Sample viewer

vx.netlux.org/Virus.DOS.Vienna.1881.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:39.982745275Z	48	PC: 12a62 \| Get DOS version
2018-12-17T22:43:39.986207022Z	47	PC: 12a6e \| Get disk transfer address
2018-12-17T22:43:39.988447371Z	26	PC: 12a7d \| Set disk transfer address
2018-12-17T22:43:39.989801834Z	78	PC: 12afe \| Find first file
2018-12-17T22:43:39.996744442Z	67	PC: 12b36 \| Get or set file attributes
2018-12-17T22:43:40.002603193Z	67	PC: 12b46 \| Get or set file attributes
2018-12-17T22:43:40.017807093Z	61	PC: 12b50 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:40.025596908Z	87	PC: 12b5c \| Get or set file date and time
2018-12-17T22:43:40.027790389Z	63	PC: 12b6e \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:40.034397974Z	66	PC: 12b80 \| Move file pointer
2018-12-17T22:43:40.036559976Z	64	PC: 12ba4 \| Write file or device (Write 1881 bytes on handle 5)
2018-12-17T22:43:40.045584561Z	66	PC: 12bb7 \| Move file pointer
2018-12-17T22:43:40.04718711Z	64	PC: 12bc5 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:40.057271805Z	87	PC: 12bd6 \| Get or set file date and time
2018-12-17T22:43:40.069956823Z	62	PC: 12bda \| Close file
2018-12-17T22:43:40.077861901Z	67	PC: 12be7 \| Get or set file attributes
2018-12-17T22:43:40.087511424Z	26	PC: 12bf1 \| Set disk transfer address
2018-12-17T22:43:40.089554147Z	42	PC: 12bf6 \| Get date 0x12bf6: cmp dx, 0xc13 0x12bfa: jae 0x12c04 0x12bfc: cmp dx, 0x101 0x12c00: jb 0x12c04 0x12c02: jmp 0x12c12 0x12c04: mov dx, si 0x12c06: add dx, 0x8a 0x12c0a: mov ah, 9 0x12c0c: int 0x21 0x12c0e: mov ah, 0 0x12c10: int 0x16 0x12c12: pop cx 0x12c13: xor ax, ax 0x12c15: xor bx, bx 0x12c17: xor dx, dx 0x12c19: xor si, si 0x12c1b: mov di, 0x100 0x12c1e: push di 0x12c1f: xor di, di 0x12c21: ret 0xffff
2018-12-17T22:43:40.092069305Z	0	PC: 12a4a \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7956,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:58.920186862Z	48	PC: 12a62 \| Get DOS version
2018-12-25T12:02:58.921597419Z	47	PC: 12a6e \| Get disk transfer address
2018-12-25T12:02:58.922936059Z	26	PC: 12a7d \| Set disk transfer address
2018-12-25T12:02:58.924167449Z	78	PC: 12afe \| Find first file
2018-12-25T12:02:58.929702254Z	67	PC: 12b36 \| Get or set file attributes
2018-12-25T12:02:58.93392072Z	67	PC: 12b46 \| Get or set file attributes
2018-12-25T12:02:58.946330274Z	61	PC: 12b50 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:58.9507227Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T12:02:58.952536168Z	63	PC: 12b6e \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:58.959570049Z	66	PC: 12b80 \| Move file pointer
2018-12-25T12:02:58.960981428Z	64	PC: 12ba4 \| Write file or device (Write 1881 bytes on handle 5)
2018-12-25T12:02:58.970570225Z	66	PC: 12bb7 \| Move file pointer
2018-12-25T12:02:58.972111189Z	64	PC: 12bc5 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:58.979363918Z	87	PC: 12bd6 \| Get or set file date and time
2018-12-25T12:02:58.982458303Z	62	PC: 12bda \| Close file
2018-12-25T12:02:58.991113737Z	67	PC: 12be7 \| Get or set file attributes
2018-12-25T12:02:59.002184257Z	26	PC: 12bf1 \| Set disk transfer address
2018-12-25T12:02:59.003919061Z	42	PC: 12bf6 \| Get date 0x12bf6: cmp dx, 0xc13 0x12bfa: jae 0x12c04 0x12bfc: cmp dx, 0x101 0x12c00: jb 0x12c04 0x12c02: jmp 0x12c12 0x12c04: mov dx, si 0x12c06: add dx, 0x8a 0x12c0a: mov ah, 9 0x12c0c: int 0x21 0x12c0e: mov ah, 0 0x12c10: int 0x16 0x12c12: pop cx 0x12c13: xor ax, ax 0x12c15: xor bx, bx 0x12c17: xor dx, dx 0x12c19: xor si, si 0x12c1b: mov di, 0x100 0x12c1e: push di 0x12c1f: xor di, di 0x12c21: ret 0xffff
2018-12-25T12:02:59.006315019Z	0	PC: 12a4a \| Program terminate

{"DateBased":true,"Day":20,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7956,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:59.483347047Z	48	PC: 12a62 \| Get DOS version
2018-12-25T12:02:59.488703969Z	47	PC: 12a6e \| Get disk transfer address
2018-12-25T12:02:59.489768246Z	26	PC: 12a7d \| Set disk transfer address
2018-12-25T12:02:59.490817941Z	78	PC: 12afe \| Find first file
2018-12-25T12:02:59.497052292Z	67	PC: 12b36 \| Get or set file attributes
2018-12-25T12:02:59.502436589Z	67	PC: 12b46 \| Get or set file attributes
2018-12-25T12:02:59.520658369Z	61	PC: 12b50 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:59.532791379Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T12:02:59.534296643Z	63	PC: 12b6e \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:59.540371695Z	66	PC: 12b80 \| Move file pointer
2018-12-25T12:02:59.541648182Z	64	PC: 12ba4 \| Write file or device (Write 1881 bytes on handle 5)
2018-12-25T12:02:59.54993134Z	66	PC: 12bb7 \| Move file pointer
2018-12-25T12:02:59.55115178Z	64	PC: 12bc5 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:59.557360649Z	87	PC: 12bd6 \| Get or set file date and time
2018-12-25T12:02:59.559157814Z	62	PC: 12bda \| Close file
2018-12-25T12:02:59.566951376Z	67	PC: 12be7 \| Get or set file attributes
2018-12-25T12:02:59.576528577Z	26	PC: 12bf1 \| Set disk transfer address
2018-12-25T12:02:59.578432818Z	42	PC: 12bf6 \| Get date 0x12bf6: cmp dx, 0xc13 0x12bfa: jae 0x12c04 0x12bfc: cmp dx, 0x101 0x12c00: jb 0x12c04 0x12c02: jmp 0x12c12 0x12c04: mov dx, si 0x12c06: add dx, 0x8a 0x12c0a: mov ah, 9 0x12c0c: int 0x21 0x12c0e: mov ah, 0 0x12c10: int 0x16 0x12c12: pop cx 0x12c13: xor ax, ax 0x12c15: xor bx, bx 0x12c17: xor dx, dx 0x12c19: xor si, si 0x12c1b: mov di, 0x100 0x12c1e: push di 0x12c1f: xor di, di 0x12c21: ret 0xffff
2018-12-25T12:02:59.58041793Z	9	PC: 12c0e \| Display string (Could not find end pointer)