Sample viewer

vx.netlux.org/Virus.DOS.Vienna.1881.c

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:13:57.721030843Z	48	PC: 159e6 \| Get DOS version
2018-12-17T22:13:57.729954339Z	47	PC: 159f2 \| Get disk transfer address
2018-12-17T22:13:57.73110431Z	26	PC: 15a01 \| Set disk transfer address
2018-12-17T22:13:57.73232156Z	78	PC: 15a82 \| Find first file
2018-12-17T22:13:57.738644616Z	67	PC: 15aba \| Get or set file attributes
2018-12-17T22:13:57.744254287Z	67	PC: 15aca \| Get or set file attributes
2018-12-17T22:13:57.758652287Z	61	PC: 15ad4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:13:57.763243883Z	87	PC: 15ae0 \| Get or set file date and time
2018-12-17T22:13:57.764193034Z	63	PC: 15af2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:57.768145261Z	66	PC: 15b04 \| Move file pointer
2018-12-17T22:13:57.769659728Z	64	PC: 15b28 \| Write file or device (Write 1881 bytes on handle 5)
2018-12-17T22:13:57.775245045Z	66	PC: 15b3b \| Move file pointer
2018-12-17T22:13:57.776306394Z	64	PC: 15b49 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:57.780729397Z	87	PC: 15b5a \| Get or set file date and time
2018-12-17T22:13:57.781809899Z	62	PC: 15b5e \| Close file
2018-12-17T22:13:57.787709803Z	67	PC: 15b6b \| Get or set file attributes
2018-12-17T22:13:57.796044219Z	26	PC: 15b75 \| Set disk transfer address
2018-12-17T22:13:57.797361729Z	42	PC: 15b7a \| Get date 0x15b7a: cmp dx, 0xc13 0x15b7e: jae 0x15b88 0x15b80: cmp dx, 0x101 0x15b84: jb 0x15b88 0x15b86: jmp 0x15b96 0x15b88: mov dx, si 0x15b8a: add dx, 0x8a 0x15b8e: mov ah, 9 0x15b90: int 0x21 0x15b92: mov ah, 0 0x15b94: int 0x16 0x15b96: pop cx 0x15b97: xor ax, ax 0x15b99: xor bx, bx 0x15b9b: xor dx, dx 0x15b9d: xor si, si 0x15b9f: mov di, 0x100 0x15ba2: push di 0x15ba3: xor di, di 0x15ba5: ret 0xffff

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2672,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:11.769371022Z	48	PC: 159e6 \| Get DOS version
2018-12-25T11:46:11.770987081Z	47	PC: 159f2 \| Get disk transfer address
2018-12-25T11:46:11.772813124Z	26	PC: 15a01 \| Set disk transfer address
2018-12-25T11:46:11.774699069Z	78	PC: 15a82 \| Find first file
2018-12-25T11:46:11.781559395Z	67	PC: 15aba \| Get or set file attributes
2018-12-25T11:46:11.786977216Z	67	PC: 15aca \| Get or set file attributes
2018-12-25T11:46:11.80271632Z	61	PC: 15ad4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:11.811312664Z	87	PC: 15ae0 \| Get or set file date and time
2018-12-25T11:46:11.81269807Z	63	PC: 15af2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:11.818835079Z	66	PC: 15b04 \| Move file pointer
2018-12-25T11:46:11.82068345Z	64	PC: 15b28 \| Write file or device (Write 1881 bytes on handle 5)
2018-12-25T11:46:11.829261546Z	66	PC: 15b3b \| Move file pointer
2018-12-25T11:46:11.830478119Z	64	PC: 15b49 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:11.837223795Z	87	PC: 15b5a \| Get or set file date and time
2018-12-25T11:46:11.838764849Z	62	PC: 15b5e \| Close file
2018-12-25T11:46:11.846395329Z	67	PC: 15b6b \| Get or set file attributes
2018-12-25T11:46:11.856749845Z	26	PC: 15b75 \| Set disk transfer address
2018-12-25T11:46:11.857593775Z	42	PC: 15b7a \| Get date 0x15b7a: cmp dx, 0xc13 0x15b7e: jae 0x15b88 0x15b80: cmp dx, 0x101 0x15b84: jb 0x15b88 0x15b86: jmp 0x15b96 0x15b88: mov dx, si 0x15b8a: add dx, 0x8a 0x15b8e: mov ah, 9 0x15b90: int 0x21 0x15b92: mov ah, 0 0x15b94: int 0x16 0x15b96: pop cx 0x15b97: xor ax, ax 0x15b99: xor bx, bx 0x15b9b: xor dx, dx 0x15b9d: xor si, si 0x15b9f: mov di, 0x100 0x15ba2: push di 0x15ba3: xor di, di 0x15ba5: ret 0xffff

{"DateBased":true,"Day":20,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2672,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:12.372996202Z	48	PC: 159e6 \| Get DOS version
2018-12-25T11:46:12.374848308Z	47	PC: 159f2 \| Get disk transfer address
2018-12-25T11:46:12.376248312Z	26	PC: 15a01 \| Set disk transfer address
2018-12-25T11:46:12.377622505Z	78	PC: 15a82 \| Find first file
2018-12-25T11:46:12.384725619Z	67	PC: 15aba \| Get or set file attributes
2018-12-25T11:46:12.39215131Z	67	PC: 15aca \| Get or set file attributes
2018-12-25T11:46:12.409318464Z	61	PC: 15ad4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:12.416908046Z	87	PC: 15ae0 \| Get or set file date and time
2018-12-25T11:46:12.41929119Z	63	PC: 15af2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:12.426293315Z	66	PC: 15b04 \| Move file pointer
2018-12-25T11:46:12.42786509Z	64	PC: 15b28 \| Write file or device (Write 1881 bytes on handle 5)
2018-12-25T11:46:12.439357045Z	66	PC: 15b3b \| Move file pointer
2018-12-25T11:46:12.441479325Z	64	PC: 15b49 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:12.449230845Z	87	PC: 15b5a \| Get or set file date and time
2018-12-25T11:46:12.452052523Z	62	PC: 15b5e \| Close file
2018-12-25T11:46:12.460914615Z	67	PC: 15b6b \| Get or set file attributes
2018-12-25T11:46:12.471894367Z	26	PC: 15b75 \| Set disk transfer address
2018-12-25T11:46:12.474185288Z	42	PC: 15b7a \| Get date 0x15b7a: cmp dx, 0xc13 0x15b7e: jae 0x15b88 0x15b80: cmp dx, 0x101 0x15b84: jb 0x15b88 0x15b86: jmp 0x15b96 0x15b88: mov dx, si 0x15b8a: add dx, 0x8a 0x15b8e: mov ah, 9 0x15b90: int 0x21 0x15b92: mov ah, 0 0x15b94: int 0x16 0x15b96: pop cx 0x15b97: xor ax, ax 0x15b99: xor bx, bx 0x15b9b: xor dx, dx 0x15b9d: xor si, si 0x15b9f: mov di, 0x100 0x15ba2: push di 0x15ba3: xor di, di 0x15ba5: ret 0xffff
2018-12-25T11:46:12.477312807Z	9	PC: 15b92 \| Display string (Could not find end pointer)