Sample viewer

vx.netlux.org/Virus.DOS.Vienna.435.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:34.181887605Z	48	PC: 12bc1 \| Get DOS version
2018-12-17T21:56:34.183419834Z	53	PC: 12bce \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:34.184529608Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:34.18551754Z	26	PC: 12be3 \| Set disk transfer address
2018-12-17T21:56:34.186951928Z	78	PC: 12c28 \| Find first file
2018-12-17T21:56:34.190902959Z	67	PC: 12c91 \| Get or set file attributes
2018-12-17T21:56:34.208605966Z	61	PC: 12c96 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T21:56:34.215267751Z	44	PC: 12c9e \| Get time 0x12c9e: and dh, 7 0x12ca1: jne 0x12caf 0x12ca3: mov ah, 0x40 0x12ca5: mov cx, 5 0x12ca8: lea dx, word ptr [si + 0xe] 0x12cab: int 0x21 0x12cad: jmp 0x12cf8 0x12caf: mov ah, 0x3f 0x12cb1: mov cx, 3 0x12cb4: lea dx, word ptr [si] 0x12cb6: int 0x21 0x12cb8: jb 0x12cf8 0x12cba: cmp ax, 3 0x12cbd: jne 0x12cf8 0x12cbf: mov ax, 0x4202 0x12cc2: xor cx, cx 0x12cc4: xor dx, dx 0x12cc6: int 0x21 0x12cc8: jb 0x12cf8 0x12cca: add ax, 0x10
2018-12-17T21:56:34.217956456Z	63	PC: 12cb8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:56:34.224896427Z	66	PC: 12cc8 \| Move file pointer
2018-12-17T21:56:34.227701797Z	64	PC: 12cdd \| Write file or device (Write 435 bytes on handle 5)
2018-12-17T21:56:34.238681772Z	66	PC: 12ced \| Move file pointer
2018-12-17T21:56:34.240279265Z	64	PC: 12cf8 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:56:34.247039017Z	87	PC: 12d06 \| Get or set file date and time
2018-12-17T21:56:34.251487348Z	62	PC: 12d0a \| Close file
2018-12-17T21:56:34.25998859Z	67	PC: 12d17 \| Get or set file attributes
2018-12-17T21:56:34.269794295Z	26	PC: 12d1e \| Set disk transfer address
2018-12-17T21:56:34.273064211Z	37	PC: 12d2a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:56:34.274265667Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T21:56:34.278198638Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":711,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:27.598690346Z	48	PC: 12bc1 \| Get DOS version
2018-12-25T11:41:27.601307577Z	53	PC: 12bce \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:27.608204181Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:27.610004813Z	26	PC: 12be3 \| Set disk transfer address
2018-12-25T11:41:27.611906375Z	78	PC: 12c28 \| Find first file
2018-12-25T11:41:27.620411833Z	67	PC: 12c91 \| Get or set file attributes
2018-12-25T11:41:27.637686042Z	61	PC: 12c96 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:27.651541427Z	44	PC: 12c9e \| Get time 0x12c9e: and dh, 7 0x12ca1: jne 0x12caf 0x12ca3: mov ah, 0x40 0x12ca5: mov cx, 5 0x12ca8: lea dx, word ptr [si + 0xe] 0x12cab: int 0x21 0x12cad: jmp 0x12cf8 0x12caf: mov ah, 0x3f 0x12cb1: mov cx, 3 0x12cb4: lea dx, word ptr [si] 0x12cb6: int 0x21 0x12cb8: jb 0x12cf8 0x12cba: cmp ax, 3 0x12cbd: jne 0x12cf8 0x12cbf: mov ax, 0x4202 0x12cc2: xor cx, cx 0x12cc4: xor dx, dx 0x12cc6: int 0x21 0x12cc8: jb 0x12cf8 0x12cca: add ax, 0x10
2018-12-25T11:41:27.655358698Z	63	PC: 12cb8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:27.662660351Z	66	PC: 12cc8 \| Move file pointer
2018-12-25T11:41:27.664370632Z	64	PC: 12cdd \| Write file or device (Write 435 bytes on handle 5)
2018-12-25T11:41:27.674806169Z	66	PC: 12ced \| Move file pointer
2018-12-25T11:41:27.682279055Z	64	PC: 12cf8 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:27.690154731Z	87	PC: 12d06 \| Get or set file date and time
2018-12-25T11:41:27.692628228Z	62	PC: 12d0a \| Close file
2018-12-25T11:41:27.70119278Z	67	PC: 12d17 \| Get or set file attributes
2018-12-25T11:41:27.712678907Z	26	PC: 12d1e \| Set disk transfer address
2018-12-25T11:41:27.714907622Z	37	PC: 12d2a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:27.716746196Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:41:27.723118556Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":711,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:27.649368722Z	48	PC: 12bc1 \| Get DOS version
2018-12-25T11:41:27.651226878Z	53	PC: 12bce \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:27.653850285Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:27.655184691Z	26	PC: 12be3 \| Set disk transfer address
2018-12-25T11:41:27.656627489Z	78	PC: 12c28 \| Find first file
2018-12-25T11:41:27.664420091Z	67	PC: 12c91 \| Get or set file attributes
2018-12-25T11:41:27.681725389Z	61	PC: 12c96 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:27.689638728Z	44	PC: 12c9e \| Get time 0x12c9e: and dh, 7 0x12ca1: jne 0x12caf 0x12ca3: mov ah, 0x40 0x12ca5: mov cx, 5 0x12ca8: lea dx, word ptr [si + 0xe] 0x12cab: int 0x21 0x12cad: jmp 0x12cf8 0x12caf: mov ah, 0x3f 0x12cb1: mov cx, 3 0x12cb4: lea dx, word ptr [si] 0x12cb6: int 0x21 0x12cb8: jb 0x12cf8 0x12cba: cmp ax, 3 0x12cbd: jne 0x12cf8 0x12cbf: mov ax, 0x4202 0x12cc2: xor cx, cx 0x12cc4: xor dx, dx 0x12cc6: int 0x21 0x12cc8: jb 0x12cf8 0x12cca: add ax, 0x10
2018-12-25T11:41:27.692600967Z	63	PC: 12cb8 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:27.700011477Z	66	PC: 12cc8 \| Move file pointer
2018-12-25T11:41:27.701992811Z	64	PC: 12cdd \| Write file or device (Write 435 bytes on handle 5)
2018-12-25T11:41:27.711778823Z	66	PC: 12ced \| Move file pointer
2018-12-25T11:41:27.714911705Z	64	PC: 12cf8 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:27.736281043Z	87	PC: 12d06 \| Get or set file date and time
2018-12-25T11:41:27.73811621Z	62	PC: 12d0a \| Close file
2018-12-25T11:41:27.749112401Z	67	PC: 12d17 \| Get or set file attributes
2018-12-25T11:41:27.76073321Z	26	PC: 12d1e \| Set disk transfer address
2018-12-25T11:41:27.762086224Z	37	PC: 12d2a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:27.764477148Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T11:41:27.771373512Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')