Sample viewer

vx.netlux.org/Virus.DOS.Vienna.648.e

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:27:42.559542187Z	48	PC: 13253 \| Get DOS version
2018-12-17T22:27:42.562121705Z	47	PC: 1325f \| Get disk transfer address
2018-12-17T22:27:42.563622533Z	26	PC: 13272 \| Set disk transfer address
2018-12-17T22:27:42.565173376Z	78	PC: 132fe \| Find first file
2018-12-17T22:27:42.572435016Z	67	PC: 1333c \| Get or set file attributes
2018-12-17T22:27:42.593682189Z	67	PC: 1334f \| Get or set file attributes
2018-12-17T22:27:42.625708279Z	61	PC: 1335a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:27:42.635220829Z	87	PC: 13366 \| Get or set file date and time
2018-12-17T22:27:42.636658205Z	44	PC: 13372 \| Get time 0x13372: and dh, 7 0x13375: jne 0x13387 0x13377: mov ah, 0x40 0x13379: mov cx, 5 0x1337c: mov dx, si 0x1337e: add dx, 0x8a 0x13382: int 0x21 0x13384: jmp 0x133eb 0x13386: nop 0x13387: mov ah, 0x3f 0x13389: mov cx, 3 0x1338c: mov dx, 0xa 0x1338f: nop 0x13390: add dx, si 0x13392: int 0x21 0x13394: jb 0x133eb 0x13396: cmp ax, 3 0x13399: jne 0x133eb 0x1339b: mov ax, 0x4202 0x1339e: mov cx, 0
2018-12-17T22:27:42.638874512Z	63	PC: 13394 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:27:42.64649285Z	66	PC: 133a6 \| Move file pointer
2018-12-17T22:27:42.647927857Z	64	PC: 133ca \| Write file or device (Write 648 bytes on handle 5)
2018-12-17T22:27:42.664075566Z	66	PC: 133dc \| Move file pointer
2018-12-17T22:27:42.666309076Z	64	PC: 133eb \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:27:42.673766393Z	87	PC: 13400 \| Get or set file date and time
2018-12-17T22:27:42.675244473Z	62	PC: 13404 \| Close file
2018-12-17T22:27:42.683243693Z	67	PC: 13413 \| Get or set file attributes
2018-12-17T22:27:42.694781366Z	26	PC: 13420 \| Set disk transfer address
2018-12-17T22:27:42.696272849Z	9	PC: 13236 \| Display string (String= 'VIENNA #1 (DOS 62) virus! ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4935,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:16.131013389Z	48	PC: 13253 \| Get DOS version
2018-12-25T11:53:16.132442374Z	47	PC: 1325f \| Get disk transfer address
2018-12-25T11:53:16.133380585Z	26	PC: 13272 \| Set disk transfer address
2018-12-25T11:53:16.134375808Z	78	PC: 132fe \| Find first file
2018-12-25T11:53:16.140480048Z	67	PC: 1333c \| Get or set file attributes
2018-12-25T11:53:16.146190782Z	67	PC: 1334f \| Get or set file attributes
2018-12-25T11:53:16.163000954Z	61	PC: 1335a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:16.169907835Z	87	PC: 13366 \| Get or set file date and time
2018-12-25T11:53:16.171677488Z	44	PC: 13372 \| Get time 0x13372: and dh, 7 0x13375: jne 0x13387 0x13377: mov ah, 0x40 0x13379: mov cx, 5 0x1337c: mov dx, si 0x1337e: add dx, 0x8a 0x13382: int 0x21 0x13384: jmp 0x133eb 0x13386: nop 0x13387: mov ah, 0x3f 0x13389: mov cx, 3 0x1338c: mov dx, 0xa 0x1338f: nop 0x13390: add dx, si 0x13392: int 0x21 0x13394: jb 0x133eb 0x13396: cmp ax, 3 0x13399: jne 0x133eb 0x1339b: mov ax, 0x4202 0x1339e: mov cx, 0
2018-12-25T11:53:16.173596262Z	63	PC: 13394 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:16.180153981Z	66	PC: 133a6 \| Move file pointer
2018-12-25T11:53:16.181445208Z	64	PC: 133ca \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T11:53:16.189857896Z	66	PC: 133dc \| Move file pointer
2018-12-25T11:53:16.191582171Z	64	PC: 133eb \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:16.197768358Z	87	PC: 13400 \| Get or set file date and time
2018-12-25T11:53:16.199267836Z	62	PC: 13404 \| Close file
2018-12-25T11:53:16.210461205Z	67	PC: 13413 \| Get or set file attributes
2018-12-25T11:53:16.220470564Z	26	PC: 13420 \| Set disk transfer address
2018-12-25T11:53:16.221320151Z	9	PC: 13236 \| Display string (String= 'VIENNA #1 (DOS 62) virus! ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":4935,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:16.295714118Z	48	PC: 13253 \| Get DOS version
2018-12-25T11:53:16.297212195Z	47	PC: 1325f \| Get disk transfer address
2018-12-25T11:53:16.298180459Z	26	PC: 13272 \| Set disk transfer address
2018-12-25T11:53:16.29924444Z	78	PC: 132fe \| Find first file
2018-12-25T11:53:16.305337782Z	67	PC: 1333c \| Get or set file attributes
2018-12-25T11:53:16.310961059Z	67	PC: 1334f \| Get or set file attributes
2018-12-25T11:53:16.326274675Z	61	PC: 1335a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:16.333313639Z	87	PC: 13366 \| Get or set file date and time
2018-12-25T11:53:16.334611907Z	44	PC: 13372 \| Get time 0x13372: and dh, 7 0x13375: jne 0x13387 0x13377: mov ah, 0x40 0x13379: mov cx, 5 0x1337c: mov dx, si 0x1337e: add dx, 0x8a 0x13382: int 0x21 0x13384: jmp 0x133eb 0x13386: nop 0x13387: mov ah, 0x3f 0x13389: mov cx, 3 0x1338c: mov dx, 0xa 0x1338f: nop 0x13390: add dx, si 0x13392: int 0x21 0x13394: jb 0x133eb 0x13396: cmp ax, 3 0x13399: jne 0x133eb 0x1339b: mov ax, 0x4202 0x1339e: mov cx, 0
2018-12-25T11:53:16.336652509Z	63	PC: 13394 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:16.343482365Z	66	PC: 133a6 \| Move file pointer
2018-12-25T11:53:16.344857423Z	64	PC: 133ca \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T11:53:16.353198878Z	66	PC: 133dc \| Move file pointer
2018-12-25T11:53:16.355331021Z	64	PC: 133eb \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:16.362194898Z	87	PC: 13400 \| Get or set file date and time
2018-12-25T11:53:16.363721871Z	62	PC: 13404 \| Close file
2018-12-25T11:53:16.371871332Z	67	PC: 13413 \| Get or set file attributes
2018-12-25T11:53:16.382941683Z	26	PC: 13420 \| Set disk transfer address
2018-12-25T11:53:16.383963146Z	9	PC: 13236 \| Display string (String= 'VIENNA #1 (DOS 62) virus! ')