Sample viewer

vx.netlux.org/Virus.DOS.Vienna.777.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:58:32.173901796Z	48	PC: 12a71 \| Get DOS version
2018-12-17T21:58:32.176467893Z	47	PC: 12a80 \| Get disk transfer address
2018-12-17T21:58:32.17790829Z	26	PC: 12a93 \| Set disk transfer address
2018-12-17T21:58:32.179288599Z	78	PC: 12b1e \| Find first file
2018-12-17T21:58:32.186400575Z	79	PC: 12b24 \| Find next file
2018-12-17T21:58:32.201481303Z	79	PC: 12b24 \| Find next file
2018-12-17T21:58:32.204149042Z	67	PC: 12b60 \| Get or set file attributes
2018-12-17T21:58:32.210845243Z	67	PC: 12b72 \| Get or set file attributes
2018-12-17T21:58:32.227584603Z	61	PC: 12b7d \| Open file (Filename = 'HELLO.COM')
2018-12-17T21:58:32.234598355Z	87	PC: 12b89 \| Get or set file date and time
2018-12-17T21:58:32.236482919Z	44	PC: 12b95 \| Get time 0x12b95: and dh, 7 0x12b98: jne 0x12bb3 0x12b9a: mov ah, 0x40 0x12b9c: mov cx, 5 0x12b9f: mov dx, si 0x12ba1: add dx, 0xc2 0x12ba5: int 0x21 0x12ba7: mov ah, 9 0x12ba9: mov dx, si 0x12bab: add dx, 0xc9 0x12baf: int 0x21 0x12bb1: jmp 0x12c17 0x12bb3: mov ah, 0x3f 0x12bb5: mov cx, 3 0x12bb8: mov dx, 0xa 0x12bbb: nop 0x12bbc: add dx, si 0x12bbe: int 0x21 0x12bc0: jb 0x12c17 0x12bc2: cmp ax, 3
2018-12-17T21:58:32.239364195Z	64	PC: 12ba7 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T21:58:32.259959641Z	9	PC: 12bb1 \| Display string (String= 'An Iraqui Warrior is in your computer...')
2018-12-17T21:58:32.262864027Z	87	PC: 12c2f \| Get or set file date and time
2018-12-17T21:58:32.265643005Z	62	PC: 12c34 \| Close file
2018-12-17T21:58:32.270842622Z	67	PC: 12c43 \| Get or set file attributes
2018-12-17T21:58:32.277444885Z	26	PC: 12c52 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":944,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:19.757658229Z	48	PC: 12a71 \| Get DOS version
2018-12-25T11:42:19.759849357Z	47	PC: 12a80 \| Get disk transfer address
2018-12-25T11:42:19.768200899Z	26	PC: 12a93 \| Set disk transfer address
2018-12-25T11:42:19.769620083Z	78	PC: 12b1e \| Find first file
2018-12-25T11:42:19.777501437Z	79	PC: 12b24 \| Find next file
2018-12-25T11:42:19.78066491Z	79	PC: 12b24 \| Find next file (See above)
2018-12-25T11:42:19.783591266Z	67	PC: 12b60 \| Get or set file attributes
2018-12-25T11:42:19.790276601Z	67	PC: 12b72 \| Get or set file attributes
2018-12-25T11:42:19.808971731Z	61	PC: 12b7d \| Open file (Filename = 'HELLO.COM')
2018-12-25T11:42:19.816807725Z	87	PC: 12b89 \| Get or set file date and time
2018-12-25T11:42:19.818815822Z	44	PC: 12b95 \| Get time 0x12b95: and dh, 7 0x12b98: jne 0x12bb3 0x12b9a: mov ah, 0x40 0x12b9c: mov cx, 5 0x12b9f: mov dx, si 0x12ba1: add dx, 0xc2 0x12ba5: int 0x21 0x12ba7: mov ah, 9 0x12ba9: mov dx, si 0x12bab: add dx, 0xc9 0x12baf: int 0x21 0x12bb1: jmp 0x12c17 0x12bb3: mov ah, 0x3f 0x12bb5: mov cx, 3 0x12bb8: mov dx, 0xa 0x12bbb: nop 0x12bbc: add dx, si 0x12bbe: int 0x21 0x12bc0: jb 0x12c17 0x12bc2: cmp ax, 3
2018-12-25T11:42:19.822456364Z	63	PC: 12bc0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:42:19.829528197Z	66	PC: 12bd2 \| Move file pointer
2018-12-25T11:42:19.830909541Z	64	PC: 12bf6 \| Write file or device (Write 777 bytes on handle 5)
2018-12-25T11:42:19.836743832Z	66	PC: 12c08 \| Move file pointer
2018-12-25T11:42:19.837892669Z	64	PC: 12c17 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:42:19.842239499Z	87	PC: 12c2f \| Get or set file date and time
2018-12-25T11:42:19.843782668Z	62	PC: 12c34 \| Close file
2018-12-25T11:42:19.860601158Z	67	PC: 12c43 \| Get or set file attributes
2018-12-25T11:42:19.882764063Z	26	PC: 12c52 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":944,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:19.872859368Z	48	PC: 12a71 \| Get DOS version
2018-12-25T11:42:19.874819063Z	47	PC: 12a80 \| Get disk transfer address
2018-12-25T11:42:19.875851699Z	26	PC: 12a93 \| Set disk transfer address
2018-12-25T11:42:19.876964715Z	78	PC: 12b1e \| Find first file
2018-12-25T11:42:19.883244259Z	79	PC: 12b24 \| Find next file
2018-12-25T11:42:19.885756702Z	79	PC: 12b24 \| Find next file (See above)
2018-12-25T11:42:19.888212405Z	67	PC: 12b60 \| Get or set file attributes
2018-12-25T11:42:19.894137298Z	67	PC: 12b72 \| Get or set file attributes
2018-12-25T11:42:19.91307913Z	61	PC: 12b7d \| Open file (Filename = 'HELLO.COM')
2018-12-25T11:42:19.917826152Z	87	PC: 12b89 \| Get or set file date and time
2018-12-25T11:42:19.919139623Z	44	PC: 12b95 \| Get time 0x12b95: and dh, 7 0x12b98: jne 0x12bb3 0x12b9a: mov ah, 0x40 0x12b9c: mov cx, 5 0x12b9f: mov dx, si 0x12ba1: add dx, 0xc2 0x12ba5: int 0x21 0x12ba7: mov ah, 9 0x12ba9: mov dx, si 0x12bab: add dx, 0xc9 0x12baf: int 0x21 0x12bb1: jmp 0x12c17 0x12bb3: mov ah, 0x3f 0x12bb5: mov cx, 3 0x12bb8: mov dx, 0xa 0x12bbb: nop 0x12bbc: add dx, si 0x12bbe: int 0x21 0x12bc0: jb 0x12c17 0x12bc2: cmp ax, 3
2018-12-25T11:42:19.920888026Z	63	PC: 12bc0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:42:19.925434085Z	66	PC: 12bd2 \| Move file pointer
2018-12-25T11:42:19.926569043Z	64	PC: 12bf6 \| Write file or device (Write 777 bytes on handle 5)
2018-12-25T11:42:19.931930908Z	66	PC: 12c08 \| Move file pointer
2018-12-25T11:42:19.933317254Z	64	PC: 12c17 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:42:19.939727957Z	87	PC: 12c2f \| Get or set file date and time
2018-12-25T11:42:19.941608807Z	62	PC: 12c34 \| Close file
2018-12-25T11:42:19.946890382Z	67	PC: 12c43 \| Get or set file attributes
2018-12-25T11:42:19.953303134Z	26	PC: 12c52 \| Set disk transfer address