Sample viewer

vx.netlux.org/Virus.DOS.Vienna.648.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:32:54.037408985Z	48	PC: 12a79 \| Get DOS version
2018-12-17T22:32:54.047299009Z	47	PC: 12a85 \| Get disk transfer address
2018-12-17T22:32:54.048605403Z	26	PC: 12a98 \| Set disk transfer address
2018-12-17T22:32:54.049664099Z	78	PC: 12b24 \| Find first file
2018-12-17T22:32:54.054475018Z	67	PC: 12b62 \| Get or set file attributes
2018-12-17T22:32:54.058636057Z	67	PC: 12b75 \| Get or set file attributes
2018-12-17T22:32:54.071682889Z	61	PC: 12b80 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:32:54.078593951Z	87	PC: 12b8c \| Get or set file date and time
2018-12-17T22:32:54.080023154Z	44	PC: 12b98 \| Get time 0x12b98: and dh, 7 0x12b9b: jne 0x12bad 0x12b9d: mov ah, 0x40 0x12b9f: mov cx, 5 0x12ba2: mov dx, si 0x12ba4: add dx, 0x8a 0x12ba8: nop 0x12ba9: int 0x21 0x12bab: jmp 0x12c11 0x12bad: mov ah, 0x3f 0x12baf: mov cx, 3 0x12bb2: mov dx, 0xa 0x12bb5: nop 0x12bb6: add dx, si 0x12bb8: int 0x21 0x12bba: jb 0x12c11 0x12bbc: cmp ax, 3 0x12bbf: jne 0x12c11 0x12bc1: mov ax, 0x4202 0x12bc4: mov cx, 0
2018-12-17T22:32:54.082197736Z	63	PC: 12bba \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:32:54.088386797Z	66	PC: 12bcc \| Move file pointer
2018-12-17T22:32:54.089842634Z	64	PC: 12bf0 \| Write file or device (Write 648 bytes on handle 5)
2018-12-17T22:32:54.096877536Z	66	PC: 12c02 \| Move file pointer
2018-12-17T22:32:54.09869542Z	64	PC: 12c11 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:32:54.106449337Z	87	PC: 12c26 \| Get or set file date and time
2018-12-17T22:32:54.108285804Z	62	PC: 12c2a \| Close file
2018-12-17T22:32:54.116442622Z	67	PC: 12c39 \| Get or set file attributes
2018-12-17T22:32:54.124691004Z	26	PC: 12c46 \| Set disk transfer address
2018-12-17T22:32:54.125639069Z	9	PC: 12a5e \| Display string (String= 'Infected Program. ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5880,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:36.924371039Z	48	PC: 12a79 \| Get DOS version
2018-12-25T11:55:36.926061092Z	47	PC: 12a85 \| Get disk transfer address
2018-12-25T11:55:36.927284259Z	26	PC: 12a98 \| Set disk transfer address
2018-12-25T11:55:36.928464903Z	78	PC: 12b24 \| Find first file
2018-12-25T11:55:36.935618946Z	67	PC: 12b62 \| Get or set file attributes
2018-12-25T11:55:36.941985161Z	67	PC: 12b75 \| Get or set file attributes
2018-12-25T11:55:36.958691116Z	61	PC: 12b80 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:36.965881401Z	87	PC: 12b8c \| Get or set file date and time
2018-12-25T11:55:36.967423605Z	44	PC: 12b98 \| Get time 0x12b98: and dh, 7 0x12b9b: jne 0x12bad 0x12b9d: mov ah, 0x40 0x12b9f: mov cx, 5 0x12ba2: mov dx, si 0x12ba4: add dx, 0x8a 0x12ba8: nop 0x12ba9: int 0x21 0x12bab: jmp 0x12c11 0x12bad: mov ah, 0x3f 0x12baf: mov cx, 3 0x12bb2: mov dx, 0xa 0x12bb5: nop 0x12bb6: add dx, si 0x12bb8: int 0x21 0x12bba: jb 0x12c11 0x12bbc: cmp ax, 3 0x12bbf: jne 0x12c11 0x12bc1: mov ax, 0x4202 0x12bc4: mov cx, 0
2018-12-25T11:55:36.969952576Z	63	PC: 12bba \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:55:36.977387608Z	66	PC: 12bcc \| Move file pointer
2018-12-25T11:55:36.978941286Z	64	PC: 12bf0 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T11:55:36.988327101Z	66	PC: 12c02 \| Move file pointer
2018-12-25T11:55:36.989725968Z	64	PC: 12c11 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:55:36.997201733Z	87	PC: 12c26 \| Get or set file date and time
2018-12-25T11:55:36.999215532Z	62	PC: 12c2a \| Close file
2018-12-25T11:55:37.008351108Z	67	PC: 12c39 \| Get or set file attributes
2018-12-25T11:55:37.020934753Z	26	PC: 12c46 \| Set disk transfer address
2018-12-25T11:55:37.022225456Z	9	PC: 12a5e \| Display string (String= 'Infected Program. ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":5880,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:37.216783164Z	48	PC: 12a79 \| Get DOS version
2018-12-25T11:55:37.218124822Z	47	PC: 12a85 \| Get disk transfer address
2018-12-25T11:55:37.218985844Z	26	PC: 12a98 \| Set disk transfer address
2018-12-25T11:55:37.219976279Z	78	PC: 12b24 \| Find first file
2018-12-25T11:55:37.230453197Z	67	PC: 12b62 \| Get or set file attributes
2018-12-25T11:55:37.235804259Z	67	PC: 12b75 \| Get or set file attributes
2018-12-25T11:55:38.241107814Z	61	PC: 12b80 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:38.253544916Z	87	PC: 12b8c \| Get or set file date and time
2018-12-25T11:55:38.254931855Z	44	PC: 12b98 \| Get time 0x12b98: and dh, 7 0x12b9b: jne 0x12bad 0x12b9d: mov ah, 0x40 0x12b9f: mov cx, 5 0x12ba2: mov dx, si 0x12ba4: add dx, 0x8a 0x12ba8: nop 0x12ba9: int 0x21 0x12bab: jmp 0x12c11 0x12bad: mov ah, 0x3f 0x12baf: mov cx, 3 0x12bb2: mov dx, 0xa 0x12bb5: nop 0x12bb6: add dx, si 0x12bb8: int 0x21 0x12bba: jb 0x12c11 0x12bbc: cmp ax, 3 0x12bbf: jne 0x12c11 0x12bc1: mov ax, 0x4202 0x12bc4: mov cx, 0
2018-12-25T11:55:38.25767506Z	63	PC: 12bba \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:55:38.264315631Z	66	PC: 12bcc \| Move file pointer
2018-12-25T11:55:38.266796154Z	64	PC: 12bf0 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T11:55:38.275462724Z	66	PC: 12c02 \| Move file pointer
2018-12-25T11:55:38.276738298Z	64	PC: 12c11 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:55:38.284535294Z	87	PC: 12c26 \| Get or set file date and time
2018-12-25T11:55:38.28589889Z	62	PC: 12c2a \| Close file
2018-12-25T11:55:38.293958762Z	67	PC: 12c39 \| Get or set file attributes
2018-12-25T11:55:38.304299856Z	26	PC: 12c46 \| Set disk transfer address
2018-12-25T11:55:38.305379355Z	9	PC: 12a5e \| Display string (String= 'Infected Program. ')