Sample viewer

vx.netlux.org/Virus.DOS.Vienna.643

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:50.291751056Z	48	PC: 12a63 \| Get DOS version
2018-12-17T22:42:50.293954887Z	47	PC: 12a6f \| Get disk transfer address
2018-12-17T22:42:50.29521581Z	26	PC: 12a7e \| Set disk transfer address
2018-12-17T22:42:50.29651542Z	78	PC: 12afe \| Find first file
2018-12-17T22:42:50.303741748Z	67	PC: 12b37 \| Get or set file attributes
2018-12-17T22:42:50.310270254Z	67	PC: 12b48 \| Get or set file attributes
2018-12-17T22:42:50.327263271Z	61	PC: 12b52 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:42:50.334432801Z	87	PC: 12b5e \| Get or set file date and time
2018-12-17T22:42:50.336010786Z	44	PC: 12b68 \| Get time 0x12b68: and dh, 7 0x12b6b: jne 0x12b70 0x12b6d: jmp 0x12bd1 0x12b6f: nop 0x12b70: mov ah, 0x3f 0x12b72: mov cx, 3 0x12b75: mov dx, 0xa 0x12b78: nop 0x12b79: add dx, si 0x12b7b: int 0x21 0x12b7d: jb 0x12bd1 0x12b7f: cmp al, 3 0x12b81: jne 0x12bd1 0x12b83: mov ax, 0x4202 0x12b86: mov cx, 0 0x12b89: mov dx, 0 0x12b8c: int 0x21 0x12b8e: jb 0x12bd1 0x12b90: mov cx, ax 0x12b92: sub ax, 3
2018-12-17T22:42:50.338472021Z	63	PC: 12b7d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:42:50.345588202Z	66	PC: 12b8e \| Move file pointer
2018-12-17T22:42:50.34772228Z	64	PC: 12bb1 \| Write file or device (Write 643 bytes on handle 5)
2018-12-17T22:42:50.357339569Z	66	PC: 12bc3 \| Move file pointer
2018-12-17T22:42:50.358843385Z	64	PC: 12bd1 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:42:50.367067425Z	87	PC: 12be2 \| Get or set file date and time
2018-12-17T22:42:50.368888432Z	62	PC: 12be6 \| Close file
2018-12-17T22:42:50.377849472Z	67	PC: 12bf3 \| Get or set file attributes
2018-12-17T22:42:50.390090493Z	26	PC: 12bfd \| Set disk transfer address
2018-12-17T22:42:50.391620878Z	76	PC: 12a4b \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7676,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:21.282726103Z	48	PC: 12a63 \| Get DOS version
2018-12-25T12:02:21.284372223Z	47	PC: 12a6f \| Get disk transfer address
2018-12-25T12:02:21.28542823Z	26	PC: 12a7e \| Set disk transfer address
2018-12-25T12:02:21.286385307Z	78	PC: 12afe \| Find first file
2018-12-25T12:02:21.293352475Z	67	PC: 12b37 \| Get or set file attributes
2018-12-25T12:02:21.300262202Z	67	PC: 12b48 \| Get or set file attributes
2018-12-25T12:02:21.316933524Z	61	PC: 12b52 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:21.3346329Z	87	PC: 12b5e \| Get or set file date and time
2018-12-25T12:02:21.336447333Z	44	PC: 12b68 \| Get time 0x12b68: and dh, 7 0x12b6b: jne 0x12b70 0x12b6d: jmp 0x12bd1 0x12b6f: nop 0x12b70: mov ah, 0x3f 0x12b72: mov cx, 3 0x12b75: mov dx, 0xa 0x12b78: nop 0x12b79: add dx, si 0x12b7b: int 0x21 0x12b7d: jb 0x12bd1 0x12b7f: cmp al, 3 0x12b81: jne 0x12bd1 0x12b83: mov ax, 0x4202 0x12b86: mov cx, 0 0x12b89: mov dx, 0 0x12b8c: int 0x21 0x12b8e: jb 0x12bd1 0x12b90: mov cx, ax 0x12b92: sub ax, 3
2018-12-25T12:02:21.338219419Z	63	PC: 12b7d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:21.342506595Z	66	PC: 12b8e \| Move file pointer
2018-12-25T12:02:21.344903398Z	64	PC: 12bb1 \| Write file or device (Write 643 bytes on handle 5)
2018-12-25T12:02:21.350575779Z	66	PC: 12bc3 \| Move file pointer
2018-12-25T12:02:21.351838541Z	64	PC: 12bd1 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:21.364159267Z	87	PC: 12be2 \| Get or set file date and time
2018-12-25T12:02:21.365461684Z	62	PC: 12be6 \| Close file
2018-12-25T12:02:21.371178161Z	67	PC: 12bf3 \| Get or set file attributes
2018-12-25T12:02:21.392339506Z	26	PC: 12bfd \| Set disk transfer address
2018-12-25T12:02:21.39453238Z	76	PC: 12a4b \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":7676,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:21.23852489Z	48	PC: 12a63 \| Get DOS version
2018-12-25T12:02:21.239945888Z	47	PC: 12a6f \| Get disk transfer address
2018-12-25T12:02:21.240988885Z	26	PC: 12a7e \| Set disk transfer address
2018-12-25T12:02:21.241868903Z	78	PC: 12afe \| Find first file
2018-12-25T12:02:21.246669313Z	67	PC: 12b37 \| Get or set file attributes
2018-12-25T12:02:21.251998561Z	67	PC: 12b48 \| Get or set file attributes
2018-12-25T12:02:21.266654412Z	61	PC: 12b52 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:21.273599416Z	87	PC: 12b5e \| Get or set file date and time
2018-12-25T12:02:21.27513792Z	44	PC: 12b68 \| Get time 0x12b68: and dh, 7 0x12b6b: jne 0x12b70 0x12b6d: jmp 0x12bd1 0x12b6f: nop 0x12b70: mov ah, 0x3f 0x12b72: mov cx, 3 0x12b75: mov dx, 0xa 0x12b78: nop 0x12b79: add dx, si 0x12b7b: int 0x21 0x12b7d: jb 0x12bd1 0x12b7f: cmp al, 3 0x12b81: jne 0x12bd1 0x12b83: mov ax, 0x4202 0x12b86: mov cx, 0 0x12b89: mov dx, 0 0x12b8c: int 0x21 0x12b8e: jb 0x12bd1 0x12b90: mov cx, ax 0x12b92: sub ax, 3
2018-12-25T12:02:21.277092238Z	63	PC: 12b7d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:21.283337036Z	66	PC: 12b8e \| Move file pointer
2018-12-25T12:02:21.28446214Z	64	PC: 12bb1 \| Write file or device (Write 643 bytes on handle 5)
2018-12-25T12:02:21.289784504Z	66	PC: 12bc3 \| Move file pointer
2018-12-25T12:02:21.291215553Z	64	PC: 12bd1 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:21.296526813Z	87	PC: 12be2 \| Get or set file date and time
2018-12-25T12:02:21.297798955Z	62	PC: 12be6 \| Close file
2018-12-25T12:02:21.305232944Z	67	PC: 12bf3 \| Get or set file attributes
2018-12-25T12:02:21.315750014Z	26	PC: 12bfd \| Set disk transfer address
2018-12-25T12:02:21.316660653Z	76	PC: 12a4b \| Terminate with return code (Return code = '0')