Sample viewer

vx.netlux.org/Virus.DOS.Vienna.648.d

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:58:59.059423517Z	48	PC: 12a79 \| Get DOS version
2018-12-17T21:58:59.061354952Z	47	PC: 12a85 \| Get disk transfer address
2018-12-17T21:58:59.062708067Z	26	PC: 12a98 \| Set disk transfer address
2018-12-17T21:58:59.064137942Z	78	PC: 12b24 \| Find first file
2018-12-17T21:58:59.070546967Z	67	PC: 12b62 \| Get or set file attributes
2018-12-17T21:58:59.076904076Z	67	PC: 12b75 \| Get or set file attributes
2018-12-17T21:58:59.10416195Z	61	PC: 12b80 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T21:58:59.110081911Z	87	PC: 12b8c \| Get or set file date and time
2018-12-17T21:58:59.111996575Z	44	PC: 12b98 \| Get time 0x12b98: and dh, 7 0x12b9b: jne 0x12bad 0x12b9d: mov ah, 0x40 0x12b9f: mov cx, 5 0x12ba2: mov dx, si 0x12ba4: add dx, 0x8a 0x12ba8: int 0x21 0x12baa: jmp 0x12c11 0x12bac: nop 0x12bad: mov ah, 0x3f 0x12baf: mov cx, 3 0x12bb2: mov dx, 0xa 0x12bb5: nop 0x12bb6: add dx, si 0x12bb8: int 0x21 0x12bba: jb 0x12c11 0x12bbc: cmp ax, 3 0x12bbf: jne 0x12c11 0x12bc1: mov ax, 0x4202 0x12bc4: mov cx, 0
2018-12-17T21:58:59.114466268Z	63	PC: 12bba \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:58:59.126188818Z	66	PC: 12bcc \| Move file pointer
2018-12-17T21:58:59.128755518Z	64	PC: 12bf0 \| Write file or device (Write 648 bytes on handle 5)
2018-12-17T21:58:59.136994237Z	66	PC: 12c02 \| Move file pointer
2018-12-17T21:58:59.138255465Z	64	PC: 12c11 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:58:59.145612746Z	87	PC: 12c26 \| Get or set file date and time
2018-12-17T21:58:59.147444951Z	62	PC: 12c2a \| Close file
2018-12-17T21:58:59.156016294Z	67	PC: 12c39 \| Get or set file attributes
2018-12-17T21:58:59.167507653Z	26	PC: 12c46 \| Set disk transfer address
2018-12-17T21:58:59.169587513Z	9	PC: 12a5e \| Display string (String= 'Infected Program. ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":996,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:22.25437194Z	48	PC: 12a79 \| Get DOS version
2018-12-25T11:42:22.256536259Z	47	PC: 12a85 \| Get disk transfer address
2018-12-25T11:42:22.258007735Z	26	PC: 12a98 \| Set disk transfer address
2018-12-25T11:42:22.25953956Z	78	PC: 12b24 \| Find first file
2018-12-25T11:42:22.266505715Z	67	PC: 12b62 \| Get or set file attributes
2018-12-25T11:42:22.273533978Z	67	PC: 12b75 \| Get or set file attributes
2018-12-25T11:42:22.290769082Z	61	PC: 12b80 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:42:22.298301681Z	87	PC: 12b8c \| Get or set file date and time
2018-12-25T11:42:22.300800274Z	44	PC: 12b98 \| Get time 0x12b98: and dh, 7 0x12b9b: jne 0x12bad 0x12b9d: mov ah, 0x40 0x12b9f: mov cx, 5 0x12ba2: mov dx, si 0x12ba4: add dx, 0x8a 0x12ba8: int 0x21 0x12baa: jmp 0x12c11 0x12bac: nop 0x12bad: mov ah, 0x3f 0x12baf: mov cx, 3 0x12bb2: mov dx, 0xa 0x12bb5: nop 0x12bb6: add dx, si 0x12bb8: int 0x21 0x12bba: jb 0x12c11 0x12bbc: cmp ax, 3 0x12bbf: jne 0x12c11 0x12bc1: mov ax, 0x4202 0x12bc4: mov cx, 0
2018-12-25T11:42:22.303539375Z	63	PC: 12bba \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:42:22.311308316Z	66	PC: 12bcc \| Move file pointer
2018-12-25T11:42:22.314604937Z	64	PC: 12bf0 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T11:42:22.328526621Z	66	PC: 12c02 \| Move file pointer
2018-12-25T11:42:22.33069188Z	64	PC: 12c11 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:42:22.339911567Z	87	PC: 12c26 \| Get or set file date and time
2018-12-25T11:42:22.341606599Z	62	PC: 12c2a \| Close file
2018-12-25T11:42:22.350135486Z	67	PC: 12c39 \| Get or set file attributes
2018-12-25T11:42:22.361300675Z	26	PC: 12c46 \| Set disk transfer address
2018-12-25T11:42:22.362624795Z	9	PC: 12a5e \| Display string (String= 'Infected Program. ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":996,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:22.502249217Z	48	PC: 12a79 \| Get DOS version
2018-12-25T11:42:22.504775034Z	47	PC: 12a85 \| Get disk transfer address
2018-12-25T11:42:22.507081759Z	26	PC: 12a98 \| Set disk transfer address
2018-12-25T11:42:22.508874806Z	78	PC: 12b24 \| Find first file
2018-12-25T11:42:22.516178338Z	67	PC: 12b62 \| Get or set file attributes
2018-12-25T11:42:22.524122527Z	67	PC: 12b75 \| Get or set file attributes
2018-12-25T11:42:22.541737663Z	61	PC: 12b80 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:42:22.549295548Z	87	PC: 12b8c \| Get or set file date and time
2018-12-25T11:42:22.552068919Z	44	PC: 12b98 \| Get time 0x12b98: and dh, 7 0x12b9b: jne 0x12bad 0x12b9d: mov ah, 0x40 0x12b9f: mov cx, 5 0x12ba2: mov dx, si 0x12ba4: add dx, 0x8a 0x12ba8: int 0x21 0x12baa: jmp 0x12c11 0x12bac: nop 0x12bad: mov ah, 0x3f 0x12baf: mov cx, 3 0x12bb2: mov dx, 0xa 0x12bb5: nop 0x12bb6: add dx, si 0x12bb8: int 0x21 0x12bba: jb 0x12c11 0x12bbc: cmp ax, 3 0x12bbf: jne 0x12c11 0x12bc1: mov ax, 0x4202 0x12bc4: mov cx, 0
2018-12-25T11:42:22.554984701Z	63	PC: 12bba \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:42:22.570573404Z	66	PC: 12bcc \| Move file pointer
2018-12-25T11:42:22.574868997Z	64	PC: 12bf0 \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T11:42:22.585189306Z	66	PC: 12c02 \| Move file pointer
2018-12-25T11:42:22.587301131Z	64	PC: 12c11 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:42:22.595518283Z	87	PC: 12c26 \| Get or set file date and time
2018-12-25T11:42:22.59747762Z	62	PC: 12c2a \| Close file
2018-12-25T11:42:22.60625548Z	67	PC: 12c39 \| Get or set file attributes
2018-12-25T11:42:22.617922842Z	26	PC: 12c46 \| Set disk transfer address
2018-12-25T11:42:22.619790268Z	9	PC: 12a5e \| Display string (String= 'Infected Program. ')