Sample viewer

vx.netlux.org/Virus.DOS.Vienna.436

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:20:07.342530782Z	48	PC: 12a7a \| Get DOS version
2018-12-17T22:20:07.344923408Z	53	PC: 12a87 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:07.345832722Z	37	PC: 12a95 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:20:07.346672854Z	26	PC: 12a9c \| Set disk transfer address
2018-12-17T22:20:07.34787208Z	78	PC: 12ae1 \| Find first file
2018-12-17T22:20:07.353608573Z	67	PC: 12b4a \| Get or set file attributes
2018-12-17T22:20:07.643327389Z	61	PC: 12b4f \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:20:07.655342511Z	44	PC: 12b57 \| Get time 0x12b57: and dh, 7 0x12b5a: jne 0x12b68 0x12b5c: mov ah, 0x40 0x12b5e: mov cx, 5 0x12b61: lea dx, word ptr [si + 0xe] 0x12b64: int 0x21 0x12b66: jmp 0x12bb1 0x12b68: mov ah, 0x3f 0x12b6a: mov cx, 3 0x12b6d: lea dx, word ptr [si] 0x12b6f: int 0x21 0x12b71: jb 0x12bb1 0x12b73: cmp ax, 3 0x12b76: jne 0x12bb1 0x12b78: mov ax, 0x4202 0x12b7b: xor cx, cx 0x12b7d: xor dx, dx 0x12b7f: int 0x21 0x12b81: jb 0x12bb1 0x12b83: add ax, 0x10
2018-12-17T22:20:07.658253599Z	63	PC: 12b71 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:07.664644196Z	66	PC: 12b81 \| Move file pointer
2018-12-17T22:20:07.666551928Z	64	PC: 12b96 \| Write file or device (Write 436 bytes on handle 5)
2018-12-17T22:20:07.674540032Z	66	PC: 12ba6 \| Move file pointer
2018-12-17T22:20:07.675872302Z	64	PC: 12bb1 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:20:07.682975187Z	87	PC: 12bbf \| Get or set file date and time
2018-12-17T22:20:07.685815793Z	62	PC: 12bc3 \| Close file
2018-12-17T22:20:07.693821937Z	67	PC: 12bd0 \| Get or set file attributes
2018-12-17T22:20:07.704014472Z	26	PC: 12bd7 \| Set disk transfer address
2018-12-17T22:20:07.706205097Z	37	PC: 12be3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3483,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:17.550992725Z	48	PC: 12a7a \| Get DOS version
2018-12-25T11:49:17.552825593Z	53	PC: 12a87 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:17.554464605Z	37	PC: 12a95 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:17.555877982Z	26	PC: 12a9c \| Set disk transfer address
2018-12-25T11:49:17.557314911Z	78	PC: 12ae1 \| Find first file
2018-12-25T11:49:17.564277633Z	67	PC: 12b4a \| Get or set file attributes
2018-12-25T11:49:17.778027609Z	61	PC: 12b4f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:17.784498242Z	44	PC: 12b57 \| Get time 0x12b57: and dh, 7 0x12b5a: jne 0x12b68 0x12b5c: mov ah, 0x40 0x12b5e: mov cx, 5 0x12b61: lea dx, word ptr [si + 0xe] 0x12b64: int 0x21 0x12b66: jmp 0x12bb1 0x12b68: mov ah, 0x3f 0x12b6a: mov cx, 3 0x12b6d: lea dx, word ptr [si] 0x12b6f: int 0x21 0x12b71: jb 0x12bb1 0x12b73: cmp ax, 3 0x12b76: jne 0x12bb1 0x12b78: mov ax, 0x4202 0x12b7b: xor cx, cx 0x12b7d: xor dx, dx 0x12b7f: int 0x21 0x12b81: jb 0x12bb1 0x12b83: add ax, 0x10
2018-12-25T11:49:17.786528946Z	63	PC: 12b71 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:17.793608085Z	66	PC: 12b81 \| Move file pointer
2018-12-25T11:49:17.795061788Z	64	PC: 12b96 \| Write file or device (Write 436 bytes on handle 5)
2018-12-25T11:49:17.802908507Z	66	PC: 12ba6 \| Move file pointer
2018-12-25T11:49:17.804860483Z	64	PC: 12bb1 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:17.811550783Z	87	PC: 12bbf \| Get or set file date and time
2018-12-25T11:49:17.813001302Z	62	PC: 12bc3 \| Close file
2018-12-25T11:49:17.820839488Z	67	PC: 12bd0 \| Get or set file attributes
2018-12-25T11:49:17.830467896Z	26	PC: 12bd7 \| Set disk transfer address
2018-12-25T11:49:17.831506663Z	37	PC: 12be3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":3483,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:18.426508431Z	48	PC: 12a7a \| Get DOS version
2018-12-25T11:49:18.43128058Z	53	PC: 12a87 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:18.432790603Z	37	PC: 12a95 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:18.434258274Z	26	PC: 12a9c \| Set disk transfer address
2018-12-25T11:49:18.436066721Z	78	PC: 12ae1 \| Find first file
2018-12-25T11:49:18.443583718Z	67	PC: 12b4a \| Get or set file attributes
2018-12-25T11:49:18.461906278Z	61	PC: 12b4f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:18.469772529Z	44	PC: 12b57 \| Get time 0x12b57: and dh, 7 0x12b5a: jne 0x12b68 0x12b5c: mov ah, 0x40 0x12b5e: mov cx, 5 0x12b61: lea dx, word ptr [si + 0xe] 0x12b64: int 0x21 0x12b66: jmp 0x12bb1 0x12b68: mov ah, 0x3f 0x12b6a: mov cx, 3 0x12b6d: lea dx, word ptr [si] 0x12b6f: int 0x21 0x12b71: jb 0x12bb1 0x12b73: cmp ax, 3 0x12b76: jne 0x12bb1 0x12b78: mov ax, 0x4202 0x12b7b: xor cx, cx 0x12b7d: xor dx, dx 0x12b7f: int 0x21 0x12b81: jb 0x12bb1 0x12b83: add ax, 0x10
2018-12-25T11:49:18.473319287Z	63	PC: 12b71 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:18.480595073Z	66	PC: 12b81 \| Move file pointer
2018-12-25T11:49:18.482288677Z	64	PC: 12b96 \| Write file or device (Write 436 bytes on handle 5)
2018-12-25T11:49:18.493196685Z	66	PC: 12ba6 \| Move file pointer
2018-12-25T11:49:18.495042924Z	64	PC: 12bb1 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:18.502308398Z	87	PC: 12bbf \| Get or set file date and time
2018-12-25T11:49:18.504660935Z	62	PC: 12bc3 \| Close file
2018-12-25T11:49:18.514571785Z	67	PC: 12bd0 \| Get or set file attributes
2018-12-25T11:49:18.525732734Z	26	PC: 12bd7 \| Set disk transfer address
2018-12-25T11:49:18.527221984Z	37	PC: 12be3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')