Sample viewer

vx.netlux.org/Virus.DOS.Vienna.620

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:53:11.394636769Z	48	PC: 13233 \| Get DOS version
2018-12-17T21:53:11.397426678Z	47	PC: 1323f \| Get disk transfer address
2018-12-17T21:53:11.398731377Z	26	PC: 1324f \| Set disk transfer address
2018-12-17T21:53:11.400219962Z	78	PC: 132d3 \| Find first file
2018-12-17T21:53:11.408803697Z	67	PC: 1330d \| Get or set file attributes
2018-12-17T21:53:11.415284172Z	67	PC: 1331e \| Get or set file attributes
2018-12-17T21:53:11.432705969Z	61	PC: 13329 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T21:53:11.440869873Z	87	PC: 13335 \| Get or set file date and time
2018-12-17T21:53:11.443250455Z	44	PC: 1333f \| Get time 0x1333f: and dh, 7 0x13342: jne 0x13355 0x13344: mov ah, 0x40 0x13346: mov cx, 5 0x13349: mov dx, si 0x1334b: add dx, 0x8a 0x1334f: int 0x21 0x13351: jmp 0x133b7 0x13353: nop 0x13354: nop 0x13355: mov ah, 0x3f 0x13357: mov cx, 3 0x1335a: mov dx, 0xa 0x1335d: nop 0x1335e: add dx, si 0x13360: int 0x21 0x13362: jb 0x133b7 0x13364: cmp ax, 3 0x13367: jne 0x133b7 0x13369: mov ax, 0x4202
2018-12-17T21:53:11.445907528Z	63	PC: 13362 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:53:11.453624029Z	66	PC: 13374 \| Move file pointer
2018-12-17T21:53:11.455491693Z	64	PC: 13397 \| Write file or device (Write 620 bytes on handle 5)
2018-12-17T21:53:11.465409369Z	66	PC: 133a9 \| Move file pointer
2018-12-17T21:53:11.466757289Z	64	PC: 133b7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:53:11.474191022Z	87	PC: 133c8 \| Get or set file date and time
2018-12-17T21:53:11.475830619Z	62	PC: 133cc \| Close file
2018-12-17T21:53:11.483942879Z	67	PC: 133da \| Get or set file attributes
2018-12-17T21:53:11.496331422Z	26	PC: 133e4 \| Set disk transfer address
2018-12-17T21:53:11.497739852Z	2	PC: 12a46 \| Character output (Char = '07')
2018-12-17T21:53:11.499981934Z	76	PC: 12a4b \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":334,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:46.266398724Z	48	PC: 13233 \| Get DOS version
2018-12-25T11:40:46.268356273Z	47	PC: 1323f \| Get disk transfer address
2018-12-25T11:40:46.280714105Z	26	PC: 1324f \| Set disk transfer address
2018-12-25T11:40:46.282203769Z	78	PC: 132d3 \| Find first file
2018-12-25T11:40:46.288977594Z	67	PC: 1330d \| Get or set file attributes
2018-12-25T11:40:46.296342176Z	67	PC: 1331e \| Get or set file attributes
2018-12-25T11:40:46.314121161Z	61	PC: 13329 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:40:46.322356725Z	87	PC: 13335 \| Get or set file date and time
2018-12-25T11:40:46.324661199Z	44	PC: 1333f \| Get time 0x1333f: and dh, 7 0x13342: jne 0x13355 0x13344: mov ah, 0x40 0x13346: mov cx, 5 0x13349: mov dx, si 0x1334b: add dx, 0x8a 0x1334f: int 0x21 0x13351: jmp 0x133b7 0x13353: nop 0x13354: nop 0x13355: mov ah, 0x3f 0x13357: mov cx, 3 0x1335a: mov dx, 0xa 0x1335d: nop 0x1335e: add dx, si 0x13360: int 0x21 0x13362: jb 0x133b7 0x13364: cmp ax, 3 0x13367: jne 0x133b7 0x13369: mov ax, 0x4202
2018-12-25T11:40:46.327591093Z	63	PC: 13362 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:40:46.335125718Z	66	PC: 13374 \| Move file pointer
2018-12-25T11:40:46.338042519Z	64	PC: 13397 \| Write file or device (Write 620 bytes on handle 5)
2018-12-25T11:40:46.348100621Z	66	PC: 133a9 \| Move file pointer
2018-12-25T11:40:46.357301979Z	64	PC: 133b7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:40:46.372120452Z	87	PC: 133c8 \| Get or set file date and time
2018-12-25T11:40:46.374133415Z	62	PC: 133cc \| Close file
2018-12-25T11:40:46.383043671Z	67	PC: 133da \| Get or set file attributes
2018-12-25T11:40:46.3940368Z	26	PC: 133e4 \| Set disk transfer address
2018-12-25T11:40:46.396396447Z	2	PC: 12a46 \| Character output (Char = '07')
2018-12-25T11:40:46.398815493Z	76	PC: 12a4b \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":334,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:46.614738899Z	48	PC: 13233 \| Get DOS version
2018-12-25T11:40:46.61629553Z	47	PC: 1323f \| Get disk transfer address
2018-12-25T11:40:46.619265917Z	26	PC: 1324f \| Set disk transfer address
2018-12-25T11:40:46.620692393Z	78	PC: 132d3 \| Find first file
2018-12-25T11:40:46.627477723Z	67	PC: 1330d \| Get or set file attributes
2018-12-25T11:40:46.635211658Z	67	PC: 1331e \| Get or set file attributes
2018-12-25T11:40:46.651883Z	61	PC: 13329 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:40:46.659487529Z	87	PC: 13335 \| Get or set file date and time
2018-12-25T11:40:46.662046314Z	44	PC: 1333f \| Get time 0x1333f: and dh, 7 0x13342: jne 0x13355 0x13344: mov ah, 0x40 0x13346: mov cx, 5 0x13349: mov dx, si 0x1334b: add dx, 0x8a 0x1334f: int 0x21 0x13351: jmp 0x133b7 0x13353: nop 0x13354: nop 0x13355: mov ah, 0x3f 0x13357: mov cx, 3 0x1335a: mov dx, 0xa 0x1335d: nop 0x1335e: add dx, si 0x13360: int 0x21 0x13362: jb 0x133b7 0x13364: cmp ax, 3 0x13367: jne 0x133b7 0x13369: mov ax, 0x4202
2018-12-25T11:40:46.664690907Z	63	PC: 13362 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:40:46.672322285Z	66	PC: 13374 \| Move file pointer
2018-12-25T11:40:46.674979823Z	64	PC: 13397 \| Write file or device (Write 620 bytes on handle 5)
2018-12-25T11:40:46.685850405Z	66	PC: 133a9 \| Move file pointer
2018-12-25T11:40:46.68759526Z	64	PC: 133b7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:40:46.695540209Z	87	PC: 133c8 \| Get or set file date and time
2018-12-25T11:40:46.697426435Z	62	PC: 133cc \| Close file
2018-12-25T11:40:46.70625152Z	67	PC: 133da \| Get or set file attributes
2018-12-25T11:40:46.73280171Z	26	PC: 133e4 \| Set disk transfer address
2018-12-25T11:40:46.735003273Z	2	PC: 12a46 \| Character output (Char = '07')
2018-12-25T11:40:46.737382552Z	76	PC: 12a4b \| Terminate with return code (Return code = '0')