Sample viewer

vx.netlux.org/Virus.DOS.Vienna.705

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:22:50.229312905Z	48	PC: 12a63 \| Get DOS version
2018-12-17T22:22:50.232270048Z	47	PC: 12a6f \| Get disk transfer address
2018-12-17T22:22:50.234823207Z	26	PC: 12a7f \| Set disk transfer address
2018-12-17T22:22:50.237182449Z	78	PC: 12b01 \| Find first file
2018-12-17T22:22:50.243348859Z	67	PC: 12b3a \| Get or set file attributes
2018-12-17T22:22:50.248137614Z	67	PC: 12b4b \| Get or set file attributes
2018-12-17T22:22:50.26149575Z	61	PC: 12b56 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:22:50.269133113Z	87	PC: 12b62 \| Get or set file date and time
2018-12-17T22:22:50.272352639Z	44	PC: 12b6c \| Get time 0x12b6c: and dh, 7 0x12b6f: jmp 0x12b80 0x12b71: mov ah, 0x40 0x12b73: mov cx, 5 0x12b76: mov dx, si 0x12b78: add dx, 0x8a 0x12b7c: int 0x21 0x12b7e: jmp 0x12be2 0x12b80: mov ah, 0x3f 0x12b82: mov cx, 3 0x12b85: mov dx, 0xa 0x12b88: nop 0x12b89: add dx, si 0x12b8b: int 0x21 0x12b8d: jb 0x12be2 0x12b8f: cmp ax, 3 0x12b92: jne 0x12be2 0x12b94: mov ax, 0x4202 0x12b97: mov cx, 0 0x12b9a: mov dx, 0
2018-12-17T22:22:50.27495045Z	63	PC: 12b8d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:50.282674836Z	66	PC: 12b9f \| Move file pointer
2018-12-17T22:22:50.287126033Z	64	PC: 12bc2 \| Write file or device (Write 23693 bytes on handle 5)
2018-12-17T22:22:50.298594265Z	66	PC: 12bd4 \| Move file pointer
2018-12-17T22:22:50.300880806Z	64	PC: 12be2 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:50.309878881Z	87	PC: 12bf3 \| Get or set file date and time
2018-12-17T22:22:50.311554701Z	62	PC: 12bf7 \| Close file
2018-12-17T22:22:50.317671403Z	67	PC: 12c05 \| Get or set file attributes
2018-12-17T22:22:50.329235728Z	26	PC: 12c0f \| Set disk transfer address
2018-12-17T22:22:50.331124857Z	37	PC: 12c44 \| Set interrupt vector (Interrupt = '96' AKA 'Qualify filename')
2018-12-17T22:22:50.332802578Z	74	PC: 46992 \| Reallocate memory
2018-12-17T22:22:50.334919657Z	48	PC: 469ea \| Get DOS version
2018-12-17T22:22:50.336359139Z	53	PC: 469f2 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:22:50.337731695Z	37	PC: 46a04 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:22:50.339057329Z	68	PC: 46a88 \| I/O control for devices (Set for = '� �[��')
2018-12-17T22:22:50.340843426Z	68	PC: 46a88 \| I/O control for devices (Set for = '')
2018-12-17T22:22:50.342643542Z	68	PC: 46a88 \| I/O control for devices
2018-12-17T22:22:50.344411629Z	68	PC: 46a88 \| I/O control for devices
2018-12-17T22:22:50.346847231Z	68	PC: 46a88 \| I/O control for devices
2018-12-17T22:22:50.352490231Z	53	PC: 4721a \| Get interrupt vector (Interrupt = '31' AKA 'Get disk parameter block for default drive')
2018-12-17T22:22:52.5649818Z	37	PC: 46b1d \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')