Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Sunday.2437

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:21:20.235057891Z	47	PC: 12ba7 \| Get disk transfer address
2018-12-17T22:21:20.236692578Z	26	PC: 12bba \| Set disk transfer address
2018-12-17T22:21:20.238660983Z	78	PC: 12c46 \| Find first file
2018-12-17T22:21:20.245469691Z	67	PC: 12c84 \| Get or set file attributes
2018-12-17T22:21:20.252296015Z	67	PC: 12c96 \| Get or set file attributes
2018-12-17T22:21:20.269432982Z	61	PC: 12ca1 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:21:20.275996051Z	87	PC: 12cad \| Get or set file date and time
2018-12-17T22:21:20.278168553Z	63	PC: 12cc2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:21:20.284454622Z	66	PC: 12cd4 \| Move file pointer
2018-12-17T22:21:20.285868684Z	64	PC: 12cf8 \| Write file or device (Write 2437 bytes on handle 5)
2018-12-17T22:21:20.294370881Z	66	PC: 12d0a \| Move file pointer
2018-12-17T22:21:20.307449076Z	64	PC: 12d19 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:20.314408673Z	87	PC: 12d2c \| Get or set file date and time
2018-12-17T22:21:20.315795811Z	62	PC: 12d30 \| Close file
2018-12-17T22:21:20.323851158Z	67	PC: 12d3f \| Get or set file attributes
2018-12-17T22:21:20.333635109Z	42	PC: 12d44 \| Get date 0x12d44: cmp cx, 0x7c7 0x12d48: jne 0x12d4f 0x12d4a: cmp dh, 1 0x12d4d: je 0x12d61 0x12d4f: cmp al, 0 0x12d51: jne 0x12d61 0x12d53: mov dx, si 0x12d55: mov ah, 9 0x12d57: add dx, 0x16 0x12d5a: nop 0x12d5b: int 0x21 0x12d5d: mov ah, 8 0x12d5f: int 0x21 0x12d61: mov dx, word ptr [si] 0x12d63: nop 0x12d64: nop 0x12d65: mov ds, word ptr [si + 2] 0x12d68: nop 0x12d69: mov ah, 0x1a 0x12d6b: int 0x21
2018-12-17T22:21:20.335839364Z	26	PC: 12d6d \| Set disk transfer address
2018-12-17T22:21:20.337729108Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:21:20.341714792Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3718,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:00.982976585Z	47	PC: 12ba7 \| Get disk transfer address
2018-12-25T11:50:00.991367429Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T11:50:00.992349305Z	78	PC: 12c46 \| Find first file
2018-12-25T11:50:00.996050006Z	67	PC: 12c84 \| Get or set file attributes
2018-12-25T11:50:01.000453222Z	67	PC: 12c96 \| Get or set file attributes
2018-12-25T11:50:01.014078722Z	61	PC: 12ca1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:01.025737132Z	87	PC: 12cad \| Get or set file date and time
2018-12-25T11:50:01.028945904Z	63	PC: 12cc2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:01.035397144Z	66	PC: 12cd4 \| Move file pointer
2018-12-25T11:50:01.036839194Z	64	PC: 12cf8 \| Write file or device (Write 2437 bytes on handle 5)
2018-12-25T11:50:01.045950733Z	66	PC: 12d0a \| Move file pointer
2018-12-25T11:50:01.047857898Z	64	PC: 12d19 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:01.054952428Z	87	PC: 12d2c \| Get or set file date and time
2018-12-25T11:50:01.056672791Z	62	PC: 12d30 \| Close file
2018-12-25T11:50:01.064494093Z	67	PC: 12d3f \| Get or set file attributes
2018-12-25T11:50:01.075059836Z	42	PC: 12d44 \| Get date 0x12d44: cmp cx, 0x7c7 0x12d48: jne 0x12d4f 0x12d4a: cmp dh, 1 0x12d4d: je 0x12d61 0x12d4f: cmp al, 0 0x12d51: jne 0x12d61 0x12d53: mov dx, si 0x12d55: mov ah, 9 0x12d57: add dx, 0x16 0x12d5a: nop 0x12d5b: int 0x21 0x12d5d: mov ah, 8 0x12d5f: int 0x21 0x12d61: mov dx, word ptr [si] 0x12d63: nop 0x12d64: nop 0x12d65: mov ds, word ptr [si + 2] 0x12d68: nop 0x12d69: mov ah, 0x1a 0x12d6b: int 0x21
2018-12-25T11:50:01.077813068Z	26	PC: 12d6d \| Set disk transfer address
2018-12-25T11:50:01.079033838Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:50:01.08453116Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":2,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3718,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:01.014431392Z	47	PC: 12ba7 \| Get disk transfer address
2018-12-25T11:50:01.017179874Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T11:50:01.018522739Z	78	PC: 12c46 \| Find first file
2018-12-25T11:50:01.028203774Z	67	PC: 12c84 \| Get or set file attributes
2018-12-25T11:50:01.036357784Z	67	PC: 12c96 \| Get or set file attributes
2018-12-25T11:50:01.053946623Z	61	PC: 12ca1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:01.061228316Z	87	PC: 12cad \| Get or set file date and time
2018-12-25T11:50:01.062441596Z	63	PC: 12cc2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:01.068905997Z	66	PC: 12cd4 \| Move file pointer
2018-12-25T11:50:01.070127694Z	64	PC: 12cf8 \| Write file or device (Write 2437 bytes on handle 5)
2018-12-25T11:50:01.078546257Z	66	PC: 12d0a \| Move file pointer
2018-12-25T11:50:01.081192399Z	64	PC: 12d19 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:01.08776802Z	87	PC: 12d2c \| Get or set file date and time
2018-12-25T11:50:01.089507074Z	62	PC: 12d30 \| Close file
2018-12-25T11:50:01.098287176Z	67	PC: 12d3f \| Get or set file attributes
2018-12-25T11:50:01.108019158Z	42	PC: 12d44 \| Get date 0x12d44: cmp cx, 0x7c7 0x12d48: jne 0x12d4f 0x12d4a: cmp dh, 1 0x12d4d: je 0x12d61 0x12d4f: cmp al, 0 0x12d51: jne 0x12d61 0x12d53: mov dx, si 0x12d55: mov ah, 9 0x12d57: add dx, 0x16 0x12d5a: nop 0x12d5b: int 0x21 0x12d5d: mov ah, 8 0x12d5f: int 0x21 0x12d61: mov dx, word ptr [si] 0x12d63: nop 0x12d64: nop 0x12d65: mov ds, word ptr [si + 2] 0x12d68: nop 0x12d69: mov ah, 0x1a 0x12d6b: int 0x21
2018-12-25T11:50:01.110210903Z	26	PC: 12d6d \| Set disk transfer address
2018-12-25T11:50:01.111871978Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:50:01.117294489Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":3,"Month":2,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3718,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:01.182682692Z	47	PC: 12ba7 \| Get disk transfer address
2018-12-25T11:50:01.184584964Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T11:50:01.186449673Z	78	PC: 12c46 \| Find first file
2018-12-25T11:50:01.193961393Z	67	PC: 12c84 \| Get or set file attributes
2018-12-25T11:50:01.200665452Z	67	PC: 12c96 \| Get or set file attributes
2018-12-25T11:50:01.225895057Z	61	PC: 12ca1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:01.231689928Z	87	PC: 12cad \| Get or set file date and time
2018-12-25T11:50:01.233289047Z	63	PC: 12cc2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:01.241888274Z	66	PC: 12cd4 \| Move file pointer
2018-12-25T11:50:01.243849607Z	64	PC: 12cf8 \| Write file or device (Write 2437 bytes on handle 5)
2018-12-25T11:50:01.253930124Z	66	PC: 12d0a \| Move file pointer
2018-12-25T11:50:01.256575293Z	64	PC: 12d19 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:01.2643041Z	87	PC: 12d2c \| Get or set file date and time
2018-12-25T11:50:01.266401213Z	62	PC: 12d30 \| Close file
2018-12-25T11:50:01.275567857Z	67	PC: 12d3f \| Get or set file attributes
2018-12-25T11:50:01.287508736Z	42	PC: 12d44 \| Get date 0x12d44: cmp cx, 0x7c7 0x12d48: jne 0x12d4f 0x12d4a: cmp dh, 1 0x12d4d: je 0x12d61 0x12d4f: cmp al, 0 0x12d51: jne 0x12d61 0x12d53: mov dx, si 0x12d55: mov ah, 9 0x12d57: add dx, 0x16 0x12d5a: nop 0x12d5b: int 0x21 0x12d5d: mov ah, 8 0x12d5f: int 0x21 0x12d61: mov dx, word ptr [si] 0x12d63: nop 0x12d64: nop 0x12d65: mov ds, word ptr [si + 2] 0x12d68: nop 0x12d69: mov ah, 0x1a 0x12d6b: int 0x21
2018-12-25T11:50:01.290359366Z	9	PC: 12d5d \| Display string (Could not find end pointer)
2018-12-25T11:50:01.336092384Z	8	PC: 12d61 \| Console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3718,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:01.180768862Z	47	PC: 12ba7 \| Get disk transfer address
2018-12-25T11:50:01.182419547Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T11:50:01.183657527Z	78	PC: 12c46 \| Find first file
2018-12-25T11:50:01.190298149Z	67	PC: 12c84 \| Get or set file attributes
2018-12-25T11:50:01.197563775Z	67	PC: 12c96 \| Get or set file attributes
2018-12-25T11:50:01.210738989Z	61	PC: 12ca1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:01.215674287Z	87	PC: 12cad \| Get or set file date and time
2018-12-25T11:50:01.217615496Z	63	PC: 12cc2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:01.22623725Z	66	PC: 12cd4 \| Move file pointer
2018-12-25T11:50:01.227472244Z	64	PC: 12cf8 \| Write file or device (Write 2437 bytes on handle 5)
2018-12-25T11:50:01.236589242Z	66	PC: 12d0a \| Move file pointer
2018-12-25T11:50:01.239256425Z	64	PC: 12d19 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:01.244062824Z	87	PC: 12d2c \| Get or set file date and time
2018-12-25T11:50:01.245482001Z	62	PC: 12d30 \| Close file
2018-12-25T11:50:01.252313794Z	67	PC: 12d3f \| Get or set file attributes
2018-12-25T11:50:01.259988182Z	42	PC: 12d44 \| Get date 0x12d44: cmp cx, 0x7c7 0x12d48: jne 0x12d4f 0x12d4a: cmp dh, 1 0x12d4d: je 0x12d61 0x12d4f: cmp al, 0 0x12d51: jne 0x12d61 0x12d53: mov dx, si 0x12d55: mov ah, 9 0x12d57: add dx, 0x16 0x12d5a: nop 0x12d5b: int 0x21 0x12d5d: mov ah, 8 0x12d5f: int 0x21 0x12d61: mov dx, word ptr [si] 0x12d63: nop 0x12d64: nop 0x12d65: mov ds, word ptr [si + 2] 0x12d68: nop 0x12d69: mov ah, 0x1a 0x12d6b: int 0x21
2018-12-25T11:50:01.261904061Z	26	PC: 12d6d \| Set disk transfer address
2018-12-25T11:50:01.263962452Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:50:01.270053276Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3718,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:01.823249773Z	64	PC: 0 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:50:01.829071782Z	41	PC: 94fae \| Parse filename
2018-12-25T11:50:01.833513419Z	41	PC: 9502f \| Parse filename
2018-12-25T11:50:01.83549886Z	41	PC: 9504c \| Parse filename
2018-12-25T11:50:01.836874155Z	26	PC: 984f7 \| Set disk transfer address
2018-12-25T11:50:01.838779555Z	71	PC: 986f3 \| Get current directory
2018-12-25T11:50:01.840820285Z	78	PC: 986fe \| Find first file
2018-12-25T11:50:01.847042456Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:50:01.849240283Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:50:01.863554616Z	64	PC: 9a848 \| Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:50:01.873046571Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:50:01.875788251Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:50:01.877276451Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:01.878753099Z	62	PC: 122ab \| Close file
2018-12-25T11:50:01.881372817Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.88266082Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.884324149Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.886033525Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.887617423Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.888752955Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.890535633Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.892794276Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.896965473Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.899943158Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.909239499Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.910548251Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.91216592Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.91373172Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:01.915580537Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T11:50:01.917039444Z	56	PC: 94df9 \| Get or set country info
2018-12-25T11:50:01.919168071Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:50:01.922394744Z	25	PC: 94e62 \| Get default drive
2018-12-25T11:50:01.924180534Z	71	PC: 970dd \| Get current directory
2018-12-25T11:50:01.930585076Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:50:01.933211392Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T11:50:01.93544588Z	93	PC: 94f20 \| File sharing functions
2018-12-25T11:50:01.940348646Z	93	PC: 94f27 \| File sharing functions
2018-12-25T11:50:01.942177889Z	10	PC: 94f39 \| Buffered keyboard input
2018-12-25T11:50:16.869951426Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:50:18.224308531Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:50:18.326618158Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:50:18.333566263Z	41	PC: 94fae \| Parse filename (See above)
2018-12-25T11:50:18.335622551Z	41	PC: 9502f \| Parse filename (See above)
2018-12-25T11:50:18.337321717Z	41	PC: 9504c \| Parse filename (See above)
2018-12-25T11:50:18.343860165Z	26	PC: 984f7 \| Set disk transfer address (See above)
2018-12-25T11:50:18.345790759Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:50:18.351088541Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:50:18.361048891Z	71	PC: 9856c \| Get current directory
2018-12-25T11:50:18.364751567Z	73	PC: 97c09 \| Release memory
2018-12-25T11:50:18.366153785Z	75	PC: 11821 \| Execute program
2018-12-25T11:50:18.380485678Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-25T11:50:18.384592455Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')