Sample viewer

vx.netlux.org/Virus.DOS.Vienna.639

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:59.68822632Z	48	PC: 13059 \| Get DOS version
2018-12-17T22:44:59.690847961Z	47	PC: 13065 \| Get disk transfer address
2018-12-17T22:44:59.6921355Z	26	PC: 13077 \| Set disk transfer address
2018-12-17T22:44:59.693212414Z	78	PC: 13102 \| Find first file
2018-12-17T22:44:59.699235203Z	67	PC: 13140 \| Get or set file attributes
2018-12-17T22:44:59.705410608Z	67	PC: 13151 \| Get or set file attributes
2018-12-17T22:44:59.721167544Z	61	PC: 1315b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:44:59.727845562Z	87	PC: 13167 \| Get or set file date and time
2018-12-17T22:44:59.729523806Z	44	PC: 13173 \| Get time 0x13173: and dh, 7 0x13176: jne 0x13188 0x13178: mov ah, 0x40 0x1317a: mov cx, 5 0x1317d: mov dx, si 0x1317f: add dx, 0x8a 0x13183: int 0x21 0x13185: jmp 0x131eb 0x13187: nop 0x13188: mov ah, 0x3f 0x1318a: mov cx, 3 0x1318d: mov dx, 0xa 0x13190: add dx, si 0x13192: int 0x21 0x13194: jb 0x131eb 0x13196: cmp ax, 3 0x13199: jne 0x131eb 0x1319b: mov ax, 0x4202 0x1319e: mov cx, 0 0x131a1: mov dx, 0
2018-12-17T22:44:59.731570669Z	63	PC: 13194 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:59.741311652Z	66	PC: 131a6 \| Move file pointer
2018-12-17T22:44:59.743562549Z	64	PC: 131ca \| Write file or device (Write 639 bytes on handle 5)
2018-12-17T22:44:59.752644048Z	66	PC: 131dc \| Move file pointer
2018-12-17T22:44:59.754047903Z	64	PC: 131eb \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:59.762493095Z	87	PC: 131fe \| Get or set file date and time
2018-12-17T22:44:59.763979224Z	62	PC: 13202 \| Close file
2018-12-17T22:44:59.776618516Z	67	PC: 13210 \| Get or set file attributes
2018-12-17T22:44:59.949738376Z	26	PC: 1321d \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8404,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:04:32.275613099Z	48	PC: 13059 \| Get DOS version
2018-12-25T12:04:32.277002763Z	47	PC: 13065 \| Get disk transfer address
2018-12-25T12:04:32.27810821Z	26	PC: 13077 \| Set disk transfer address
2018-12-25T12:04:32.27922688Z	78	PC: 13102 \| Find first file
2018-12-25T12:04:32.284962434Z	67	PC: 13140 \| Get or set file attributes
2018-12-25T12:04:32.289718788Z	67	PC: 13151 \| Get or set file attributes
2018-12-25T12:04:32.305618853Z	61	PC: 1315b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:04:32.31452695Z	87	PC: 13167 \| Get or set file date and time
2018-12-25T12:04:32.315669889Z	44	PC: 13173 \| Get time 0x13173: and dh, 7 0x13176: jne 0x13188 0x13178: mov ah, 0x40 0x1317a: mov cx, 5 0x1317d: mov dx, si 0x1317f: add dx, 0x8a 0x13183: int 0x21 0x13185: jmp 0x131eb 0x13187: nop 0x13188: mov ah, 0x3f 0x1318a: mov cx, 3 0x1318d: mov dx, 0xa 0x13190: add dx, si 0x13192: int 0x21 0x13194: jb 0x131eb 0x13196: cmp ax, 3 0x13199: jne 0x131eb 0x1319b: mov ax, 0x4202 0x1319e: mov cx, 0 0x131a1: mov dx, 0
2018-12-25T12:04:32.317676417Z	63	PC: 13194 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:32.322391682Z	66	PC: 131a6 \| Move file pointer
2018-12-25T12:04:32.323723773Z	64	PC: 131ca \| Write file or device (Write 639 bytes on handle 5)
2018-12-25T12:04:32.329650223Z	66	PC: 131dc \| Move file pointer
2018-12-25T12:04:32.330667828Z	64	PC: 131eb \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:32.335600072Z	87	PC: 131fe \| Get or set file date and time
2018-12-25T12:04:32.336666518Z	62	PC: 13202 \| Close file
2018-12-25T12:04:32.342363126Z	67	PC: 13210 \| Get or set file attributes
2018-12-25T12:04:32.34953917Z	26	PC: 1321d \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":8404,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:04:32.416929656Z	48	PC: 13059 \| Get DOS version
2018-12-25T12:04:32.418826835Z	47	PC: 13065 \| Get disk transfer address
2018-12-25T12:04:32.419838302Z	26	PC: 13077 \| Set disk transfer address
2018-12-25T12:04:32.420957022Z	78	PC: 13102 \| Find first file
2018-12-25T12:04:32.427056047Z	67	PC: 13140 \| Get or set file attributes
2018-12-25T12:04:32.432898741Z	67	PC: 13151 \| Get or set file attributes
2018-12-25T12:04:32.515623797Z	61	PC: 1315b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:04:32.525335896Z	87	PC: 13167 \| Get or set file date and time
2018-12-25T12:04:32.526746957Z	44	PC: 13173 \| Get time 0x13173: and dh, 7 0x13176: jne 0x13188 0x13178: mov ah, 0x40 0x1317a: mov cx, 5 0x1317d: mov dx, si 0x1317f: add dx, 0x8a 0x13183: int 0x21 0x13185: jmp 0x131eb 0x13187: nop 0x13188: mov ah, 0x3f 0x1318a: mov cx, 3 0x1318d: mov dx, 0xa 0x13190: add dx, si 0x13192: int 0x21 0x13194: jb 0x131eb 0x13196: cmp ax, 3 0x13199: jne 0x131eb 0x1319b: mov ax, 0x4202 0x1319e: mov cx, 0 0x131a1: mov dx, 0
2018-12-25T12:04:32.52862052Z	63	PC: 13194 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:32.533007683Z	66	PC: 131a6 \| Move file pointer
2018-12-25T12:04:32.534299386Z	64	PC: 131ca \| Write file or device (Write 639 bytes on handle 5)
2018-12-25T12:04:32.541159065Z	66	PC: 131dc \| Move file pointer
2018-12-25T12:04:32.542939546Z	64	PC: 131eb \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:32.551000604Z	87	PC: 131fe \| Get or set file date and time
2018-12-25T12:04:32.552577654Z	62	PC: 13202 \| Close file
2018-12-25T12:04:32.56017479Z	67	PC: 13210 \| Get or set file attributes
2018-12-25T12:04:32.570271403Z	26	PC: 1321d \| Set disk transfer address