Sample viewer

vx.netlux.org/Virus.DOS.Vienna.648.o

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:01.529632712Z	47	PC: 15169 \| Get disk transfer address
2018-12-17T22:48:01.532434267Z	26	PC: 15178 \| Set disk transfer address
2018-12-17T22:48:01.53460697Z	78	PC: 151f9 \| Find first file
2018-12-17T22:48:01.541565244Z	67	PC: 15231 \| Get or set file attributes
2018-12-17T22:48:01.547837069Z	67	PC: 15241 \| Get or set file attributes
2018-12-17T22:48:01.565754197Z	61	PC: 1524b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:01.573301599Z	87	PC: 15257 \| Get or set file date and time
2018-12-17T22:48:01.575407075Z	44	PC: 15261 \| Get time 0x15261: and dh, 7 0x15264: jne 0x15276 0x15266: mov ah, 0x40 0x15268: mov cx, 5 0x1526b: mov dx, si 0x1526d: add dx, 0x8a 0x15271: int 0x21 0x15273: jmp 0x152d7 0x15275: nop 0x15276: mov ah, 0x3f 0x15278: mov cx, 3 0x1527b: mov dx, 0xa 0x1527e: add dx, si 0x15280: int 0x21 0x15282: jb 0x152d7 0x15284: cmp ax, 3 0x15287: jne 0x152d7 0x15289: mov ax, 0x4202 0x1528c: mov cx, 0 0x1528f: mov dx, 0
2018-12-17T22:48:01.579340046Z	63	PC: 15282 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:48:01.58682504Z	66	PC: 15294 \| Move file pointer
2018-12-17T22:48:01.589038119Z	64	PC: 152b7 \| Write file or device (Write 648 bytes on handle 5)
2018-12-17T22:48:01.599310621Z	66	PC: 152c9 \| Move file pointer
2018-12-17T22:48:01.601516106Z	64	PC: 152d7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:01.609862589Z	87	PC: 152e8 \| Get or set file date and time
2018-12-17T22:48:01.612804457Z	62	PC: 152ec \| Close file
2018-12-17T22:48:01.621637916Z	67	PC: 152f9 \| Get or set file attributes
2018-12-17T22:48:01.632642704Z	26	PC: 15303 \| Set disk transfer address
2018-12-17T22:48:01.634800569Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9413,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:08.123835072Z	47	PC: 15169 \| Get disk transfer address
2018-12-25T12:23:08.125215567Z	26	PC: 15178 \| Set disk transfer address
2018-12-25T12:23:08.126227837Z	78	PC: 151f9 \| Find first file
2018-12-25T12:23:08.131941693Z	67	PC: 15231 \| Get or set file attributes
2018-12-25T12:23:08.137684627Z	67	PC: 15241 \| Get or set file attributes
2018-12-25T12:23:08.156229115Z	61	PC: 1524b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:08.167561004Z	87	PC: 15257 \| Get or set file date and time
2018-12-25T12:23:08.184522299Z	44	PC: 15261 \| Get time 0x15261: and dh, 7 0x15264: jne 0x15276 0x15266: mov ah, 0x40 0x15268: mov cx, 5 0x1526b: mov dx, si 0x1526d: add dx, 0x8a 0x15271: int 0x21 0x15273: jmp 0x152d7 0x15275: nop 0x15276: mov ah, 0x3f 0x15278: mov cx, 3 0x1527b: mov dx, 0xa 0x1527e: add dx, si 0x15280: int 0x21 0x15282: jb 0x152d7 0x15284: cmp ax, 3 0x15287: jne 0x152d7 0x15289: mov ax, 0x4202 0x1528c: mov cx, 0 0x1528f: mov dx, 0
2018-12-25T12:23:08.186560244Z	63	PC: 15282 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:08.192663788Z	66	PC: 15294 \| Move file pointer
2018-12-25T12:23:08.19425482Z	64	PC: 152b7 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T12:23:08.203798382Z	66	PC: 152c9 \| Move file pointer
2018-12-25T12:23:08.205004008Z	64	PC: 152d7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:08.211342931Z	87	PC: 152e8 \| Get or set file date and time
2018-12-25T12:23:08.212805914Z	62	PC: 152ec \| Close file
2018-12-25T12:23:08.220618359Z	67	PC: 152f9 \| Get or set file attributes
2018-12-25T12:23:08.23059771Z	26	PC: 15303 \| Set disk transfer address
2018-12-25T12:23:08.233016647Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":9413,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:08.103767918Z	47	PC: 15169 \| Get disk transfer address
2018-12-25T12:23:08.105240387Z	26	PC: 15178 \| Set disk transfer address
2018-12-25T12:23:08.1064507Z	78	PC: 151f9 \| Find first file
2018-12-25T12:23:08.11079059Z	67	PC: 15231 \| Get or set file attributes
2018-12-25T12:23:08.116901064Z	67	PC: 15241 \| Get or set file attributes
2018-12-25T12:23:08.135201284Z	61	PC: 1524b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:08.139572615Z	87	PC: 15257 \| Get or set file date and time
2018-12-25T12:23:08.140643086Z	44	PC: 15261 \| Get time 0x15261: and dh, 7 0x15264: jne 0x15276 0x15266: mov ah, 0x40 0x15268: mov cx, 5 0x1526b: mov dx, si 0x1526d: add dx, 0x8a 0x15271: int 0x21 0x15273: jmp 0x152d7 0x15275: nop 0x15276: mov ah, 0x3f 0x15278: mov cx, 3 0x1527b: mov dx, 0xa 0x1527e: add dx, si 0x15280: int 0x21 0x15282: jb 0x152d7 0x15284: cmp ax, 3 0x15287: jne 0x152d7 0x15289: mov ax, 0x4202 0x1528c: mov cx, 0 0x1528f: mov dx, 0
2018-12-25T12:23:08.143040304Z	63	PC: 15282 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:08.147690776Z	66	PC: 15294 \| Move file pointer
2018-12-25T12:23:08.148978747Z	64	PC: 152b7 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T12:23:08.15567766Z	66	PC: 152c9 \| Move file pointer
2018-12-25T12:23:08.156868436Z	64	PC: 152d7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:08.161700648Z	87	PC: 152e8 \| Get or set file date and time
2018-12-25T12:23:08.184088713Z	62	PC: 152ec \| Close file
2018-12-25T12:23:08.193411008Z	67	PC: 152f9 \| Get or set file attributes
2018-12-25T12:23:08.205289459Z	26	PC: 15303 \| Set disk transfer address
2018-12-25T12:23:08.206830327Z	76	PC: 1514d \| Terminate with return code (Return code = '0')