Sample viewer

vx.netlux.org/Virus.DOS.Vienna.648.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:08:08.153501462Z	48	PC: 12a8e \| Get DOS version
2018-12-17T22:08:08.155353476Z	47	PC: 12a9a \| Get disk transfer address
2018-12-17T22:08:08.156637418Z	26	PC: 12aad \| Set disk transfer address
2018-12-17T22:08:08.158054674Z	78	PC: 12b37 \| Find first file
2018-12-17T22:08:08.16450905Z	67	PC: 12b77 \| Get or set file attributes
2018-12-17T22:08:08.175243555Z	67	PC: 12b8a \| Get or set file attributes
2018-12-17T22:08:08.190595335Z	61	PC: 12b95 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:08:08.197066008Z	87	PC: 12ba1 \| Get or set file date and time
2018-12-17T22:08:08.199826473Z	44	PC: 12bad \| Get time 0x12bad: and dh, 7 0x12bb0: jne 0x12bc2 0x12bb2: mov ah, 0x40 0x12bb4: mov cx, 5 0x12bb7: mov dx, si 0x12bb9: add dx, 0x8a 0x12bbd: int 0x21 0x12bbf: jmp 0x12c26 0x12bc1: nop 0x12bc2: mov ah, 0x3f 0x12bc4: mov cx, 3 0x12bc7: mov dx, 0xa 0x12bca: nop 0x12bcb: add dx, si 0x12bcd: int 0x21 0x12bcf: jb 0x12c26 0x12bd1: cmp ax, 3 0x12bd4: jne 0x12c26 0x12bd6: mov ax, 0x4202 0x12bd9: mov cx, 0
2018-12-17T22:08:08.202138018Z	64	PC: 12bbf \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:08:08.208565345Z	87	PC: 12c3b \| Get or set file date and time
2018-12-17T22:08:08.211298508Z	62	PC: 12c3f \| Close file
2018-12-17T22:08:08.218861672Z	67	PC: 12c4e \| Get or set file attributes
2018-12-17T22:08:08.22838302Z	26	PC: 12c5b \| Set disk transfer address
2018-12-17T22:08:08.230123586Z	9	PC: 12a70 \| Display string (String= ' THIS IS AN INFECTED PROGRAM ')
2018-12-17T22:08:08.239157192Z	76	PC: 12a75 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2030,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:46.198485515Z	48	PC: 12a8e \| Get DOS version
2018-12-25T11:44:46.20087114Z	47	PC: 12a9a \| Get disk transfer address
2018-12-25T11:44:46.202091005Z	26	PC: 12aad \| Set disk transfer address
2018-12-25T11:44:46.20329093Z	78	PC: 12b37 \| Find first file
2018-12-25T11:44:46.210299025Z	67	PC: 12b77 \| Get or set file attributes
2018-12-25T11:44:46.21654452Z	67	PC: 12b8a \| Get or set file attributes
2018-12-25T11:44:46.278128229Z	61	PC: 12b95 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:46.285627683Z	87	PC: 12ba1 \| Get or set file date and time
2018-12-25T11:44:46.28725317Z	44	PC: 12bad \| Get time 0x12bad: and dh, 7 0x12bb0: jne 0x12bc2 0x12bb2: mov ah, 0x40 0x12bb4: mov cx, 5 0x12bb7: mov dx, si 0x12bb9: add dx, 0x8a 0x12bbd: int 0x21 0x12bbf: jmp 0x12c26 0x12bc1: nop 0x12bc2: mov ah, 0x3f 0x12bc4: mov cx, 3 0x12bc7: mov dx, 0xa 0x12bca: nop 0x12bcb: add dx, si 0x12bcd: int 0x21 0x12bcf: jb 0x12c26 0x12bd1: cmp ax, 3 0x12bd4: jne 0x12c26 0x12bd6: mov ax, 0x4202 0x12bd9: mov cx, 0
2018-12-25T11:44:46.289658787Z	63	PC: 12bcf \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:46.29714825Z	66	PC: 12be1 \| Move file pointer
2018-12-25T11:44:46.299241724Z	64	PC: 12c05 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T11:44:46.308287871Z	66	PC: 12c17 \| Move file pointer
2018-12-25T11:44:46.309613209Z	64	PC: 12c26 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:46.317525095Z	87	PC: 12c3b \| Get or set file date and time
2018-12-25T11:44:46.319116206Z	62	PC: 12c3f \| Close file
2018-12-25T11:44:46.327403448Z	67	PC: 12c4e \| Get or set file attributes
2018-12-25T11:44:46.33916896Z	26	PC: 12c5b \| Set disk transfer address
2018-12-25T11:44:46.340566184Z	9	PC: 12a70 \| Display string (String= ' THIS IS AN INFECTED PROGRAM ')
2018-12-25T11:44:46.347767124Z	76	PC: 12a75 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":2030,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:47.599833918Z	48	PC: 12a8e \| Get DOS version
2018-12-25T11:44:47.601081045Z	47	PC: 12a9a \| Get disk transfer address
2018-12-25T11:44:47.602732612Z	26	PC: 12aad \| Set disk transfer address
2018-12-25T11:44:47.603718702Z	78	PC: 12b37 \| Find first file
2018-12-25T11:44:47.607680035Z	67	PC: 12b77 \| Get or set file attributes
2018-12-25T11:44:47.612376995Z	67	PC: 12b8a \| Get or set file attributes
2018-12-25T11:44:47.625147405Z	61	PC: 12b95 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:47.6347389Z	87	PC: 12ba1 \| Get or set file date and time
2018-12-25T11:44:47.636594002Z	44	PC: 12bad \| Get time 0x12bad: and dh, 7 0x12bb0: jne 0x12bc2 0x12bb2: mov ah, 0x40 0x12bb4: mov cx, 5 0x12bb7: mov dx, si 0x12bb9: add dx, 0x8a 0x12bbd: int 0x21 0x12bbf: jmp 0x12c26 0x12bc1: nop 0x12bc2: mov ah, 0x3f 0x12bc4: mov cx, 3 0x12bc7: mov dx, 0xa 0x12bca: nop 0x12bcb: add dx, si 0x12bcd: int 0x21 0x12bcf: jb 0x12c26 0x12bd1: cmp ax, 3 0x12bd4: jne 0x12c26 0x12bd6: mov ax, 0x4202 0x12bd9: mov cx, 0
2018-12-25T11:44:47.638607927Z	63	PC: 12bcf \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:47.643672331Z	66	PC: 12be1 \| Move file pointer
2018-12-25T11:44:47.645660245Z	64	PC: 12c05 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T11:44:47.65486524Z	66	PC: 12c17 \| Move file pointer
2018-12-25T11:44:47.656206887Z	64	PC: 12c26 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:47.662319754Z	87	PC: 12c3b \| Get or set file date and time
2018-12-25T11:44:47.664141949Z	62	PC: 12c3f \| Close file
2018-12-25T11:44:47.673018216Z	67	PC: 12c4e \| Get or set file attributes
2018-12-25T11:44:47.679459802Z	26	PC: 12c5b \| Set disk transfer address
2018-12-25T11:44:47.681292163Z	9	PC: 12a70 \| Display string (String= ' THIS IS AN INFECTED PROGRAM ')
2018-12-25T11:44:47.685722222Z	76	PC: 12a75 \| Terminate with return code (Return code = '0')