Sample viewer

vx.netlux.org/Virus.DOS.VCL.Bev.724

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:32.631830699Z	47	PC: 12a68 \| Get disk transfer address
2018-12-17T23:01:32.633759508Z	26	PC: 12a70 \| Set disk transfer address
2018-12-17T23:01:32.641709594Z	71	PC: 12ab9 \| Get current directory
2018-12-17T23:01:32.644793323Z	47	PC: 12ae3 \| Get disk transfer address
2018-12-17T23:01:32.646785093Z	26	PC: 12af2 \| Set disk transfer address
2018-12-17T23:01:32.648089834Z	78	PC: 12afa \| Find first file
2018-12-17T23:01:32.654634636Z	47	PC: 12b12 \| Get disk transfer address
2018-12-17T23:01:32.65577419Z	61	PC: 12b2b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:32.662931222Z	63	PC: 12b37 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:32.6697132Z	66	PC: 12b41 \| Move file pointer
2018-12-17T23:01:32.67108325Z	62	PC: 12b46 \| Close file
2018-12-17T23:01:32.673862225Z	67	PC: 12b66 \| Get or set file attributes
2018-12-17T23:01:32.689336335Z	61	PC: 12b6b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:32.695787513Z	64	PC: 12b77 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:32.699136092Z	66	PC: 12b81 \| Move file pointer
2018-12-17T23:01:32.701265208Z	64	PC: 12d2d \| Write file or device (Write 724 bytes on handle 5)
2018-12-17T23:01:32.710132344Z	87	PC: 12b91 \| Get or set file date and time
2018-12-17T23:01:32.720003054Z	62	PC: 12b95 \| Close file
2018-12-17T23:01:32.72766463Z	67	PC: 12ba2 \| Get or set file attributes
2018-12-17T23:01:32.738297803Z	26	PC: 12b0c \| Set disk transfer address
2018-12-17T23:01:32.740394615Z	59	PC: 12ac8 \| Change current directory
2018-12-17T23:01:32.745038176Z	59	PC: 12ad1 \| Change current directory
2018-12-17T23:01:32.747025684Z	42	PC: 12a80 \| Get date 0x12a80: cmp dx, 0x301 0x12a84: jne 0x12aa2 0x12a86: lea si, word ptr [di + 0x26f] 0x12a8a: mov ah, 0xe 0x12a8c: lodsb al, byte ptr [si] 0x12a8d: or al, al 0x12a8f: je 0x12aa2 0x12a91: int 0x10 0x12a93: jmp 0x12a8a 0x12a95: sub ax, 0x5b3d 0x12a98: push si 0x12a99: inc bx 0x12a9a: dec sp 0x12a9b: das 0x12a9c: inc dx 0x12a9d: inc bp 0x12a9e: jbe 0x12afd 0x12aa0: cmp ax, 0x5a2d 0x12aa3: mov ah, 0x1a 0x12aa5: int 0x21
2018-12-17T23:01:32.750298999Z	26	PC: 12aa7 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13913,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:25.834465932Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T12:39:25.835824778Z	26	PC: 12a70 \| Set disk transfer address
2018-12-25T12:39:25.83898343Z	71	PC: 12ab9 \| Get current directory
2018-12-25T12:39:25.84184267Z	47	PC: 12ae3 \| Get disk transfer address
2018-12-25T12:39:25.842906266Z	26	PC: 12af2 \| Set disk transfer address
2018-12-25T12:39:25.844375256Z	78	PC: 12afa \| Find first file
2018-12-25T12:39:25.850336382Z	47	PC: 12b12 \| Get disk transfer address
2018-12-25T12:39:25.851377172Z	61	PC: 12b2b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:25.862970886Z	63	PC: 12b37 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:39:25.869888735Z	66	PC: 12b41 \| Move file pointer
2018-12-25T12:39:25.871503647Z	62	PC: 12b46 \| Close file
2018-12-25T12:39:25.873715768Z	67	PC: 12b66 \| Get or set file attributes
2018-12-25T12:39:25.90202857Z	61	PC: 12b6b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:25.908691414Z	64	PC: 12b77 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:39:25.911634895Z	66	PC: 12b81 \| Move file pointer
2018-12-25T12:39:25.914978035Z	64	PC: 12d2d \| Write file or device (Write 724 bytes on handle 5)
2018-12-25T12:39:25.928435853Z	87	PC: 12b91 \| Get or set file date and time
2018-12-25T12:39:25.935047748Z	62	PC: 12b95 \| Close file
2018-12-25T12:39:25.947840487Z	67	PC: 12ba2 \| Get or set file attributes
2018-12-25T12:39:25.959513699Z	26	PC: 12b0c \| Set disk transfer address
2018-12-25T12:39:25.960647398Z	59	PC: 12ac8 \| Change current directory
2018-12-25T12:39:25.965418902Z	59	PC: 12ad1 \| Change current directory
2018-12-25T12:39:25.967667113Z	42	PC: 12a80 \| Get date 0x12a80: cmp dx, 0x301 0x12a84: jne 0x12aa2 0x12a86: lea si, word ptr [di + 0x26f] 0x12a8a: mov ah, 0xe 0x12a8c: lodsb al, byte ptr [si] 0x12a8d: or al, al 0x12a8f: je 0x12aa2 0x12a91: int 0x10 0x12a93: jmp 0x12a8a 0x12a95: sub ax, 0x5b3d 0x12a98: push si 0x12a99: inc bx 0x12a9a: dec sp 0x12a9b: das 0x12a9c: inc dx 0x12a9d: inc bp 0x12a9e: jbe 0x12afd 0x12aa0: cmp ax, 0x5a2d 0x12aa3: mov ah, 0x1a 0x12aa5: int 0x21
2018-12-25T12:39:25.971885735Z	26	PC: 12aa7 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13913,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:26.497055428Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T12:39:26.500165536Z	26	PC: 12a70 \| Set disk transfer address
2018-12-25T12:39:26.501904111Z	42	PC: 12a80 \| Get date 0x12a80: cmp dx, 0x301 0x12a84: jne 0x12aa2 0x12a86: lea si, word ptr [di + 0x26f] 0x12a8a: mov ah, 0xe 0x12a8c: lodsb al, byte ptr [si] 0x12a8d: or al, al 0x12a8f: je 0x12aa2 0x12a91: int 0x10 0x12a93: jmp 0x12a8a 0x12a95: sub ax, 0x5b3d 0x12a98: push si 0x12a99: inc bx 0x12a9a: dec sp 0x12a9b: das 0x12a9c: inc dx 0x12a9d: inc bp 0x12a9e: jbe 0x12afd 0x12aa0: cmp ax, 0x5a2d 0x12aa3: mov ah, 0x1a 0x12aa5: int 0x21
2018-12-25T12:39:26.514818164Z	26	PC: 12aa7 \| Set disk transfer address