Sample viewer

vx.netlux.org/Virus.DOS.Vienna.939

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:17.92652111Z	47	PC: 139ee \| Get disk transfer address
2018-12-17T22:48:17.928507653Z	26	PC: 139fd \| Set disk transfer address
2018-12-17T22:48:17.930200994Z	78	PC: 13a9f \| Find first file
2018-12-17T22:48:17.936458412Z	79	PC: 13aa6 \| Find next file
2018-12-17T22:48:17.939445525Z	79	PC: 13aa6 \| Find next file
2018-12-17T22:48:17.942821959Z	79	PC: 13aa6 \| Find next file
2018-12-17T22:48:17.94585593Z	79	PC: 13aa6 \| Find next file
2018-12-17T22:48:17.948845317Z	79	PC: 13aa6 \| Find next file
2018-12-17T22:48:17.953996527Z	79	PC: 13aa6 \| Find next file
2018-12-17T22:48:17.956749489Z	79	PC: 13aa6 \| Find next file
2018-12-17T22:48:17.959512511Z	67	PC: 13aea \| Get or set file attributes
2018-12-17T22:48:17.977648138Z	61	PC: 13aef \| Open file (Filename = 'TEST.COM')
2018-12-17T22:48:17.98529655Z	44	PC: 13b44 \| Get time 0x13b44: cmp dl, 0x32 0x13b47: ja 0x13b4c 0x13b49: jmp 0x13c17 0x13b4c: mov ah, 0x35 0x13b4e: mov al, 0xf2 0x13b50: int 0x21 0x13b52: cmp bx, 0x7777 0x13b56: jne 0x13b5b 0x13b58: jmp 0x13bdd 0x13b5b: mov ax, ds 0x13b5d: dec ax 0x13b5e: mov es, ax 0x13b60: mov bx, 0 0x13b63: cmp byte ptr es:[bx], 0x5a 0x13b67: je 0x13ba7 0x13b69: push bx 0x13b6a: mov ah, 0x48 0x13b6c: mov bx, 0xffff 0x13b6f: int 0x21 0x13b71: cmp bx, 5
2018-12-17T22:48:17.987778694Z	53	PC: 13b52 \| Get interrupt vector (Interrupt = '242' AKA 'UNKNOWN!')
2018-12-17T22:48:17.99807536Z	37	PC: 13bda \| Set interrupt vector (Interrupt = '242' AKA 'UNKNOWN!')
2018-12-17T22:48:17.999275325Z	53	PC: 13be6 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:48:18.000523701Z	37	PC: 13c17 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:48:18.008248235Z	42	PC: 13c24 \| Get date 0x13c24: cmp dl, 0xd 0x13c27: jne 0x13c59 0x13c29: mov ah, 0x2c 0x13c2b: int 0x21 0x13c2d: cmp dl, 0x3c 0x13c30: ja 0x13c3f 0x13c32: cmp dl, 0x1e 0x13c35: ja 0x13c47 0x13c37: mov dx, si 0x13c39: add dx, 0x21 0x13c3c: jmp 0x13c4f 0x13c3e: nop 0x13c3f: mov dx, si 0x13c41: add dx, 0x79 0x13c44: jmp 0x13c4f 0x13c46: nop 0x13c47: mov dx, si 0x13c49: add dx, 0x7d 0x13c4c: jmp 0x13c4f 0x13c4e: nop
2018-12-17T22:48:18.010988524Z	63	PC: 13c65 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:48:18.014191162Z	66	PC: 13c76 \| Move file pointer
2018-12-17T22:48:18.017684055Z	64	PC: 13c97 \| Write file or device (Write 939 bytes on handle 5)
2018-12-17T22:48:18.037378381Z	66	PC: 13ca9 \| Move file pointer
2018-12-17T22:48:18.040284141Z	64	PC: 13cb5 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:18.044186694Z	87	PC: 13cc0 \| Get or set file date and time
2018-12-17T22:48:18.046392028Z	62	PC: 13cc4 \| Close file
2018-12-17T22:48:18.055076046Z	67	PC: 13cd1 \| Get or set file attributes
2018-12-17T22:48:18.066065154Z	26	PC: 13cdb \| Set disk transfer address

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9507,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:16.791877166Z	47	PC: 139ee \| Get disk transfer address
2018-12-25T12:23:16.793186752Z	26	PC: 139fd \| Set disk transfer address
2018-12-25T12:23:16.795459578Z	78	PC: 13a9f \| Find first file
2018-12-25T12:23:16.802198587Z	79	PC: 13aa6 \| Find next file
2018-12-25T12:23:16.80530385Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:16.809227493Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:16.812470458Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:16.81574292Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:16.819874636Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:16.823216616Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:16.826603263Z	67	PC: 13aea \| Get or set file attributes
2018-12-25T12:23:16.845865564Z	61	PC: 13aef \| Open file (Filename = 'TEST.COM')
2018-12-25T12:23:16.853464497Z	44	PC: 13b44 \| Get time 0x13b44: cmp dl, 0x32 0x13b47: ja 0x13b4c 0x13b49: jmp 0x13c17 0x13b4c: mov ah, 0x35 0x13b4e: mov al, 0xf2 0x13b50: int 0x21 0x13b52: cmp bx, 0x7777 0x13b56: jne 0x13b5b 0x13b58: jmp 0x13bdd 0x13b5b: mov ax, ds 0x13b5d: dec ax 0x13b5e: mov es, ax 0x13b60: mov bx, 0 0x13b63: cmp byte ptr es:[bx], 0x5a 0x13b67: je 0x13ba7 0x13b69: push bx 0x13b6a: mov ah, 0x48 0x13b6c: mov bx, 0xffff 0x13b6f: int 0x21 0x13b71: cmp bx, 5
2018-12-25T12:23:16.855864211Z	53	PC: 13b52 \| Get interrupt vector (Interrupt = '242' AKA 'UNKNOWN!')
2018-12-25T12:23:16.857522914Z	37	PC: 13bda \| Set interrupt vector (Interrupt = '242' AKA 'UNKNOWN!')
2018-12-25T12:23:16.859503108Z	53	PC: 13be6 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:23:16.860939578Z	37	PC: 13c17 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:23:16.86222162Z	42	PC: 13c24 \| Get date 0x13c24: cmp dl, 0xd 0x13c27: jne 0x13c59 0x13c29: mov ah, 0x2c 0x13c2b: int 0x21 0x13c2d: cmp dl, 0x3c 0x13c30: ja 0x13c3f 0x13c32: cmp dl, 0x1e 0x13c35: ja 0x13c47 0x13c37: mov dx, si 0x13c39: add dx, 0x21 0x13c3c: jmp 0x13c4f 0x13c3e: nop 0x13c3f: mov dx, si 0x13c41: add dx, 0x79 0x13c44: jmp 0x13c4f 0x13c46: nop 0x13c47: mov dx, si 0x13c49: add dx, 0x7d 0x13c4c: jmp 0x13c4f 0x13c4e: nop
2018-12-25T12:23:16.865099123Z	44	PC: 13c2d \| Get time 0x13c2d: cmp dl, 0x3c 0x13c30: ja 0x13c3f 0x13c32: cmp dl, 0x1e 0x13c35: ja 0x13c47 0x13c37: mov dx, si 0x13c39: add dx, 0x21 0x13c3c: jmp 0x13c4f 0x13c3e: nop 0x13c3f: mov dx, si 0x13c41: add dx, 0x79 0x13c44: jmp 0x13c4f 0x13c46: nop 0x13c47: mov dx, si 0x13c49: add dx, 0x7d 0x13c4c: jmp 0x13c4f 0x13c4e: nop 0x13c4f: mov ah, 0x40 0x13c51: mov cx, 5 0x13c54: int 0x21 0x13c56: jmp 0x13cb5
2018-12-25T12:23:16.867503112Z	64	PC: 13c56 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:23:16.870809921Z	87	PC: 13cc0 \| Get or set file date and time
2018-12-25T12:23:16.873166521Z	62	PC: 13cc4 \| Close file
2018-12-25T12:23:16.88145536Z	67	PC: 13cd1 \| Get or set file attributes
2018-12-25T12:23:16.89260874Z	26	PC: 13cdb \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9507,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:17.096942707Z	47	PC: 139ee \| Get disk transfer address
2018-12-25T12:23:17.099395651Z	26	PC: 139fd \| Set disk transfer address
2018-12-25T12:23:17.10211712Z	78	PC: 13a9f \| Find first file
2018-12-25T12:23:17.109081944Z	79	PC: 13aa6 \| Find next file
2018-12-25T12:23:17.112073207Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:17.116173152Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:17.11930158Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:17.122327537Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:17.1263241Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:17.129852112Z	79	PC: 13aa6 \| Find next file (See above)
2018-12-25T12:23:17.133365442Z	67	PC: 13aea \| Get or set file attributes
2018-12-25T12:23:17.161160399Z	61	PC: 13aef \| Open file (Filename = 'TEST.COM')
2018-12-25T12:23:17.169384721Z	44	PC: 13b44 \| Get time 0x13b44: cmp dl, 0x32 0x13b47: ja 0x13b4c 0x13b49: jmp 0x13c17 0x13b4c: mov ah, 0x35 0x13b4e: mov al, 0xf2 0x13b50: int 0x21 0x13b52: cmp bx, 0x7777 0x13b56: jne 0x13b5b 0x13b58: jmp 0x13bdd 0x13b5b: mov ax, ds 0x13b5d: dec ax 0x13b5e: mov es, ax 0x13b60: mov bx, 0 0x13b63: cmp byte ptr es:[bx], 0x5a 0x13b67: je 0x13ba7 0x13b69: push bx 0x13b6a: mov ah, 0x48 0x13b6c: mov bx, 0xffff 0x13b6f: int 0x21 0x13b71: cmp bx, 5
2018-12-25T12:23:17.172356849Z	53	PC: 13b52 \| Get interrupt vector (Interrupt = '242' AKA 'UNKNOWN!')
2018-12-25T12:23:17.174938667Z	37	PC: 13bda \| Set interrupt vector (Interrupt = '242' AKA 'UNKNOWN!')
2018-12-25T12:23:17.176677972Z	53	PC: 13be6 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:23:17.178396041Z	37	PC: 13c17 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:23:17.180336174Z	42	PC: 13c24 \| Get date 0x13c24: cmp dl, 0xd 0x13c27: jne 0x13c59 0x13c29: mov ah, 0x2c 0x13c2b: int 0x21 0x13c2d: cmp dl, 0x3c 0x13c30: ja 0x13c3f 0x13c32: cmp dl, 0x1e 0x13c35: ja 0x13c47 0x13c37: mov dx, si 0x13c39: add dx, 0x21 0x13c3c: jmp 0x13c4f 0x13c3e: nop 0x13c3f: mov dx, si 0x13c41: add dx, 0x79 0x13c44: jmp 0x13c4f 0x13c46: nop 0x13c47: mov dx, si 0x13c49: add dx, 0x7d 0x13c4c: jmp 0x13c4f 0x13c4e: nop
2018-12-25T12:23:17.183830412Z	63	PC: 13c65 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:17.187929831Z	66	PC: 13c76 \| Move file pointer
2018-12-25T12:23:17.18982689Z	64	PC: 13c97 \| Write file or device (Write 939 bytes on handle 5)
2018-12-25T12:23:17.200395492Z	66	PC: 13ca9 \| Move file pointer
2018-12-25T12:23:17.216406122Z	64	PC: 13cb5 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:17.223283831Z	87	PC: 13cc0 \| Get or set file date and time
2018-12-25T12:23:17.22579947Z	62	PC: 13cc4 \| Close file
2018-12-25T12:23:17.234559799Z	67	PC: 13cd1 \| Get or set file attributes
2018-12-25T12:23:17.245961563Z	26	PC: 13cdb \| Set disk transfer address