Sample viewer

vx.netlux.org/Virus.DOS.Vienna.634.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:55:36.663756646Z	48	PC: 18695 \| Get DOS version
2018-12-17T21:55:36.665950432Z	47	PC: 186a1 \| Get disk transfer address
2018-12-17T21:55:36.666936237Z	26	PC: 186b4 \| Set disk transfer address
2018-12-17T21:55:36.668042932Z	78	PC: 18738 \| Find first file
2018-12-17T21:55:36.677821502Z	67	PC: 18770 \| Get or set file attributes
2018-12-17T21:55:36.684146972Z	67	PC: 18782 \| Get or set file attributes
2018-12-17T21:55:37.052298539Z	61	PC: 1878d \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T21:55:37.058540859Z	87	PC: 18799 \| Get or set file date and time
2018-12-17T21:55:37.060459028Z	44	PC: 187a5 \| Get time 0x187a5: and dh, 7 0x187a8: jne 0x187ba 0x187aa: mov ah, 0x40 0x187ac: mov cx, 5 0x187af: mov dx, si 0x187b1: add dx, 0x8a 0x187b5: int 0x21 0x187b7: jmp 0x18823 0x187b9: nop 0x187ba: mov ah, 0x3f 0x187bc: mov cx, 3 0x187bf: mov dx, 0xa 0x187c2: nop 0x187c3: add dx, si 0x187c5: int 0x21 0x187c7: jb 0x18823 0x187c9: cmp ax, 3 0x187cc: jne 0x18823 0x187ce: mov ax, 0x4202 0x187d1: mov cx, 0
2018-12-17T21:55:37.063082048Z	64	PC: 187b7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:55:37.074863936Z	87	PC: 18836 \| Get or set file date and time
2018-12-17T21:55:37.077445777Z	62	PC: 1883a \| Close file
2018-12-17T21:55:37.08532121Z	67	PC: 18849 \| Get or set file attributes
2018-12-17T21:55:37.097599943Z	26	PC: 18856 \| Set disk transfer address
2018-12-17T21:55:37.099083955Z	48	PC: 13627 \| Get DOS version
2018-12-17T21:55:37.100540192Z	9	PC: 1363a \| Display string (String= 'Incorrect DOS version ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":606,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:22.976685106Z	48	PC: 18695 \| Get DOS version
2018-12-25T11:41:22.978955986Z	47	PC: 186a1 \| Get disk transfer address
2018-12-25T11:41:22.980405789Z	26	PC: 186b4 \| Set disk transfer address
2018-12-25T11:41:22.982201094Z	78	PC: 18738 \| Find first file
2018-12-25T11:41:22.993620847Z	67	PC: 18770 \| Get or set file attributes
2018-12-25T11:41:23.001139738Z	67	PC: 18782 \| Get or set file attributes
2018-12-25T11:41:23.666642503Z	61	PC: 1878d \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-25T11:41:23.674733988Z	87	PC: 18799 \| Get or set file date and time
2018-12-25T11:41:23.677798742Z	44	PC: 187a5 \| Get time 0x187a5: and dh, 7 0x187a8: jne 0x187ba 0x187aa: mov ah, 0x40 0x187ac: mov cx, 5 0x187af: mov dx, si 0x187b1: add dx, 0x8a 0x187b5: int 0x21 0x187b7: jmp 0x18823 0x187b9: nop 0x187ba: mov ah, 0x3f 0x187bc: mov cx, 3 0x187bf: mov dx, 0xa 0x187c2: nop 0x187c3: add dx, si 0x187c5: int 0x21 0x187c7: jb 0x18823 0x187c9: cmp ax, 3 0x187cc: jne 0x18823 0x187ce: mov ax, 0x4202 0x187d1: mov cx, 0
2018-12-25T11:41:23.680844461Z	63	PC: 187c7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:23.687641598Z	66	PC: 187d9 \| Move file pointer
2018-12-25T11:41:23.691048722Z	64	PC: 18802 \| Write file or device (Write 634 bytes on handle 5)
2018-12-25T11:41:23.699292762Z	66	PC: 18815 \| Move file pointer
2018-12-25T11:41:23.701234681Z	64	PC: 18823 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:23.70874504Z	87	PC: 18836 \| Get or set file date and time
2018-12-25T11:41:23.710916067Z	62	PC: 1883a \| Close file
2018-12-25T11:41:23.718100268Z	67	PC: 18849 \| Get or set file attributes
2018-12-25T11:41:23.730860371Z	26	PC: 18856 \| Set disk transfer address
2018-12-25T11:41:23.732238995Z	48	PC: 13627 \| Get DOS version
2018-12-25T11:41:23.733761245Z	9	PC: 1363a \| Display string (String= 'Incorrect DOS version ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":606,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:22.977751344Z	48	PC: 18695 \| Get DOS version
2018-12-25T11:41:22.980293181Z	47	PC: 186a1 \| Get disk transfer address
2018-12-25T11:41:22.981615967Z	26	PC: 186b4 \| Set disk transfer address
2018-12-25T11:41:22.983100921Z	78	PC: 18738 \| Find first file
2018-12-25T11:41:22.998056842Z	67	PC: 18770 \| Get or set file attributes
2018-12-25T11:41:23.025344319Z	67	PC: 18782 \| Get or set file attributes
2018-12-25T11:41:23.672769641Z	61	PC: 1878d \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-25T11:41:23.680705303Z	87	PC: 18799 \| Get or set file date and time
2018-12-25T11:41:23.683168833Z	44	PC: 187a5 \| Get time 0x187a5: and dh, 7 0x187a8: jne 0x187ba 0x187aa: mov ah, 0x40 0x187ac: mov cx, 5 0x187af: mov dx, si 0x187b1: add dx, 0x8a 0x187b5: int 0x21 0x187b7: jmp 0x18823 0x187b9: nop 0x187ba: mov ah, 0x3f 0x187bc: mov cx, 3 0x187bf: mov dx, 0xa 0x187c2: nop 0x187c3: add dx, si 0x187c5: int 0x21 0x187c7: jb 0x18823 0x187c9: cmp ax, 3 0x187cc: jne 0x18823 0x187ce: mov ax, 0x4202 0x187d1: mov cx, 0
2018-12-25T11:41:23.685979934Z	63	PC: 187c7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:23.696048188Z	66	PC: 187d9 \| Move file pointer
2018-12-25T11:41:23.698298827Z	64	PC: 18802 \| Write file or device (Write 634 bytes on handle 5)
2018-12-25T11:41:23.716074296Z	66	PC: 18815 \| Move file pointer
2018-12-25T11:41:23.717205231Z	64	PC: 18823 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:23.721449286Z	87	PC: 18836 \| Get or set file date and time
2018-12-25T11:41:23.723038989Z	62	PC: 1883a \| Close file
2018-12-25T11:41:23.730242294Z	67	PC: 18849 \| Get or set file attributes
2018-12-25T11:41:23.741116733Z	26	PC: 18856 \| Set disk transfer address
2018-12-25T11:41:23.742193381Z	48	PC: 13627 \| Get DOS version
2018-12-25T11:41:23.743208106Z	9	PC: 1363a \| Display string (String= 'Incorrect DOS version ')