Sample viewer

vx.netlux.org/Virus.DOS.VCL.Bev.737

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:35.536610552Z	47	PC: 12a68 \| Get disk transfer address
2018-12-17T23:05:35.538115637Z	26	PC: 12a70 \| Set disk transfer address
2018-12-17T23:05:35.539596612Z	42	PC: 12a80 \| Get date 0x12a80: cmp dx, 0x30f 0x12a84: jne 0x12aa8 0x12a86: cmp cx, 0x7c9 0x12a8a: jl 0x12aa8 0x12a8c: lea si, word ptr [di + 0x275] 0x12a90: mov ah, 0xe 0x12a92: lodsb al, byte ptr [si] 0x12a93: or al, al 0x12a95: je 0x12aa8 0x12a97: int 0x10 0x12a99: jmp 0x12a90 0x12a9b: sub ax, 0x5b3d 0x12a9e: push si 0x12a9f: inc bx 0x12aa0: dec sp 0x12aa1: das 0x12aa2: inc dx 0x12aa3: inc bp 0x12aa4: jbe 0x12b03 0x12aa6: cmp ax, 0x5a2d
2018-12-17T23:05:35.542114098Z	26	PC: 12aad \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15259,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:01.231678601Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T12:43:01.233017161Z	26	PC: 12a70 \| Set disk transfer address
2018-12-25T12:43:01.235272629Z	71	PC: 12abf \| Get current directory
2018-12-25T12:43:01.238090985Z	47	PC: 12ae9 \| Get disk transfer address
2018-12-25T12:43:01.239076542Z	26	PC: 12af8 \| Set disk transfer address
2018-12-25T12:43:01.240542453Z	78	PC: 12b00 \| Find first file
2018-12-25T12:43:01.244424652Z	47	PC: 12b18 \| Get disk transfer address
2018-12-25T12:43:01.245598673Z	61	PC: 12b31 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:01.256654911Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:01.263564712Z	66	PC: 12b47 \| Move file pointer
2018-12-25T12:43:01.264924642Z	62	PC: 12b4c \| Close file
2018-12-25T12:43:01.267439157Z	67	PC: 12b6c \| Get or set file attributes
2018-12-25T12:43:01.859250735Z	61	PC: 12b71 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:01.872719799Z	64	PC: 12b7d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:01.881019705Z	66	PC: 12b87 \| Move file pointer
2018-12-25T12:43:01.883754133Z	64	PC: 12d3a \| Write file or device (Write 737 bytes on handle 5)
2018-12-25T12:43:01.893696087Z	87	PC: 12b97 \| Get or set file date and time
2018-12-25T12:43:01.896607467Z	62	PC: 12b9b \| Close file
2018-12-25T12:43:01.905106422Z	67	PC: 12ba8 \| Get or set file attributes
2018-12-25T12:43:01.916421123Z	26	PC: 12b12 \| Set disk transfer address
2018-12-25T12:43:01.918185955Z	59	PC: 12ace \| Change current directory
2018-12-25T12:43:01.922686191Z	59	PC: 12ad7 \| Change current directory
2018-12-25T12:43:01.924485293Z	42	PC: 12a80 \| Get date 0x12a80: cmp dx, 0x30f 0x12a84: jne 0x12aa8 0x12a86: cmp cx, 0x7c9 0x12a8a: jl 0x12aa8 0x12a8c: lea si, word ptr [di + 0x275] 0x12a90: mov ah, 0xe 0x12a92: lodsb al, byte ptr [si] 0x12a93: or al, al 0x12a95: je 0x12aa8 0x12a97: int 0x10 0x12a99: jmp 0x12a90 0x12a9b: sub ax, 0x5b3d 0x12a9e: push si 0x12a9f: inc bx 0x12aa0: dec sp 0x12aa1: das 0x12aa2: inc dx 0x12aa3: inc bp 0x12aa4: jbe 0x12b03 0x12aa6: cmp ax, 0x5a2d
2018-12-25T12:43:01.927494588Z	26	PC: 12aad \| Set disk transfer address

{"DateBased":true,"Day":15,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15259,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:02.278698691Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T12:43:02.2800312Z	26	PC: 12a70 \| Set disk transfer address
2018-12-25T12:43:02.282418608Z	42	PC: 12a80 \| Get date 0x12a80: cmp dx, 0x30f 0x12a84: jne 0x12aa8 0x12a86: cmp cx, 0x7c9 0x12a8a: jl 0x12aa8 0x12a8c: lea si, word ptr [di + 0x275] 0x12a90: mov ah, 0xe 0x12a92: lodsb al, byte ptr [si] 0x12a93: or al, al 0x12a95: je 0x12aa8 0x12a97: int 0x10 0x12a99: jmp 0x12a90 0x12a9b: sub ax, 0x5b3d 0x12a9e: push si 0x12a9f: inc bx 0x12aa0: dec sp 0x12aa1: das 0x12aa2: inc dx 0x12aa3: inc bp 0x12aa4: jbe 0x12b03 0x12aa6: cmp ax, 0x5a2d
2018-12-25T12:43:02.284923587Z	26	PC: 12aad \| Set disk transfer address

{"DateBased":true,"Day":15,"Month":3,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15259,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:02.428475172Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T12:43:02.429672975Z	26	PC: 12a70 \| Set disk transfer address
2018-12-25T12:43:02.432525675Z	42	PC: 12a80 \| Get date 0x12a80: cmp dx, 0x30f 0x12a84: jne 0x12aa8 0x12a86: cmp cx, 0x7c9 0x12a8a: jl 0x12aa8 0x12a8c: lea si, word ptr [di + 0x275] 0x12a90: mov ah, 0xe 0x12a92: lodsb al, byte ptr [si] 0x12a93: or al, al 0x12a95: je 0x12aa8 0x12a97: int 0x10 0x12a99: jmp 0x12a90 0x12a9b: sub ax, 0x5b3d 0x12a9e: push si 0x12a9f: inc bx 0x12aa0: dec sp 0x12aa1: das 0x12aa2: inc dx 0x12aa3: inc bp 0x12aa4: jbe 0x12b03 0x12aa6: cmp ax, 0x5a2d
2018-12-25T12:43:02.447422625Z	26	PC: 12aad \| Set disk transfer address