Sample viewer

vx.netlux.org/Virus.DOS.Vienna.435.based

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:45.348339728Z	48	PC: 12a79 \| Get DOS version
2018-12-17T22:43:45.350587859Z	53	PC: 12a86 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:45.352811805Z	37	PC: 12a94 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:45.354071246Z	26	PC: 12a9b \| Set disk transfer address
2018-12-17T22:43:45.35538522Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:43:45.362550332Z	67	PC: 12b5d \| Get or set file attributes
2018-12-17T22:43:45.379200645Z	61	PC: 12b62 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:45.383717976Z	44	PC: 12b6a \| Get time 0x12b6a: and dh, 7 0x12b6d: jne 0x12b7b 0x12b6f: mov ah, 0x40 0x12b71: mov cx, 5 0x12b74: lea dx, word ptr [si + 0xe] 0x12b77: int 0x21 0x12b79: jmp 0x12bc4 0x12b7b: mov ah, 0x3f 0x12b7d: mov cx, 3 0x12b80: lea dx, word ptr [si] 0x12b82: int 0x21 0x12b84: jb 0x12bc4 0x12b86: cmp ax, 3 0x12b89: jne 0x12bc4 0x12b8b: mov ax, 0x4202 0x12b8e: xor cx, cx 0x12b90: xor dx, dx 0x12b92: int 0x21 0x12b94: jb 0x12bc4 0x12b96: add ax, 0x10
2018-12-17T22:43:45.386117408Z	63	PC: 12b84 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:45.390510795Z	66	PC: 12b94 \| Move file pointer
2018-12-17T22:43:45.391878168Z	64	PC: 12ba9 \| Write file or device (Write 435 bytes on handle 5)
2018-12-17T22:43:45.397687507Z	66	PC: 12bb9 \| Move file pointer
2018-12-17T22:43:45.399013119Z	64	PC: 12bc4 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:45.403510539Z	87	PC: 12bd2 \| Get or set file date and time
2018-12-17T22:43:45.405616033Z	62	PC: 12bd6 \| Close file
2018-12-17T22:43:45.41408942Z	67	PC: 12be3 \| Get or set file attributes
2018-12-17T22:43:45.424652705Z	26	PC: 12bea \| Set disk transfer address
2018-12-17T22:43:45.431859719Z	37	PC: 12bf6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7985,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:04.37152405Z	48	PC: 12a79 \| Get DOS version
2018-12-25T12:03:04.373413647Z	53	PC: 12a86 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:04.374935154Z	37	PC: 12a94 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:04.376132959Z	26	PC: 12a9b \| Set disk transfer address
2018-12-25T12:03:04.378005287Z	78	PC: 12ae0 \| Find first file
2018-12-25T12:03:04.384368Z	67	PC: 12b5d \| Get or set file attributes
2018-12-25T12:03:04.399653699Z	61	PC: 12b62 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:04.413933496Z	44	PC: 12b6a \| Get time 0x12b6a: and dh, 7 0x12b6d: jne 0x12b7b 0x12b6f: mov ah, 0x40 0x12b71: mov cx, 5 0x12b74: lea dx, word ptr [si + 0xe] 0x12b77: int 0x21 0x12b79: jmp 0x12bc4 0x12b7b: mov ah, 0x3f 0x12b7d: mov cx, 3 0x12b80: lea dx, word ptr [si] 0x12b82: int 0x21 0x12b84: jb 0x12bc4 0x12b86: cmp ax, 3 0x12b89: jne 0x12bc4 0x12b8b: mov ax, 0x4202 0x12b8e: xor cx, cx 0x12b90: xor dx, dx 0x12b92: int 0x21 0x12b94: jb 0x12bc4 0x12b96: add ax, 0x10
2018-12-25T12:03:04.417848652Z	63	PC: 12b84 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:04.42397121Z	66	PC: 12b94 \| Move file pointer
2018-12-25T12:03:04.425471531Z	64	PC: 12ba9 \| Write file or device (Write 435 bytes on handle 5)
2018-12-25T12:03:04.433915457Z	66	PC: 12bb9 \| Move file pointer
2018-12-25T12:03:04.434974815Z	64	PC: 12bc4 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:04.446739801Z	87	PC: 12bd2 \| Get or set file date and time
2018-12-25T12:03:04.447936297Z	62	PC: 12bd6 \| Close file
2018-12-25T12:03:04.454546644Z	67	PC: 12be3 \| Get or set file attributes
2018-12-25T12:03:04.464438067Z	26	PC: 12bea \| Set disk transfer address
2018-12-25T12:03:04.46648884Z	37	PC: 12bf6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":7985,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:04.496137716Z	48	PC: 12a79 \| Get DOS version
2018-12-25T12:03:04.498009619Z	53	PC: 12a86 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:04.49940462Z	37	PC: 12a94 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:04.500706517Z	26	PC: 12a9b \| Set disk transfer address
2018-12-25T12:03:04.516082491Z	78	PC: 12ae0 \| Find first file
2018-12-25T12:03:04.52185967Z	67	PC: 12b5d \| Get or set file attributes
2018-12-25T12:03:04.537499482Z	61	PC: 12b62 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:04.549671103Z	44	PC: 12b6a \| Get time 0x12b6a: and dh, 7 0x12b6d: jne 0x12b7b 0x12b6f: mov ah, 0x40 0x12b71: mov cx, 5 0x12b74: lea dx, word ptr [si + 0xe] 0x12b77: int 0x21 0x12b79: jmp 0x12bc4 0x12b7b: mov ah, 0x3f 0x12b7d: mov cx, 3 0x12b80: lea dx, word ptr [si] 0x12b82: int 0x21 0x12b84: jb 0x12bc4 0x12b86: cmp ax, 3 0x12b89: jne 0x12bc4 0x12b8b: mov ax, 0x4202 0x12b8e: xor cx, cx 0x12b90: xor dx, dx 0x12b92: int 0x21 0x12b94: jb 0x12bc4 0x12b96: add ax, 0x10
2018-12-25T12:03:04.551707632Z	63	PC: 12b84 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:04.558225919Z	66	PC: 12b94 \| Move file pointer
2018-12-25T12:03:04.55973844Z	64	PC: 12ba9 \| Write file or device (Write 435 bytes on handle 5)
2018-12-25T12:03:04.570519817Z	66	PC: 12bb9 \| Move file pointer
2018-12-25T12:03:04.572020809Z	64	PC: 12bc4 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:04.57840011Z	87	PC: 12bd2 \| Get or set file date and time
2018-12-25T12:03:04.580701925Z	62	PC: 12bd6 \| Close file
2018-12-25T12:03:04.588345594Z	67	PC: 12be3 \| Get or set file attributes
2018-12-25T12:03:04.603052814Z	26	PC: 12bea \| Set disk transfer address
2018-12-25T12:03:04.604679292Z	37	PC: 12bf6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')