Sample viewer

vx.netlux.org/Virus.DOS.VCL.Bev.546

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:28.276038506Z	47	PC: 12a68 \| Get disk transfer address
2018-12-17T23:01:28.277439594Z	26	PC: 12a70 \| Set disk transfer address
2018-12-17T23:01:28.280383622Z	71	PC: 12ab8 \| Get current directory
2018-12-17T23:01:28.283513981Z	47	PC: 12ae2 \| Get disk transfer address
2018-12-17T23:01:28.28461765Z	26	PC: 12af1 \| Set disk transfer address
2018-12-17T23:01:28.286603164Z	78	PC: 12af9 \| Find first file
2018-12-17T23:01:28.29350127Z	47	PC: 12b11 \| Get disk transfer address
2018-12-17T23:01:28.294670758Z	61	PC: 12b2a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:28.303675387Z	63	PC: 12b36 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:28.311240855Z	66	PC: 12b40 \| Move file pointer
2018-12-17T23:01:28.313220006Z	62	PC: 12b45 \| Close file
2018-12-17T23:01:28.316786758Z	67	PC: 12b65 \| Get or set file attributes
2018-12-17T23:01:28.333526146Z	61	PC: 12b6a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:28.340130552Z	64	PC: 12b76 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:28.343078606Z	66	PC: 12b80 \| Move file pointer
2018-12-17T23:01:28.344980437Z	64	PC: 12c7b \| Write file or device (Write 546 bytes on handle 5)
2018-12-17T23:01:28.350779263Z	87	PC: 12b90 \| Get or set file date and time
2018-12-17T23:01:28.35324991Z	62	PC: 12b94 \| Close file
2018-12-17T23:01:28.360528785Z	67	PC: 12ba1 \| Get or set file attributes
2018-12-17T23:01:28.381539587Z	26	PC: 12b0b \| Set disk transfer address
2018-12-17T23:01:28.383115684Z	59	PC: 12ac7 \| Change current directory
2018-12-17T23:01:28.388405452Z	59	PC: 12ad0 \| Change current directory
2018-12-17T23:01:28.390480282Z	42	PC: 12a80 \| Get date 0x12a80: cmp dl, 0x16 0x12a83: jne 0x12aa1 0x12a85: lea si, word ptr [di + 0x26e] 0x12a89: mov ah, 0xe 0x12a8b: lodsb al, byte ptr [si] 0x12a8c: or al, al 0x12a8e: je 0x12aa1 0x12a90: int 0x10 0x12a92: jmp 0x12a89 0x12a94: sub ax, 0x5b3d 0x12a97: push si 0x12a98: inc bx 0x12a99: dec sp 0x12a9a: das 0x12a9b: inc dx 0x12a9c: inc bp 0x12a9d: jbe 0x12afc 0x12a9f: cmp ax, 0x5a2d 0x12aa2: mov ah, 0x1a 0x12aa4: int 0x21
2018-12-17T23:01:28.392999219Z	26	PC: 12aa6 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13891,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:19.081254247Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T12:39:19.083823193Z	26	PC: 12a70 \| Set disk transfer address
2018-12-25T12:39:19.085960871Z	42	PC: 12a80 \| Get date 0x12a80: cmp dl, 0x16 0x12a83: jne 0x12aa1 0x12a85: lea si, word ptr [di + 0x26e] 0x12a89: mov ah, 0xe 0x12a8b: lodsb al, byte ptr [si] 0x12a8c: or al, al 0x12a8e: je 0x12aa1 0x12a90: int 0x10 0x12a92: jmp 0x12a89 0x12a94: sub ax, 0x5b3d 0x12a97: push si 0x12a98: inc bx 0x12a99: dec sp 0x12a9a: das 0x12a9b: inc dx 0x12a9c: inc bp 0x12a9d: jbe 0x12afc 0x12a9f: cmp ax, 0x5a2d 0x12aa2: mov ah, 0x1a 0x12aa4: int 0x21
2018-12-25T12:39:19.08878214Z	26	PC: 12aa6 \| Set disk transfer address

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13891,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:19.32611201Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T12:39:19.327630974Z	26	PC: 12a70 \| Set disk transfer address
2018-12-25T12:39:19.330777194Z	42	PC: 12a80 \| Get date 0x12a80: cmp dl, 0x16 0x12a83: jne 0x12aa1 0x12a85: lea si, word ptr [di + 0x26e] 0x12a89: mov ah, 0xe 0x12a8b: lodsb al, byte ptr [si] 0x12a8c: or al, al 0x12a8e: je 0x12aa1 0x12a90: int 0x10 0x12a92: jmp 0x12a89 0x12a94: sub ax, 0x5b3d 0x12a97: push si 0x12a98: inc bx 0x12a99: dec sp 0x12a9a: das 0x12a9b: inc dx 0x12a9c: inc bp 0x12a9d: jbe 0x12afc 0x12a9f: cmp ax, 0x5a2d 0x12aa2: mov ah, 0x1a 0x12aa4: int 0x21
2018-12-25T12:39:19.340397739Z	26	PC: 12aa6 \| Set disk transfer address