Sample viewer

vx.netlux.org/Virus.DOS.ARCV.718

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:11.94990055Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dh, 1 0x12a4f: jne 0x12a61 0x12a51: cmp dl, 7 0x12a54: jae 0x12a61 0x12a56: mov ah, 9 0x12a58: mov dx, 0x30d 0x12a5b: add dx, si 0x12a5d: int 0x21 0x12a5f: jmp 0x12a5f 0x12a61: mov ax, word ptr [si + 0x38b] 0x12a65: mov bx, word ptr [si + 0x38d] 0x12a69: mov word ptr [0x100], ax 0x12a6c: mov word ptr [0x102], bx 0x12a70: mov ax, 0xff05 0x12a73: int 0x21 0x12a75: cmp ax, 0xfb 0x12a78: je 0x12a7d 0x12a7a: call 0x12a8f 0x12a7d: mov bx, 0x100 0x12a80: push bx
2018-12-17T22:56:11.952576001Z	255	PC: 12a75 \| UNKNOWN!
2018-12-17T22:56:11.954226003Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12137,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:02.669652783Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dh, 1 0x12a4f: jne 0x12a61 0x12a51: cmp dl, 7 0x12a54: jae 0x12a61 0x12a56: mov ah, 9 0x12a58: mov dx, 0x30d 0x12a5b: add dx, si 0x12a5d: int 0x21 0x12a5f: jmp 0x12a5f 0x12a61: mov ax, word ptr [si + 0x38b] 0x12a65: mov bx, word ptr [si + 0x38d] 0x12a69: mov word ptr [0x100], ax 0x12a6c: mov word ptr [0x102], bx 0x12a70: mov ax, 0xff05 0x12a73: int 0x21 0x12a75: cmp ax, 0xfb 0x12a78: je 0x12a7d 0x12a7a: call 0x12a8f 0x12a7d: mov bx, 0x100 0x12a80: push bx
2018-12-25T12:32:02.673082925Z	9	PC: 12a5f \| Display string (String= ' Hello Dr Sol. & Fido. Lurve U lots ICE-9 (c) 1992 ARCV. P.S. Apache sez Hi(Dos) ')

{"DateBased":true,"Day":8,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12137,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:02.74149195Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dh, 1 0x12a4f: jne 0x12a61 0x12a51: cmp dl, 7 0x12a54: jae 0x12a61 0x12a56: mov ah, 9 0x12a58: mov dx, 0x30d 0x12a5b: add dx, si 0x12a5d: int 0x21 0x12a5f: jmp 0x12a5f 0x12a61: mov ax, word ptr [si + 0x38b] 0x12a65: mov bx, word ptr [si + 0x38d] 0x12a69: mov word ptr [0x100], ax 0x12a6c: mov word ptr [0x102], bx 0x12a70: mov ax, 0xff05 0x12a73: int 0x21 0x12a75: cmp ax, 0xfb 0x12a78: je 0x12a7d 0x12a7a: call 0x12a8f 0x12a7d: mov bx, 0x100 0x12a80: push bx
2018-12-25T12:32:02.744870485Z	255	PC: 12a75 \| UNKNOWN!
2018-12-25T12:32:02.746548441Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12137,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:03.208093292Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dh, 1 0x12a4f: jne 0x12a61 0x12a51: cmp dl, 7 0x12a54: jae 0x12a61 0x12a56: mov ah, 9 0x12a58: mov dx, 0x30d 0x12a5b: add dx, si 0x12a5d: int 0x21 0x12a5f: jmp 0x12a5f 0x12a61: mov ax, word ptr [si + 0x38b] 0x12a65: mov bx, word ptr [si + 0x38d] 0x12a69: mov word ptr [0x100], ax 0x12a6c: mov word ptr [0x102], bx 0x12a70: mov ax, 0xff05 0x12a73: int 0x21 0x12a75: cmp ax, 0xfb 0x12a78: je 0x12a7d 0x12a7a: call 0x12a8f 0x12a7d: mov bx, 0x100 0x12a80: push bx
2018-12-25T12:32:03.220103677Z	255	PC: 12a75 \| UNKNOWN!
2018-12-25T12:32:03.221440892Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12137,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:03.859034683Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dh, 1 0x12a4f: jne 0x12a61 0x12a51: cmp dl, 7 0x12a54: jae 0x12a61 0x12a56: mov ah, 9 0x12a58: mov dx, 0x30d 0x12a5b: add dx, si 0x12a5d: int 0x21 0x12a5f: jmp 0x12a5f 0x12a61: mov ax, word ptr [si + 0x38b] 0x12a65: mov bx, word ptr [si + 0x38d] 0x12a69: mov word ptr [0x100], ax 0x12a6c: mov word ptr [0x102], bx 0x12a70: mov ax, 0xff05 0x12a73: int 0x21 0x12a75: cmp ax, 0xfb 0x12a78: je 0x12a7d 0x12a7a: call 0x12a8f 0x12a7d: mov bx, 0x100 0x12a80: push bx
2018-12-25T12:32:03.861483385Z	9	PC: 12a5f \| Display string (String= ' Hello Dr Sol. & Fido. Lurve U lots ICE-9 (c) 1992 ARCV. P.S. Apache sez Hi(Dos) ')

{"DateBased":true,"Day":8,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12137,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:04.050126639Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dh, 1 0x12a4f: jne 0x12a61 0x12a51: cmp dl, 7 0x12a54: jae 0x12a61 0x12a56: mov ah, 9 0x12a58: mov dx, 0x30d 0x12a5b: add dx, si 0x12a5d: int 0x21 0x12a5f: jmp 0x12a5f 0x12a61: mov ax, word ptr [si + 0x38b] 0x12a65: mov bx, word ptr [si + 0x38d] 0x12a69: mov word ptr [0x100], ax 0x12a6c: mov word ptr [0x102], bx 0x12a70: mov ax, 0xff05 0x12a73: int 0x21 0x12a75: cmp ax, 0xfb 0x12a78: je 0x12a7d 0x12a7a: call 0x12a8f 0x12a7d: mov bx, 0x100 0x12a80: push bx
2018-12-25T12:32:04.052785911Z	255	PC: 12a75 \| UNKNOWN!
2018-12-25T12:32:04.053735559Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12137,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:05.216703297Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dh, 1 0x12a4f: jne 0x12a61 0x12a51: cmp dl, 7 0x12a54: jae 0x12a61 0x12a56: mov ah, 9 0x12a58: mov dx, 0x30d 0x12a5b: add dx, si 0x12a5d: int 0x21 0x12a5f: jmp 0x12a5f 0x12a61: mov ax, word ptr [si + 0x38b] 0x12a65: mov bx, word ptr [si + 0x38d] 0x12a69: mov word ptr [0x100], ax 0x12a6c: mov word ptr [0x102], bx 0x12a70: mov ax, 0xff05 0x12a73: int 0x21 0x12a75: cmp ax, 0xfb 0x12a78: je 0x12a7d 0x12a7a: call 0x12a8f 0x12a7d: mov bx, 0x100 0x12a80: push bx
2018-12-25T12:32:05.219605334Z	255	PC: 12a75 \| UNKNOWN!
2018-12-25T12:32:05.221730589Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')