Sample viewer

vx.netlux.org/Virus.DOS.Vienna.352.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:57.18490943Z	53	PC: 1788d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:57.187865438Z	37	PC: 178a0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:57.189066597Z	26	PC: 178a8 \| Set disk transfer address
2018-12-17T23:12:57.190771713Z	78	PC: 178f3 \| Find first file
2018-12-17T23:12:57.198253139Z	67	PC: 179b7 \| Get or set file attributes
2018-12-17T23:12:58.335309928Z	61	PC: 17948 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:12:58.343359453Z	44	PC: 1794f \| Get time 0x1794f: and dh, 7 0x17952: jne 0x1795c 0x17954: mov cx, 5 0x17957: lea dx, word ptr [si + 0xb] 0x1795a: jmp 0x17985 0x1795c: mov ah, 0x3f 0x1795e: mov cx, 3 0x17961: lea dx, word ptr [si - 6] 0x17964: call 0x179b5 0x17967: jb 0x17988 0x17969: mov ax, 0x4202 0x1796c: call 0x179ae 0x1796f: mov word ptr [bp - 0x7a], ax 0x17972: mov cx, 0x160 0x17975: lea dx, word ptr [si - 6] 0x17978: call 0x179b3 0x1797b: jb 0x17988 0x1797d: call 0x179ab 0x17980: mov cl, 3 0x17982: lea dx, word ptr [bp - 0x7b]
2018-12-17T23:12:58.346043329Z	63	PC: 179b7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:58.354782441Z	66	PC: 179b7 \| Move file pointer
2018-12-17T23:12:58.356460947Z	64	PC: 179b7 \| Write file or device (Write 352 bytes on handle 5)
2018-12-17T23:12:58.412439119Z	66	PC: 179b7 \| Move file pointer
2018-12-17T23:12:58.416051361Z	64	PC: 179b7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:58.423925727Z	87	PC: 17996 \| Get or set file date and time
2018-12-17T23:12:58.426275515Z	62	PC: 1799a \| Close file
2018-12-17T23:12:58.51703271Z	67	PC: 179a8 \| Get or set file attributes
2018-12-17T23:12:58.592193119Z	37	PC: 1790c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:58.593871184Z	26	PC: 17915 \| Set disk transfer address
2018-12-17T23:12:58.596292677Z	9	PC: 12a47 \| Display string (String= 'GOAT File Generator 1.40�5 � (c) 1994-98 by ROSE, Ralph Roth! (16.05.1998) File: ROSE001.COM - 20.000 (4E20h) bytes length! ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":17684,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:20.422154459Z	53	PC: 1788d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:56:20.424077337Z	37	PC: 178a0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:56:20.425249724Z	26	PC: 178a8 \| Set disk transfer address
2018-12-25T12:56:20.426516606Z	78	PC: 178f3 \| Find first file
2018-12-25T12:56:20.432945675Z	67	PC: 179b7 \| Get or set file attributes
2018-12-25T12:56:20.450864983Z	61	PC: 17948 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:20.461223684Z	44	PC: 1794f \| Get time 0x1794f: and dh, 7 0x17952: jne 0x1795c 0x17954: mov cx, 5 0x17957: lea dx, word ptr [si + 0xb] 0x1795a: jmp 0x17985 0x1795c: mov ah, 0x3f 0x1795e: mov cx, 3 0x17961: lea dx, word ptr [si - 6] 0x17964: call 0x179b5 0x17967: jb 0x17988 0x17969: mov ax, 0x4202 0x1796c: call 0x179ae 0x1796f: mov word ptr [bp - 0x7a], ax 0x17972: mov cx, 0x160 0x17975: lea dx, word ptr [si - 6] 0x17978: call 0x179b3 0x1797b: jb 0x17988 0x1797d: call 0x179ab 0x17980: mov cl, 3 0x17982: lea dx, word ptr [bp - 0x7b]
2018-12-25T12:56:20.463841522Z	63	PC: 179b7 \| Read file or device (See above)
2018-12-25T12:56:20.467842023Z	66	PC: 179b7 \| Move file pointer (See above)
2018-12-25T12:56:20.468911914Z	64	PC: 179b7 \| Write file or device (See above)
2018-12-25T12:56:20.477279001Z	66	PC: 179b7 \| Move file pointer (See above)
2018-12-25T12:56:20.479478079Z	64	PC: 179b7 \| Write file or device (See above)
2018-12-25T12:56:20.485900265Z	87	PC: 17996 \| Get or set file date and time
2018-12-25T12:56:20.488118934Z	62	PC: 1799a \| Close file
2018-12-25T12:56:20.495960764Z	67	PC: 179a8 \| Get or set file attributes
2018-12-25T12:56:20.505663336Z	37	PC: 1790c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:56:20.507335392Z	26	PC: 17915 \| Set disk transfer address
2018-12-25T12:56:20.508288194Z	9	PC: 12a47 \| Display string (String= 'GOAT File Generator 1.40�5 � (c) 1994-98 by ROSE, Ralph Roth! (16.05.1998) File: ROSE001.COM - 20.000 (4E20h) bytes length! ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17684,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:20.507382124Z	53	PC: 1788d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:56:20.509275704Z	37	PC: 178a0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:56:20.510537345Z	26	PC: 178a8 \| Set disk transfer address
2018-12-25T12:56:20.511782101Z	78	PC: 178f3 \| Find first file
2018-12-25T12:56:20.518757977Z	67	PC: 179b7 \| Get or set file attributes
2018-12-25T12:56:20.535289659Z	61	PC: 17948 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:20.546410528Z	44	PC: 1794f \| Get time 0x1794f: and dh, 7 0x17952: jne 0x1795c 0x17954: mov cx, 5 0x17957: lea dx, word ptr [si + 0xb] 0x1795a: jmp 0x17985 0x1795c: mov ah, 0x3f 0x1795e: mov cx, 3 0x17961: lea dx, word ptr [si - 6] 0x17964: call 0x179b5 0x17967: jb 0x17988 0x17969: mov ax, 0x4202 0x1796c: call 0x179ae 0x1796f: mov word ptr [bp - 0x7a], ax 0x17972: mov cx, 0x160 0x17975: lea dx, word ptr [si - 6] 0x17978: call 0x179b3 0x1797b: jb 0x17988 0x1797d: call 0x179ab 0x17980: mov cl, 3 0x17982: lea dx, word ptr [bp - 0x7b]
2018-12-25T12:56:20.548774785Z	63	PC: 179b7 \| Read file or device (See above)
2018-12-25T12:56:20.555356312Z	66	PC: 179b7 \| Move file pointer (See above)
2018-12-25T12:56:20.556608071Z	64	PC: 179b7 \| Write file or device (See above)
2018-12-25T12:56:20.573377604Z	66	PC: 179b7 \| Move file pointer (See above)
2018-12-25T12:56:20.574399317Z	64	PC: 179b7 \| Write file or device (See above)
2018-12-25T12:56:20.578329727Z	87	PC: 17996 \| Get or set file date and time
2018-12-25T12:56:20.579625391Z	62	PC: 1799a \| Close file
2018-12-25T12:56:20.586213139Z	67	PC: 179a8 \| Get or set file attributes
2018-12-25T12:56:20.595624885Z	37	PC: 1790c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:56:20.596925969Z	26	PC: 17915 \| Set disk transfer address
2018-12-25T12:56:20.597787144Z	9	PC: 12a47 \| Display string (String= 'GOAT File Generator 1.40�5 � (c) 1994-98 by ROSE, Ralph Roth! (16.05.1998) File: ROSE001.COM - 20.000 (4E20h) bytes length! ')