Sample viewer

vx.netlux.org/Virus.DOS.Vienna.712

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:18:53.052032896Z 48 PC: 12ace | Get DOS version
2018-12-17T22:18:53.053299827Z 47 PC: 12ada | Get disk transfer address
2018-12-17T22:18:53.054463966Z 26 PC: 12aea | Set disk transfer address
2018-12-17T22:18:53.055454203Z 78 PC: 12b6c | Find first file
2018-12-17T22:18:53.059818599Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T22:18:53.070897869Z 67 PC: 12bba | Get or set file attributes
2018-12-17T22:18:53.088817876Z 61 PC: 12bc5 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:18:53.09628125Z 87 PC: 12bd1 | Get or set file date and time
2018-12-17T22:18:53.09894794Z 44 PC: 12bdb | Get time 0x12bdb: and dh, 7
0x12bde: jne 0x12bf1
0x12be0: mov ah, 0x40
0x12be2: mov cx, 5
0x12be5: mov dx, si
0x12be7: add dx, 0x8a
0x12beb: int 0x21
0x12bed: jmp 0x12c7d
0x12bf0: nop
0x12bf1: mov ah, 0x3f
0x12bf3: mov cx, 3
0x12bf6: mov dx, 0xa
0x12bf9: nop
0x12bfa: add dx, si
0x12bfc: int 0x21
0x12bfe: jb 0x12c7d
0x12c00: cmp ax, 3
0x12c03: jne 0x12c7d
0x12c05: mov ax, 0x4202
0x12c08: mov cx, 0
2018-12-17T22:18:53.101544118Z 63 PC: 12bfe | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:18:53.109028726Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:18:53.111509146Z 64 PC: 12c48 | Write file or device (Write 712 bytes on handle 5)
2018-12-17T22:18:53.121015827Z 66 PC: 12c6f | Move file pointer
2018-12-17T22:18:53.122521315Z 64 PC: 12c7d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:18:53.129879402Z 87 PC: 12c90 | Get or set file date and time
2018-12-17T22:18:53.131458942Z 62 PC: 12c94 | Close file
2018-12-17T22:18:53.141897762Z 67 PC: 12ca2 | Get or set file attributes
2018-12-17T22:18:53.152680242Z 26 PC: 12cac | Set disk transfer address
2018-12-17T22:18:53.154031417Z 9 PC: 12aa2 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3232,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:43.971325043Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:48:43.984875629Z 41 PC: 94fae | Parse filename
2018-12-25T11:48:43.990101495Z 41 PC: 9502f | Parse filename
2018-12-25T11:48:43.991981899Z 41 PC: 9504c | Parse filename
2018-12-25T11:48:43.99446062Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T11:48:43.99625772Z 71 PC: 986f3 | Get current directory
2018-12-25T11:48:43.998499635Z 78 PC: 986fe | Find first file
2018-12-25T11:48:44.0055915Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:48:44.008160384Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:48:44.018132739Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:48:44.021462392Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:48:44.022858752Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:48:44.024607444Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:44.025910999Z 62 PC: 122ab | Close file
2018-12-25T11:48:44.027134131Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.031876669Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.033695533Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.035459082Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.041258742Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.043343577Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.045075032Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.0471657Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.049138397Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.051174005Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.054130553Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.056131173Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.05807015Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.061035656Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:48:44.063258619Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T11:48:44.064770415Z 56 PC: 94df9 | Get or set country info
2018-12-25T11:48:44.066805443Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:48:44.073458292Z 25 PC: 94e62 | Get default drive
2018-12-25T11:48:44.07778787Z 71 PC: 970dd | Get current directory
2018-12-25T11:48:44.082426588Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:48:44.088313297Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T11:48:44.090838916Z 93 PC: 94f20 | File sharing functions
2018-12-25T11:48:44.092728691Z 93 PC: 94f27 | File sharing functions
2018-12-25T11:48:44.095643007Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T11:48:59.017304176Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:49:00.370837595Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:49:00.475310364Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:49:00.480600526Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T11:49:00.483081079Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T11:49:00.484714631Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T11:49:00.486733468Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T11:49:00.491619835Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:49:00.500155943Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:49:00.510425545Z 71 PC: 9856c | Get current directory
2018-12-25T11:49:00.515173596Z 73 PC: 97c09 | Release memory
2018-12-25T11:49:00.516883799Z 75 PC: 11821 | Execute program
2018-12-25T11:49:00.533020067Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T11:49:00.538984185Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":3232,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:44.075785289Z 48 PC: 12ace | Get DOS version
2018-12-25T11:48:44.082891276Z 47 PC: 12ada | Get disk transfer address
2018-12-25T11:48:44.084313013Z 26 PC: 12aea | Set disk transfer address
2018-12-25T11:48:44.085190477Z 78 PC: 12b6c | Find first file
2018-12-25T11:48:44.089295019Z 67 PC: 12ba8 | Get or set file attributes
2018-12-25T11:48:44.094969652Z 67 PC: 12bba | Get or set file attributes
2018-12-25T11:48:45.091947662Z 61 PC: 12bc5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:45.105401076Z 87 PC: 12bd1 | Get or set file date and time
2018-12-25T11:48:45.107314699Z 44 PC: 12bdb | Get time 0x12bdb: and dh, 7
0x12bde: jne 0x12bf1
0x12be0: mov ah, 0x40
0x12be2: mov cx, 5
0x12be5: mov dx, si
0x12be7: add dx, 0x8a
0x12beb: int 0x21
0x12bed: jmp 0x12c7d
0x12bf0: nop
0x12bf1: mov ah, 0x3f
0x12bf3: mov cx, 3
0x12bf6: mov dx, 0xa
0x12bf9: nop
0x12bfa: add dx, si
0x12bfc: int 0x21
0x12bfe: jb 0x12c7d
0x12c00: cmp ax, 3
0x12c03: jne 0x12c7d
0x12c05: mov ax, 0x4202
0x12c08: mov cx, 0
2018-12-25T11:48:45.109414577Z 63 PC: 12bfe | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:45.122060475Z 66 PC: 12c10 | Move file pointer
2018-12-25T11:48:45.123529712Z 64 PC: 12c48 | Write file or device (Write 712 bytes on handle 5)
2018-12-25T11:48:45.884638335Z 66 PC: 12c6f | Move file pointer
2018-12-25T11:48:45.887080545Z 64 PC: 12c7d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:45.893666146Z 87 PC: 12c90 | Get or set file date and time
2018-12-25T11:48:45.895118457Z 62 PC: 12c94 | Close file
2018-12-25T11:48:46.94674831Z 67 PC: 12ca2 | Get or set file attributes
2018-12-25T11:48:46.956267283Z 26 PC: 12cac | Set disk transfer address
2018-12-25T11:48:46.957064246Z 9 PC: 12aa2 | Display string (String= 'Hello - Copyright S & S International, 1990 ')