Sample viewer

vx.netlux.org/Virus.DOS.Vienna.851.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:32:38.760970802Z	255	PC: 12a4a \| UNKNOWN!
2018-12-17T22:32:38.767091824Z	48	PC: 12a6a \| Get DOS version
2018-12-17T22:32:38.768187897Z	44	PC: 12a76 \| Get time 0x12a76: xor bx, bx 0x12a78: cmp dl, 4 0x12a7b: jle 0x12a7f 0x12a7d: jmp 0x12a91 0x12a7f: mov dl, byte ptr [bx + si + 0x8f] 0x12a83: or dl, dl 0x12a85: je 0x12a91 0x12a87: sub dl, 0x4b 0x12a8a: mov ah, 2 0x12a8c: int 0x21 0x12a8e: inc bx 0x12a8f: jmp 0x12a7f 0x12a91: mov ah, 0x2a 0x12a93: int 0x21 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3]
2018-12-17T22:32:38.77022989Z	42	PC: 12a95 \| Get date 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3] 0x12aa5: or dl, dl 0x12aa7: je 0x12ab3 0x12aa9: sub dl, 0x4b 0x12aac: mov ah, 2 0x12aae: int 0x21 0x12ab0: inc bx 0x12ab1: jmp 0x12aa1 0x12ab3: mov al, 2 0x12ab5: mov cx, 0xff 0x12ab8: mov dx, 1 0x12abb: int 0x26 0x12abd: jb 0x12ac2 0x12abf: add sp, 2 0x12ac2: inc al
2018-12-17T22:32:38.772401224Z	47	PC: 12ad1 \| Get disk transfer address
2018-12-17T22:32:38.77661332Z	26	PC: 12ae3 \| Set disk transfer address
2018-12-17T22:32:38.77781548Z	78	PC: 12b72 \| Find first file
2018-12-17T22:32:38.77980832Z	78	PC: 12b72 \| Find first file
2018-12-17T22:32:38.784865778Z	26	PC: 12c80 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5831,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:30.434014807Z	255	PC: 12a4a \| UNKNOWN!
2018-12-25T11:55:30.435121503Z	48	PC: 12a6a \| Get DOS version
2018-12-25T11:55:30.436622486Z	44	PC: 12a76 \| Get time 0x12a76: xor bx, bx 0x12a78: cmp dl, 4 0x12a7b: jle 0x12a7f 0x12a7d: jmp 0x12a91 0x12a7f: mov dl, byte ptr [bx + si + 0x8f] 0x12a83: or dl, dl 0x12a85: je 0x12a91 0x12a87: sub dl, 0x4b 0x12a8a: mov ah, 2 0x12a8c: int 0x21 0x12a8e: inc bx 0x12a8f: jmp 0x12a7f 0x12a91: mov ah, 0x2a 0x12a93: int 0x21 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3]
2018-12-25T11:55:30.439011036Z	42	PC: 12a95 \| Get date 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3] 0x12aa5: or dl, dl 0x12aa7: je 0x12ab3 0x12aa9: sub dl, 0x4b 0x12aac: mov ah, 2 0x12aae: int 0x21 0x12ab0: inc bx 0x12ab1: jmp 0x12aa1 0x12ab3: mov al, 2 0x12ab5: mov cx, 0xff 0x12ab8: mov dx, 1 0x12abb: int 0x26 0x12abd: jb 0x12ac2 0x12abf: add sp, 2 0x12ac2: inc al
2018-12-25T11:55:30.441422826Z	47	PC: 12ad1 \| Get disk transfer address
2018-12-25T11:55:30.444615215Z	26	PC: 12ae3 \| Set disk transfer address
2018-12-25T11:55:30.446312162Z	78	PC: 12b72 \| Find first file
2018-12-25T11:55:30.448492935Z	78	PC: 12b72 \| Find first file (See above)
2018-12-25T11:55:30.453549044Z	26	PC: 12c80 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5831,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:30.436982809Z	255	PC: 12a4a \| UNKNOWN!
2018-12-25T11:55:30.438385353Z	48	PC: 12a6a \| Get DOS version
2018-12-25T11:55:30.440083508Z	44	PC: 12a76 \| Get time 0x12a76: xor bx, bx 0x12a78: cmp dl, 4 0x12a7b: jle 0x12a7f 0x12a7d: jmp 0x12a91 0x12a7f: mov dl, byte ptr [bx + si + 0x8f] 0x12a83: or dl, dl 0x12a85: je 0x12a91 0x12a87: sub dl, 0x4b 0x12a8a: mov ah, 2 0x12a8c: int 0x21 0x12a8e: inc bx 0x12a8f: jmp 0x12a7f 0x12a91: mov ah, 0x2a 0x12a93: int 0x21 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3]
2018-12-25T11:55:30.442583855Z	42	PC: 12a95 \| Get date 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3] 0x12aa5: or dl, dl 0x12aa7: je 0x12ab3 0x12aa9: sub dl, 0x4b 0x12aac: mov ah, 2 0x12aae: int 0x21 0x12ab0: inc bx 0x12ab1: jmp 0x12aa1 0x12ab3: mov al, 2 0x12ab5: mov cx, 0xff 0x12ab8: mov dx, 1 0x12abb: int 0x26 0x12abd: jb 0x12ac2 0x12abf: add sp, 2 0x12ac2: inc al
2018-12-25T11:55:30.445358095Z	47	PC: 12ad1 \| Get disk transfer address
2018-12-25T11:55:30.447399658Z	26	PC: 12ae3 \| Set disk transfer address
2018-12-25T11:55:30.449118912Z	78	PC: 12b72 \| Find first file
2018-12-25T11:55:30.451356409Z	78	PC: 12b72 \| Find first file (See above)
2018-12-25T11:55:30.458053512Z	26	PC: 12c80 \| Set disk transfer address

{"DateBased":true,"Day":14,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5831,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:30.574963878Z	255	PC: 12a4a \| UNKNOWN!
2018-12-25T11:55:30.576490994Z	48	PC: 12a6a \| Get DOS version
2018-12-25T11:55:30.577859175Z	44	PC: 12a76 \| Get time 0x12a76: xor bx, bx 0x12a78: cmp dl, 4 0x12a7b: jle 0x12a7f 0x12a7d: jmp 0x12a91 0x12a7f: mov dl, byte ptr [bx + si + 0x8f] 0x12a83: or dl, dl 0x12a85: je 0x12a91 0x12a87: sub dl, 0x4b 0x12a8a: mov ah, 2 0x12a8c: int 0x21 0x12a8e: inc bx 0x12a8f: jmp 0x12a7f 0x12a91: mov ah, 0x2a 0x12a93: int 0x21 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3]
2018-12-25T11:55:30.580255301Z	42	PC: 12a95 \| Get date 0x12a95: cmp dh, 2 0x12a98: jne 0x12acc 0x12a9a: cmp dl, 0xe 0x12a9d: jne 0x12acc 0x12a9f: xor bx, bx 0x12aa1: mov dl, byte ptr [bx + si + 0xa3] 0x12aa5: or dl, dl 0x12aa7: je 0x12ab3 0x12aa9: sub dl, 0x4b 0x12aac: mov ah, 2 0x12aae: int 0x21 0x12ab0: inc bx 0x12ab1: jmp 0x12aa1 0x12ab3: mov al, 2 0x12ab5: mov cx, 0xff 0x12ab8: mov dx, 1 0x12abb: int 0x26 0x12abd: jb 0x12ac2 0x12abf: add sp, 2 0x12ac2: inc al
2018-12-25T11:55:30.583504135Z	2	PC: 12ab0 \| Character output (Char = '63')
2018-12-25T11:55:30.585913093Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.588695535Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.594884003Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.597263609Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.599642955Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.602933511Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.605324491Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.607640673Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.614245865Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.616675671Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.618714735Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.621453516Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.623997668Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.625965044Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.627970839Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.630650596Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.632787608Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.651899514Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.663566949Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.665626763Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.667945379Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.671578387Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.673580307Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.677529701Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.680746355Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.682821591Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.684887721Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.691401337Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.693396574Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.69540924Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.697798658Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.704755376Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.707190709Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.710258483Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.71344956Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.717208318Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.720130125Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.723348741Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.725733855Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.728121039Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.731335796Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.733675667Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.736029143Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.738783825Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.740776302Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.742749214Z	2	PC: 12ab0 \| Character output (See above)
2018-12-25T11:55:30.750335462Z	2	PC: 12ab0 \| Character output (See above)