17T23:12:22.771517335Z	66	PC: 12d03 \| Move file pointer
2018-12-17T23:12:22.776207304Z	64	PC: 12d11 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:22.784108481Z	87	PC: 12d1f \| Get or set file date and time
2018-12-17T23:12:22.787324418Z	62	PC: 12d23 \| Close file
2018-12-17T23:12:22.796277474Z	67	PC: 12d30 \| Get or set file attributes
2018-12-17T23:12:22.807614162Z	26	PC: 12d3b \| Set disk transfer address
2018-12-17T23:12:22.808952979Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:12:22.814277512Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17500,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:51.14613482Z	47	PC: 12ba6 \| Get disk transfer address
2018-12-25T12:55:51.147660784Z	26	PC: 12bb5 \| Set disk transfer address
2018-12-25T12:55:51.148769592Z	78	PC: 12c33 \| Find first file
2018-12-25T12:55:51.154592656Z	67	PC: 12c6b \| Get or set file attributes
2018-12-25T12:55:51.160148326Z	67	PC: 12c7b \| Get or set file attributes
2018-12-25T12:55:51.176287443Z	61	PC: 12c85 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:51.182687859Z	87	PC: 12c91 \| Get or set file date and time
2018-12-25T12:55:51.183904569Z	44	PC: 12c9b \| Get time 0x12c9b: and dh, 7 0x12c9e: jne 0x12cb0 0x12ca0: mov ah, 0x40 0x12ca2: mov cx, 5 0x12ca5: mov dx, si 0x12ca7: add dx, 0x8a 0x12cab: int 0x21 0x12cad: jmp 0x12d30 0x12cb0: mov ah, 0x3f 0x12cb2: mov cx, 3 0x12cb5: mov dx, 0xa 0x12cb8: add dx, si 0x12cba: int 0x21 0x12cbc: jb 0x12d30 0x12cbe: cmp ax, 3 0x12cc1: jne 0x12d30 0x12cc3: mov ax, 0x4202 0x12cc6: mov cx, 0 0x12cc9: mov dx, 0 0x12ccc: int 0x21
2018-12-25T12:55:51.188184979Z	63	PC: 12cbc \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:51.194881622Z	66	PC: 12cce \| Move file pointer
2018-12-25T12:55:51.196471822Z	64	PC: 12cf1 \| Write file or device (Write 583 bytes on handle 5)
2018-12-25T12:55:51.205405578Z	66	PC: 12d03 \| Move file pointer
2018-12-25T12:55:51.206998941Z	64	PC: 12d11 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:51.21369371Z	87	PC: 12d1f \| Get or set file date and time
2018-12-25T12:55:51.216306117Z	62	PC: 12d23 \| Close file
2018-12-25T12:55:51.224247937Z	67	PC: 12d30 \| Get or set file attributes
2018-12-25T12:55:51.23497847Z	26	PC: 12d3b \| Set disk transfer address
2018-12-25T12:55:51.236849475Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:51.243146151Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":17500,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:51.217279311Z	47	PC: 12ba6 \| Get disk transfer address
2018-12-25T12:55:51.218726359Z	26	PC: 12bb5 \| Set disk transfer address
2018-12-25T12:55:51.219880545Z	78	PC: 12c33 \| Find first file
2018-12-25T12:55:51.22567952Z	67	PC: 12c6b \| Get or set file attributes
2018-12-25T12:55:51.23195058Z	67	PC: 12c7b \| Get or set file attributes
2018-12-25T12:55:51.248270286Z	61	PC: 12c85 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:51.255051142Z	87	PC: 12c91 \| Get or set file date and time
2018-12-25T12:55:51.257206028Z	44	PC: 12c9b \| Get time 0x12c9b: and dh, 7 0x12c9e: jne 0x12cb0 0x12ca0: mov ah, 0x40 0x12ca2: mov cx, 5 0x12ca5: mov dx, si 0x12ca7: add dx, 0x8a 0x12cab: int 0x21 0x12cad: jmp 0x12d30 0x12cb0: mov ah, 0x3f 0x12cb2: mov cx, 3 0x12cb5: mov dx, 0xa 0x12cb8: add dx, si 0x12cba: int 0x21 0x12cbc: jb 0x12d30 0x12cbe: cmp ax, 3 0x12cc1: jne 0x12d30 0x12cc3: mov ax, 0x4202 0x12cc6: mov cx, 0 0x12cc9: mov dx, 0 0x12ccc: int 0x21
2018-12-25T12:55:51.259213145Z	63	PC: 12cbc \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:51.265398124Z	66	PC: 12cce \| Move file pointer
2018-12-25T12:55:51.26736151Z	64	PC: 12cf1 \| Write file or device (Write 583 bytes on handle 5)
2018-12-25T12:55:51.27523617Z	66	PC: 12d03 \| Move file pointer
2018-12-25T12:55:51.276448757Z	64	PC: 12d11 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:51.283520586Z	87	PC: 12d1f \| Get or set file date and time
2018-12-25T12:55:51.298930821Z	62	PC: 12d23 \| Close file
2018-12-25T12:55:51.306908082Z	67	PC: 12d30 \| Get or set file attributes
2018-12-25T12:55:51.316946616Z	26	PC: 12d3b \| Set disk transfer address
2018-12-25T12:55:51.318890816Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:51.32478049Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')