Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Ender.1120.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:16.625824775Z 44 PC: 12a56 | Get time 0x12a56: and dh, 7
0x12a59: jne 0x12a5e
0x12a5b: jmp 0x12c30
0x12a5e: push cx
0x12a5f: mov dx, 0x4c9
0x12a62: cld
0x12a63: mov si, dx
0x12a65: add si, 0xa
0x12a68: nop
0x12a69: mov di, 0x100
0x12a6c: mov cx, 3
0x12a6f: rep movsb byte ptr es:[di], byte ptr [si]
0x12a71: mov si, dx
0x12a73: push es
0x12a74: mov ah, 0x2f
0x12a76: int 0x21
0x12a78: mov word ptr [si], bx
0x12a7a: nop
0x12a7b: nop
0x12a7c: mov word ptr [si + 2], es
2018-12-17T22:48:16.628867669Z 71 PC: 12c44 | Get current directory
2018-12-17T22:48:16.642073974Z 26 PC: 12c4c | Set disk transfer address
2018-12-17T22:48:16.643603611Z 53 PC: 12c51 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:16.647956006Z 37 PC: 12c5c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:16.650873566Z 78 PC: 12cae | Find first file
2018-12-17T22:48:16.662148857Z 67 PC: 12cb9 | Get or set file attributes
2018-12-17T22:48:16.673469594Z 67 PC: 12cc5 | Get or set file attributes
2018-12-17T22:48:16.691627877Z 61 PC: 12cce | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:16.69857401Z 87 PC: 12cd5 | Get or set file date and time
2018-12-17T22:48:16.701130036Z 63 PC: 12ce2 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:16.707528837Z 66 PC: 12cea | Move file pointer
2018-12-17T22:48:16.709046557Z 64 PC: 12d2d | Write file or device (Write 335 bytes on handle 5)
2018-12-17T22:48:16.716712721Z 66 PC: 12d36 | Move file pointer
2018-12-17T22:48:16.718197225Z 64 PC: 12d41 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:16.724555047Z 87 PC: 12d4c | Get or set file date and time
2018-12-17T22:48:16.726108937Z 62 PC: 12d50 | Close file
2018-12-17T22:48:16.734002476Z 67 PC: 12d55 | Get or set file attributes
2018-12-17T22:48:16.744477484Z 79 PC: 12cae | Find next file
2018-12-17T22:48:16.747208385Z 67 PC: 12cb9 | Get or set file attributes
2018-12-17T22:48:16.753450817Z 67 PC: 12cc5 | Get or set file attributes
2018-12-17T22:48:16.763036601Z 61 PC: 12cce | Open file (Filename = 'PRINT.COM')
2018-12-17T22:48:16.769449268Z 87 PC: 12cd5 | Get or set file date and time
2018-12-17T22:48:16.771310897Z 63 PC: 12ce2 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:16.777409594Z 66 PC: 12cea | Move file pointer
2018-12-17T22:48:16.778750694Z 87 PC: 12d4c | Get or set file date and time
2018-12-17T22:48:16.780946721Z 62 PC: 12d50 | Close file
2018-12-17T22:48:16.787813662Z 67 PC: 12d55 | Get or set file attributes
2018-12-17T22:48:16.799902956Z 79 PC: 12cae | Find next file
2018-12-17T22:48:16.803940903Z 67 PC: 12cb9 | Get or set file attributes
2018-12-17T22:48:16.807761098Z 67 PC: 12cc5 | Get or set file attributes
2018-12-17T22:48:16.814429768Z 61 PC: 12cce | Open file (Filename = 'HELLO.COM')
2018-12-17T22:48:16.819693697Z 87 PC: 12cd5 | Get or set file date and time
2018-12-17T22:48:16.82079519Z 63 PC: 12ce2 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:16.825286357Z 66 PC: 12cea | Move file pointer
2018-12-17T22:48:16.827628961Z 87 PC: 12d4c | Get or set file date and time
2018-12-17T22:48:16.829238623Z 62 PC: 12d50 | Close file
2018-12-17T22:48:16.834643537Z 67 PC: 12d55 | Get or set file attributes
2018-12-17T22:48:16.845162653Z 79 PC: 12cae | Find next file
2018-12-17T22:48:16.848118096Z 67 PC: 12cb9 | Get or set file attributes
2018-12-17T22:48:16.85372816Z 67 PC: 12cc5 | Get or set file attributes
2018-12-17T22:48:16.866206295Z 61 PC: 12cce | Open file (Filename = 'PHANG.COM')
2018-12-17T22:48:16.877736375Z 87 PC: 12cd5 | Get or set file date and time
2018-12-17T22:48:16.879241541Z 63 PC: 12ce2 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:16.886320202Z 66 PC: 12cea | Move file pointer
2018-12-17T22:48:16.887696724Z 87 PC: 12d4c | Get or set file date and time
2018-12-17T22:48:16.889096162Z 62 PC: 12d50 | Close file
2018-12-17T22:48:16.896710511Z 67 PC: 12d55 | Get or set file attributes
2018-12-17T22:48:16.906255279Z 79 PC: 12cae | Find next file
2018-12-17T22:48:16.909156105Z 67 PC: 12cb9 | Get or set file attributes
2018-12-17T22:48:16.915402853Z 67 PC: 12cc5 | Get or set file attributes
2018-12-17T22:48:16.924806704Z 61 PC: 12cce | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:48:16.936337081Z 87 PC: 12cd5 | Get or set file date and time
2018-12-17T22:48:16.938559416Z 63 PC: 12ce2 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:16.944558439Z 66 PC: 12cea | Move file pointer
2018-12-17T22:48:16.945809765Z 87 PC: 12d4c | Get or set file date and time
2018-12-17T22:48:16.948033676Z 62 PC: 12d50 | Close file
2018-12-17T22:48:16.954756035Z 67 PC: 12d55 | Get or set file attributes
2018-12-17T22:48:16.964428135Z 79 PC: 12cae | Find next file
2018-12-17T22:48:16.96791707Z 67 PC: 12cb9 | Get or set file attributes
2018-12-17T22:48:16.974703956Z 67 PC: 12cc5 | Get or set file attributes
2018-12-17T22:48:16.984617632Z 61 PC: 12cce | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:48:16.996861532Z 87 PC: 12cd5 | Get or set file date and time
2018-12-17T22:48:16.998906897Z 63 PC: 12ce2 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:17.005060017Z 66 PC: 12cea | Move file pointer
2018-12-17T22:48:17.007170377Z 87 PC: 12d4c | Get or set file date and time
2018-12-17T22:48:17.00903029Z 62 PC: 12d50 | Close file
2018-12-17T22:48:17.0169452Z 67 PC: 12d55 | Get or set file attributes
2018-12-17T22:48:17.027086075Z 79 PC: 12cae | Find next file
2018-12-17T22:48:17.030849253Z 67 PC: 12cb9 | Get or set file attributes
2018-12-17T22:48:17.038573954Z 67 PC: 12cc5 | Get or set file attributes
2018-12-17T22:48:17.229707566Z 61 PC: 12cce | Open file (Filename = 'PAH.COM')
2018-12-17T22:48:17.241553949Z 87 PC: 12cd5 | Get or set file date and time
2018-12-17T22:48:17.259469689Z 63 PC: 12ce2 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:17.266173371Z 66 PC: 12cea | Move file pointer
2018-12-17T22:48:17.2691654Z 87 PC: 12d4c | Get or set file date and time
2018-12-17T22:48:17.27093285Z 62 PC: 12d50 | Close file
2018-12-17T22:48:17.331585039Z 67 PC: 12d55 | Get or set file attributes
2018-12-17T22:48:17.44570453Z 79 PC: 12cae | Find next file
2018-12-17T22:48:17.448550431Z 67 PC: 12cb9 | Get or set file attributes
2018-12-17T22:48:17.454577918Z 67 PC: 12cc5 | Get or set file attributes
2018-12-17T22:48:17.560294435Z 61 PC: 12cce | Open file (Filename = 'TEST.COM')
2018-12-17T22:48:17.566761973Z 87 PC: 12cd5 | Get or set file date and time
2018-12-17T22:48:17.568251382Z 63 PC: 12ce2 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:17.574739932Z 66 PC: 12cea | Move file pointer
2018-12-17T22:48:17.575979281Z 87 PC: 12d4c | Get or set file date and time
2018-12-17T22:48:17.577288861Z 62 PC: 12d50 | Close file
2018-12-17T22:48:17.675021171Z 67 PC: 12d55 | Get or set file attributes
2018-12-17T22:48:18.010611806Z 79 PC: 12cae | Find next file
2018-12-17T22:48:18.013391416Z 59 PC: 12c83 | Change current directory
2018-12-17T22:48:18.018663411Z 59 PC: 12c92 | Change current directory
2018-12-17T22:48:18.028009127Z 37 PC: 12c99 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:18.029252729Z 26 PC: 12ca0 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9497,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:14.841998593Z 44 PC: 12a56 | Get time 0x12a56: and dh, 7
0x12a59: jne 0x12a5e
0x12a5b: jmp 0x12c30
0x12a5e: push cx
0x12a5f: mov dx, 0x4c9
0x12a62: cld
0x12a63: mov si, dx
0x12a65: add si, 0xa
0x12a68: nop
0x12a69: mov di, 0x100
0x12a6c: mov cx, 3
0x12a6f: rep movsb byte ptr es:[di], byte ptr [si]
0x12a71: mov si, dx
0x12a73: push es
0x12a74: mov ah, 0x2f
0x12a76: int 0x21
0x12a78: mov word ptr [si], bx
0x12a7a: nop
0x12a7b: nop
0x12a7c: mov word ptr [si + 2], es
2018-12-25T12:23:14.844462187Z 47 PC: 12a78 | Get disk transfer address
2018-12-25T12:23:14.845558214Z 26 PC: 12a8b | Set disk transfer address
2018-12-25T12:23:14.846633601Z 78 PC: 12b17 | Find first file
2018-12-25T12:23:14.850955641Z 67 PC: 12b55 | Get or set file attributes
2018-12-25T12:23:14.855221069Z 67 PC: 12b67 | Get or set file attributes
2018-12-25T12:23:14.871872023Z 61 PC: 12b72 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:14.879727261Z 87 PC: 12b7e | Get or set file date and time
2018-12-25T12:23:14.881460458Z 63 PC: 12b93 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:14.889017854Z 66 PC: 12ba5 | Move file pointer
2018-12-25T12:23:14.891200688Z 64 PC: 12bc9 | Write file or device (Write 1120 bytes on handle 5)
2018-12-25T12:23:14.902118618Z 66 PC: 12bdb | Move file pointer
2018-12-25T12:23:14.903986688Z 64 PC: 12bea | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:14.911800154Z 87 PC: 12bfd | Get or set file date and time
2018-12-25T12:23:14.914415055Z 62 PC: 12c01 | Close file
2018-12-25T12:23:14.92365847Z 67 PC: 12c10 | Get or set file attributes
2018-12-25T12:23:14.935609931Z 26 PC: 12c1d | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":9497,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:15.844449022Z 44 PC: 12a56 | Get time 0x12a56: and dh, 7
0x12a59: jne 0x12a5e
0x12a5b: jmp 0x12c30
0x12a5e: push cx
0x12a5f: mov dx, 0x4c9
0x12a62: cld
0x12a63: mov si, dx
0x12a65: add si, 0xa
0x12a68: nop
0x12a69: mov di, 0x100
0x12a6c: mov cx, 3
0x12a6f: rep movsb byte ptr es:[di], byte ptr [si]
0x12a71: mov si, dx
0x12a73: push es
0x12a74: mov ah, 0x2f
0x12a76: int 0x21
0x12a78: mov word ptr [si], bx
0x12a7a: nop
0x12a7b: nop
0x12a7c: mov word ptr [si + 2], es
2018-12-25T12:23:15.847477244Z 47 PC: 12a78 | Get disk transfer address
2018-12-25T12:23:15.849862225Z 26 PC: 12a8b | Set disk transfer address
2018-12-25T12:23:15.851620781Z 78 PC: 12b17 | Find first file
2018-12-25T12:23:15.858838792Z 67 PC: 12b55 | Get or set file attributes
2018-12-25T12:23:15.868347347Z 67 PC: 12b67 | Get or set file attributes
2018-12-25T12:23:15.887561437Z 61 PC: 12b72 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:15.895094726Z 87 PC: 12b7e | Get or set file date and time
2018-12-25T12:23:15.897678087Z 63 PC: 12b93 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:15.906281625Z 66 PC: 12ba5 | Move file pointer
2018-12-25T12:23:15.908197294Z 64 PC: 12bc9 | Write file or device (Write 1120 bytes on handle 5)
2018-12-25T12:23:15.918044492Z 66 PC: 12bdb | Move file pointer
2018-12-25T12:23:15.919703293Z 64 PC: 12bea | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:15.926968381Z 87 PC: 12bfd | Get or set file date and time
2018-12-25T12:23:15.928471213Z 62 PC: 12c01 | Close file
2018-12-25T12:23:15.937481814Z 67 PC: 12c10 | Get or set file attributes
2018-12-25T12:23:15.948930438Z 26 PC: 12c1d | Set disk transfer address