Sample viewer

vx.netlux.org/Virus.DOS.VCL.SK.317

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:51.444961067Z 26 PC: 15671 | Set disk transfer address
2018-12-17T23:06:51.446741086Z 71 PC: 15681 | Get current directory
2018-12-17T23:06:51.449484987Z 78 PC: 1568c | Find first file
2018-12-17T23:06:51.455295621Z 67 PC: 156b9 | Get or set file attributes
2018-12-17T23:06:51.476242173Z 61 PC: 156c2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:51.483560639Z 63 PC: 156cf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:51.490238783Z 66 PC: 156f7 | Move file pointer
2018-12-17T23:06:51.492270327Z 64 PC: 15709 | Write file or device (Write 317 bytes on handle 5)
2018-12-17T23:06:51.501277681Z 66 PC: 15712 | Move file pointer
2018-12-17T23:06:51.502967421Z 64 PC: 1571d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:51.510178966Z 87 PC: 1572e | Get or set file date and time
2018-12-17T23:06:51.512695521Z 62 PC: 15732 | Close file
2018-12-17T23:06:51.517796719Z 67 PC: 15741 | Get or set file attributes
2018-12-17T23:06:51.520524727Z 79 PC: 1569c | Find next file
2018-12-17T23:06:51.523133754Z 67 PC: 156b9 | Get or set file attributes
2018-12-17T23:06:51.530361216Z 61 PC: 156c2 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:06:51.534405422Z 63 PC: 156cf | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:51.538875976Z 66 PC: 156f7 | Move file pointer
2018-12-17T23:06:51.539991557Z 64 PC: 15709 | Write file or device (Write 317 bytes on handle 5)
2018-12-17T23:06:51.541958132Z 66 PC: 15712 | Move file pointer
2018-12-17T23:06:51.543722598Z 64 PC: 1571d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:51.54632928Z 87 PC: 1572e | Get or set file date and time
2018-12-17T23:06:51.547450028Z 62 PC: 15732 | Close file
2018-12-17T23:06:51.552628597Z 67 PC: 15741 | Get or set file attributes
2018-12-17T23:06:51.558202299Z 59 PC: 15762 | Change current directory
2018-12-17T23:06:51.563388345Z 26 PC: 15769 | Set disk transfer address
2018-12-17T23:06:51.565142241Z 42 PC: 151b9 | Get date 0x151b9: cmp dx, 0x418
0x151bd: jne 0x151ed
0x151bf: mov ax, 0x9100
0x151c2: int 0x10
0x151c4: cmp ax, 0x9100
0x151c7: je 0x151da
0x151c9: mov ax, 0x804e
0x151cc: int 0x10
0x151ce: mov ah, 9
0x151d0: mov dx, 0x265
0x151d3: int 0x21
0x151d5: jb 0x151e6
0x151d7: jmp 0x151ed
0x151d9: nop
0x151da: mov ah, 9
0x151dc: mov dx, 0x462
0x151df: int 0x21
0x151e1: jb 0x151e6
0x151e3: jmp 0x151ed
0x151e5: nop
2018-12-17T23:06:51.566661555Z 53 PC: 15200 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:51.567762343Z 37 PC: 15233 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:51.569430709Z 26 PC: 15248 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15661,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:08.872053239Z 26 PC: 15671 | Set disk transfer address
2018-12-25T12:44:08.879260981Z 71 PC: 15681 | Get current directory
2018-12-25T12:44:08.883367103Z 78 PC: 1568c | Find first file
2018-12-25T12:44:08.890426128Z 67 PC: 156b9 | Get or set file attributes
2018-12-25T12:44:08.909195781Z 61 PC: 156c2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:08.921872447Z 63 PC: 156cf | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:08.929100485Z 66 PC: 156f7 | Move file pointer
2018-12-25T12:44:08.930508677Z 64 PC: 15709 | Write file or device (Write 317 bytes on handle 5)
2018-12-25T12:44:08.939348511Z 66 PC: 15712 | Move file pointer
2018-12-25T12:44:08.940983466Z 64 PC: 1571d | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:44:08.949479674Z 87 PC: 1572e | Get or set file date and time
2018-12-25T12:44:08.95205033Z 62 PC: 15732 | Close file
2018-12-25T12:44:08.961122303Z 67 PC: 15741 | Get or set file attributes
2018-12-25T12:44:08.96652107Z 79 PC: 1569c | Find next file
2018-12-25T12:44:08.970769175Z 67 PC: 156b9 | Get or set file attributes (See above)
2018-12-25T12:44:08.981897742Z 61 PC: 156c2 | Open file (See above)
2018-12-25T12:44:08.989097288Z 63 PC: 156cf | Read file or device (See above)
2018-12-25T12:44:08.99662013Z 66 PC: 156f7 | Move file pointer (See above)
2018-12-25T12:44:08.998223079Z 64 PC: 15709 | Write file or device (See above)
2018-12-25T12:44:09.001148017Z 66 PC: 15712 | Move file pointer (See above)
2018-12-25T12:44:09.003059941Z 64 PC: 1571d | Write file or device (See above)
2018-12-25T12:44:09.006213045Z 87 PC: 1572e | Get or set file date and time (See above)
2018-12-25T12:44:09.008369119Z 62 PC: 15732 | Close file (See above)
2018-12-25T12:44:09.017178088Z 67 PC: 15741 | Get or set file attributes (See above)
2018-12-25T12:44:09.022222762Z 59 PC: 15762 | Change current directory
2018-12-25T12:44:09.026652979Z 26 PC: 15769 | Set disk transfer address
2018-12-25T12:44:09.028491702Z 42 PC: 151b9 | Get date 0x151b9: cmp dx, 0x418
0x151bd: jne 0x151ed
0x151bf: mov ax, 0x9100
0x151c2: int 0x10
0x151c4: cmp ax, 0x9100
0x151c7: je 0x151da
0x151c9: mov ax, 0x804e
0x151cc: int 0x10
0x151ce: mov ah, 9
0x151d0: mov dx, 0x265
0x151d3: int 0x21
0x151d5: jb 0x151e6
0x151d7: jmp 0x151ed
0x151d9: nop
0x151da: mov ah, 9
0x151dc: mov dx, 0x462
0x151df: int 0x21
0x151e1: jb 0x151e6
0x151e3: jmp 0x151ed
0x151e5: nop
2018-12-25T12:44:09.031459218Z 53 PC: 15200 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:09.033393439Z 37 PC: 15233 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:09.034736586Z 26 PC: 15248 | Set disk transfer address

{"DateBased":true,"Day":24,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15661,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:08.917780902Z 26 PC: 15671 | Set disk transfer address
2018-12-25T12:44:08.919367395Z 71 PC: 15681 | Get current directory
2018-12-25T12:44:08.922219452Z 78 PC: 1568c | Find first file
2018-12-25T12:44:08.928876284Z 67 PC: 156b9 | Get or set file attributes
2018-12-25T12:44:08.947450198Z 61 PC: 156c2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:08.954401285Z 63 PC: 156cf | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:08.960813112Z 66 PC: 156f7 | Move file pointer
2018-12-25T12:44:08.962955425Z 64 PC: 15709 | Write file or device (Write 317 bytes on handle 5)
2018-12-25T12:44:08.971013368Z 66 PC: 15712 | Move file pointer
2018-12-25T12:44:08.972263397Z 64 PC: 1571d | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:44:08.97956681Z 87 PC: 1572e | Get or set file date and time
2018-12-25T12:44:08.981051851Z 62 PC: 15732 | Close file
2018-12-25T12:44:08.988657651Z 67 PC: 15741 | Get or set file attributes
2018-12-25T12:44:08.993500798Z 79 PC: 1569c | Find next file
2018-12-25T12:44:08.996286566Z 67 PC: 156b9 | Get or set file attributes (See above)
2018-12-25T12:44:09.006089076Z 61 PC: 156c2 | Open file (See above)
2018-12-25T12:44:09.013362327Z 63 PC: 156cf | Read file or device (See above)
2018-12-25T12:44:09.019726649Z 66 PC: 156f7 | Move file pointer (See above)
2018-12-25T12:44:09.020996113Z 64 PC: 15709 | Write file or device (See above)
2018-12-25T12:44:09.024325604Z 66 PC: 15712 | Move file pointer (See above)
2018-12-25T12:44:09.025565665Z 64 PC: 1571d | Write file or device (See above)
2018-12-25T12:44:09.028004009Z 87 PC: 1572e | Get or set file date and time (See above)
2018-12-25T12:44:09.030428204Z 62 PC: 15732 | Close file (See above)
2018-12-25T12:44:09.037730445Z 67 PC: 15741 | Get or set file attributes (See above)
2018-12-25T12:44:09.046962657Z 59 PC: 15762 | Change current directory
2018-12-25T12:44:09.051074835Z 26 PC: 15769 | Set disk transfer address
2018-12-25T12:44:09.052696879Z 42 PC: 151b9 | Get date 0x151b9: cmp dx, 0x418
0x151bd: jne 0x151ed
0x151bf: mov ax, 0x9100
0x151c2: int 0x10
0x151c4: cmp ax, 0x9100
0x151c7: je 0x151da
0x151c9: mov ax, 0x804e
0x151cc: int 0x10
0x151ce: mov ah, 9
0x151d0: mov dx, 0x265
0x151d3: int 0x21
0x151d5: jb 0x151e6
0x151d7: jmp 0x151ed
0x151d9: nop
0x151da: mov ah, 9
0x151dc: mov dx, 0x462
0x151df: int 0x21
0x151e1: jb 0x151e6
0x151e3: jmp 0x151ed
0x151e5: nop
2018-12-25T12:44:09.055687638Z 9 PC: 151e1 | Display string (Could not find end pointer)
2018-12-25T12:44:09.190208943Z 53 PC: 15200 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:09.191825464Z 37 PC: 15233 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:09.192819094Z 26 PC: 15248 | Set disk transfer address