Sample viewer

vx.netlux.org/Virus.DOS.Vienna.576

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:46:34.579343928Z 47 PC: 12baf | Get disk transfer address
2018-12-17T22:46:34.581608452Z 26 PC: 12bbb | Set disk transfer address
2018-12-17T22:46:34.5842964Z 78 PC: 12c2f | Find first file
2018-12-17T22:46:34.592379251Z 67 PC: 12c65 | Get or set file attributes
2018-12-17T22:46:34.599136341Z 67 PC: 12c73 | Get or set file attributes
2018-12-17T22:46:34.616738851Z 61 PC: 12c7b | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:46:34.624652755Z 87 PC: 12c87 | Get or set file date and time
2018-12-17T22:46:34.626574524Z 44 PC: 12c91 | Get time 0x12c91: and dh, 7
0x12c94: jne 0x12ca3
0x12c96: mov ah, 0x40
0x12c98: mov cx, 0xc
0x12c9b: lea dx, word ptr [si + 0x8a]
0x12c9f: int 0x21
0x12ca1: jmp 0x12cf6
0x12ca3: mov ah, 0x3f
0x12ca5: mov cx, 3
0x12ca8: lea dx, word ptr [si + 0xa]
0x12cab: int 0x21
0x12cad: jb 0x12cf6
0x12caf: cmp ax, 3
0x12cb2: jne 0x12cf6
0x12cb4: mov ax, 0x4202
0x12cb7: xor cx, cx
0x12cb9: xor dx, dx
0x12cbb: int 0x21
0x12cbd: jb 0x12cf6
0x12cbf: mov cx, ax
2018-12-17T22:46:34.630794349Z 63 PC: 12cad | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:46:34.638029879Z 66 PC: 12cbd | Move file pointer
2018-12-17T22:46:34.640386695Z 64 PC: 12cda | Write file or device (Write 576 bytes on handle 5)
2018-12-17T22:46:34.65433931Z 66 PC: 12cea | Move file pointer
2018-12-17T22:46:34.659409592Z 64 PC: 12cf6 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:46:34.667123971Z 87 PC: 12d07 | Get or set file date and time
2018-12-17T22:46:34.670223452Z 62 PC: 12d0b | Close file
2018-12-17T22:46:34.679274071Z 67 PC: 12d16 | Get or set file attributes
2018-12-17T22:46:34.702378524Z 26 PC: 12d20 | Set disk transfer address
2018-12-17T22:46:34.71042185Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:46:34.720775977Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8928,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:11.775607838Z 47 PC: 12baf | Get disk transfer address
2018-12-25T12:22:11.777029124Z 26 PC: 12bbb | Set disk transfer address
2018-12-25T12:22:11.77808186Z 78 PC: 12c2f | Find first file
2018-12-25T12:22:11.783878628Z 67 PC: 12c65 | Get or set file attributes
2018-12-25T12:22:11.78955861Z 67 PC: 12c73 | Get or set file attributes
2018-12-25T12:22:11.807691138Z 61 PC: 12c7b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:11.819185458Z 87 PC: 12c87 | Get or set file date and time
2018-12-25T12:22:11.820654405Z 44 PC: 12c91 | Get time 0x12c91: and dh, 7
0x12c94: jne 0x12ca3
0x12c96: mov ah, 0x40
0x12c98: mov cx, 0xc
0x12c9b: lea dx, word ptr [si + 0x8a]
0x12c9f: int 0x21
0x12ca1: jmp 0x12cf6
0x12ca3: mov ah, 0x3f
0x12ca5: mov cx, 3
0x12ca8: lea dx, word ptr [si + 0xa]
0x12cab: int 0x21
0x12cad: jb 0x12cf6
0x12caf: cmp ax, 3
0x12cb2: jne 0x12cf6
0x12cb4: mov ax, 0x4202
0x12cb7: xor cx, cx
0x12cb9: xor dx, dx
0x12cbb: int 0x21
0x12cbd: jb 0x12cf6
0x12cbf: mov cx, ax
2018-12-25T12:22:11.822810721Z 63 PC: 12cad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:11.828897598Z 66 PC: 12cbd | Move file pointer
2018-12-25T12:22:11.830150542Z 64 PC: 12cda | Write file or device (Write 576 bytes on handle 5)
2018-12-25T12:22:11.83833812Z 66 PC: 12cea | Move file pointer
2018-12-25T12:22:11.839535067Z 64 PC: 12cf6 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:11.845742252Z 87 PC: 12d07 | Get or set file date and time
2018-12-25T12:22:11.847822774Z 62 PC: 12d0b | Close file
2018-12-25T12:22:11.855354624Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:22:11.865157649Z 26 PC: 12d20 | Set disk transfer address
2018-12-25T12:22:11.87276245Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:22:11.877985438Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":8928,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:11.872640921Z 47 PC: 12baf | Get disk transfer address
2018-12-25T12:22:11.874230504Z 26 PC: 12bbb | Set disk transfer address
2018-12-25T12:22:11.875937393Z 78 PC: 12c2f | Find first file
2018-12-25T12:22:11.882774461Z 67 PC: 12c65 | Get or set file attributes
2018-12-25T12:22:11.890554961Z 67 PC: 12c73 | Get or set file attributes
2018-12-25T12:22:11.90810053Z 61 PC: 12c7b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:11.916234562Z 87 PC: 12c87 | Get or set file date and time
2018-12-25T12:22:11.918333895Z 44 PC: 12c91 | Get time 0x12c91: and dh, 7
0x12c94: jne 0x12ca3
0x12c96: mov ah, 0x40
0x12c98: mov cx, 0xc
0x12c9b: lea dx, word ptr [si + 0x8a]
0x12c9f: int 0x21
0x12ca1: jmp 0x12cf6
0x12ca3: mov ah, 0x3f
0x12ca5: mov cx, 3
0x12ca8: lea dx, word ptr [si + 0xa]
0x12cab: int 0x21
0x12cad: jb 0x12cf6
0x12caf: cmp ax, 3
0x12cb2: jne 0x12cf6
0x12cb4: mov ax, 0x4202
0x12cb7: xor cx, cx
0x12cb9: xor dx, dx
0x12cbb: int 0x21
0x12cbd: jb 0x12cf6
0x12cbf: mov cx, ax
2018-12-25T12:22:11.921547717Z 63 PC: 12cad | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:11.928780017Z 66 PC: 12cbd | Move file pointer
2018-12-25T12:22:11.930275376Z 64 PC: 12cda | Write file or device (Write 576 bytes on handle 5)
2018-12-25T12:22:11.939462025Z 66 PC: 12cea | Move file pointer
2018-12-25T12:22:11.941016315Z 64 PC: 12cf6 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:11.94822349Z 87 PC: 12d07 | Get or set file date and time
2018-12-25T12:22:11.950582194Z 62 PC: 12d0b | Close file
2018-12-25T12:22:11.960744757Z 67 PC: 12d16 | Get or set file attributes
2018-12-25T12:22:11.972067766Z 26 PC: 12d20 | Set disk transfer address
2018-12-25T12:22:11.976048294Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:22:11.982186058Z 76 PC: 12a86 | Terminate with return code (Return code = '36')