Sample viewer

vx.netlux.org/Virus.DOS.Vienna.778

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:27.516253944Z	48	PC: 12b67 \| Get DOS version
2018-12-17T22:30:27.517737379Z	47	PC: 12b73 \| Get disk transfer address
2018-12-17T22:30:27.519895902Z	26	PC: 12b82 \| Set disk transfer address
2018-12-17T22:30:27.521381345Z	78	PC: 12bfe \| Find first file
2018-12-17T22:30:27.52835969Z	67	PC: 12c49 \| Get or set file attributes
2018-12-17T22:30:27.538129662Z	67	PC: 12c56 \| Get or set file attributes
2018-12-17T22:30:27.555428729Z	61	PC: 12c5d \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:30:27.562824408Z	87	PC: 12c69 \| Get or set file date and time
2018-12-17T22:30:27.564719638Z	44	PC: 12c73 \| Get time 0x12c73: and dh, 7 0x12c76: jne 0x12ce0 0x12c78: mov ah, 0x19 0x12c7a: int 0x21 0x12c7c: push bx 0x12c7d: mov dl, al 0x12c7f: mov dh, 0 0x12c81: mov cx, 0x10 0x12c84: mov bx, si 0x12c86: add bx, 0xc1 0x12c8a: xor byte ptr [bx], 0x27 0x12c8d: inc bx 0x12c8e: loop 0x12c8a 0x12c90: mov cx, 1 0x12c93: mov ax, 0x309 0x12c96: mov bx, si 0x12c98: add bx, 0xc1 0x12c9c: int 0x13 0x12c9e: jb 0x12cdd 0x12ca0: push es
2018-12-17T22:30:27.567110301Z	63	PC: 12cec \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:30:27.574159174Z	66	PC: 12cfc \| Move file pointer
2018-12-17T22:30:27.575571518Z	64	PC: 12d1f \| Write file or device (Write 778 bytes on handle 5)
2018-12-17T22:30:27.58400182Z	66	PC: 12d2f \| Move file pointer
2018-12-17T22:30:27.585136987Z	64	PC: 12d3d \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:30:27.589811062Z	87	PC: 12d5c \| Get or set file date and time
2018-12-17T22:30:27.591691226Z	62	PC: 12d60 \| Close file
2018-12-17T22:30:27.597050307Z	67	PC: 12d6d \| Get or set file attributes
2018-12-17T22:30:27.603449326Z	26	PC: 12d77 \| Set disk transfer address
2018-12-17T22:30:27.605114966Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5443,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:32.001995868Z	48	PC: 12b67 \| Get DOS version
2018-12-25T11:54:32.003361729Z	47	PC: 12b73 \| Get disk transfer address
2018-12-25T11:54:32.00428244Z	26	PC: 12b82 \| Set disk transfer address
2018-12-25T11:54:32.0052703Z	78	PC: 12bfe \| Find first file
2018-12-25T11:54:32.011462491Z	67	PC: 12c49 \| Get or set file attributes
2018-12-25T11:54:32.016773306Z	67	PC: 12c56 \| Get or set file attributes
2018-12-25T11:54:33.004800814Z	61	PC: 12c5d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:33.013544557Z	87	PC: 12c69 \| Get or set file date and time
2018-12-25T11:54:33.016063739Z	44	PC: 12c73 \| Get time 0x12c73: and dh, 7 0x12c76: jne 0x12ce0 0x12c78: mov ah, 0x19 0x12c7a: int 0x21 0x12c7c: push bx 0x12c7d: mov dl, al 0x12c7f: mov dh, 0 0x12c81: mov cx, 0x10 0x12c84: mov bx, si 0x12c86: add bx, 0xc1 0x12c8a: xor byte ptr [bx], 0x27 0x12c8d: inc bx 0x12c8e: loop 0x12c8a 0x12c90: mov cx, 1 0x12c93: mov ax, 0x309 0x12c96: mov bx, si 0x12c98: add bx, 0xc1 0x12c9c: int 0x13 0x12c9e: jb 0x12cdd 0x12ca0: push es
2018-12-25T11:54:33.018021729Z	63	PC: 12cec \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:33.025071981Z	66	PC: 12cfc \| Move file pointer
2018-12-25T11:54:33.026706349Z	64	PC: 12d1f \| Write file or device (Write 778 bytes on handle 5)
2018-12-25T11:54:33.035511936Z	66	PC: 12d2f \| Move file pointer
2018-12-25T11:54:33.038281597Z	64	PC: 12d3d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:33.044959165Z	87	PC: 12d5c \| Get or set file date and time
2018-12-25T11:54:33.046607308Z	62	PC: 12d60 \| Close file
2018-12-25T11:54:33.05698291Z	67	PC: 12d6d \| Get or set file attributes
2018-12-25T11:54:33.068062595Z	26	PC: 12d77 \| Set disk transfer address
2018-12-25T11:54:33.069227255Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":5443,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:32.039523238Z	48	PC: 12b67 \| Get DOS version
2018-12-25T11:54:32.041097978Z	47	PC: 12b73 \| Get disk transfer address
2018-12-25T11:54:32.04195431Z	26	PC: 12b82 \| Set disk transfer address
2018-12-25T11:54:32.042910803Z	78	PC: 12bfe \| Find first file
2018-12-25T11:54:32.049141233Z	67	PC: 12c49 \| Get or set file attributes
2018-12-25T11:54:32.054543951Z	67	PC: 12c56 \| Get or set file attributes
2018-12-25T11:54:33.004705088Z	61	PC: 12c5d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:33.010501527Z	87	PC: 12c69 \| Get or set file date and time
2018-12-25T11:54:33.011576731Z	44	PC: 12c73 \| Get time 0x12c73: and dh, 7 0x12c76: jne 0x12ce0 0x12c78: mov ah, 0x19 0x12c7a: int 0x21 0x12c7c: push bx 0x12c7d: mov dl, al 0x12c7f: mov dh, 0 0x12c81: mov cx, 0x10 0x12c84: mov bx, si 0x12c86: add bx, 0xc1 0x12c8a: xor byte ptr [bx], 0x27 0x12c8d: inc bx 0x12c8e: loop 0x12c8a 0x12c90: mov cx, 1 0x12c93: mov ax, 0x309 0x12c96: mov bx, si 0x12c98: add bx, 0xc1 0x12c9c: int 0x13 0x12c9e: jb 0x12cdd 0x12ca0: push es
2018-12-25T11:54:33.013864344Z	63	PC: 12cec \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:33.020608346Z	66	PC: 12cfc \| Move file pointer
2018-12-25T11:54:33.022015484Z	64	PC: 12d1f \| Write file or device (Write 778 bytes on handle 5)
2018-12-25T11:54:33.030151178Z	66	PC: 12d2f \| Move file pointer
2018-12-25T11:54:33.031778816Z	64	PC: 12d3d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:33.03810276Z	87	PC: 12d5c \| Get or set file date and time
2018-12-25T11:54:33.039603758Z	62	PC: 12d60 \| Close file
2018-12-25T11:54:33.047379638Z	67	PC: 12d6d \| Get or set file attributes
2018-12-25T11:54:33.060242769Z	26	PC: 12d77 \| Set disk transfer address
2018-12-25T11:54:33.061346008Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')