Sample viewer

vx.netlux.org/Virus.DOS.Vienna.1006

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:14:45.729348425Z	48	PC: 12ba5 \| Get DOS version
2018-12-17T22:14:45.730622022Z	47	PC: 12bb1 \| Get disk transfer address
2018-12-17T22:14:45.734350294Z	26	PC: 12bc3 \| Set disk transfer address
2018-12-17T22:14:45.735514273Z	78	PC: 12c49 \| Find first file
2018-12-17T22:14:45.741319429Z	67	PC: 12c86 \| Get or set file attributes
2018-12-17T22:14:45.74695582Z	67	PC: 12c99 \| Get or set file attributes
2018-12-17T22:14:45.762372798Z	61	PC: 12ca4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:14:45.781269728Z	87	PC: 12cb0 \| Get or set file date and time
2018-12-17T22:14:45.78303237Z	44	PC: 12cbc \| Get time 0x12cbc: and dh, 7 0x12cbf: jne 0x12d12 0x12cc1: push ax 0x12cc2: push bx 0x12cc3: push cx 0x12cc4: push dx 0x12cc5: mov bx, si 0x12cc7: add bx, 0x8a 0x12ccb: mov cx, word ptr [bx] 0x12ccd: add bx, 2 0x12cd0: mov al, 0xb6 0x12cd2: out 0x43, al 0x12cd4: mov ax, word ptr [bx] 0x12cd6: add bx, 2 0x12cd9: out 0x42, al 0x12cdb: mov al, ah 0x12cdd: out 0x42, al 0x12cdf: in al, 0x61 0x12ce1: or al, 3 0x12ce3: out 0x61, al
2018-12-17T22:14:45.785214502Z	63	PC: 12d1f \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:14:45.791367527Z	66	PC: 12d2f \| Move file pointer
2018-12-17T22:14:45.793243912Z	64	PC: 12d53 \| Write file or device (Write 1006 bytes on handle 5)
2018-12-17T22:14:45.803056384Z	66	PC: 12d63 \| Move file pointer
2018-12-17T22:14:45.804420587Z	64	PC: 12d71 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:14:45.82605143Z	87	PC: 12d86 \| Get or set file date and time
2018-12-17T22:14:45.827478108Z	62	PC: 12d8a \| Close file
2018-12-17T22:14:45.835303615Z	67	PC: 12d99 \| Get or set file attributes
2018-12-17T22:14:45.852331467Z	26	PC: 12da5 \| Set disk transfer address
2018-12-17T22:14:45.853614938Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:14:45.857584633Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2755,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:23.622426238Z	48	PC: 12ba5 \| Get DOS version
2018-12-25T11:46:23.623700681Z	47	PC: 12bb1 \| Get disk transfer address
2018-12-25T11:46:23.634079858Z	26	PC: 12bc3 \| Set disk transfer address
2018-12-25T11:46:23.635864654Z	78	PC: 12c49 \| Find first file
2018-12-25T11:46:23.642765449Z	67	PC: 12c86 \| Get or set file attributes
2018-12-25T11:46:23.650150805Z	67	PC: 12c99 \| Get or set file attributes
2018-12-25T11:46:23.668057006Z	61	PC: 12ca4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:23.675704636Z	87	PC: 12cb0 \| Get or set file date and time
2018-12-25T11:46:23.684887836Z	44	PC: 12cbc \| Get time 0x12cbc: and dh, 7 0x12cbf: jne 0x12d12 0x12cc1: push ax 0x12cc2: push bx 0x12cc3: push cx 0x12cc4: push dx 0x12cc5: mov bx, si 0x12cc7: add bx, 0x8a 0x12ccb: mov cx, word ptr [bx] 0x12ccd: add bx, 2 0x12cd0: mov al, 0xb6 0x12cd2: out 0x43, al 0x12cd4: mov ax, word ptr [bx] 0x12cd6: add bx, 2 0x12cd9: out 0x42, al 0x12cdb: mov al, ah 0x12cdd: out 0x42, al 0x12cdf: in al, 0x61 0x12ce1: or al, 3 0x12ce3: out 0x61, al
2018-12-25T11:46:23.694293813Z	63	PC: 12d1f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:23.701754753Z	66	PC: 12d2f \| Move file pointer
2018-12-25T11:46:23.704058002Z	64	PC: 12d53 \| Write file or device (Write 1006 bytes on handle 5)
2018-12-25T11:46:23.71337883Z	66	PC: 12d63 \| Move file pointer
2018-12-25T11:46:23.714919139Z	64	PC: 12d71 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:23.722324759Z	87	PC: 12d86 \| Get or set file date and time
2018-12-25T11:46:23.724965116Z	62	PC: 12d8a \| Close file
2018-12-25T11:46:23.734144146Z	67	PC: 12d99 \| Get or set file attributes
2018-12-25T11:46:23.745505349Z	26	PC: 12da5 \| Set disk transfer address
2018-12-25T11:46:23.74722635Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:46:23.753636958Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":2755,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:23.733189009Z	48	PC: 12ba5 \| Get DOS version
2018-12-25T11:46:23.73495866Z	47	PC: 12bb1 \| Get disk transfer address
2018-12-25T11:46:23.735753153Z	26	PC: 12bc3 \| Set disk transfer address
2018-12-25T11:46:23.736541845Z	78	PC: 12c49 \| Find first file
2018-12-25T11:46:23.740495546Z	67	PC: 12c86 \| Get or set file attributes
2018-12-25T11:46:23.745952943Z	67	PC: 12c99 \| Get or set file attributes
2018-12-25T11:46:23.762291778Z	61	PC: 12ca4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:23.768995213Z	87	PC: 12cb0 \| Get or set file date and time
2018-12-25T11:46:23.770312279Z	44	PC: 12cbc \| Get time 0x12cbc: and dh, 7 0x12cbf: jne 0x12d12 0x12cc1: push ax 0x12cc2: push bx 0x12cc3: push cx 0x12cc4: push dx 0x12cc5: mov bx, si 0x12cc7: add bx, 0x8a 0x12ccb: mov cx, word ptr [bx] 0x12ccd: add bx, 2 0x12cd0: mov al, 0xb6 0x12cd2: out 0x43, al 0x12cd4: mov ax, word ptr [bx] 0x12cd6: add bx, 2 0x12cd9: out 0x42, al 0x12cdb: mov al, ah 0x12cdd: out 0x42, al 0x12cdf: in al, 0x61 0x12ce1: or al, 3 0x12ce3: out 0x61, al
2018-12-25T11:46:23.772199125Z	63	PC: 12d1f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:23.778308981Z	66	PC: 12d2f \| Move file pointer
2018-12-25T11:46:23.779709574Z	64	PC: 12d53 \| Write file or device (Write 1006 bytes on handle 5)
2018-12-25T11:46:23.787900494Z	66	PC: 12d63 \| Move file pointer
2018-12-25T11:46:23.789191272Z	64	PC: 12d71 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:23.796567587Z	87	PC: 12d86 \| Get or set file date and time
2018-12-25T11:46:23.797986457Z	62	PC: 12d8a \| Close file
2018-12-25T11:46:23.805632728Z	67	PC: 12d99 \| Get or set file attributes
2018-12-25T11:46:23.816212569Z	26	PC: 12da5 \| Set disk transfer address
2018-12-25T11:46:23.817384325Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:46:23.822599515Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')