Sample viewer

vx.netlux.org/Virus.DOS.Vienna.777.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:24.699541805Z	48	PC: 12e47 \| Get DOS version
2018-12-17T21:56:24.701754227Z	47	PC: 12e56 \| Get disk transfer address
2018-12-17T21:56:24.702902024Z	26	PC: 12e69 \| Set disk transfer address
2018-12-17T21:56:24.704058475Z	78	PC: 12ef4 \| Find first file
2018-12-17T21:56:24.710967694Z	79	PC: 12efa \| Find next file
2018-12-17T21:56:24.713883317Z	79	PC: 12efa \| Find next file
2018-12-17T21:56:24.716630943Z	67	PC: 12f36 \| Get or set file attributes
2018-12-17T21:56:24.722936582Z	67	PC: 12f48 \| Get or set file attributes
2018-12-17T21:56:24.772352417Z	61	PC: 12f53 \| Open file (Filename = 'HELLO.COM')
2018-12-17T21:56:24.780958652Z	87	PC: 12f5f \| Get or set file date and time
2018-12-17T21:56:24.78241864Z	44	PC: 12f6b \| Get time 0x12f6b: and dh, 7 0x12f6e: jne 0x12f89 0x12f70: mov ah, 0x40 0x12f72: mov cx, 5 0x12f75: mov dx, si 0x12f77: add dx, 0xc2 0x12f7b: int 0x21 0x12f7d: mov ah, 9 0x12f7f: mov dx, si 0x12f81: add dx, 0xc9 0x12f85: int 0x21 0x12f87: jmp 0x12fed 0x12f89: mov ah, 0x3f 0x12f8b: mov cx, 3 0x12f8e: mov dx, 0xa 0x12f91: nop 0x12f92: add dx, si 0x12f94: int 0x21 0x12f96: jb 0x12fed 0x12f98: cmp ax, 3
2018-12-17T21:56:24.785134152Z	64	PC: 12f7d \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:56:24.792975117Z	9	PC: 12f87 \| Display string (Could not find end pointer)
2018-12-17T21:56:24.825350473Z	87	PC: 13005 \| Get or set file date and time
2018-12-17T21:56:24.827933509Z	62	PC: 1300a \| Close file
2018-12-17T21:56:24.835679751Z	67	PC: 13019 \| Get or set file attributes
2018-12-17T21:56:24.856154152Z	26	PC: 13028 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":701,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:26.686853748Z	48	PC: 12e47 \| Get DOS version
2018-12-25T11:41:26.689339713Z	47	PC: 12e56 \| Get disk transfer address
2018-12-25T11:41:26.690747464Z	26	PC: 12e69 \| Set disk transfer address
2018-12-25T11:41:26.692175209Z	78	PC: 12ef4 \| Find first file
2018-12-25T11:41:26.699981772Z	79	PC: 12efa \| Find next file
2018-12-25T11:41:26.702831308Z	79	PC: 12efa \| Find next file (See above)
2018-12-25T11:41:26.704734572Z	67	PC: 12f36 \| Get or set file attributes
2018-12-25T11:41:26.708933712Z	67	PC: 12f48 \| Get or set file attributes
2018-12-25T11:41:26.723597449Z	61	PC: 12f53 \| Open file (Filename = 'HELLO.COM')
2018-12-25T11:41:26.728101236Z	87	PC: 12f5f \| Get or set file date and time
2018-12-25T11:41:26.729424843Z	44	PC: 12f6b \| Get time 0x12f6b: and dh, 7 0x12f6e: jne 0x12f89 0x12f70: mov ah, 0x40 0x12f72: mov cx, 5 0x12f75: mov dx, si 0x12f77: add dx, 0xc2 0x12f7b: int 0x21 0x12f7d: mov ah, 9 0x12f7f: mov dx, si 0x12f81: add dx, 0xc9 0x12f85: int 0x21 0x12f87: jmp 0x12fed 0x12f89: mov ah, 0x3f 0x12f8b: mov cx, 3 0x12f8e: mov dx, 0xa 0x12f91: nop 0x12f92: add dx, si 0x12f94: int 0x21 0x12f96: jb 0x12fed 0x12f98: cmp ax, 3
2018-12-25T11:41:26.732138916Z	63	PC: 12f96 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:26.736508092Z	66	PC: 12fa8 \| Move file pointer
2018-12-25T11:41:26.737771981Z	64	PC: 12fcc \| Write file or device (Write 777 bytes on handle 5)
2018-12-25T11:41:26.743672289Z	66	PC: 12fde \| Move file pointer
2018-12-25T11:41:26.744784933Z	64	PC: 12fed \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:26.749048449Z	87	PC: 13005 \| Get or set file date and time
2018-12-25T11:41:26.750739906Z	62	PC: 1300a \| Close file
2018-12-25T11:41:26.756437953Z	67	PC: 13019 \| Get or set file attributes
2018-12-25T11:41:26.765222613Z	26	PC: 13028 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":701,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:26.676794724Z	48	PC: 12e47 \| Get DOS version
2018-12-25T11:41:26.678544115Z	47	PC: 12e56 \| Get disk transfer address
2018-12-25T11:41:26.679860001Z	26	PC: 12e69 \| Set disk transfer address
2018-12-25T11:41:26.681248651Z	78	PC: 12ef4 \| Find first file
2018-12-25T11:41:26.6879434Z	79	PC: 12efa \| Find next file
2018-12-25T11:41:26.6907535Z	79	PC: 12efa \| Find next file (See above)
2018-12-25T11:41:26.69350939Z	67	PC: 12f36 \| Get or set file attributes
2018-12-25T11:41:26.700164817Z	67	PC: 12f48 \| Get or set file attributes
2018-12-25T11:41:26.717908251Z	61	PC: 12f53 \| Open file (Filename = 'HELLO.COM')
2018-12-25T11:41:26.724370707Z	87	PC: 12f5f \| Get or set file date and time
2018-12-25T11:41:26.726679556Z	44	PC: 12f6b \| Get time 0x12f6b: and dh, 7 0x12f6e: jne 0x12f89 0x12f70: mov ah, 0x40 0x12f72: mov cx, 5 0x12f75: mov dx, si 0x12f77: add dx, 0xc2 0x12f7b: int 0x21 0x12f7d: mov ah, 9 0x12f7f: mov dx, si 0x12f81: add dx, 0xc9 0x12f85: int 0x21 0x12f87: jmp 0x12fed 0x12f89: mov ah, 0x3f 0x12f8b: mov cx, 3 0x12f8e: mov dx, 0xa 0x12f91: nop 0x12f92: add dx, si 0x12f94: int 0x21 0x12f96: jb 0x12fed 0x12f98: cmp ax, 3
2018-12-25T11:41:26.728613361Z	63	PC: 12f96 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:26.734937011Z	66	PC: 12fa8 \| Move file pointer
2018-12-25T11:41:26.737162996Z	64	PC: 12fcc \| Write file or device (Write 777 bytes on handle 5)
2018-12-25T11:41:26.745155755Z	66	PC: 12fde \| Move file pointer
2018-12-25T11:41:26.746815869Z	64	PC: 12fed \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:26.753907361Z	87	PC: 13005 \| Get or set file date and time
2018-12-25T11:41:26.755542724Z	62	PC: 1300a \| Close file
2018-12-25T11:41:26.764001396Z	67	PC: 13019 \| Get or set file attributes
2018-12-25T11:41:26.773574736Z	26	PC: 13028 \| Set disk transfer address