Sample viewer

vx.netlux.org/Virus.DOS.VCL.519.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:19.906255935Z	47	PC: 12a65 \| Get disk transfer address
2018-12-17T22:57:19.907524329Z	26	PC: 12a6d \| Set disk transfer address
2018-12-17T22:57:19.909307554Z	71	PC: 12ac0 \| Get current directory
2018-12-17T22:57:19.912199603Z	47	PC: 12aea \| Get disk transfer address
2018-12-17T22:57:19.913128243Z	26	PC: 12af9 \| Set disk transfer address
2018-12-17T22:57:19.914542439Z	78	PC: 12b01 \| Find first file
2018-12-17T22:57:19.920895856Z	47	PC: 12b19 \| Get disk transfer address
2018-12-17T22:57:19.92182366Z	61	PC: 12b31 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:19.929206636Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:19.936024654Z	66	PC: 12b45 \| Move file pointer
2018-12-17T22:57:19.937771892Z	62	PC: 12b4a \| Close file
2018-12-17T22:57:19.940522072Z	67	PC: 12b6a \| Get or set file attributes
2018-12-17T22:57:19.958432248Z	61	PC: 12b6f \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:19.965753485Z	64	PC: 12b7b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:19.969149002Z	66	PC: 12b83 \| Move file pointer
2018-12-17T22:57:19.971832879Z	64	PC: 12c5e \| Write file or device (Write 519 bytes on handle 5)
2018-12-17T22:57:19.981278937Z	87	PC: 12b93 \| Get or set file date and time
2018-12-17T22:57:19.983126638Z	62	PC: 12b97 \| Close file
2018-12-17T22:57:19.991882129Z	67	PC: 12ba4 \| Get or set file attributes
2018-12-17T22:57:20.002838656Z	26	PC: 12b13 \| Set disk transfer address
2018-12-17T22:57:20.004130948Z	59	PC: 12acf \| Change current directory
2018-12-17T22:57:20.009567095Z	59	PC: 12ad8 \| Change current directory
2018-12-17T22:57:20.012024379Z	42	PC: 12a81 \| Get date 0x12a81: cmp dx, 0x101 0x12a85: jne 0x12aa9 0x12a87: cmp cx, 0x7c9 0x12a8b: jl 0x12aa9 0x12a8d: lea si, word ptr [di + 0x271] 0x12a91: mov ah, 0xe 0x12a93: lodsb al, byte ptr [si] 0x12a94: or al, al 0x12a96: je 0x12aa9 0x12a98: int 0x10 0x12a9a: jmp 0x12a91 0x12a9c: sub ax, 0x5b3d 0x12a9f: push si 0x12aa0: inc bx 0x12aa1: dec sp 0x12aa2: das 0x12aa3: inc dx 0x12aa4: inc bp 0x12aa5: jbe 0x12b04 0x12aa7: cmp ax, 0x5a2d
2018-12-17T22:57:20.015189668Z	26	PC: 12aae \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12523,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:34.062859253Z	47	PC: 12a65 \| Get disk transfer address
2018-12-25T12:35:34.064394897Z	26	PC: 12a6d \| Set disk transfer address
2018-12-25T12:35:34.065922162Z	71	PC: 12ac0 \| Get current directory
2018-12-25T12:35:34.067939614Z	47	PC: 12aea \| Get disk transfer address
2018-12-25T12:35:34.069265608Z	26	PC: 12af9 \| Set disk transfer address
2018-12-25T12:35:34.070505742Z	78	PC: 12b01 \| Find first file
2018-12-25T12:35:34.075101579Z	47	PC: 12b19 \| Get disk transfer address
2018-12-25T12:35:34.076619889Z	61	PC: 12b31 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:34.089598529Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:35:34.095497911Z	66	PC: 12b45 \| Move file pointer
2018-12-25T12:35:34.097191388Z	62	PC: 12b4a \| Close file
2018-12-25T12:35:34.101668737Z	67	PC: 12b6a \| Get or set file attributes
2018-12-25T12:35:34.124542713Z	61	PC: 12b6f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:34.131590403Z	64	PC: 12b7b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:35:34.144481736Z	66	PC: 12b83 \| Move file pointer
2018-12-25T12:35:34.151395715Z	64	PC: 12c5e \| Write file or device (Write 519 bytes on handle 5)
2018-12-25T12:35:34.160570754Z	87	PC: 12b93 \| Get or set file date and time
2018-12-25T12:35:34.165616298Z	62	PC: 12b97 \| Close file
2018-12-25T12:35:34.196181035Z	67	PC: 12ba4 \| Get or set file attributes
2018-12-25T12:35:34.214896174Z	26	PC: 12b13 \| Set disk transfer address
2018-12-25T12:35:34.216613098Z	59	PC: 12acf \| Change current directory
2018-12-25T12:35:34.221159232Z	59	PC: 12ad8 \| Change current directory
2018-12-25T12:35:34.223645039Z	42	PC: 12a81 \| Get date 0x12a81: cmp dx, 0x101 0x12a85: jne 0x12aa9 0x12a87: cmp cx, 0x7c9 0x12a8b: jl 0x12aa9 0x12a8d: lea si, word ptr [di + 0x271] 0x12a91: mov ah, 0xe 0x12a93: lodsb al, byte ptr [si] 0x12a94: or al, al 0x12a96: je 0x12aa9 0x12a98: int 0x10 0x12a9a: jmp 0x12a91 0x12a9c: sub ax, 0x5b3d 0x12a9f: push si 0x12aa0: inc bx 0x12aa1: dec sp 0x12aa2: das 0x12aa3: inc dx 0x12aa4: inc bp 0x12aa5: jbe 0x12b04 0x12aa7: cmp ax, 0x5a2d
2018-12-25T12:35:34.227123951Z	26	PC: 12aae \| Set disk transfer address

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12523,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:34.147984938Z	47	PC: 12a65 \| Get disk transfer address
2018-12-25T12:35:34.148904793Z	26	PC: 12a6d \| Set disk transfer address
2018-12-25T12:35:34.150138321Z	71	PC: 12ac0 \| Get current directory
2018-12-25T12:35:34.152700564Z	47	PC: 12aea \| Get disk transfer address
2018-12-25T12:35:34.15371055Z	26	PC: 12af9 \| Set disk transfer address
2018-12-25T12:35:34.15461671Z	78	PC: 12b01 \| Find first file
2018-12-25T12:35:34.166296587Z	47	PC: 12b19 \| Get disk transfer address
2018-12-25T12:35:34.167560205Z	61	PC: 12b31 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:34.174828518Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:35:34.190528338Z	66	PC: 12b45 \| Move file pointer
2018-12-25T12:35:34.191921311Z	62	PC: 12b4a \| Close file
2018-12-25T12:35:34.19372034Z	67	PC: 12b6a \| Get or set file attributes
2018-12-25T12:35:34.211985131Z	61	PC: 12b6f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:34.220850161Z	64	PC: 12b7b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:35:34.228057043Z	66	PC: 12b83 \| Move file pointer
2018-12-25T12:35:34.230255784Z	64	PC: 12c5e \| Write file or device (Write 519 bytes on handle 5)
2018-12-25T12:35:34.237498549Z	87	PC: 12b93 \| Get or set file date and time
2018-12-25T12:35:34.239619205Z	62	PC: 12b97 \| Close file
2018-12-25T12:35:34.247466064Z	67	PC: 12ba4 \| Get or set file attributes
2018-12-25T12:35:34.39282548Z	26	PC: 12b13 \| Set disk transfer address
2018-12-25T12:35:34.394218332Z	59	PC: 12acf \| Change current directory
2018-12-25T12:35:34.398706258Z	59	PC: 12ad8 \| Change current directory
2018-12-25T12:35:34.401290311Z	42	PC: 12a81 \| Get date 0x12a81: cmp dx, 0x101 0x12a85: jne 0x12aa9 0x12a87: cmp cx, 0x7c9 0x12a8b: jl 0x12aa9 0x12a8d: lea si, word ptr [di + 0x271] 0x12a91: mov ah, 0xe 0x12a93: lodsb al, byte ptr [si] 0x12a94: or al, al 0x12a96: je 0x12aa9 0x12a98: int 0x10 0x12a9a: jmp 0x12a91 0x12a9c: sub ax, 0x5b3d 0x12a9f: push si 0x12aa0: inc bx 0x12aa1: dec sp 0x12aa2: das 0x12aa3: inc dx 0x12aa4: inc bp 0x12aa5: jbe 0x12b04 0x12aa7: cmp ax, 0x5a2d
2018-12-25T12:35:34.403389789Z	26	PC: 12aae \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12523,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:34.246056777Z	47	PC: 12a65 \| Get disk transfer address
2018-12-25T12:35:34.254606146Z	26	PC: 12a6d \| Set disk transfer address
2018-12-25T12:35:34.256013429Z	71	PC: 12ac0 \| Get current directory
2018-12-25T12:35:34.258056126Z	47	PC: 12aea \| Get disk transfer address
2018-12-25T12:35:34.266007642Z	26	PC: 12af9 \| Set disk transfer address
2018-12-25T12:35:34.271880443Z	78	PC: 12b01 \| Find first file
2018-12-25T12:35:34.278492799Z	47	PC: 12b19 \| Get disk transfer address
2018-12-25T12:35:34.280353053Z	61	PC: 12b31 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:34.287875542Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:35:34.294253339Z	66	PC: 12b45 \| Move file pointer
2018-12-25T12:35:34.295725935Z	62	PC: 12b4a \| Close file
2018-12-25T12:35:34.299013444Z	67	PC: 12b6a \| Get or set file attributes
2018-12-25T12:35:34.571356019Z	61	PC: 12b6f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:34.57747044Z	64	PC: 12b7b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:35:34.583353045Z	66	PC: 12b83 \| Move file pointer
2018-12-25T12:35:34.587215429Z	64	PC: 12c5e \| Write file or device (Write 519 bytes on handle 5)
2018-12-25T12:35:34.597563737Z	87	PC: 12b93 \| Get or set file date and time
2018-12-25T12:35:34.600292421Z	62	PC: 12b97 \| Close file
2018-12-25T12:35:34.60851777Z	67	PC: 12ba4 \| Get or set file attributes
2018-12-25T12:35:34.618908913Z	26	PC: 12b13 \| Set disk transfer address
2018-12-25T12:35:34.621115125Z	59	PC: 12acf \| Change current directory
2018-12-25T12:35:34.625991109Z	59	PC: 12ad8 \| Change current directory
2018-12-25T12:35:34.627752444Z	42	PC: 12a81 \| Get date 0x12a81: cmp dx, 0x101 0x12a85: jne 0x12aa9 0x12a87: cmp cx, 0x7c9 0x12a8b: jl 0x12aa9 0x12a8d: lea si, word ptr [di + 0x271] 0x12a91: mov ah, 0xe 0x12a93: lodsb al, byte ptr [si] 0x12a94: or al, al 0x12a96: je 0x12aa9 0x12a98: int 0x10 0x12a9a: jmp 0x12a91 0x12a9c: sub ax, 0x5b3d 0x12a9f: push si 0x12aa0: inc bx 0x12aa1: dec sp 0x12aa2: das 0x12aa3: inc dx 0x12aa4: inc bp 0x12aa5: jbe 0x12b04 0x12aa7: cmp ax, 0x5a2d
2018-12-25T12:35:34.635779616Z	26	PC: 12aae \| Set disk transfer address