Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Oscar.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:45.262754357Z	48	PC: 12ac0 \| Get DOS version
2018-12-17T23:12:45.264606641Z	47	PC: 12ace \| Get disk transfer address
2018-12-17T23:12:45.266619047Z	26	PC: 12ade \| Set disk transfer address
2018-12-17T23:12:45.268116461Z	78	PC: 12b67 \| Find first file
2018-12-17T23:12:45.275959869Z	67	PC: 12ba3 \| Get or set file attributes
2018-12-17T23:12:45.282226321Z	67	PC: 12bb5 \| Get or set file attributes
2018-12-17T23:12:45.305829527Z	61	PC: 12bc0 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:12:45.315216906Z	87	PC: 12bcd \| Get or set file date and time
2018-12-17T23:12:45.320324922Z	44	PC: 12bd8 \| Get time 0x12bd8: and dh, 7 0x12bdb: jne 0x12bee 0x12bdd: mov ah, 0x40 0x12bdf: mov cx, 5 0x12be2: mov dx, si 0x12be4: nop 0x12be5: add dx, 0x8a 0x12be9: int 0x21 0x12beb: jmp 0x12c53 0x12bed: nop 0x12bee: mov ah, 0x3f 0x12bf0: mov cx, 3 0x12bf3: mov dx, 0xa 0x12bf6: nop 0x12bf7: add dx, si 0x12bf9: int 0x21 0x12bfb: jb 0x12c53 0x12bfd: cmp ax, 3 0x12c00: jne 0x12c53 0x12c02: mov ax, 0x4202
2018-12-17T23:12:45.322980208Z	63	PC: 12bfb \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:45.332155894Z	66	PC: 12c0d \| Move file pointer
2018-12-17T23:12:45.334733323Z	64	PC: 12c31 \| Write file or device (Write 648 bytes on handle 5)
2018-12-17T23:12:45.344631047Z	66	PC: 12c44 \| Move file pointer
2018-12-17T23:12:45.346639741Z	64	PC: 12c53 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:45.355382406Z	87	PC: 12c65 \| Get or set file date and time
2018-12-17T23:12:45.357408776Z	62	PC: 12c69 \| Close file
2018-12-17T23:12:45.366236017Z	67	PC: 12c76 \| Get or set file attributes
2018-12-17T23:12:45.378014132Z	26	PC: 12c80 \| Set disk transfer address
2018-12-17T23:12:45.379790898Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17623,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:14.341388569Z	48	PC: 12ac0 \| Get DOS version
2018-12-25T12:56:14.343330626Z	47	PC: 12ace \| Get disk transfer address
2018-12-25T12:56:14.345179064Z	26	PC: 12ade \| Set disk transfer address
2018-12-25T12:56:14.346982801Z	78	PC: 12b67 \| Find first file
2018-12-25T12:56:14.353367244Z	67	PC: 12ba3 \| Get or set file attributes
2018-12-25T12:56:14.35928221Z	67	PC: 12bb5 \| Get or set file attributes
2018-12-25T12:56:14.376000341Z	61	PC: 12bc0 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:14.382184997Z	87	PC: 12bcd \| Get or set file date and time
2018-12-25T12:56:14.383772884Z	44	PC: 12bd8 \| Get time 0x12bd8: and dh, 7 0x12bdb: jne 0x12bee 0x12bdd: mov ah, 0x40 0x12bdf: mov cx, 5 0x12be2: mov dx, si 0x12be4: nop 0x12be5: add dx, 0x8a 0x12be9: int 0x21 0x12beb: jmp 0x12c53 0x12bed: nop 0x12bee: mov ah, 0x3f 0x12bf0: mov cx, 3 0x12bf3: mov dx, 0xa 0x12bf6: nop 0x12bf7: add dx, si 0x12bf9: int 0x21 0x12bfb: jb 0x12c53 0x12bfd: cmp ax, 3 0x12c00: jne 0x12c53 0x12c02: mov ax, 0x4202
2018-12-25T12:56:14.385696594Z	63	PC: 12bfb \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:56:14.391651323Z	66	PC: 12c0d \| Move file pointer
2018-12-25T12:56:14.393390688Z	64	PC: 12c31 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T12:56:14.590524338Z	66	PC: 12c44 \| Move file pointer
2018-12-25T12:56:14.591808693Z	64	PC: 12c53 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:56:14.598505953Z	87	PC: 12c65 \| Get or set file date and time
2018-12-25T12:56:14.599929957Z	62	PC: 12c69 \| Close file
2018-12-25T12:56:14.753928924Z	67	PC: 12c76 \| Get or set file attributes
2018-12-25T12:56:14.764602996Z	26	PC: 12c80 \| Set disk transfer address
2018-12-25T12:56:14.765670809Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":17623,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:14.438476436Z	48	PC: 12ac0 \| Get DOS version
2018-12-25T12:56:14.440294797Z	47	PC: 12ace \| Get disk transfer address
2018-12-25T12:56:14.441618846Z	26	PC: 12ade \| Set disk transfer address
2018-12-25T12:56:14.44302878Z	78	PC: 12b67 \| Find first file
2018-12-25T12:56:14.450258788Z	67	PC: 12ba3 \| Get or set file attributes
2018-12-25T12:56:14.457193601Z	67	PC: 12bb5 \| Get or set file attributes
2018-12-25T12:56:14.541739345Z	61	PC: 12bc0 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:14.549217359Z	87	PC: 12bcd \| Get or set file date and time
2018-12-25T12:56:14.551962212Z	44	PC: 12bd8 \| Get time 0x12bd8: and dh, 7 0x12bdb: jne 0x12bee 0x12bdd: mov ah, 0x40 0x12bdf: mov cx, 5 0x12be2: mov dx, si 0x12be4: nop 0x12be5: add dx, 0x8a 0x12be9: int 0x21 0x12beb: jmp 0x12c53 0x12bed: nop 0x12bee: mov ah, 0x3f 0x12bf0: mov cx, 3 0x12bf3: mov dx, 0xa 0x12bf6: nop 0x12bf7: add dx, si 0x12bf9: int 0x21 0x12bfb: jb 0x12c53 0x12bfd: cmp ax, 3 0x12c00: jne 0x12c53 0x12c02: mov ax, 0x4202
2018-12-25T12:56:14.554893789Z	63	PC: 12bfb \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:56:14.562959938Z	66	PC: 12c0d \| Move file pointer
2018-12-25T12:56:14.566691229Z	64	PC: 12c31 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T12:56:14.577305013Z	66	PC: 12c44 \| Move file pointer
2018-12-25T12:56:14.578904638Z	64	PC: 12c53 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:56:14.584283635Z	87	PC: 12c65 \| Get or set file date and time
2018-12-25T12:56:14.585581335Z	62	PC: 12c69 \| Close file
2018-12-25T12:56:14.594223028Z	67	PC: 12c76 \| Get or set file attributes
2018-12-25T12:56:14.605651628Z	26	PC: 12c80 \| Set disk transfer address
2018-12-25T12:56:14.607012919Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')