Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Ender.1082

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:05.819800945Z	44	PC: 12a55 \| Get time 0x12a55: and dh, 7 0x12a58: jne 0x12a5d 0x12a5a: jmp 0x12c0a 0x12a5d: push cx 0x12a5e: mov dx, 0x4a2 0x12a61: cld 0x12a62: mov si, dx 0x12a64: add si, 0xa 0x12a67: mov di, 0x100 0x12a6a: mov cx, 3 0x12a6d: rep movsb byte ptr es:[di], byte ptr [si] 0x12a6f: mov si, dx 0x12a71: push es 0x12a72: mov ah, 0x2f 0x12a74: int 0x21 0x12a76: mov word ptr [si], bx 0x12a78: mov word ptr [si + 2], es 0x12a7b: pop es 0x12a7c: mov dx, 0x5f 0x12a7f: add dx, si
2018-12-17T22:43:05.824940847Z	47	PC: 12a76 \| Get disk transfer address
2018-12-17T22:43:05.82716174Z	26	PC: 12a85 \| Set disk transfer address
2018-12-17T22:43:05.82840367Z	78	PC: 12b06 \| Find first file
2018-12-17T22:43:05.835636103Z	67	PC: 12b3e \| Get or set file attributes
2018-12-17T22:43:05.841318452Z	67	PC: 12b4e \| Get or set file attributes
2018-12-17T22:43:05.861700775Z	61	PC: 12b58 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:05.869441032Z	87	PC: 12b64 \| Get or set file date and time
2018-12-17T22:43:05.871807502Z	63	PC: 12b76 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:05.87807365Z	66	PC: 12b88 \| Move file pointer
2018-12-17T22:43:05.87942158Z	64	PC: 12bab \| Write file or device (Write 1082 bytes on handle 5)
2018-12-17T22:43:05.887970083Z	66	PC: 12bbd \| Move file pointer
2018-12-17T22:43:05.889637074Z	64	PC: 12bcb \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:05.896561359Z	87	PC: 12bdc \| Get or set file date and time
2018-12-17T22:43:05.898796441Z	62	PC: 12be0 \| Close file
2018-12-17T22:43:05.906740897Z	67	PC: 12bed \| Get or set file attributes
2018-12-17T22:43:05.920118852Z	26	PC: 12bf7 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":7770,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:34.677570273Z	44	PC: 12a55 \| Get time 0x12a55: and dh, 7 0x12a58: jne 0x12a5d 0x12a5a: jmp 0x12c0a 0x12a5d: push cx 0x12a5e: mov dx, 0x4a2 0x12a61: cld 0x12a62: mov si, dx 0x12a64: add si, 0xa 0x12a67: mov di, 0x100 0x12a6a: mov cx, 3 0x12a6d: rep movsb byte ptr es:[di], byte ptr [si] 0x12a6f: mov si, dx 0x12a71: push es 0x12a72: mov ah, 0x2f 0x12a74: int 0x21 0x12a76: mov word ptr [si], bx 0x12a78: mov word ptr [si + 2], es 0x12a7b: pop es 0x12a7c: mov dx, 0x5f 0x12a7f: add dx, si
2018-12-25T12:02:34.681181667Z	47	PC: 12a76 \| Get disk transfer address
2018-12-25T12:02:34.682973368Z	26	PC: 12a85 \| Set disk transfer address
2018-12-25T12:02:34.684576926Z	78	PC: 12b06 \| Find first file
2018-12-25T12:02:34.691133086Z	67	PC: 12b3e \| Get or set file attributes
2018-12-25T12:02:34.697656498Z	67	PC: 12b4e \| Get or set file attributes
2018-12-25T12:02:34.716083072Z	61	PC: 12b58 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:34.722810579Z	87	PC: 12b64 \| Get or set file date and time
2018-12-25T12:02:34.725238612Z	63	PC: 12b76 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:34.731963902Z	66	PC: 12b88 \| Move file pointer
2018-12-25T12:02:34.733746419Z	64	PC: 12bab \| Write file or device (Write 1082 bytes on handle 5)
2018-12-25T12:02:34.742788519Z	66	PC: 12bbd \| Move file pointer
2018-12-25T12:02:34.744425589Z	64	PC: 12bcb \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:34.750847467Z	87	PC: 12bdc \| Get or set file date and time
2018-12-25T12:02:34.766756618Z	62	PC: 12be0 \| Close file
2018-12-25T12:02:34.778678884Z	67	PC: 12bed \| Get or set file attributes
2018-12-25T12:02:34.789389389Z	26	PC: 12bf7 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7770,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:34.857103208Z	44	PC: 12a55 \| Get time 0x12a55: and dh, 7 0x12a58: jne 0x12a5d 0x12a5a: jmp 0x12c0a 0x12a5d: push cx 0x12a5e: mov dx, 0x4a2 0x12a61: cld 0x12a62: mov si, dx 0x12a64: add si, 0xa 0x12a67: mov di, 0x100 0x12a6a: mov cx, 3 0x12a6d: rep movsb byte ptr es:[di], byte ptr [si] 0x12a6f: mov si, dx 0x12a71: push es 0x12a72: mov ah, 0x2f 0x12a74: int 0x21 0x12a76: mov word ptr [si], bx 0x12a78: mov word ptr [si + 2], es 0x12a7b: pop es 0x12a7c: mov dx, 0x5f 0x12a7f: add dx, si
2018-12-25T12:02:34.859852096Z	47	PC: 12a76 \| Get disk transfer address
2018-12-25T12:02:34.862764251Z	26	PC: 12a85 \| Set disk transfer address
2018-12-25T12:02:34.864514026Z	78	PC: 12b06 \| Find first file
2018-12-25T12:02:34.871631851Z	67	PC: 12b3e \| Get or set file attributes
2018-12-25T12:02:34.878762673Z	67	PC: 12b4e \| Get or set file attributes
2018-12-25T12:02:34.895887632Z	61	PC: 12b58 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:34.903240033Z	87	PC: 12b64 \| Get or set file date and time
2018-12-25T12:02:34.905059769Z	63	PC: 12b76 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:34.912528624Z	66	PC: 12b88 \| Move file pointer
2018-12-25T12:02:34.91458524Z	64	PC: 12bab \| Write file or device (Write 1082 bytes on handle 5)
2018-12-25T12:02:34.926480871Z	66	PC: 12bbd \| Move file pointer
2018-12-25T12:02:34.929478482Z	64	PC: 12bcb \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:34.937272559Z	87	PC: 12bdc \| Get or set file date and time
2018-12-25T12:02:34.939018598Z	62	PC: 12be0 \| Close file
2018-12-25T12:02:34.948069779Z	67	PC: 12bed \| Get or set file attributes
2018-12-25T12:02:34.959257549Z	26	PC: 12bf7 \| Set disk transfer address