Sample viewer

vx.netlux.org/Virus.DOS.Vienna.SDI.648

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:06:50.09709198Z	48	PC: 12b5a \| Get DOS version
2018-12-17T22:06:50.098888252Z	47	PC: 12b67 \| Get disk transfer address
2018-12-17T22:06:50.101289381Z	26	PC: 12b77 \| Set disk transfer address
2018-12-17T22:06:50.10279898Z	78	PC: 12c01 \| Find first file
2018-12-17T22:06:50.109054072Z	67	PC: 12c3d \| Get or set file attributes
2018-12-17T22:06:50.123253781Z	67	PC: 12c4d \| Get or set file attributes
2018-12-17T22:06:50.143273893Z	61	PC: 12c57 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:06:50.15131966Z	87	PC: 12c64 \| Get or set file date and time
2018-12-17T22:06:50.153560032Z	44	PC: 12c6f \| Get time 0x12c6f: and dh, 7 0x12c72: nop 0x12c73: jne 0x12c86 0x12c75: mov ah, 0x40 0x12c77: mov cx, 5 0x12c7a: mov dx, si 0x12c7c: nop 0x12c7d: add dx, 0x8a 0x12c81: int 0x21 0x12c83: jmp 0x12ceb 0x12c86: mov ah, 0x3f 0x12c88: mov cx, 3 0x12c8b: mov dx, 0xa 0x12c8e: nop 0x12c8f: nop 0x12c90: add dx, si 0x12c92: int 0x21 0x12c94: jb 0x12ceb 0x12c96: cmp ax, 3 0x12c99: jne 0x12ceb
2018-12-17T22:06:50.155932697Z	63	PC: 12c94 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:06:50.162410693Z	66	PC: 12ca7 \| Move file pointer
2018-12-17T22:06:50.164883206Z	64	PC: 12ccb \| Write file or device (Write 648 bytes on handle 5)
2018-12-17T22:06:50.17341207Z	66	PC: 12cdd \| Move file pointer
2018-12-17T22:06:50.17543227Z	64	PC: 12ceb \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:06:50.182577581Z	87	PC: 12cfd \| Get or set file date and time
2018-12-17T22:06:50.184411808Z	62	PC: 12d01 \| Close file
2018-12-17T22:06:50.192668693Z	67	PC: 12d10 \| Get or set file attributes
2018-12-17T22:06:50.214220563Z	26	PC: 12d1a \| Set disk transfer address
2018-12-17T22:06:50.216019299Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1884,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:30.781626225Z	48	PC: 12b5a \| Get DOS version
2018-12-25T11:44:30.783360604Z	47	PC: 12b67 \| Get disk transfer address
2018-12-25T11:44:30.787629974Z	26	PC: 12b77 \| Set disk transfer address
2018-12-25T11:44:30.788658022Z	78	PC: 12c01 \| Find first file
2018-12-25T11:44:30.793446256Z	67	PC: 12c3d \| Get or set file attributes
2018-12-25T11:44:30.799501322Z	67	PC: 12c4d \| Get or set file attributes
2018-12-25T11:44:30.820710782Z	61	PC: 12c57 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:30.827546145Z	87	PC: 12c64 \| Get or set file date and time
2018-12-25T11:44:30.829451614Z	44	PC: 12c6f \| Get time 0x12c6f: and dh, 7 0x12c72: nop 0x12c73: jne 0x12c86 0x12c75: mov ah, 0x40 0x12c77: mov cx, 5 0x12c7a: mov dx, si 0x12c7c: nop 0x12c7d: add dx, 0x8a 0x12c81: int 0x21 0x12c83: jmp 0x12ceb 0x12c86: mov ah, 0x3f 0x12c88: mov cx, 3 0x12c8b: mov dx, 0xa 0x12c8e: nop 0x12c8f: nop 0x12c90: add dx, si 0x12c92: int 0x21 0x12c94: jb 0x12ceb 0x12c96: cmp ax, 3 0x12c99: jne 0x12ceb
2018-12-25T11:44:30.831564298Z	63	PC: 12c94 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:30.837786294Z	66	PC: 12ca7 \| Move file pointer
2018-12-25T11:44:30.839932761Z	64	PC: 12ccb \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T11:44:30.849025952Z	66	PC: 12cdd \| Move file pointer
2018-12-25T11:44:30.850280598Z	64	PC: 12ceb \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:30.857161749Z	87	PC: 12cfd \| Get or set file date and time
2018-12-25T11:44:30.858490498Z	62	PC: 12d01 \| Close file
2018-12-25T11:44:30.866004131Z	67	PC: 12d10 \| Get or set file attributes
2018-12-25T11:44:30.876313176Z	26	PC: 12d1a \| Set disk transfer address
2018-12-25T11:44:30.877281534Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":1884,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:30.862765258Z	48	PC: 12b5a \| Get DOS version
2018-12-25T11:44:30.86494744Z	47	PC: 12b67 \| Get disk transfer address
2018-12-25T11:44:30.872194655Z	26	PC: 12b77 \| Set disk transfer address
2018-12-25T11:44:30.873580079Z	78	PC: 12c01 \| Find first file
2018-12-25T11:44:30.880653842Z	67	PC: 12c3d \| Get or set file attributes
2018-12-25T11:44:30.888679014Z	67	PC: 12c4d \| Get or set file attributes
2018-12-25T11:44:30.906404568Z	61	PC: 12c57 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:30.914397064Z	87	PC: 12c64 \| Get or set file date and time
2018-12-25T11:44:30.916853662Z	44	PC: 12c6f \| Get time 0x12c6f: and dh, 7 0x12c72: nop 0x12c73: jne 0x12c86 0x12c75: mov ah, 0x40 0x12c77: mov cx, 5 0x12c7a: mov dx, si 0x12c7c: nop 0x12c7d: add dx, 0x8a 0x12c81: int 0x21 0x12c83: jmp 0x12ceb 0x12c86: mov ah, 0x3f 0x12c88: mov cx, 3 0x12c8b: mov dx, 0xa 0x12c8e: nop 0x12c8f: nop 0x12c90: add dx, si 0x12c92: int 0x21 0x12c94: jb 0x12ceb 0x12c96: cmp ax, 3 0x12c99: jne 0x12ceb
2018-12-25T11:44:30.919300131Z	63	PC: 12c94 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:30.927705562Z	66	PC: 12ca7 \| Move file pointer
2018-12-25T11:44:30.930536145Z	64	PC: 12ccb \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T11:44:30.94091839Z	66	PC: 12cdd \| Move file pointer
2018-12-25T11:44:30.942474953Z	64	PC: 12ceb \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:30.950730357Z	87	PC: 12cfd \| Get or set file date and time
2018-12-25T11:44:30.952890531Z	62	PC: 12d01 \| Close file
2018-12-25T11:44:30.962083036Z	67	PC: 12d10 \| Get or set file attributes
2018-12-25T11:44:30.973468311Z	26	PC: 12d1a \| Set disk transfer address
2018-12-25T11:44:30.983553968Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')