Sample viewer

vx.netlux.org/Virus.DOS.Vienna.622

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:34:27.587886726Z	48	PC: 12ed3 \| Get DOS version
2018-12-17T22:34:27.5898731Z	47	PC: 12edf \| Get disk transfer address
2018-12-17T22:34:27.59151276Z	53	PC: 12ee9 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:27.592765176Z	37	PC: 12efd \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:27.594807111Z	26	PC: 12f06 \| Set disk transfer address
2018-12-17T22:34:27.59610306Z	78	PC: 12f7f \| Find first file
2018-12-17T22:34:27.601846512Z	67	PC: 12fb7 \| Get or set file attributes
2018-12-17T22:34:27.607607264Z	67	PC: 12fc2 \| Get or set file attributes
2018-12-17T22:34:27.624458546Z	61	PC: 12fc7 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:34:27.630861903Z	87	PC: 12fd3 \| Get or set file date and time
2018-12-17T22:34:27.63208424Z	44	PC: 12fdd \| Get time 0x12fdd: and dh, 7 0x12fe0: jne 0x12ff1 0x12fe2: mov ah, 0x40 0x12fe4: mov cx, 5 0x12fe7: mov dx, si 0x12fe9: add dx, 0x8a 0x12fed: int 0x21 0x12fef: jmp 0x13047 0x12ff1: mov ah, 0x3f 0x12ff3: mov cx, 3 0x12ff6: mov dx, 0xa 0x12ff9: add dx, si 0x12ffb: int 0x21 0x12ffd: jb 0x13047 0x12fff: cmp ax, 3 0x13002: jne 0x13047 0x13004: mov ax, 0x4202 0x13007: xor cx, cx 0x13009: xor dx, dx 0x1300b: int 0x21
2018-12-17T22:34:27.634826208Z	63	PC: 12ffd \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:27.641269199Z	66	PC: 1300d \| Move file pointer
2018-12-17T22:34:27.642636024Z	64	PC: 1302a \| Write file or device (Write 622 bytes on handle 5)
2018-12-17T22:34:27.651585933Z	66	PC: 1303a \| Move file pointer
2018-12-17T22:34:27.652872448Z	64	PC: 13047 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:27.65946625Z	87	PC: 13058 \| Get or set file date and time
2018-12-17T22:34:27.661950071Z	62	PC: 1305c \| Close file
2018-12-17T22:34:27.669485603Z	67	PC: 13069 \| Get or set file attributes
2018-12-17T22:34:27.678850247Z	26	PC: 13073 \| Set disk transfer address
2018-12-17T22:34:27.680578144Z	37	PC: 13080 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:27.681931722Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6167,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:41.289466821Z	48	PC: 12ed3 \| Get DOS version
2018-12-25T11:58:41.292091475Z	47	PC: 12edf \| Get disk transfer address
2018-12-25T11:58:41.293543556Z	53	PC: 12ee9 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:41.295105979Z	37	PC: 12efd \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:41.296637595Z	26	PC: 12f06 \| Set disk transfer address
2018-12-25T11:58:41.29887652Z	78	PC: 12f7f \| Find first file
2018-12-25T11:58:41.305468897Z	67	PC: 12fb7 \| Get or set file attributes
2018-12-25T11:58:41.309637565Z	67	PC: 12fc2 \| Get or set file attributes
2018-12-25T11:58:41.327527514Z	61	PC: 12fc7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:41.335667787Z	87	PC: 12fd3 \| Get or set file date and time
2018-12-25T11:58:41.338117608Z	44	PC: 12fdd \| Get time 0x12fdd: and dh, 7 0x12fe0: jne 0x12ff1 0x12fe2: mov ah, 0x40 0x12fe4: mov cx, 5 0x12fe7: mov dx, si 0x12fe9: add dx, 0x8a 0x12fed: int 0x21 0x12fef: jmp 0x13047 0x12ff1: mov ah, 0x3f 0x12ff3: mov cx, 3 0x12ff6: mov dx, 0xa 0x12ff9: add dx, si 0x12ffb: int 0x21 0x12ffd: jb 0x13047 0x12fff: cmp ax, 3 0x13002: jne 0x13047 0x13004: mov ax, 0x4202 0x13007: xor cx, cx 0x13009: xor dx, dx 0x1300b: int 0x21
2018-12-25T11:58:41.341074514Z	63	PC: 12ffd \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:41.34653363Z	66	PC: 1300d \| Move file pointer
2018-12-25T11:58:41.348633188Z	64	PC: 1302a \| Write file or device (Write 622 bytes on handle 5)
2018-12-25T11:58:41.355051714Z	66	PC: 1303a \| Move file pointer
2018-12-25T11:58:41.356672934Z	64	PC: 13047 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:41.361805952Z	87	PC: 13058 \| Get or set file date and time
2018-12-25T11:58:41.363057228Z	62	PC: 1305c \| Close file
2018-12-25T11:58:41.368477053Z	67	PC: 13069 \| Get or set file attributes
2018-12-25T11:58:41.375975671Z	26	PC: 13073 \| Set disk transfer address
2018-12-25T11:58:41.377030574Z	37	PC: 13080 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:41.378049278Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":6167,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:41.454290156Z	48	PC: 12ed3 \| Get DOS version
2018-12-25T11:58:41.457800761Z	47	PC: 12edf \| Get disk transfer address
2018-12-25T11:58:41.459499105Z	53	PC: 12ee9 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:41.461199505Z	37	PC: 12efd \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:41.463045724Z	26	PC: 12f06 \| Set disk transfer address
2018-12-25T11:58:41.465223533Z	78	PC: 12f7f \| Find first file
2018-12-25T11:58:41.472329552Z	67	PC: 12fb7 \| Get or set file attributes
2018-12-25T11:58:41.479436992Z	67	PC: 12fc2 \| Get or set file attributes
2018-12-25T11:58:41.496306449Z	61	PC: 12fc7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:41.504705079Z	87	PC: 12fd3 \| Get or set file date and time
2018-12-25T11:58:41.506647939Z	44	PC: 12fdd \| Get time 0x12fdd: and dh, 7 0x12fe0: jne 0x12ff1 0x12fe2: mov ah, 0x40 0x12fe4: mov cx, 5 0x12fe7: mov dx, si 0x12fe9: add dx, 0x8a 0x12fed: int 0x21 0x12fef: jmp 0x13047 0x12ff1: mov ah, 0x3f 0x12ff3: mov cx, 3 0x12ff6: mov dx, 0xa 0x12ff9: add dx, si 0x12ffb: int 0x21 0x12ffd: jb 0x13047 0x12fff: cmp ax, 3 0x13002: jne 0x13047 0x13004: mov ax, 0x4202 0x13007: xor cx, cx 0x13009: xor dx, dx 0x1300b: int 0x21
2018-12-25T11:58:41.510406722Z	63	PC: 12ffd \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:41.517993118Z	66	PC: 1300d \| Move file pointer
2018-12-25T11:58:41.520018395Z	64	PC: 1302a \| Write file or device (Write 622 bytes on handle 5)
2018-12-25T11:58:41.530287127Z	66	PC: 1303a \| Move file pointer
2018-12-25T11:58:41.531808316Z	64	PC: 13047 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:41.539102509Z	87	PC: 13058 \| Get or set file date and time
2018-12-25T11:58:41.541747531Z	62	PC: 1305c \| Close file
2018-12-25T11:58:41.550870225Z	67	PC: 13069 \| Get or set file attributes
2018-12-25T11:58:41.562460205Z	26	PC: 13073 \| Set disk transfer address
2018-12-25T11:58:41.564046067Z	37	PC: 13080 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:41.566390422Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')