Sample viewer

vx.netlux.org/Virus.DOS.Vienna.601

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:07:57.509434412Z	42	PC: 12a6c \| Get date 0x12a6c: cmp dh, 0xc 0x12a6f: jne 0x12a79 0x12a71: cmp dl, 0x19 0x12a74: jne 0x12a79 0x12a76: jmp 0x12c4a 0x12a79: cmp dh, 4 0x12a7c: jne 0x12a86 0x12a7e: cmp dl, 1 0x12a81: jne 0x12a86 0x12a83: jmp 0x12c4c 0x12a86: call 0x12c2a 0x12a89: call 0x12c18 0x12a8c: mov si, bp 0x12a8e: add si, 0x23f 0x12a92: lodsw ax, word ptr [si] 0x12a93: cmp ax, 5 0x12a96: ja 0x12a9a 0x12a98: jmp 0x12af0 0x12a9a: call 0x12c00 0x12a9d: mov bx, ax
2018-12-17T22:07:57.512151922Z	26	PC: 12c34 \| Set disk transfer address
2018-12-17T22:07:57.514264111Z	78	PC: 12c25 \| Find first file

{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2011,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:43.587559755Z	42	PC: 12a6c \| Get date 0x12a6c: cmp dh, 0xc 0x12a6f: jne 0x12a79 0x12a71: cmp dl, 0x19 0x12a74: jne 0x12a79 0x12a76: jmp 0x12c4a 0x12a79: cmp dh, 4 0x12a7c: jne 0x12a86 0x12a7e: cmp dl, 1 0x12a81: jne 0x12a86 0x12a83: jmp 0x12c4c 0x12a86: call 0x12c2a 0x12a89: call 0x12c18 0x12a8c: mov si, bp 0x12a8e: add si, 0x23f 0x12a92: lodsw ax, word ptr [si] 0x12a93: cmp ax, 5 0x12a96: ja 0x12a9a 0x12a98: jmp 0x12af0 0x12a9a: call 0x12c00 0x12a9d: mov bx, ax
2018-12-25T11:44:43.589897766Z	26	PC: 12c34 \| Set disk transfer address
2018-12-25T11:44:43.591955353Z	78	PC: 12c25 \| Find first file

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2011,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:44.59858052Z	42	PC: 12a6c \| Get date 0x12a6c: cmp dh, 0xc 0x12a6f: jne 0x12a79 0x12a71: cmp dl, 0x19 0x12a74: jne 0x12a79 0x12a76: jmp 0x12c4a 0x12a79: cmp dh, 4 0x12a7c: jne 0x12a86 0x12a7e: cmp dl, 1 0x12a81: jne 0x12a86 0x12a83: jmp 0x12c4c 0x12a86: call 0x12c2a 0x12a89: call 0x12c18 0x12a8c: mov si, bp 0x12a8e: add si, 0x23f 0x12a92: lodsw ax, word ptr [si] 0x12a93: cmp ax, 5 0x12a96: ja 0x12a9a 0x12a98: jmp 0x12af0 0x12a9a: call 0x12c00 0x12a9d: mov bx, ax
2018-12-25T11:44:44.601705688Z	26	PC: 12c34 \| Set disk transfer address
2018-12-25T11:44:44.602924549Z	78	PC: 12c25 \| Find first file

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2011,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:45.107706625Z	42	PC: 12a6c \| Get date 0x12a6c: cmp dh, 0xc 0x12a6f: jne 0x12a79 0x12a71: cmp dl, 0x19 0x12a74: jne 0x12a79 0x12a76: jmp 0x12c4a 0x12a79: cmp dh, 4 0x12a7c: jne 0x12a86 0x12a7e: cmp dl, 1 0x12a81: jne 0x12a86 0x12a83: jmp 0x12c4c 0x12a86: call 0x12c2a 0x12a89: call 0x12c18 0x12a8c: mov si, bp 0x12a8e: add si, 0x23f 0x12a92: lodsw ax, word ptr [si] 0x12a93: cmp ax, 5 0x12a96: ja 0x12a9a 0x12a98: jmp 0x12af0 0x12a9a: call 0x12c00 0x12a9d: mov bx, ax

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2011,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:46.041393438Z	42	PC: 12a6c \| Get date 0x12a6c: cmp dh, 0xc 0x12a6f: jne 0x12a79 0x12a71: cmp dl, 0x19 0x12a74: jne 0x12a79 0x12a76: jmp 0x12c4a 0x12a79: cmp dh, 4 0x12a7c: jne 0x12a86 0x12a7e: cmp dl, 1 0x12a81: jne 0x12a86 0x12a83: jmp 0x12c4c 0x12a86: call 0x12c2a 0x12a89: call 0x12c18 0x12a8c: mov si, bp 0x12a8e: add si, 0x23f 0x12a92: lodsw ax, word ptr [si] 0x12a93: cmp ax, 5 0x12a96: ja 0x12a9a 0x12a98: jmp 0x12af0 0x12a9a: call 0x12c00 0x12a9d: mov bx, ax
2018-12-25T11:44:46.044643137Z	26	PC: 12c34 \| Set disk transfer address
2018-12-25T11:44:46.045941772Z	78	PC: 12c25 \| Find first file

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2011,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:46.188308844Z	42	PC: 12a6c \| Get date 0x12a6c: cmp dh, 0xc 0x12a6f: jne 0x12a79 0x12a71: cmp dl, 0x19 0x12a74: jne 0x12a79 0x12a76: jmp 0x12c4a 0x12a79: cmp dh, 4 0x12a7c: jne 0x12a86 0x12a7e: cmp dl, 1 0x12a81: jne 0x12a86 0x12a83: jmp 0x12c4c 0x12a86: call 0x12c2a 0x12a89: call 0x12c18 0x12a8c: mov si, bp 0x12a8e: add si, 0x23f 0x12a92: lodsw ax, word ptr [si] 0x12a93: cmp ax, 5 0x12a96: ja 0x12a9a 0x12a98: jmp 0x12af0 0x12a9a: call 0x12c00 0x12a9d: mov bx, ax
2018-12-25T11:44:46.191383631Z	65	PC: 12c53 \| Delete file (Filename = 'A:\TEST.COM')
2018-12-25T11:44:46.211590562Z	74	PC: 95612 \| Reallocate memory
2018-12-25T11:44:46.212901036Z	46	PC: 94d79 \| Set verify flag