Sample viewer

vx.netlux.org/Virus.DOS.Vienna.814

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:50:29.261946974Z	255	PC: 12a49 \| UNKNOWN!
2018-12-17T21:50:29.262805277Z	48	PC: 12a68 \| Get DOS version
2018-12-17T21:50:29.263617751Z	44	PC: 12a74 \| Get time 0x12a74: xor bx, bx 0x12a76: cmp dl, 4 0x12a79: jle 0x12a7d 0x12a7b: jmp 0x12a8f 0x12a7d: mov dl, byte ptr [bx + si + 0x8f] 0x12a81: or dl, dl 0x12a83: je 0x12a8f 0x12a85: sub dl, 0x4b 0x12a88: mov ah, 2 0x12a8a: int 0x21 0x12a8c: inc bx 0x12a8d: jmp 0x12a7d 0x12a8f: mov ah, 0x2a 0x12a91: int 0x21 0x12a93: cmp dh, 2 0x12a96: jne 0x12aca 0x12a98: cmp dl, 0xe 0x12a9b: jne 0x12aca 0x12a9d: xor bx, bx 0x12a9f: mov dl, byte ptr [bx + si + 0xa3]
2018-12-17T21:50:29.264905667Z	42	PC: 12a93 \| Get date 0x12a93: cmp dh, 2 0x12a96: jne 0x12aca 0x12a98: cmp dl, 0xe 0x12a9b: jne 0x12aca 0x12a9d: xor bx, bx 0x12a9f: mov dl, byte ptr [bx + si + 0xa3] 0x12aa3: or dl, dl 0x12aa5: je 0x12ab1 0x12aa7: sub dl, 0x4b 0x12aaa: mov ah, 2 0x12aac: int 0x21 0x12aae: inc bx 0x12aaf: jmp 0x12a9f 0x12ab1: mov al, 2 0x12ab3: mov cx, 0xff 0x12ab6: mov dx, 1 0x12ab9: int 0x26 0x12abb: jb 0x12ac0 0x12abd: add sp, 2 0x12ac0: inc al
2018-12-17T21:50:29.266542817Z	47	PC: 12acf \| Get disk transfer address
2018-12-17T21:50:29.267298779Z	26	PC: 12ae0 \| Set disk transfer address
2018-12-17T21:50:29.268046804Z	78	PC: 12b69 \| Find first file
2018-12-17T21:50:29.272002817Z	67	PC: 12ba5 \| Get or set file attributes
2018-12-17T21:50:29.275439353Z	67	PC: 12bb7 \| Get or set file attributes
2018-12-17T21:50:29.333116502Z	61	PC: 12bc3 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T21:50:29.340140611Z	87	PC: 12bd0 \| Get or set file date and time
2018-12-17T21:50:29.341053974Z	63	PC: 12be4 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:50:29.344793646Z	66	PC: 12bf5 \| Move file pointer
2018-12-17T21:50:29.346041308Z	64	PC: 12c1b \| Write file or device (Write 814 bytes on handle 5)
2018-12-17T21:50:29.351473904Z	66	PC: 12c2c \| Move file pointer
2018-12-17T21:50:29.352388331Z	64	PC: 12c3c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:50:29.357527171Z	87	PC: 12c50 \| Get or set file date and time
2018-12-17T21:50:29.358525538Z	62	PC: 12c55 \| Close file
2018-12-17T21:50:29.363276888Z	67	PC: 12c64 \| Get or set file attributes
2018-12-17T21:50:29.369440282Z	26	PC: 12c70 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T10:59:51.621764054Z	255	PC: 12a49 \| UNKNOWN!
2018-12-25T10:59:51.622691527Z	48	PC: 12a68 \| Get DOS version
2018-12-25T10:59:51.623831739Z	44	PC: 12a74 \| Get time 0x12a74: xor bx, bx 0x12a76: cmp dl, 4 0x12a79: jle 0x12a7d 0x12a7b: jmp 0x12a8f 0x12a7d: mov dl, byte ptr [bx + si + 0x8f] 0x12a81: or dl, dl 0x12a83: je 0x12a8f 0x12a85: sub dl, 0x4b 0x12a88: mov ah, 2 0x12a8a: int 0x21 0x12a8c: inc bx 0x12a8d: jmp 0x12a7d 0x12a8f: mov ah, 0x2a 0x12a91: int 0x21 0x12a93: cmp dh, 2 0x12a96: jne 0x12aca 0x12a98: cmp dl, 0xe 0x12a9b: jne 0x12aca 0x12a9d: xor bx, bx 0x12a9f: mov dl, byte ptr [bx + si + 0xa3]
2018-12-25T10:59:51.626172582Z	42	PC: 12a93 \| Get date 0x12a93: cmp dh, 2 0x12a96: jne 0x12aca 0x12a98: cmp dl, 0xe 0x12a9b: jne 0x12aca 0x12a9d: xor bx, bx 0x12a9f: mov dl, byte ptr [bx + si + 0xa3] 0x12aa3: or dl, dl 0x12aa5: je 0x12ab1 0x12aa7: sub dl, 0x4b 0x12aaa: mov ah, 2 0x12aac: int 0x21 0x12aae: inc bx 0x12aaf: jmp 0x12a9f 0x12ab1: mov al, 2 0x12ab3: mov cx, 0xff 0x12ab6: mov dx, 1 0x12ab9: int 0x26 0x12abb: jb 0x12ac0 0x12abd: add sp, 2 0x12ac0: inc al
2018-12-25T10:59:51.628050528Z	47	PC: 12acf \| Get disk transfer address
2018-12-25T10:59:51.636984544Z	26	PC: 12ae0 \| Set disk transfer address
2018-12-25T10:59:51.638317955Z	78	PC: 12b69 \| Find first file
2018-12-25T10:59:51.643358629Z	67	PC: 12ba5 \| Get or set file attributes
2018-12-25T10:59:51.648774243Z	67	PC: 12bb7 \| Get or set file attributes
2018-12-25T10:59:51.65906396Z	61	PC: 12bc3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T10:59:51.663901243Z	87	PC: 12bd0 \| Get or set file date and time
2018-12-25T10:59:51.665826963Z	63	PC: 12be4 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T10:59:51.671143837Z	66	PC: 12bf5 \| Move file pointer
2018-12-25T10:59:51.672770469Z	64	PC: 12c1b \| Write file or device (Write 814 bytes on handle 5)
2018-12-25T10:59:51.679560246Z	66	PC: 12c2c \| Move file pointer
2018-12-25T10:59:51.681197643Z	64	PC: 12c3c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T10:59:51.689157626Z	87	PC: 12c50 \| Get or set file date and time
2018-12-25T10:59:51.691275917Z	62	PC: 12c55 \| Close file
2018-12-25T10:59:51.701591016Z	67	PC: 12c64 \| Get or set file attributes
2018-12-25T10:59:51.713631694Z	26	PC: 12c70 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:04:27.261262367Z	255	PC: 12a49 \| UNKNOWN!
2018-12-25T11:04:27.262433658Z	48	PC: 12a68 \| Get DOS version
2018-12-25T11:04:27.263674803Z	44	PC: 12a74 \| Get time 0x12a74: xor bx, bx 0x12a76: cmp dl, 4 0x12a79: jle 0x12a7d 0x12a7b: jmp 0x12a8f 0x12a7d: mov dl, byte ptr [bx + si + 0x8f] 0x12a81: or dl, dl 0x12a83: je 0x12a8f 0x12a85: sub dl, 0x4b 0x12a88: mov ah, 2 0x12a8a: int 0x21 0x12a8c: inc bx 0x12a8d: jmp 0x12a7d 0x12a8f: mov ah, 0x2a 0x12a91: int 0x21 0x12a93: cmp dh, 2 0x12a96: jne 0x12aca 0x12a98: cmp dl, 0xe 0x12a9b: jne 0x12aca 0x12a9d: xor bx, bx 0x12a9f: mov dl, byte ptr [bx + si + 0xa3]
2018-12-25T11:04:27.266063826Z	42	PC: 12a93 \| Get date 0x12a93: cmp dh, 2 0x12a96: jne 0x12aca 0x12a98: cmp dl, 0xe 0x12a9b: jne 0x12aca 0x12a9d: xor bx, bx 0x12a9f: mov dl, byte ptr [bx + si + 0xa3] 0x12aa3: or dl, dl 0x12aa5: je 0x12ab1 0x12aa7: sub dl, 0x4b 0x12aaa: mov ah, 2 0x12aac: int 0x21 0x12aae: inc bx 0x12aaf: jmp 0x12a9f 0x12ab1: mov al, 2 0x12ab3: mov cx, 0xff 0x12ab6: mov dx, 1 0x12ab9: int 0x26 0x12abb: jb 0x12ac0 0x12abd: add sp, 2 0x12ac0: inc al
2018-12-25T11:04:27.26792279Z	47	PC: 12acf \| Get disk transfer address
2018-12-25T11:04:27.269240932Z	26	PC: 12ae0 \| Set disk transfer address
2018-12-25T11:04:27.27036237Z	78	PC: 12b69 \| Find first file
2018-12-25T11:04:27.275512507Z	67	PC: 12ba5 \| Get or set file attributes
2018-12-25T11:04:27.280198762Z	67	PC: 12bb7 \| Get or set file attributes
2018-12-25T11:04:27.289265562Z	61	PC: 12bc3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:04:27.298314219Z	87	PC: 12bd0 \| Get or set file date and time
2018-12-25T11:04:27.300292919Z	63	PC: 12be4 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:04:27.30734462Z	66	PC: 12bf5 \| Move file pointer
2018-12-25T11:04:27.309412401Z	64	PC: 12c1b \| Write file or device (Write 814 bytes on handle 5)
2018-12-25T11:04:27.324995731Z	66	PC: 12c2c \| Move file pointer
2018-12-25T11:04:27.327119366Z	64	PC: 12c3c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:04:27.33523833Z	87	PC: 12c50 \| Get or set file date and time
2018-12-25T11:04:27.337182166Z	62	PC: 12c55 \| Close file
2018-12-25T11:04:27.347028164Z	67	PC: 12c64 \| Get or set file attributes
2018-12-25T11:04:27.35968471Z	26	PC: 12c70 \| Set disk transfer address

{"DateBased":true,"Day":14,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:11:27.019170376Z	255	PC: 12a49 \| UNKNOWN!
2018-12-25T11:11:27.020064182Z	48	PC: 12a68 \| Get DOS version
2018-12-25T11:11:27.021170759Z	44	PC: 12a74 \| Get time 0x12a74: xor bx, bx 0x12a76: cmp dl, 4 0x12a79: jle 0x12a7d 0x12a7b: jmp 0x12a8f 0x12a7d: mov dl, byte ptr [bx + si + 0x8f] 0x12a81: or dl, dl 0x12a83: je 0x12a8f 0x12a85: sub dl, 0x4b 0x12a88: mov ah, 2 0x12a8a: int 0x21 0x12a8c: inc bx 0x12a8d: jmp 0x12a7d 0x12a8f: mov ah, 0x2a 0x12a91: int 0x21 0x12a93: cmp dh, 2 0x12a96: jne 0x12aca 0x12a98: cmp dl, 0xe 0x12a9b: jne 0x12aca 0x12a9d: xor bx, bx 0x12a9f: mov dl, byte ptr [bx + si + 0xa3]
2018-12-25T11:11:27.023332006Z	42	PC: 12a93 \| Get date 0x12a93: cmp dh, 2 0x12a96: jne 0x12aca 0x12a98: cmp dl, 0xe 0x12a9b: jne 0x12aca 0x12a9d: xor bx, bx 0x12a9f: mov dl, byte ptr [bx + si + 0xa3] 0x12aa3: or dl, dl 0x12aa5: je 0x12ab1 0x12aa7: sub dl, 0x4b 0x12aaa: mov ah, 2 0x12aac: int 0x21 0x12aae: inc bx 0x12aaf: jmp 0x12a9f 0x12ab1: mov al, 2 0x12ab3: mov cx, 0xff 0x12ab6: mov dx, 1 0x12ab9: int 0x26 0x12abb: jb 0x12ac0 0x12abd: add sp, 2 0x12ac0: inc al
2018-12-25T11:11:27.025143612Z	2	PC: 12aae \| Character output (Char = '56')
2018-12-25T11:11:27.02693902Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.028730509Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.03094853Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.032730431Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.034417672Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.036493963Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.038392298Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.040276866Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.041876909Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.044092864Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.045949819Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.047748687Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.04960494Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.051350861Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.053182096Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.054922131Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.056942126Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.058776769Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.060562067Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.064037259Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.066093202Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.067760448Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.069418725Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.071184264Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.073040089Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.074644843Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.076265251Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.080012447Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.081859238Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.083783964Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.085863363Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.08791398Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.089760437Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.091633963Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.093787014Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.096611884Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.09883859Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.100965412Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.103086054Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.10844066Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.110450675Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.112470484Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.115069641Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.117224198Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.119340243Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.122455475Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.124580789Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.126587373Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.12868243Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.130962584Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.132738494Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.134399438Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.136267935Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.138314191Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.13997778Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.141932111Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.143956004Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.145922246Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.148123181Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.152535516Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.156065891Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.157871763Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.159463445Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.161679722Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.163624162Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.165953943Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.16808755Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.170774344Z	2	PC: 12aae \| Character output (See above)
2018-12-25T11:11:27.173764374Z	2	PC: 12aae \| Character output (See above)