Sample viewer

vx.netlux.org/Virus.DOS.ARCV.839

Time	Syscall Op	Syscall Name
2018-12-17T22:56:13.773286484Z	42	PC: 12c75 \| Get date 0x12c75: cmp dx, 0x40c 0x12c79: jne 0x12c7e 0x12c7b: jmp 0x12e57 0x12c7e: and al, 5 0x12c80: mov byte ptr [si + 0x5c1], al 0x12c84: mov ah, 0x1a 0x12c86: lea dx, word ptr [si + 0x494] 0x12c8a: int 0x21 0x12c8c: mov ah, 0x4e 0x12c8e: mov cx, 2 0x12c91: lea dx, word ptr [si + 0x410] 0x12c95: int 0x21 0x12c97: jae 0x12c9c 0x12c99: jmp 0x12e7f 0x12c9c: mov ax, 0x4300 0x12c9f: lea dx, word ptr [si + 0x4b2] 0x12ca3: int 0x21 0x12ca5: mov word ptr [si + 0x576], cx 0x12ca9: xor cx, cx 0x12cab: call 0x12e4d
2018-12-17T22:56:13.776600598Z	26	PC: 12c8c \| Set disk transfer address
2018-12-17T22:56:13.777770621Z	78	PC: 12c97 \| Find first file
2018-12-17T22:56:13.786181043Z	67	PC: 12ca5 \| Get or set file attributes
2018-12-17T22:56:13.792512034Z	67	PC: 12e56 \| Get or set file attributes
2018-12-17T22:56:13.815588261Z	61	PC: 12cd2 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:56:13.822612657Z	63	PC: 12e90 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:56:13.831263338Z	66	PC: 12e90 \| Move file pointer
2018-12-17T22:56:13.833064572Z	63	PC: 12e90 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:56:13.836331572Z	64	PC: 12f9e \| Write file or device (Write 839 bytes on handle 5)
2018-12-17T22:56:13.845516621Z	66	PC: 12e90 \| Move file pointer
2018-12-17T22:56:13.847516393Z	64	PC: 12e90 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:56:13.854238539Z	62	PC: 12e90 \| Close file

Time	Syscall Op	Syscall Name
2018-12-25T12:32:05.217247559Z	42	PC: 12c75 \| Get date 0x12c75: cmp dx, 0x40c 0x12c79: jne 0x12c7e 0x12c7b: jmp 0x12e57 0x12c7e: and al, 5 0x12c80: mov byte ptr [si + 0x5c1], al 0x12c84: mov ah, 0x1a 0x12c86: lea dx, word ptr [si + 0x494] 0x12c8a: int 0x21 0x12c8c: mov ah, 0x4e 0x12c8e: mov cx, 2 0x12c91: lea dx, word ptr [si + 0x410] 0x12c95: int 0x21 0x12c97: jae 0x12c9c 0x12c99: jmp 0x12e7f 0x12c9c: mov ax, 0x4300 0x12c9f: lea dx, word ptr [si + 0x4b2] 0x12ca3: int 0x21 0x12ca5: mov word ptr [si + 0x576], cx 0x12ca9: xor cx, cx 0x12cab: call 0x12e4d
2018-12-25T12:32:05.220293591Z	26	PC: 12c8c \| Set disk transfer address
2018-12-25T12:32:05.221348975Z	78	PC: 12c97 \| Find first file
2018-12-25T12:32:05.227464882Z	67	PC: 12ca5 \| Get or set file attributes
2018-12-25T12:32:05.233478089Z	67	PC: 12e56 \| Get or set file attributes
2018-12-25T12:32:05.249347545Z	61	PC: 12cd2 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:32:05.255667004Z	63	PC: 12e90 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:32:05.262174314Z	66	PC: 12e90 \| Move file pointer (See above)
2018-12-25T12:32:05.263486717Z	63	PC: 12e90 \| Read file or device (See above)
2018-12-25T12:32:05.266632982Z	64	PC: 12f9e \| Write file or device (Write 839 bytes on handle 5)
2018-12-25T12:32:05.27622906Z	66	PC: 12e90 \| Move file pointer (See above)
2018-12-25T12:32:05.277598041Z	64	PC: 12e90 \| Write file or device (See above)
2018-12-25T12:32:05.283693072Z	62	PC: 12e90 \| Close file (See above)

Time	Syscall Op	Syscall Name
2018-12-25T12:32:06.018354107Z	42	PC: 12c75 \| Get date 0x12c75: cmp dx, 0x40c 0x12c79: jne 0x12c7e 0x12c7b: jmp 0x12e57 0x12c7e: and al, 5 0x12c80: mov byte ptr [si + 0x5c1], al 0x12c84: mov ah, 0x1a 0x12c86: lea dx, word ptr [si + 0x494] 0x12c8a: int 0x21 0x12c8c: mov ah, 0x4e 0x12c8e: mov cx, 2 0x12c91: lea dx, word ptr [si + 0x410] 0x12c95: int 0x21 0x12c97: jae 0x12c9c 0x12c99: jmp 0x12e7f 0x12c9c: mov ax, 0x4300 0x12c9f: lea dx, word ptr [si + 0x4b2] 0x12ca3: int 0x21 0x12ca5: mov word ptr [si + 0x576], cx 0x12ca9: xor cx, cx 0x12cab: call 0x12e4d
2018-12-25T12:32:06.020910581Z	9	PC: 12e62 \| Display string (String= ' [FRIENDS] ICE-9 (c) ICE-9 1992 released 5th September ARcV Productions. Dedicated to all my friends ')