Sample viewer

vx.netlux.org/Virus.DOS.Vienna.585

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:27.031219209Z	47	PC: 12a5d \| Get disk transfer address
2018-12-17T22:44:27.03343503Z	26	PC: 12a6c \| Set disk transfer address
2018-12-17T22:44:27.034618329Z	78	PC: 12aea \| Find first file
2018-12-17T22:44:27.04050569Z	67	PC: 12b22 \| Get or set file attributes
2018-12-17T22:44:27.047498481Z	67	PC: 12b32 \| Get or set file attributes
2018-12-17T22:44:27.062923031Z	61	PC: 12b3c \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:44:27.069323916Z	87	PC: 12b48 \| Get or set file date and time
2018-12-17T22:44:27.070717163Z	44	PC: 12b52 \| Get time 0x12b52: and dh, 7 0x12b55: jne 0x12b67 0x12b57: mov ah, 0x40 0x12b59: mov cx, 5 0x12b5c: mov dx, si 0x12b5e: add dx, 0x8a 0x12b62: int 0x21 0x12b64: jmp 0x12be7 0x12b67: mov ah, 0x3f 0x12b69: mov cx, 3 0x12b6c: mov dx, 0xa 0x12b6f: add dx, si 0x12b71: int 0x21 0x12b73: jb 0x12be7 0x12b75: cmp ax, 3 0x12b78: jne 0x12be7 0x12b7a: mov ax, 0x4202 0x12b7d: mov cx, 0 0x12b80: mov dx, 0 0x12b83: int 0x21
2018-12-17T22:44:27.073670826Z	63	PC: 12b73 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:27.07992859Z	66	PC: 12b85 \| Move file pointer
2018-12-17T22:44:27.081362835Z	64	PC: 12ba8 \| Write file or device (Write 583 bytes on handle 5)
2018-12-17T22:44:27.089835007Z	66	PC: 12bba \| Move file pointer
2018-12-17T22:44:27.09136628Z	64	PC: 12bc8 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:27.09788663Z	87	PC: 12bd6 \| Get or set file date and time
2018-12-17T22:44:27.100284171Z	62	PC: 12bda \| Close file
2018-12-17T22:44:27.107971561Z	67	PC: 12be7 \| Get or set file attributes
2018-12-17T22:44:27.116819423Z	26	PC: 12bf2 \| Set disk transfer address
2018-12-17T22:44:27.118645347Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8218,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:54.021340391Z	47	PC: 12a5d \| Get disk transfer address
2018-12-25T12:03:54.023035709Z	26	PC: 12a6c \| Set disk transfer address
2018-12-25T12:03:54.024565578Z	78	PC: 12aea \| Find first file
2018-12-25T12:03:54.031225107Z	67	PC: 12b22 \| Get or set file attributes
2018-12-25T12:03:54.037667714Z	67	PC: 12b32 \| Get or set file attributes
2018-12-25T12:03:54.055517765Z	61	PC: 12b3c \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:54.063624132Z	87	PC: 12b48 \| Get or set file date and time
2018-12-25T12:03:54.065126847Z	44	PC: 12b52 \| Get time 0x12b52: and dh, 7 0x12b55: jne 0x12b67 0x12b57: mov ah, 0x40 0x12b59: mov cx, 5 0x12b5c: mov dx, si 0x12b5e: add dx, 0x8a 0x12b62: int 0x21 0x12b64: jmp 0x12be7 0x12b67: mov ah, 0x3f 0x12b69: mov cx, 3 0x12b6c: mov dx, 0xa 0x12b6f: add dx, si 0x12b71: int 0x21 0x12b73: jb 0x12be7 0x12b75: cmp ax, 3 0x12b78: jne 0x12be7 0x12b7a: mov ax, 0x4202 0x12b7d: mov cx, 0 0x12b80: mov dx, 0 0x12b83: int 0x21
2018-12-25T12:03:54.071312767Z	63	PC: 12b73 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:54.07941112Z	66	PC: 12b85 \| Move file pointer
2018-12-25T12:03:54.080933441Z	64	PC: 12ba8 \| Write file or device (Write 583 bytes on handle 5)
2018-12-25T12:03:54.089938674Z	66	PC: 12bba \| Move file pointer
2018-12-25T12:03:54.091383633Z	64	PC: 12bc8 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:54.095836745Z	87	PC: 12bd6 \| Get or set file date and time
2018-12-25T12:03:54.097732293Z	62	PC: 12bda \| Close file
2018-12-25T12:03:54.102952605Z	67	PC: 12be7 \| Get or set file attributes
2018-12-25T12:03:54.109936313Z	26	PC: 12bf2 \| Set disk transfer address
2018-12-25T12:03:54.111496848Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":8218,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:54.110755899Z	47	PC: 12a5d \| Get disk transfer address
2018-12-25T12:03:54.113340345Z	26	PC: 12a6c \| Set disk transfer address
2018-12-25T12:03:54.114818921Z	78	PC: 12aea \| Find first file
2018-12-25T12:03:54.121404781Z	67	PC: 12b22 \| Get or set file attributes
2018-12-25T12:03:54.12742342Z	67	PC: 12b32 \| Get or set file attributes
2018-12-25T12:03:54.141429457Z	61	PC: 12b3c \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:54.145900881Z	87	PC: 12b48 \| Get or set file date and time
2018-12-25T12:03:54.14706856Z	44	PC: 12b52 \| Get time 0x12b52: and dh, 7 0x12b55: jne 0x12b67 0x12b57: mov ah, 0x40 0x12b59: mov cx, 5 0x12b5c: mov dx, si 0x12b5e: add dx, 0x8a 0x12b62: int 0x21 0x12b64: jmp 0x12be7 0x12b67: mov ah, 0x3f 0x12b69: mov cx, 3 0x12b6c: mov dx, 0xa 0x12b6f: add dx, si 0x12b71: int 0x21 0x12b73: jb 0x12be7 0x12b75: cmp ax, 3 0x12b78: jne 0x12be7 0x12b7a: mov ax, 0x4202 0x12b7d: mov cx, 0 0x12b80: mov dx, 0 0x12b83: int 0x21
2018-12-25T12:03:54.149217335Z	63	PC: 12b73 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:54.159970774Z	66	PC: 12b85 \| Move file pointer
2018-12-25T12:03:54.161481154Z	64	PC: 12ba8 \| Write file or device (Write 583 bytes on handle 5)
2018-12-25T12:03:54.166974236Z	66	PC: 12bba \| Move file pointer
2018-12-25T12:03:54.168030675Z	64	PC: 12bc8 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:54.172076356Z	87	PC: 12bd6 \| Get or set file date and time
2018-12-25T12:03:54.174211982Z	62	PC: 12bda \| Close file
2018-12-25T12:03:54.179522046Z	67	PC: 12be7 \| Get or set file attributes
2018-12-25T12:03:54.185492442Z	26	PC: 12bf2 \| Set disk transfer address
2018-12-25T12:03:54.186853803Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')