Sample viewer

vx.netlux.org/Virus.DOS.Vienna.629

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:20:25.317909483Z 48 PC: 12ba6 | Get DOS version
2018-12-17T22:20:25.320519823Z 47 PC: 12bb2 | Get disk transfer address
2018-12-17T22:20:25.32186975Z 26 PC: 12bc2 | Set disk transfer address
2018-12-17T22:20:25.323315737Z 78 PC: 12c49 | Find first file
2018-12-17T22:20:25.330320525Z 67 PC: 12c83 | Get or set file attributes
2018-12-17T22:20:25.336377055Z 67 PC: 12c95 | Get or set file attributes
2018-12-17T22:20:25.353700862Z 61 PC: 12ca0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:20:25.360544898Z 87 PC: 12cac | Get or set file date and time
2018-12-17T22:20:25.363339731Z 44 PC: 12cb6 | Get time 0x12cb6: and dh, 7
0x12cb9: jne 0x12ccc
0x12cbb: jmp 0x12ccc
0x12cbd: mov ah, 0x40
0x12cbf: mov cx, 5
0x12cc2: mov dx, si
0x12cc4: add dx, 0x8a
0x12cc8: int 0x21
0x12cca: jmp 0x12d31
0x12ccc: mov ah, 0x3f
0x12cce: mov cx, 3
0x12cd1: mov dx, 0xa
0x12cd4: nop
0x12cd5: add dx, si
0x12cd7: int 0x21
0x12cd9: jb 0x12d31
0x12cdb: cmp ax, 3
0x12cde: jne 0x12d31
0x12ce0: mov ax, 0x4202
0x12ce3: mov cx, 0
2018-12-17T22:20:25.365789975Z 63 PC: 12cd9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:25.372371065Z 66 PC: 12ceb | Move file pointer
2018-12-17T22:20:25.375161234Z 64 PC: 12d0f | Write file or device (Write 629 bytes on handle 5)
2018-12-17T22:20:25.383796199Z 66 PC: 12d22 | Move file pointer
2018-12-17T22:20:25.385196692Z 64 PC: 12d31 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:20:25.392694667Z 87 PC: 12d44 | Get or set file date and time
2018-12-17T22:20:25.394753157Z 62 PC: 12d48 | Close file
2018-12-17T22:20:25.402746432Z 67 PC: 12d56 | Get or set file attributes
2018-12-17T22:20:25.41337099Z 26 PC: 12d60 | Set disk transfer address
2018-12-17T22:20:25.416012334Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:20:25.420054868Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3544,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:29.624844022Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:49:29.631825783Z 41 PC: 94fae | Parse filename
2018-12-25T11:49:29.650419985Z 41 PC: 9502f | Parse filename
2018-12-25T11:49:29.653097639Z 41 PC: 9504c | Parse filename
2018-12-25T11:49:29.656297412Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T11:49:29.659569267Z 71 PC: 986f3 | Get current directory
2018-12-25T11:49:29.664630099Z 78 PC: 986fe | Find first file
2018-12-25T11:49:29.67650339Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:49:29.680623817Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:49:29.693949829Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:49:29.69972921Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:49:29.701451794Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:49:29.703823994Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:49:29.705044362Z 62 PC: 122ab | Close file
2018-12-25T11:49:29.706673925Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.709490544Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.711190139Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.71285167Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.71548916Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.717200624Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.71874335Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.720297324Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.72228329Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.7241859Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.725991406Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.728399073Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.730107212Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.731780281Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:49:29.735439432Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T11:49:29.737316239Z 56 PC: 94df9 | Get or set country info
2018-12-25T11:49:29.739808664Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:49:29.746149773Z 25 PC: 94e62 | Get default drive
2018-12-25T11:49:29.74806492Z 71 PC: 970dd | Get current directory
2018-12-25T11:49:29.752584382Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:49:29.75667751Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T11:49:29.759998613Z 93 PC: 94f20 | File sharing functions
2018-12-25T11:49:29.762163121Z 93 PC: 94f27 | File sharing functions
2018-12-25T11:49:29.765270941Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T11:49:44.670676344Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:49:46.024281701Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:49:46.127099604Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:49:46.134453415Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T11:49:46.136549078Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T11:49:46.14283016Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T11:49:46.145060934Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T11:49:46.146728123Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:49:46.154658616Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:49:46.165191642Z 71 PC: 9856c | Get current directory
2018-12-25T11:49:46.168690681Z 73 PC: 97c09 | Release memory
2018-12-25T11:49:46.170696098Z 75 PC: 11821 | Execute program
2018-12-25T11:49:46.185190964Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T11:49:46.188724732Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":3544,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:29.729667966Z 48 PC: 12ba6 | Get DOS version
2018-12-25T11:49:29.731632001Z 47 PC: 12bb2 | Get disk transfer address
2018-12-25T11:49:29.734544229Z 26 PC: 12bc2 | Set disk transfer address
2018-12-25T11:49:29.736668161Z 78 PC: 12c49 | Find first file
2018-12-25T11:49:29.744332636Z 67 PC: 12c83 | Get or set file attributes
2018-12-25T11:49:29.75247895Z 67 PC: 12c95 | Get or set file attributes
2018-12-25T11:49:29.770279367Z 61 PC: 12ca0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:29.778555186Z 87 PC: 12cac | Get or set file date and time
2018-12-25T11:49:29.780920709Z 44 PC: 12cb6 | Get time 0x12cb6: and dh, 7
0x12cb9: jne 0x12ccc
0x12cbb: jmp 0x12ccc
0x12cbd: mov ah, 0x40
0x12cbf: mov cx, 5
0x12cc2: mov dx, si
0x12cc4: add dx, 0x8a
0x12cc8: int 0x21
0x12cca: jmp 0x12d31
0x12ccc: mov ah, 0x3f
0x12cce: mov cx, 3
0x12cd1: mov dx, 0xa
0x12cd4: nop
0x12cd5: add dx, si
0x12cd7: int 0x21
0x12cd9: jb 0x12d31
0x12cdb: cmp ax, 3
0x12cde: jne 0x12d31
0x12ce0: mov ax, 0x4202
0x12ce3: mov cx, 0
2018-12-25T11:49:29.783421897Z 63 PC: 12cd9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:29.791231455Z 66 PC: 12ceb | Move file pointer
2018-12-25T11:49:29.793373497Z 64 PC: 12d0f | Write file or device (Write 629 bytes on handle 5)
2018-12-25T11:49:29.804263074Z 66 PC: 12d22 | Move file pointer
2018-12-25T11:49:29.805996327Z 64 PC: 12d31 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:29.814667128Z 87 PC: 12d44 | Get or set file date and time
2018-12-25T11:49:29.816296704Z 62 PC: 12d48 | Close file
2018-12-25T11:49:29.825153065Z 67 PC: 12d56 | Get or set file attributes
2018-12-25T11:49:29.836141539Z 26 PC: 12d60 | Set disk transfer address
2018-12-25T11:49:29.838582782Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:49:29.845746788Z 76 PC: 12a86 | Terminate with return code (Return code = '36')