Sample viewer

vx.netlux.org/Virus.DOS.ARCV.745

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:07.195326043Z	26	PC: 12a6e \| Set disk transfer address
2018-12-17T22:56:07.196741599Z	53	PC: 12a73 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:07.197775821Z	37	PC: 12a84 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:07.198722891Z	122	PC: 12a8d \| UNKNOWN!
2018-12-17T22:56:07.200038811Z	78	PC: 12afa \| Find first file
2018-12-17T22:56:07.205825843Z	61	PC: 12b4b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:56:07.212061332Z	63	PC: 12b0c \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:56:07.218853547Z	62	PC: 12b10 \| Close file
2018-12-17T22:56:07.222837453Z	79	PC: 12afa \| Find next file
2018-12-17T22:56:07.225318989Z	61	PC: 12b4b \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:56:07.231570882Z	63	PC: 12b0c \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:56:07.23785365Z	62	PC: 12b10 \| Close file
2018-12-17T22:56:07.239487489Z	79	PC: 12afa \| Find next file
2018-12-17T22:56:07.242005847Z	61	PC: 12b4b \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:56:07.249313063Z	63	PC: 12b0c \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:56:07.255349859Z	62	PC: 12b10 \| Close file
2018-12-17T22:56:07.256982137Z	79	PC: 12afa \| Find next file
2018-12-17T22:56:07.273514687Z	61	PC: 12b4b \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:56:07.280431226Z	63	PC: 12b0c \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:56:07.28693344Z	62	PC: 12b10 \| Close file
2018-12-17T22:56:07.289451394Z	79	PC: 12afa \| Find next file
2018-12-17T22:56:07.292048544Z	61	PC: 12b4b \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:56:07.298227573Z	63	PC: 12b0c \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:56:07.30486247Z	62	PC: 12b10 \| Close file
2018-12-17T22:56:07.306565103Z	79	PC: 12afa \| Find next file
2018-12-17T22:56:07.308989118Z	61	PC: 12b4b \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:56:07.315687307Z	63	PC: 12b0c \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:56:07.322630634Z	62	PC: 12b10 \| Close file
2018-12-17T22:56:07.324281603Z	79	PC: 12afa \| Find next file
2018-12-17T22:56:07.333311006Z	61	PC: 12b4b \| Open file (Filename = 'PAH.COM')
2018-12-17T22:56:07.342560397Z	63	PC: 12b0c \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:56:07.348683658Z	62	PC: 12b10 \| Close file
2018-12-17T22:56:07.351169011Z	79	PC: 12afa \| Find next file
2018-12-17T22:56:07.353716453Z	61	PC: 12b4b \| Open file (Filename = 'TEST.COM')
2018-12-17T22:56:07.359949081Z	63	PC: 12b0c \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:56:07.362658602Z	62	PC: 12b10 \| Close file
2018-12-17T22:56:07.364561997Z	79	PC: 12afa \| Find next file
2018-12-17T22:56:07.366887715Z	42	PC: 12b51 \| Get date 0x12b51: cmp dl, 0x1d 0x12b54: jne 0x12b6a 0x12b56: mov ax, 0x1300 0x12b59: mov bx, 0xe 0x12b5c: mov cx, 0x19 0x12b5f: mov dx, 0xc1b 0x12b62: push bp 0x12b63: lea bp, word ptr [bp + 0x23e] 0x12b67: int 0x10 0x12b69: pop bp 0x12b6a: lds dx, ptr [bp + 0x41a] 0x12b6e: mov ax, 0x2524 0x12b71: int 0x21 0x12b73: pop ds 0x12b74: pop es 0x12b75: xor ax, ax 0x12b77: cdq 0x12b78: mov bx, ax 0x12b7a: ret 0x12b7b: int 0x20
2018-12-17T22:56:07.369234488Z	37	PC: 12b73 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":29,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12110,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:01.626078218Z	26	PC: 12a6e \| Set disk transfer address
2018-12-25T12:32:01.628298021Z	53	PC: 12a73 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:01.629704384Z	37	PC: 12a84 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:01.631020936Z	122	PC: 12a8d \| UNKNOWN!
2018-12-25T12:32:01.63210751Z	78	PC: 12afa \| Find first file
2018-12-25T12:32:01.639184416Z	61	PC: 12b4b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:32:01.647253383Z	63	PC: 12b0c \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:32:01.655301467Z	62	PC: 12b10 \| Close file
2018-12-25T12:32:01.658099657Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.660994567Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.667950971Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.675620918Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.677847056Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.681507624Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.700548414Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.707460614Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.709513384Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.713145379Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.720911128Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.72792167Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.730241449Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.733541365Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.747000666Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.753986229Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.756831919Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.759353754Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.764410646Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.771284247Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.773886306Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.77733022Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.787260169Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.795093942Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.797629346Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.801895319Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.810272182Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.813542317Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.815998421Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.819449552Z	42	PC: 12b51 \| Get date 0x12b51: cmp dl, 0x1d 0x12b54: jne 0x12b6a 0x12b56: mov ax, 0x1300 0x12b59: mov bx, 0xe 0x12b5c: mov cx, 0x19 0x12b5f: mov dx, 0xc1b 0x12b62: push bp 0x12b63: lea bp, word ptr [bp + 0x23e] 0x12b67: int 0x10 0x12b69: pop bp 0x12b6a: lds dx, ptr [bp + 0x41a] 0x12b6e: mov ax, 0x2524 0x12b71: int 0x21 0x12b73: pop ds 0x12b74: pop es 0x12b75: xor ax, ax 0x12b77: cdq 0x12b78: mov bx, ax 0x12b7a: ret 0x12b7b: int 0x20
2018-12-25T12:32:01.822781222Z	37	PC: 12b73 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12110,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:01.807019996Z	26	PC: 12a6e \| Set disk transfer address
2018-12-25T12:32:01.814831731Z	53	PC: 12a73 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:01.815828422Z	37	PC: 12a84 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:01.816668228Z	122	PC: 12a8d \| UNKNOWN!
2018-12-25T12:32:01.818166093Z	78	PC: 12afa \| Find first file
2018-12-25T12:32:01.82185113Z	61	PC: 12b4b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:32:01.828751891Z	63	PC: 12b0c \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:32:01.835161414Z	62	PC: 12b10 \| Close file
2018-12-25T12:32:01.83687529Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.838611587Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.849988526Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.856203728Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.857935692Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.860533355Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.867013773Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.873014884Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.874640896Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.877336715Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.884523426Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.891013006Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.893808729Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.896497408Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.902864712Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.909506533Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.911121151Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.913540759Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.920468582Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.926507379Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.928222306Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.931913061Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.938762173Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.944819025Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.947003951Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.949462158Z	61	PC: 12b4b \| Open file (See above)
2018-12-25T12:32:01.956437007Z	63	PC: 12b0c \| Read file or device (See above)
2018-12-25T12:32:01.959873069Z	62	PC: 12b10 \| Close file (See above)
2018-12-25T12:32:01.962026822Z	79	PC: 12afa \| Find next file (See above)
2018-12-25T12:32:01.964505367Z	42	PC: 12b51 \| Get date 0x12b51: cmp dl, 0x1d 0x12b54: jne 0x12b6a 0x12b56: mov ax, 0x1300 0x12b59: mov bx, 0xe 0x12b5c: mov cx, 0x19 0x12b5f: mov dx, 0xc1b 0x12b62: push bp 0x12b63: lea bp, word ptr [bp + 0x23e] 0x12b67: int 0x10 0x12b69: pop bp 0x12b6a: lds dx, ptr [bp + 0x41a] 0x12b6e: mov ax, 0x2524 0x12b71: int 0x21 0x12b73: pop ds 0x12b74: pop es 0x12b75: xor ax, ax 0x12b77: cdq 0x12b78: mov bx, ax 0x12b7a: ret 0x12b7b: int 0x20
2018-12-25T12:32:01.966970038Z	37	PC: 12b73 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')