Sample viewer

vx.netlux.org/Virus.DOS.Vienna.709

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:33:03.809645649Z	48	PC: 1a61d \| Get DOS version
2018-12-17T22:33:03.811335829Z	47	PC: 1a629 \| Get disk transfer address
2018-12-17T22:33:03.812515783Z	26	PC: 1a638 \| Set disk transfer address
2018-12-17T22:33:03.813755288Z	78	PC: 1a6b4 \| Find first file
2018-12-17T22:33:03.829848606Z	67	PC: 1a6ff \| Get or set file attributes
2018-12-17T22:33:03.836000019Z	67	PC: 1a70c \| Get or set file attributes
2018-12-17T22:33:03.852101314Z	61	PC: 1a713 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:33:03.859532862Z	87	PC: 1a71f \| Get or set file date and time
2018-12-17T22:33:03.861197348Z	44	PC: 1a729 \| Get time 0x1a729: and dh, 3 0x1a72c: jne 0x1a751 0x1a72e: push bx 0x1a72f: push es 0x1a730: push si 0x1a731: mov al, 0xed 0x1a733: out 0x60, al 0x1a735: mov cx, 0x3e8 0x1a738: loop 0x1a738 0x1a73a: mov al, 7 0x1a73c: out 0x60, al 0x1a73e: push es 0x1a73f: mov ax, 0 0x1a742: mov es, ax 0x1a744: mov word ptr es:[0x417], 0x70 0x1a74b: pop es 0x1a74c: pop si 0x1a74d: pop es 0x1a74e: pop bx 0x1a74f: jmp 0x1a7ae
2018-12-17T22:33:03.863587158Z	63	PC: 1a75d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:33:03.870772229Z	66	PC: 1a76d \| Move file pointer
2018-12-17T22:33:03.872181071Z	64	PC: 1a790 \| Write file or device (Write 709 bytes on handle 5)
2018-12-17T22:33:03.880683052Z	66	PC: 1a7a0 \| Move file pointer
2018-12-17T22:33:03.882448624Z	64	PC: 1a7ae \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:33:03.88887951Z	87	PC: 1a7cd \| Get or set file date and time
2018-12-17T22:33:03.890274182Z	62	PC: 1a7d1 \| Close file
2018-12-17T22:33:03.909010009Z	67	PC: 1a7de \| Get or set file attributes
2018-12-17T22:33:03.919434249Z	26	PC: 1a7e8 \| Set disk transfer address
2018-12-17T22:33:03.922225048Z	74	PC: 12da8 \| Reallocate memory
2018-12-17T22:33:03.92410881Z	72	PC: 12e42 \| Allocate memory
2018-12-17T22:33:03.926659662Z	72	PC: 12e51 \| Allocate memory
2018-12-17T22:33:03.949195574Z	73	PC: 12ea0 \| Release memory
2018-12-17T22:33:03.950943297Z	82	PC: 17a8d \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:33:03.9539549Z	72	PC: 14004 \| Allocate memory
2018-12-17T22:33:03.955879465Z	72	PC: 13f92 \| Allocate memory
2018-12-17T22:33:03.965194612Z	25	PC: 14a6c \| Get default drive
2018-12-17T22:33:03.973705821Z	37	PC: 14930 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:03.976031648Z	61	PC: 14d58 \| Open file (Filename = ' P.�')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5909,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:08.744711779Z	48	PC: 1a61d \| Get DOS version
2018-12-25T11:58:08.747585134Z	47	PC: 1a629 \| Get disk transfer address
2018-12-25T11:58:08.749046154Z	26	PC: 1a638 \| Set disk transfer address
2018-12-25T11:58:08.750547646Z	78	PC: 1a6b4 \| Find first file
2018-12-25T11:58:08.769936394Z	67	PC: 1a6ff \| Get or set file attributes
2018-12-25T11:58:08.776580715Z	67	PC: 1a70c \| Get or set file attributes
2018-12-25T11:58:09.58010836Z	61	PC: 1a713 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:09.585547544Z	87	PC: 1a71f \| Get or set file date and time
2018-12-25T11:58:09.587065895Z	44	PC: 1a729 \| Get time 0x1a729: and dh, 3 0x1a72c: jne 0x1a751 0x1a72e: push bx 0x1a72f: push es 0x1a730: push si 0x1a731: mov al, 0xed 0x1a733: out 0x60, al 0x1a735: mov cx, 0x3e8 0x1a738: loop 0x1a738 0x1a73a: mov al, 7 0x1a73c: out 0x60, al 0x1a73e: push es 0x1a73f: mov ax, 0 0x1a742: mov es, ax 0x1a744: mov word ptr es:[0x417], 0x70 0x1a74b: pop es 0x1a74c: pop si 0x1a74d: pop es 0x1a74e: pop bx 0x1a74f: jmp 0x1a7ae
2018-12-25T11:58:09.588685086Z	63	PC: 1a75d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:09.634496174Z	66	PC: 1a76d \| Move file pointer
2018-12-25T11:58:09.635782772Z	64	PC: 1a790 \| Write file or device (Write 709 bytes on handle 5)
2018-12-25T11:58:09.760280798Z	66	PC: 1a7a0 \| Move file pointer
2018-12-25T11:58:09.766830485Z	64	PC: 1a7ae \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:09.772484831Z	87	PC: 1a7cd \| Get or set file date and time
2018-12-25T11:58:09.773847363Z	62	PC: 1a7d1 \| Close file
2018-12-25T11:58:09.891300634Z	67	PC: 1a7de \| Get or set file attributes
2018-12-25T11:58:09.944121839Z	26	PC: 1a7e8 \| Set disk transfer address
2018-12-25T11:58:09.946537246Z	74	PC: 12da8 \| Reallocate memory
2018-12-25T11:58:09.952570058Z	72	PC: 12e42 \| Allocate memory
2018-12-25T11:58:09.954184995Z	72	PC: 12e51 \| Allocate memory
2018-12-25T11:58:09.972240501Z	73	PC: 12ea0 \| Release memory
2018-12-25T11:58:09.974946011Z	82	PC: 17a8d \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:58:09.977085925Z	72	PC: 14004 \| Allocate memory
2018-12-25T11:58:09.978495316Z	72	PC: 13f92 \| Allocate memory
2018-12-25T11:58:09.987626033Z	25	PC: 14a6c \| Get default drive
2018-12-25T11:58:09.991175645Z	37	PC: 14930 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:09.992866302Z	61	PC: 14d58 \| Open file (Filename = ' P.�')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":3,"TimeBased":true,"OriginalID":5909,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:09.387853057Z	48	PC: 1a61d \| Get DOS version
2018-12-25T11:58:09.391407314Z	47	PC: 1a629 \| Get disk transfer address
2018-12-25T11:58:09.39286943Z	26	PC: 1a638 \| Set disk transfer address
2018-12-25T11:58:09.394176667Z	78	PC: 1a6b4 \| Find first file
2018-12-25T11:58:09.401563036Z	67	PC: 1a6ff \| Get or set file attributes
2018-12-25T11:58:09.406894128Z	67	PC: 1a70c \| Get or set file attributes
2018-12-25T11:58:10.642627224Z	61	PC: 1a713 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:10.650461929Z	87	PC: 1a71f \| Get or set file date and time
2018-12-25T11:58:10.652249391Z	44	PC: 1a729 \| Get time 0x1a729: and dh, 3 0x1a72c: jne 0x1a751 0x1a72e: push bx 0x1a72f: push es 0x1a730: push si 0x1a731: mov al, 0xed 0x1a733: out 0x60, al 0x1a735: mov cx, 0x3e8 0x1a738: loop 0x1a738 0x1a73a: mov al, 7 0x1a73c: out 0x60, al 0x1a73e: push es 0x1a73f: mov ax, 0 0x1a742: mov es, ax 0x1a744: mov word ptr es:[0x417], 0x70 0x1a74b: pop es 0x1a74c: pop si 0x1a74d: pop es 0x1a74e: pop bx 0x1a74f: jmp 0x1a7ae
2018-12-25T11:58:10.654359656Z	63	PC: 1a75d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:10.804471329Z	66	PC: 1a76d \| Move file pointer
2018-12-25T11:58:10.807176567Z	64	PC: 1a790 \| Write file or device (Write 709 bytes on handle 5)
2018-12-25T11:58:11.055846227Z	66	PC: 1a7a0 \| Move file pointer
2018-12-25T11:58:11.057295607Z	64	PC: 1a7ae \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:11.0621958Z	87	PC: 1a7cd \| Get or set file date and time
2018-12-25T11:58:11.064986977Z	62	PC: 1a7d1 \| Close file
2018-12-25T11:58:11.153467836Z	67	PC: 1a7de \| Get or set file attributes
2018-12-25T11:58:11.170841996Z	26	PC: 1a7e8 \| Set disk transfer address
2018-12-25T11:58:11.173561534Z	74	PC: 12da8 \| Reallocate memory
2018-12-25T11:58:11.17562891Z	72	PC: 12e42 \| Allocate memory
2018-12-25T11:58:11.183181034Z	72	PC: 12e51 \| Allocate memory
2018-12-25T11:58:11.213320915Z	73	PC: 12ea0 \| Release memory
2018-12-25T11:58:11.216179267Z	82	PC: 17a8d \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:58:11.219314514Z	72	PC: 14004 \| Allocate memory
2018-12-25T11:58:11.220758715Z	72	PC: 13f92 \| Allocate memory
2018-12-25T11:58:11.229831861Z	25	PC: 14a6c \| Get default drive
2018-12-25T11:58:11.234229037Z	37	PC: 14930 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:11.236187494Z	61	PC: 14d58 \| Open file (Filename = ' P.�')