Sample viewer

vx.netlux.org/Virus.DOS.Vienna.851.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:26:55.441747221Z	255	PC: 12a4a \| UNKNOWN!
2018-12-17T22:26:55.443586886Z	48	PC: 12a6a \| Get DOS version
2018-12-17T22:26:55.444693643Z	44	PC: 12a76 \| Get time 0x12a76: xor bx, bx 0x12a78: cmp dl, 4 0x12a7b: jle 0x12a7f 0x12a7d: jmp 0x12a91 0x12a7f: mov dl, byte ptr [bx + si + 0x8f] 0x12a83: or dl, dl 0x12a85: je 0x12a91 0x12a87: sub dl, 0x4b 0x12a8a: mov ah, 2 0x12a8c: int 0x21 0x12a8e: inc bx 0x12a8f: jmp 0x12a7f 0x12a91: mov ah, 0x2a 0x12a93: int 0x21 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3]
2018-12-17T22:26:55.446679253Z	42	PC: 12a95 \| Get date 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3] 0x12aa5: or dl, dl 0x12aa7: je 0x12ab3 0x12aa9: sub dl, 0x4b 0x12aac: mov ah, 2 0x12aae: int 0x21 0x12ab0: inc bx 0x12ab1: jmp 0x12aa1 0x12ab3: mov al, 2 0x12ab5: mov cx, 0xff 0x12ab8: mov dx, 1 0x12abb: int 0x26 0x12abd: jb 0x12ac2 0x12abf: add sp, 2 0x12ac2: inc al
2018-12-17T22:26:55.448965929Z	47	PC: 12ad1 \| Get disk transfer address
2018-12-17T22:26:55.450279954Z	26	PC: 12ae6 \| Set disk transfer address
2018-12-17T22:26:55.451469229Z	78	PC: 12b7a \| Find first file
2018-12-17T22:26:55.45732826Z	67	PC: 12bbc \| Get or set file attributes
2018-12-17T22:26:55.462972864Z	67	PC: 12bd0 \| Get or set file attributes
2018-12-17T22:26:55.478140202Z	61	PC: 12bdd \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:26:55.482253954Z	87	PC: 12bea \| Get or set file date and time
2018-12-17T22:26:55.483739942Z	63	PC: 12c01 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:26:55.487686322Z	66	PC: 12c12 \| Move file pointer
2018-12-17T22:26:55.488771538Z	64	PC: 12c39 \| Write file or device (Write 851 bytes on handle 5)
2018-12-17T22:26:55.494634976Z	66	PC: 12c4a \| Move file pointer
2018-12-17T22:26:55.495676109Z	64	PC: 12c5b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:26:55.49979835Z	87	PC: 12c71 \| Get or set file date and time
2018-12-17T22:26:55.505517417Z	62	PC: 12c76 \| Close file
2018-12-17T22:26:55.533566886Z	67	PC: 12c87 \| Get or set file attributes
2018-12-17T22:26:55.544091235Z	26	PC: 12c96 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4772,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:49.216483378Z	255	PC: 12a4a \| UNKNOWN!
2018-12-25T11:52:49.218433625Z	48	PC: 12a6a \| Get DOS version
2018-12-25T11:52:49.219620897Z	44	PC: 12a76 \| Get time 0x12a76: xor bx, bx 0x12a78: cmp dl, 4 0x12a7b: jle 0x12a7f 0x12a7d: jmp 0x12a91 0x12a7f: mov dl, byte ptr [bx + si + 0x8f] 0x12a83: or dl, dl 0x12a85: je 0x12a91 0x12a87: sub dl, 0x4b 0x12a8a: mov ah, 2 0x12a8c: int 0x21 0x12a8e: inc bx 0x12a8f: jmp 0x12a7f 0x12a91: mov ah, 0x2a 0x12a93: int 0x21 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3]
2018-12-25T11:52:49.221084315Z	42	PC: 12a95 \| Get date 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3] 0x12aa5: or dl, dl 0x12aa7: je 0x12ab3 0x12aa9: sub dl, 0x4b 0x12aac: mov ah, 2 0x12aae: int 0x21 0x12ab0: inc bx 0x12ab1: jmp 0x12aa1 0x12ab3: mov al, 2 0x12ab5: mov cx, 0xff 0x12ab8: mov dx, 1 0x12abb: int 0x26 0x12abd: jb 0x12ac2 0x12abf: add sp, 2 0x12ac2: inc al
2018-12-25T11:52:49.222670237Z	47	PC: 12ad1 \| Get disk transfer address
2018-12-25T11:52:49.223875744Z	26	PC: 12ae6 \| Set disk transfer address
2018-12-25T11:52:49.224959522Z	78	PC: 12b7a \| Find first file
2018-12-25T11:52:49.230932099Z	67	PC: 12bbc \| Get or set file attributes
2018-12-25T11:52:49.236817871Z	67	PC: 12bd0 \| Get or set file attributes
2018-12-25T11:52:49.253791819Z	61	PC: 12bdd \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:49.260745663Z	87	PC: 12bea \| Get or set file date and time
2018-12-25T11:52:49.263349087Z	63	PC: 12c01 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:49.269671881Z	66	PC: 12c12 \| Move file pointer
2018-12-25T11:52:49.271482454Z	64	PC: 12c39 \| Write file or device (Write 851 bytes on handle 5)
2018-12-25T11:52:49.283513118Z	66	PC: 12c4a \| Move file pointer
2018-12-25T11:52:49.284701958Z	64	PC: 12c5b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:49.291367272Z	87	PC: 12c71 \| Get or set file date and time
2018-12-25T11:52:49.293247025Z	62	PC: 12c76 \| Close file
2018-12-25T11:52:49.300788723Z	67	PC: 12c87 \| Get or set file attributes
2018-12-25T11:52:49.3116838Z	26	PC: 12c96 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4772,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:49.671679526Z	255	PC: 12a4a \| UNKNOWN!
2018-12-25T11:52:49.672844092Z	48	PC: 12a6a \| Get DOS version
2018-12-25T11:52:49.674131961Z	44	PC: 12a76 \| Get time 0x12a76: xor bx, bx 0x12a78: cmp dl, 4 0x12a7b: jle 0x12a7f 0x12a7d: jmp 0x12a91 0x12a7f: mov dl, byte ptr [bx + si + 0x8f] 0x12a83: or dl, dl 0x12a85: je 0x12a91 0x12a87: sub dl, 0x4b 0x12a8a: mov ah, 2 0x12a8c: int 0x21 0x12a8e: inc bx 0x12a8f: jmp 0x12a7f 0x12a91: mov ah, 0x2a 0x12a93: int 0x21 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3]
2018-12-25T11:52:49.676284417Z	42	PC: 12a95 \| Get date 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3] 0x12aa5: or dl, dl 0x12aa7: je 0x12ab3 0x12aa9: sub dl, 0x4b 0x12aac: mov ah, 2 0x12aae: int 0x21 0x12ab0: inc bx 0x12ab1: jmp 0x12aa1 0x12ab3: mov al, 2 0x12ab5: mov cx, 0xff 0x12ab8: mov dx, 1 0x12abb: int 0x26 0x12abd: jb 0x12ac2 0x12abf: add sp, 2 0x12ac2: inc al
2018-12-25T11:52:49.67863646Z	47	PC: 12ad1 \| Get disk transfer address
2018-12-25T11:52:49.685545974Z	26	PC: 12ae6 \| Set disk transfer address
2018-12-25T11:52:49.686727963Z	78	PC: 12b7a \| Find first file
2018-12-25T11:52:49.692866934Z	67	PC: 12bbc \| Get or set file attributes
2018-12-25T11:52:49.703800231Z	67	PC: 12bd0 \| Get or set file attributes
2018-12-25T11:52:49.719492662Z	61	PC: 12bdd \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:49.728035431Z	87	PC: 12bea \| Get or set file date and time
2018-12-25T11:52:49.730593235Z	63	PC: 12c01 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:52:49.737854873Z	66	PC: 12c12 \| Move file pointer
2018-12-25T11:52:49.740489637Z	64	PC: 12c39 \| Write file or device (Write 851 bytes on handle 5)
2018-12-25T11:52:49.754875892Z	66	PC: 12c4a \| Move file pointer
2018-12-25T11:52:49.758964762Z	64	PC: 12c5b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:52:49.765552357Z	87	PC: 12c71 \| Get or set file date and time
2018-12-25T11:52:49.772940489Z	62	PC: 12c76 \| Close file
2018-12-25T11:52:49.780645829Z	67	PC: 12c87 \| Get or set file attributes
2018-12-25T11:52:49.790158515Z	26	PC: 12c96 \| Set disk transfer address

{"DateBased":true,"Day":14,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4772,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:50.316277287Z	255	PC: 12a4a \| UNKNOWN!
2018-12-25T11:52:50.317580523Z	48	PC: 12a6a \| Get DOS version
2018-12-25T11:52:50.318723283Z	44	PC: 12a76 \| Get time 0x12a76: xor bx, bx 0x12a78: cmp dl, 4 0x12a7b: jle 0x12a7f 0x12a7d: jmp 0x12a91 0x12a7f: mov dl, byte ptr [bx + si + 0x8f] 0x12a83: or dl, dl 0x12a85: je 0x12a91 0x12a87: sub dl, 0x4b 0x12a8a: mov ah, 2 0x12a8c: int 0x21 0x12a8e: inc bx 0x12a8f: jmp 0x12a7f 0x12a91: mov ah, 0x2a 0x12a93: int 0x21 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3]
2018-12-25T11:52:50.320745385Z	42	PC: 12a95 \| Get date 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3] 0x12aa5: or dl, dl 0x12aa7: je 0x12ab3 0x12aa9: sub dl, 0x4b 0x12aac: mov ah, 2 0x12aae: int 0x21 0x12ab0: inc bx 0x12ab1: jmp 0x12aa1 0x12ab3: mov al, 2 0x12ab5: mov cx, 0xff 0x12ab8: mov dx, 1 0x12abb: int 0x26 0x12abd: jb 0x12ac2 0x12abf: add sp, 2 0x12ac2: inc al
2018-12-25T11:52:50.323766919Z	2	PC: 12ab0 \| Character output (Char = '56')
2018-12-25T11:52:50.326014866Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.329077102Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.332425484Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.335158603Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.337473709Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.340726323Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.343173332Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.345510423Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.347827653Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.350690448Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.35269594Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.354624177Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.364846533Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.367008689Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.369294654Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.372240043Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.374314025Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.376367403Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.379051671Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.383060355Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.385315709Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.388102158Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.390839531Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.392818896Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.397218226Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.399753776Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.40192861Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.403979668Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.405328931Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.406834529Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.408894953Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.410378382Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.412815892Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.414901163Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.416939298Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.420165548Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.422301291Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.434697136Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.436837767Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.442354174Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.444572051Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.446877323Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.449148434Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.451952045Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.45402516Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.457425768Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.459890523Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.462001685Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.464122688Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.466548159Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.469268299Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.473432463Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.478894743Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.480924661Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.48308964Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.48606052Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.488159721Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.490149586Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.49290857Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.494987321Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.497035279Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.500276501Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.503002011Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.505016342Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.508787034Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.510928822Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.51277197Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.51515157Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:52:50.518608554Z	2	PC: 12ab0 \| Character output (See above)