Sample viewer

vx.netlux.org/Virus.DOS.ARCV.562

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:02.213699383Z 42 PC: 12b94 | Get date 0x12b94: cmp dx, 0x305
0x12b98: jne 0x12ba3
0x12b9a: mov ah, 9
0x12b9c: mov dx, 0x27d
0x12b9f: int 0x21
0x12ba1: jmp 0x12ba1
0x12ba3: push cs
0x12ba4: pop es
0x12ba5: mov ah, 0x1a
0x12ba7: mov dx, 0x37b
0x12baa: int 0x21
0x12bac: mov ah, 0x4e
0x12bae: mov cx, 3
0x12bb1: mov dx, 0x2f5
0x12bb4: int 0x21
0x12bb6: jae 0x12bc5
0x12bb8: jmp 0x12ca1
0x12bbb: call 0x12cbc
0x12bbe: mov ah, 0x4f
0x12bc0: call 0x12d7e
2018-12-17T23:03:02.216432816Z 26 PC: 12bac | Set disk transfer address
2018-12-17T23:03:02.218543759Z 78 PC: 12bb6 | Find first file
2018-12-17T23:03:02.225180894Z 67 PC: 12d84 | Get or set file attributes
2018-12-17T23:03:02.242042022Z 61 PC: 12bda | Open file (Filename = 'TEST.EXE')
2018-12-17T23:03:02.249839675Z 63 PC: 12d84 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T23:03:02.252384891Z 66 PC: 12d84 | Move file pointer
2018-12-17T23:03:02.25369203Z 63 PC: 12d84 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:03:02.25733615Z 62 PC: 12d84 | Close file
2018-12-17T23:03:02.259386661Z 67 PC: 12d84 | Get or set file attributes
2018-12-17T23:03:02.27021511Z 67 PC: 12d84 | Get or set file attributes
2018-12-17T23:03:02.28917628Z 79 PC: 12d84 | Find next file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:37.847273818Z 42 PC: 12b94 | Get date 0x12b94: cmp dx, 0x305
0x12b98: jne 0x12ba3
0x12b9a: mov ah, 9
0x12b9c: mov dx, 0x27d
0x12b9f: int 0x21
0x12ba1: jmp 0x12ba1
0x12ba3: push cs
0x12ba4: pop es
0x12ba5: mov ah, 0x1a
0x12ba7: mov dx, 0x37b
0x12baa: int 0x21
0x12bac: mov ah, 0x4e
0x12bae: mov cx, 3
0x12bb1: mov dx, 0x2f5
0x12bb4: int 0x21
0x12bb6: jae 0x12bc5
0x12bb8: jmp 0x12ca1
0x12bbb: call 0x12cbc
0x12bbe: mov ah, 0x4f
0x12bc0: call 0x12d7e
2018-12-25T12:40:37.849145729Z 26 PC: 12bac | Set disk transfer address
2018-12-25T12:40:37.850145206Z 78 PC: 12bb6 | Find first file
2018-12-25T12:40:37.8559715Z 67 PC: 12d84 | Get or set file attributes
2018-12-25T12:40:38.575903766Z 61 PC: 12bda | Open file (Filename = 'TEST.EXE')
2018-12-25T12:40:38.583753197Z 63 PC: 12d84 | Read file or device (See above)
2018-12-25T12:40:38.587952799Z 66 PC: 12d84 | Move file pointer (See above)
2018-12-25T12:40:38.58920573Z 63 PC: 12d84 | Read file or device (See above)
2018-12-25T12:40:38.59866065Z 62 PC: 12d84 | Close file (See above)
2018-12-25T12:40:38.600465978Z 67 PC: 12d84 | Get or set file attributes (See above)
2018-12-25T12:40:38.620912548Z 67 PC: 12d84 | Get or set file attributes (See above)
2018-12-25T12:40:38.640162686Z 79 PC: 12d84 | Find next file (See above)

{"DateBased":true,"Day":5,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14415,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:38.405826294Z 42 PC: 12b94 | Get date 0x12b94: cmp dx, 0x305
0x12b98: jne 0x12ba3
0x12b9a: mov ah, 9
0x12b9c: mov dx, 0x27d
0x12b9f: int 0x21
0x12ba1: jmp 0x12ba1
0x12ba3: push cs
0x12ba4: pop es
0x12ba5: mov ah, 0x1a
0x12ba7: mov dx, 0x37b
0x12baa: int 0x21
0x12bac: mov ah, 0x4e
0x12bae: mov cx, 3
0x12bb1: mov dx, 0x2f5
0x12bb4: int 0x21
0x12bb6: jae 0x12bc5
0x12bb8: jmp 0x12ca1
0x12bbb: call 0x12cbc
0x12bbe: mov ah, 0x4f
0x12bc0: call 0x12d7e
2018-12-25T12:40:38.408448743Z 9 PC: 12ba1 | Display string (Could not find end pointer)