Sample viewer

vx.netlux.org/Virus.DOS.Vienna.1881.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:47.798064342Z 48 PC: 12ba5 | Get DOS version
2018-12-17T22:47:47.800130833Z 47 PC: 12bb1 | Get disk transfer address
2018-12-17T22:47:47.801265536Z 26 PC: 12bc0 | Set disk transfer address
2018-12-17T22:47:47.803076946Z 78 PC: 12c41 | Find first file
2018-12-17T22:47:47.809219934Z 67 PC: 12c79 | Get or set file attributes
2018-12-17T22:47:47.815681565Z 67 PC: 12c89 | Get or set file attributes
2018-12-17T22:47:47.84206996Z 61 PC: 12c93 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:47:47.848660832Z 87 PC: 12c9f | Get or set file date and time
2018-12-17T22:47:47.860222027Z 63 PC: 12cb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:47.870996289Z 66 PC: 12cc3 | Move file pointer
2018-12-17T22:47:47.872859505Z 64 PC: 12ce7 | Write file or device (Write 1881 bytes on handle 5)
2018-12-17T22:47:47.884777697Z 66 PC: 12cfa | Move file pointer
2018-12-17T22:47:47.886585348Z 64 PC: 12d08 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:47.893790201Z 87 PC: 12d19 | Get or set file date and time
2018-12-17T22:47:47.89687892Z 62 PC: 12d1d | Close file
2018-12-17T22:47:47.904878376Z 67 PC: 12d2a | Get or set file attributes
2018-12-17T22:47:47.915389754Z 26 PC: 12d34 | Set disk transfer address
2018-12-17T22:47:47.917812939Z 42 PC: 12d39 | Get date 0x12d39: cmp dx, 0xc13
0x12d3d: jae 0x12d47
0x12d3f: cmp dx, 0x101
0x12d43: jb 0x12d47
0x12d45: jmp 0x12d55
0x12d47: mov dx, si
0x12d49: add dx, 0x8a
0x12d4d: mov ah, 9
0x12d4f: int 0x21
0x12d51: mov ah, 0
0x12d53: int 0x16
0x12d55: pop cx
0x12d56: xor ax, ax
0x12d58: xor bx, bx
0x12d5a: xor dx, dx
0x12d5c: xor si, si
0x12d5e: mov di, 0x100
0x12d61: push di
0x12d62: xor di, di
0x12d64: ret 0xffff
2018-12-17T22:47:47.920549521Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:47:47.924922625Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9340,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:55.883076669Z 48 PC: 12ba5 | Get DOS version
2018-12-25T12:22:55.885268046Z 47 PC: 12bb1 | Get disk transfer address
2018-12-25T12:22:55.886377138Z 26 PC: 12bc0 | Set disk transfer address
2018-12-25T12:22:55.887555348Z 78 PC: 12c41 | Find first file
2018-12-25T12:22:55.893964523Z 67 PC: 12c79 | Get or set file attributes
2018-12-25T12:22:55.89935634Z 67 PC: 12c89 | Get or set file attributes
2018-12-25T12:22:55.917350355Z 61 PC: 12c93 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:55.929264732Z 87 PC: 12c9f | Get or set file date and time
2018-12-25T12:22:55.930489336Z 63 PC: 12cb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:55.936487735Z 66 PC: 12cc3 | Move file pointer
2018-12-25T12:22:55.93829842Z 64 PC: 12ce7 | Write file or device (Write 1881 bytes on handle 5)
2018-12-25T12:22:55.946447368Z 66 PC: 12cfa | Move file pointer
2018-12-25T12:22:55.94764437Z 64 PC: 12d08 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:55.954307797Z 87 PC: 12d19 | Get or set file date and time
2018-12-25T12:22:55.955930528Z 62 PC: 12d1d | Close file
2018-12-25T12:22:55.963598291Z 67 PC: 12d2a | Get or set file attributes
2018-12-25T12:22:55.975008298Z 26 PC: 12d34 | Set disk transfer address
2018-12-25T12:22:55.976371842Z 42 PC: 12d39 | Get date 0x12d39: cmp dx, 0xc13
0x12d3d: jae 0x12d47
0x12d3f: cmp dx, 0x101
0x12d43: jb 0x12d47
0x12d45: jmp 0x12d55
0x12d47: mov dx, si
0x12d49: add dx, 0x8a
0x12d4d: mov ah, 9
0x12d4f: int 0x21
0x12d51: mov ah, 0
0x12d53: int 0x16
0x12d55: pop cx
0x12d56: xor ax, ax
0x12d58: xor bx, bx
0x12d5a: xor dx, dx
0x12d5c: xor si, si
0x12d5e: mov di, 0x100
0x12d61: push di
0x12d62: xor di, di
0x12d64: ret 0xffff
2018-12-25T12:22:55.978675914Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:22:55.984325704Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":20,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9340,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:56.194744963Z 48 PC: 12ba5 | Get DOS version
2018-12-25T12:22:56.196500616Z 47 PC: 12bb1 | Get disk transfer address
2018-12-25T12:22:56.198099087Z 26 PC: 12bc0 | Set disk transfer address
2018-12-25T12:22:56.199786932Z 78 PC: 12c41 | Find first file
2018-12-25T12:22:56.205539466Z 67 PC: 12c79 | Get or set file attributes
2018-12-25T12:22:56.211987849Z 67 PC: 12c89 | Get or set file attributes
2018-12-25T12:22:56.227513741Z 61 PC: 12c93 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:56.23389996Z 87 PC: 12c9f | Get or set file date and time
2018-12-25T12:22:56.235744787Z 63 PC: 12cb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:56.24195701Z 66 PC: 12cc3 | Move file pointer
2018-12-25T12:22:56.243308707Z 64 PC: 12ce7 | Write file or device (Write 1881 bytes on handle 5)
2018-12-25T12:22:56.252240603Z 66 PC: 12cfa | Move file pointer
2018-12-25T12:22:56.253512868Z 64 PC: 12d08 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:56.259727751Z 87 PC: 12d19 | Get or set file date and time
2018-12-25T12:22:56.261357639Z 62 PC: 12d1d | Close file
2018-12-25T12:22:56.273966912Z 67 PC: 12d2a | Get or set file attributes
2018-12-25T12:22:56.283907449Z 26 PC: 12d34 | Set disk transfer address
2018-12-25T12:22:56.28531505Z 42 PC: 12d39 | Get date 0x12d39: cmp dx, 0xc13
0x12d3d: jae 0x12d47
0x12d3f: cmp dx, 0x101
0x12d43: jb 0x12d47
0x12d45: jmp 0x12d55
0x12d47: mov dx, si
0x12d49: add dx, 0x8a
0x12d4d: mov ah, 9
0x12d4f: int 0x21
0x12d51: mov ah, 0
0x12d53: int 0x16
0x12d55: pop cx
0x12d56: xor ax, ax
0x12d58: xor bx, bx
0x12d5a: xor dx, dx
0x12d5c: xor si, si
0x12d5e: mov di, 0x100
0x12d61: push di
0x12d62: xor di, di
0x12d64: ret 0xffff
2018-12-25T12:22:56.287523051Z 9 PC: 12d51 | Display string (Could not find end pointer)