Sample viewer

vx.netlux.org/Virus.DOS.Vienna.457

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:58:15.084116341Z	47	PC: 133fb \| Get disk transfer address
2018-12-17T21:58:15.086206571Z	26	PC: 1340b \| Set disk transfer address
2018-12-17T21:58:15.087255701Z	37	PC: 13414 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:58:15.088582845Z	78	PC: 13483 \| Find first file
2018-12-17T21:58:15.093295378Z	67	PC: 134b8 \| Get or set file attributes
2018-12-17T21:58:15.421786832Z	61	PC: 134c1 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T21:58:15.433754072Z	63	PC: 134d0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:58:15.441685838Z	66	PC: 134e0 \| Move file pointer
2018-12-17T21:58:15.443181921Z	64	PC: 134f4 \| Write file or device (Write 457 bytes on handle 5)
2018-12-17T21:58:15.451188587Z	66	PC: 13504 \| Move file pointer
2018-12-17T21:58:15.453436096Z	64	PC: 13511 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:58:15.460314553Z	87	PC: 13524 \| Get or set file date and time
2018-12-17T21:58:15.461777694Z	62	PC: 13528 \| Close file
2018-12-17T21:58:15.469795523Z	67	PC: 13537 \| Get or set file attributes
2018-12-17T21:58:15.479417412Z	26	PC: 13540 \| Set disk transfer address
2018-12-17T21:58:15.480320934Z	37	PC: 1354a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:58:15.481336717Z	42	PC: 1354f \| Get date 0x1354f: cmp dl, 0xd 0x13552: jne 0x13568 0x13554: cmp al, 5 0x13556: jne 0x13568 0x13558: push es 0x13559: mov ah, 0x52 0x1355b: int 0x21 0x1355d: mov es, word ptr es:[bx - 2] 0x13561: mov byte ptr es:[0], 0 0x13567: pop es 0x13568: pop ax 0x13569: xor bx, bx 0x1356b: xor cx, cx 0x1356d: xor dx, dx 0x1356f: xor si, si 0x13571: xor di, di 0x13573: mov bp, 0x100 0x13576: push bp 0x13577: xor bp, bp 0x13579: ret
2018-12-17T21:58:15.483843065Z	48	PC: 12f30 \| Get DOS version
2018-12-17T21:58:15.484933924Z	9	PC: 12f3c \| Display string (String= ' Versi�n incorrecta del DOS ')
2018-12-17T21:58:15.489802735Z	76	PC: 13151 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":908,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:04.338943889Z	47	PC: 133fb \| Get disk transfer address
2018-12-25T11:42:04.341054826Z	26	PC: 1340b \| Set disk transfer address
2018-12-25T11:42:04.342873811Z	37	PC: 13414 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:04.344038593Z	78	PC: 13483 \| Find first file
2018-12-25T11:42:04.352122381Z	67	PC: 134b8 \| Get or set file attributes
2018-12-25T11:42:04.368559296Z	61	PC: 134c1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:42:04.391208526Z	63	PC: 134d0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:42:04.397497554Z	66	PC: 134e0 \| Move file pointer
2018-12-25T11:42:04.400080867Z	64	PC: 134f4 \| Write file or device (Write 457 bytes on handle 5)
2018-12-25T11:42:04.40740533Z	66	PC: 13504 \| Move file pointer
2018-12-25T11:42:04.40861317Z	64	PC: 13511 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:42:04.414371987Z	87	PC: 13524 \| Get or set file date and time
2018-12-25T11:42:04.416024832Z	62	PC: 13528 \| Close file
2018-12-25T11:42:04.422314638Z	67	PC: 13537 \| Get or set file attributes
2018-12-25T11:42:04.432286029Z	26	PC: 13540 \| Set disk transfer address
2018-12-25T11:42:04.438164785Z	37	PC: 1354a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:04.439545334Z	42	PC: 1354f \| Get date 0x1354f: cmp dl, 0xd 0x13552: jne 0x13568 0x13554: cmp al, 5 0x13556: jne 0x13568 0x13558: push es 0x13559: mov ah, 0x52 0x1355b: int 0x21 0x1355d: mov es, word ptr es:[bx - 2] 0x13561: mov byte ptr es:[0], 0 0x13567: pop es 0x13568: pop ax 0x13569: xor bx, bx 0x1356b: xor cx, cx 0x1356d: xor dx, dx 0x1356f: xor si, si 0x13571: xor di, di 0x13573: mov bp, 0x100 0x13576: push bp 0x13577: xor bp, bp 0x13579: ret
2018-12-25T11:42:04.442245092Z	48	PC: 12f30 \| Get DOS version
2018-12-25T11:42:04.443281755Z	9	PC: 12f3c \| Display string (String= ' Versi�n incorrecta del DOS ')
2018-12-25T11:42:04.446487364Z	76	PC: 13151 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":908,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:04.528972642Z	47	PC: 133fb \| Get disk transfer address
2018-12-25T11:42:04.530390657Z	26	PC: 1340b \| Set disk transfer address
2018-12-25T11:42:04.531288236Z	37	PC: 13414 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:04.53231887Z	78	PC: 13483 \| Find first file
2018-12-25T11:42:04.538898531Z	67	PC: 134b8 \| Get or set file attributes
2018-12-25T11:42:04.554923253Z	61	PC: 134c1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:42:04.566161887Z	63	PC: 134d0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:42:04.572745085Z	66	PC: 134e0 \| Move file pointer
2018-12-25T11:42:04.573994847Z	64	PC: 134f4 \| Write file or device (Write 457 bytes on handle 5)
2018-12-25T11:42:04.594740173Z	66	PC: 13504 \| Move file pointer
2018-12-25T11:42:04.603322566Z	64	PC: 13511 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:42:04.610119437Z	87	PC: 13524 \| Get or set file date and time
2018-12-25T11:42:04.611935553Z	62	PC: 13528 \| Close file
2018-12-25T11:42:04.62381278Z	67	PC: 13537 \| Get or set file attributes
2018-12-25T11:42:04.658989524Z	26	PC: 13540 \| Set disk transfer address
2018-12-25T11:42:04.660475881Z	37	PC: 1354a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:04.662567522Z	42	PC: 1354f \| Get date 0x1354f: cmp dl, 0xd 0x13552: jne 0x13568 0x13554: cmp al, 5 0x13556: jne 0x13568 0x13558: push es 0x13559: mov ah, 0x52 0x1355b: int 0x21 0x1355d: mov es, word ptr es:[bx - 2] 0x13561: mov byte ptr es:[0], 0 0x13567: pop es 0x13568: pop ax 0x13569: xor bx, bx 0x1356b: xor cx, cx 0x1356d: xor dx, dx 0x1356f: xor si, si 0x13571: xor di, di 0x13573: mov bp, 0x100 0x13576: push bp 0x13577: xor bp, bp 0x13579: ret
2018-12-25T11:42:04.666829913Z	48	PC: 12f30 \| Get DOS version
2018-12-25T11:42:04.683662421Z	9	PC: 12f3c \| Display string (String= ' Versi�n incorrecta del DOS ')
2018-12-25T11:42:04.688983755Z	76	PC: 13151 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":908,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:04.514439719Z	47	PC: 133fb \| Get disk transfer address
2018-12-25T11:42:04.516879005Z	26	PC: 1340b \| Set disk transfer address
2018-12-25T11:42:04.517721175Z	37	PC: 13414 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:04.518783716Z	78	PC: 13483 \| Find first file
2018-12-25T11:42:04.523344223Z	67	PC: 134b8 \| Get or set file attributes
2018-12-25T11:42:04.536144237Z	61	PC: 134c1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:42:04.540562702Z	63	PC: 134d0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:42:04.544381409Z	66	PC: 134e0 \| Move file pointer
2018-12-25T11:42:04.545702087Z	64	PC: 134f4 \| Write file or device (Write 457 bytes on handle 5)
2018-12-25T11:42:04.554807956Z	66	PC: 13504 \| Move file pointer
2018-12-25T11:42:04.556267781Z	64	PC: 13511 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:42:04.570339317Z	87	PC: 13524 \| Get or set file date and time
2018-12-25T11:42:04.571646253Z	62	PC: 13528 \| Close file
2018-12-25T11:42:04.578969475Z	67	PC: 13537 \| Get or set file attributes
2018-12-25T11:42:04.591754511Z	26	PC: 13540 \| Set disk transfer address
2018-12-25T11:42:04.592672054Z	37	PC: 1354a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:04.593564871Z	42	PC: 1354f \| Get date 0x1354f: cmp dl, 0xd 0x13552: jne 0x13568 0x13554: cmp al, 5 0x13556: jne 0x13568 0x13558: push es 0x13559: mov ah, 0x52 0x1355b: int 0x21 0x1355d: mov es, word ptr es:[bx - 2] 0x13561: mov byte ptr es:[0], 0 0x13567: pop es 0x13568: pop ax 0x13569: xor bx, bx 0x1356b: xor cx, cx 0x1356d: xor dx, dx 0x1356f: xor si, si 0x13571: xor di, di 0x13573: mov bp, 0x100 0x13576: push bp 0x13577: xor bp, bp 0x13579: ret
2018-12-25T11:42:04.595965586Z	82	PC: 1355d \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:42:04.597161398Z	48	PC: 12f30 \| Get DOS version
2018-12-25T11:42:04.597987218Z	9	PC: 12f3c \| Display string (String= ' Versi�n incorrecta del DOS ')
2018-12-25T11:42:04.603431352Z	76	PC: 13151 \| Terminate with return code (Return code = '1')
2018-12-25T11:42:04.605341698Z	77	PC: 11fe0 \| Get program return code
2018-12-25T11:42:04.606075249Z	72	PC: 12174 \| Allocate memory
2018-12-25T11:42:04.607395104Z	72	PC: 1218d \| Allocate memory
2018-12-25T11:42:04.608800169Z	2	PC: 1268d \| Character output (Char = '0d')
2018-12-25T11:42:04.610863415Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.614697527Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.616615978Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.618412137Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.621903602Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.623774653Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.62567563Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.62850717Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.630373614Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.63209271Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.63447169Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.636393386Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.638135765Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.640366811Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.642372809Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.644236431Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.646648873Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.650823489Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.653043371Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.656041989Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.662760445Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.665116579Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.667411933Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.671404742Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.67374862Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.675897325Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.680615165Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.682880023Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.685746736Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.688827016Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.691218418Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.693214243Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.695828898Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.69785827Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.700332825Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.703211002Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.70529321Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.707336673Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.709902234Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.712572587Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.714839547Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.718040816Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.720200514Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.722347304Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.726414777Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.729283677Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.731888667Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.735036038Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.737342966Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.73970715Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.743622462Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.747071705Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.749143793Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.752393372Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.755486593Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.75769532Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.760434668Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.761904034Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.763341872Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.765139228Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.766573042Z	2	PC: 1268d \| Character output (See above)
2018-12-25T11:42:04.76796373Z	2	PC: 1268d \| Character output (See above)