Sample viewer

vx.netlux.org/Virus.DOS.ARCV.Anna.737

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:23.429299966Z	42	PC: 12a6f \| Get date 0x12a6f: jae 0x12a74 0x12a71: jmp 0x12bcb 0x12a74: cmp dh, 0xc 0x12a77: jne 0x12a7c 0x12a79: jmp 0x12ba3 0x12a7c: mov ah, 0x47 0x12a7e: mov dl, 0 0x12a80: push si 0x12a81: lea bx, word ptr [si + 0x3f0] 0x12a85: mov si, bx 0x12a87: int 0x21 0x12a89: jb 0x12a71 0x12a8b: pop si 0x12a8c: mov byte ptr [si + 0x39f], 0 0x12a91: mov ah, 0x1a 0x12a93: lea dx, word ptr [si + 0x432] 0x12a97: int 0x21 0x12a99: mov ah, 0x4e 0x12a9b: mov cx, 0 0x12a9e: lea dx, word ptr [si + 0x3a6]
2018-12-17T23:02:23.432321215Z	9	PC: 12bab \| Display string (String= ' Have a Cool Yule from the ARcV xCept Anna Jones I hope you get run over by a Reindeer Santas bringin' you a Bomb All my Lurve - SLarTiBarTfAsT (c) ARcV 1992 - England Raining Again ')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14186,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:06.509311084Z	42	PC: 12a6f \| Get date 0x12a6f: jae 0x12a74 0x12a71: jmp 0x12bcb 0x12a74: cmp dh, 0xc 0x12a77: jne 0x12a7c 0x12a79: jmp 0x12ba3 0x12a7c: mov ah, 0x47 0x12a7e: mov dl, 0 0x12a80: push si 0x12a81: lea bx, word ptr [si + 0x3f0] 0x12a85: mov si, bx 0x12a87: int 0x21 0x12a89: jb 0x12a71 0x12a8b: pop si 0x12a8c: mov byte ptr [si + 0x39f], 0 0x12a91: mov ah, 0x1a 0x12a93: lea dx, word ptr [si + 0x432] 0x12a97: int 0x21 0x12a99: mov ah, 0x4e 0x12a9b: mov cx, 0 0x12a9e: lea dx, word ptr [si + 0x3a6]
2018-12-25T12:40:06.512495076Z	9	PC: 12bab \| Display string (String= ' Have a Cool Yule from the ARcV xCept Anna Jones I hope you get run over by a Reindeer Santas bringin' you a Bomb All my Lurve - SLarTiBarTfAsT (c) ARcV 1992 - England Raining Again ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14186,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:06.653800406Z	42	PC: 12a6f \| Get date 0x12a6f: jae 0x12a74 0x12a71: jmp 0x12bcb 0x12a74: cmp dh, 0xc 0x12a77: jne 0x12a7c 0x12a79: jmp 0x12ba3 0x12a7c: mov ah, 0x47 0x12a7e: mov dl, 0 0x12a80: push si 0x12a81: lea bx, word ptr [si + 0x3f0] 0x12a85: mov si, bx 0x12a87: int 0x21 0x12a89: jb 0x12a71 0x12a8b: pop si 0x12a8c: mov byte ptr [si + 0x39f], 0 0x12a91: mov ah, 0x1a 0x12a93: lea dx, word ptr [si + 0x432] 0x12a97: int 0x21 0x12a99: mov ah, 0x4e 0x12a9b: mov cx, 0 0x12a9e: lea dx, word ptr [si + 0x3a6]
2018-12-25T12:40:06.657014048Z	71	PC: 12a89 \| Get current directory
2018-12-25T12:40:06.659718233Z	26	PC: 12a99 \| Set disk transfer address
2018-12-25T12:40:06.661001432Z	78	PC: 12aa4 \| Find first file
2018-12-25T12:40:06.673584087Z	61	PC: 12ab7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:06.679207955Z	66	PC: 12acc \| Move file pointer
2018-12-25T12:40:06.680750923Z	63	PC: 12ae2 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:40:06.686607752Z	66	PC: 12b07 \| Move file pointer
2018-12-25T12:40:06.687851391Z	63	PC: 12b18 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:40:06.689952286Z	66	PC: 12b27 \| Move file pointer
2018-12-25T12:40:06.692156262Z	64	PC: 12d23 \| Write file or device (Write 737 bytes on handle 5)
2018-12-25T12:40:06.706217672Z	66	PC: 12b40 \| Move file pointer
2018-12-25T12:40:06.707738864Z	64	PC: 12b4f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:40:06.713927211Z	59	PC: 12b57 \| Change current directory
2018-12-25T12:40:06.717500127Z	62	PC: 12bb5 \| Close file
2018-12-25T12:40:06.724144614Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')