Sample viewer

vx.netlux.org/Virus.DOS.Vienna.1289

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:55:04.422654966Z 42 PC: 12c4f | Get date 0x12c4f: cmp al, 0
0x12c51: jne 0x12c56
0x12c53: jmp 0x13075
0x12c56: mov dx, 0x2c
0x12c59: add dx, di
0x12c5b: mov bx, dx
0x12c5d: mov ah, 0x1a
0x12c5f: int 0x21
0x12c61: mov bp, 0
0x12c64: mov dx, di
0x12c66: add dx, 7
0x12c69: nop
0x12c6a: mov cx, 3
0x12c6d: mov ah, 0x4e
0x12c6f: int 0x21
0x12c71: jmp 0x12c78
0x12c73: nop
0x12c74: mov ah, 0x4f
0x12c76: int 0x21
0x12c78: jae 0x12c8f
2018-12-17T21:55:04.425731918Z 26 PC: 12c61 | Set disk transfer address
2018-12-17T21:55:04.426728187Z 78 PC: 12c71 | Find first file
2018-12-17T21:55:04.432989698Z 67 PC: 12cce | Get or set file attributes
2018-12-17T21:55:04.439022397Z 67 PC: 12ce1 | Get or set file attributes
2018-12-17T21:55:04.458033257Z 61 PC: 12cec | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:55:04.470258086Z 87 PC: 12cf8 | Get or set file date and time
2018-12-17T21:55:04.478227031Z 63 PC: 12d0d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:55:04.484464227Z 66 PC: 12d21 | Move file pointer
2018-12-17T21:55:04.485879457Z 64 PC: 12d49 | Write file or device (Write 1289 bytes on handle 5)
2018-12-17T21:55:04.4943277Z 66 PC: 12d5d | Move file pointer
2018-12-17T21:55:04.495983355Z 64 PC: 12d6c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:55:04.50267212Z 87 PC: 12d81 | Get or set file date and time
2018-12-17T21:55:04.504331887Z 62 PC: 12d85 | Close file
2018-12-17T21:55:04.512677182Z 67 PC: 12d8e | Get or set file attributes
2018-12-17T21:55:04.516779778Z 26 PC: 12d95 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":546,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:19.689792242Z 42 PC: 12c4f | Get date 0x12c4f: cmp al, 0
0x12c51: jne 0x12c56
0x12c53: jmp 0x13075
0x12c56: mov dx, 0x2c
0x12c59: add dx, di
0x12c5b: mov bx, dx
0x12c5d: mov ah, 0x1a
0x12c5f: int 0x21
0x12c61: mov bp, 0
0x12c64: mov dx, di
0x12c66: add dx, 7
0x12c69: nop
0x12c6a: mov cx, 3
0x12c6d: mov ah, 0x4e
0x12c6f: int 0x21
0x12c71: jmp 0x12c78
0x12c73: nop
0x12c74: mov ah, 0x4f
0x12c76: int 0x21
0x12c78: jae 0x12c8f
2018-12-25T11:41:19.692739156Z 26 PC: 12c61 | Set disk transfer address
2018-12-25T11:41:19.69413365Z 78 PC: 12c71 | Find first file
2018-12-25T11:41:19.700394378Z 67 PC: 12cce | Get or set file attributes
2018-12-25T11:41:19.706654108Z 67 PC: 12ce1 | Get or set file attributes
2018-12-25T11:41:19.721994918Z 61 PC: 12cec | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:19.728398696Z 87 PC: 12cf8 | Get or set file date and time
2018-12-25T11:41:19.729902681Z 63 PC: 12d0d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:19.736309719Z 66 PC: 12d21 | Move file pointer
2018-12-25T11:41:19.73773305Z 64 PC: 12d49 | Write file or device (Write 1289 bytes on handle 5)
2018-12-25T11:41:19.746397504Z 66 PC: 12d5d | Move file pointer
2018-12-25T11:41:19.750064749Z 64 PC: 12d6c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:19.756679284Z 87 PC: 12d81 | Get or set file date and time
2018-12-25T11:41:19.75850664Z 62 PC: 12d85 | Close file
2018-12-25T11:41:19.767019223Z 67 PC: 12d8e | Get or set file attributes
2018-12-25T11:41:19.771417458Z 26 PC: 12d95 | Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":546,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:19.822895833Z 42 PC: 12c4f | Get date 0x12c4f: cmp al, 0
0x12c51: jne 0x12c56
0x12c53: jmp 0x13075
0x12c56: mov dx, 0x2c
0x12c59: add dx, di
0x12c5b: mov bx, dx
0x12c5d: mov ah, 0x1a
0x12c5f: int 0x21
0x12c61: mov bp, 0
0x12c64: mov dx, di
0x12c66: add dx, 7
0x12c69: nop
0x12c6a: mov cx, 3
0x12c6d: mov ah, 0x4e
0x12c6f: int 0x21
0x12c71: jmp 0x12c78
0x12c73: nop
0x12c74: mov ah, 0x4f
0x12c76: int 0x21
0x12c78: jae 0x12c8f
2018-12-25T11:41:19.827501307Z 9 PC: 1309f | Display string (String= ' �������������������������������������� ')
2018-12-25T11:41:19.831903787Z 9 PC: 1309f | Display string (See above)
2018-12-25T11:41:19.837691864Z 9 PC: 1309f | Display string (See above)
2018-12-25T11:41:19.842779082Z 9 PC: 1309f | Display string (See above)