Sample viewer

vx.netlux.org/Virus.DOS.VCL.Bev.934

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:51:29.915660069Z 47 PC: 12a68 | Get disk transfer address
2018-12-17T21:51:29.917668561Z 26 PC: 12a70 | Set disk transfer address
2018-12-17T21:51:29.919605427Z 71 PC: 12abf | Get current directory
2018-12-17T21:51:29.922828153Z 47 PC: 12ae9 | Get disk transfer address
2018-12-17T21:51:29.925801006Z 26 PC: 12af8 | Set disk transfer address
2018-12-17T21:51:29.927491343Z 78 PC: 12b00 | Find first file
2018-12-17T21:51:29.933475559Z 47 PC: 12b18 | Get disk transfer address
2018-12-17T21:51:29.935097717Z 61 PC: 12b31 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:51:29.941959523Z 63 PC: 12b3d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:51:29.948363162Z 66 PC: 12b47 | Move file pointer
2018-12-17T21:51:29.950637439Z 62 PC: 12b4c | Close file
2018-12-17T21:51:29.953387365Z 67 PC: 12b6c | Get or set file attributes
2018-12-17T21:51:29.973076943Z 61 PC: 12b71 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:51:29.99103614Z 64 PC: 12b7d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:51:29.998860327Z 66 PC: 12b87 | Move file pointer
2018-12-17T21:51:30.001318675Z 64 PC: 12dff | Write file or device (Write 934 bytes on handle 5)
2018-12-17T21:51:30.009998624Z 87 PC: 12b97 | Get or set file date and time
2018-12-17T21:51:30.012724316Z 62 PC: 12b9b | Close file
2018-12-17T21:51:30.032771695Z 67 PC: 12ba8 | Get or set file attributes
2018-12-17T21:51:30.043204041Z 26 PC: 12b12 | Set disk transfer address
2018-12-17T21:51:30.045323071Z 59 PC: 12ace | Change current directory
2018-12-17T21:51:30.05785556Z 59 PC: 12ad7 | Change current directory
2018-12-17T21:51:30.059851495Z 42 PC: 12a80 | Get date 0x12a80: cmp dx, 0x314
0x12a84: jne 0x12aa8
0x12a86: cmp cx, 0x7c9
0x12a8a: jl 0x12aa8
0x12a8c: lea si, word ptr [di + 0x275]
0x12a90: mov ah, 0xe
0x12a92: lodsb al, byte ptr [si]
0x12a93: or al, al
0x12a95: je 0x12aa8
0x12a97: int 0x10
0x12a99: jmp 0x12a90
0x12a9b: sub ax, 0x5b3d
0x12a9e: push si
0x12a9f: inc bx
0x12aa0: dec sp
0x12aa1: das
0x12aa2: inc dx
0x12aa3: inc bp
0x12aa4: jbe 0x12b03
0x12aa6: cmp ax, 0x5a2d
2018-12-17T21:51:30.062548206Z 26 PC: 12aad | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":131,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:12.341404116Z 47 PC: 12a68 | Get disk transfer address
2018-12-25T11:40:12.343028759Z 26 PC: 12a70 | Set disk transfer address
2018-12-25T11:40:12.344594283Z 71 PC: 12abf | Get current directory
2018-12-25T11:40:12.347534787Z 47 PC: 12ae9 | Get disk transfer address
2018-12-25T11:40:12.348821896Z 26 PC: 12af8 | Set disk transfer address
2018-12-25T11:40:12.350039442Z 78 PC: 12b00 | Find first file
2018-12-25T11:40:12.353899503Z 47 PC: 12b18 | Get disk transfer address
2018-12-25T11:40:12.354757989Z 61 PC: 12b31 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:40:12.362559727Z 63 PC: 12b3d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:40:12.366703674Z 66 PC: 12b47 | Move file pointer
2018-12-25T11:40:12.367760364Z 62 PC: 12b4c | Close file
2018-12-25T11:40:12.370266009Z 67 PC: 12b6c | Get or set file attributes
2018-12-25T11:40:13.393503972Z 61 PC: 12b71 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:40:13.401531675Z 64 PC: 12b7d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:40:13.405689953Z 66 PC: 12b87 | Move file pointer
2018-12-25T11:40:13.408139016Z 64 PC: 12dff | Write file or device (Write 934 bytes on handle 5)
2018-12-25T11:40:13.418581111Z 87 PC: 12b97 | Get or set file date and time
2018-12-25T11:40:13.42183965Z 62 PC: 12b9b | Close file
2018-12-25T11:40:13.430525964Z 67 PC: 12ba8 | Get or set file attributes
2018-12-25T11:40:13.441899205Z 26 PC: 12b12 | Set disk transfer address
2018-12-25T11:40:13.443739352Z 59 PC: 12ace | Change current directory
2018-12-25T11:40:13.44870285Z 59 PC: 12ad7 | Change current directory
2018-12-25T11:40:13.450896849Z 42 PC: 12a80 | Get date 0x12a80: cmp dx, 0x314
0x12a84: jne 0x12aa8
0x12a86: cmp cx, 0x7c9
0x12a8a: jl 0x12aa8
0x12a8c: lea si, word ptr [di + 0x275]
0x12a90: mov ah, 0xe
0x12a92: lodsb al, byte ptr [si]
0x12a93: or al, al
0x12a95: je 0x12aa8
0x12a97: int 0x10
0x12a99: jmp 0x12a90
0x12a9b: sub ax, 0x5b3d
0x12a9e: push si
0x12a9f: inc bx
0x12aa0: dec sp
0x12aa1: das
0x12aa2: inc dx
0x12aa3: inc bp
0x12aa4: jbe 0x12b03
0x12aa6: cmp ax, 0x5a2d
2018-12-25T11:40:13.453273552Z 26 PC: 12aad | Set disk transfer address

{"DateBased":true,"Day":20,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":131,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:15.056259299Z 47 PC: 12a68 | Get disk transfer address
2018-12-25T11:40:15.058084547Z 26 PC: 12a70 | Set disk transfer address
2018-12-25T11:40:15.059521737Z 42 PC: 12a80 | Get date 0x12a80: cmp dx, 0x314
0x12a84: jne 0x12aa8
0x12a86: cmp cx, 0x7c9
0x12a8a: jl 0x12aa8
0x12a8c: lea si, word ptr [di + 0x275]
0x12a90: mov ah, 0xe
0x12a92: lodsb al, byte ptr [si]
0x12a93: or al, al
0x12a95: je 0x12aa8
0x12a97: int 0x10
0x12a99: jmp 0x12a90
0x12a9b: sub ax, 0x5b3d
0x12a9e: push si
0x12a9f: inc bx
0x12aa0: dec sp
0x12aa1: das
0x12aa2: inc dx
0x12aa3: inc bp
0x12aa4: jbe 0x12b03
0x12aa6: cmp ax, 0x5a2d
2018-12-25T11:40:15.061940692Z 26 PC: 12aad | Set disk transfer address

{"DateBased":true,"Day":20,"Month":3,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":131,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:15.364465457Z 47 PC: 12a68 | Get disk transfer address
2018-12-25T11:40:15.365830867Z 26 PC: 12a70 | Set disk transfer address
2018-12-25T11:40:15.367453333Z 42 PC: 12a80 | Get date 0x12a80: cmp dx, 0x314
0x12a84: jne 0x12aa8
0x12a86: cmp cx, 0x7c9
0x12a8a: jl 0x12aa8
0x12a8c: lea si, word ptr [di + 0x275]
0x12a90: mov ah, 0xe
0x12a92: lodsb al, byte ptr [si]
0x12a93: or al, al
0x12a95: je 0x12aa8
0x12a97: int 0x10
0x12a99: jmp 0x12a90
0x12a9b: sub ax, 0x5b3d
0x12a9e: push si
0x12a9f: inc bx
0x12aa0: dec sp
0x12aa1: das
0x12aa2: inc dx
0x12aa3: inc bp
0x12aa4: jbe 0x12b03
0x12aa6: cmp ax, 0x5a2d
2018-12-25T11:40:15.384941439Z 26 PC: 12aad | Set disk transfer address