Sample viewer

vx.netlux.org/Virus.DOS.ARCV.Anna.742

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:58.60712895Z	42	PC: 12a6f \| Get date 0x12a6f: jae 0x12a74 0x12a71: jmp 0x12bcb 0x12a74: cmp dh, 0xc 0x12a77: jne 0x12a7c 0x12a79: jmp 0x12ba3 0x12a7c: mov ah, 0x47 0x12a7e: mov dl, 0 0x12a80: push si 0x12a81: lea bx, word ptr [si + 0x3f5] 0x12a85: mov si, bx 0x12a87: int 0x21 0x12a89: jb 0x12a71 0x12a8b: pop si 0x12a8c: mov byte ptr [si + 0x39f], 0 0x12a91: mov ah, 0x1a 0x12a93: lea dx, word ptr [si + 0x437] 0x12a97: int 0x21 0x12a99: mov ah, 0x4e 0x12a9b: mov cx, 0 0x12a9e: lea dx, word ptr [si + 0x3a6]
2018-12-17T23:12:58.609452819Z	9	PC: 12bab \| Display string (String= ' Have a Cool Yule from the ARcV xCept Anna Jones I hope you get run over by a Reindeer Santas bringin' you a Bomb All my Lurve - SLarTiBarTfAsT (c) ARcV 1992 - England Raining Again ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17693,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:22.999922541Z	42	PC: 12a6f \| Get date 0x12a6f: jae 0x12a74 0x12a71: jmp 0x12bcb 0x12a74: cmp dh, 0xc 0x12a77: jne 0x12a7c 0x12a79: jmp 0x12ba3 0x12a7c: mov ah, 0x47 0x12a7e: mov dl, 0 0x12a80: push si 0x12a81: lea bx, word ptr [si + 0x3f5] 0x12a85: mov si, bx 0x12a87: int 0x21 0x12a89: jb 0x12a71 0x12a8b: pop si 0x12a8c: mov byte ptr [si + 0x39f], 0 0x12a91: mov ah, 0x1a 0x12a93: lea dx, word ptr [si + 0x437] 0x12a97: int 0x21 0x12a99: mov ah, 0x4e 0x12a9b: mov cx, 0 0x12a9e: lea dx, word ptr [si + 0x3a6]
2018-12-25T12:56:23.003339933Z	71	PC: 12a89 \| Get current directory
2018-12-25T12:56:23.006726896Z	26	PC: 12a99 \| Set disk transfer address
2018-12-25T12:56:23.008013734Z	78	PC: 12aa4 \| Find first file
2018-12-25T12:56:23.015888854Z	61	PC: 12ab7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:23.023776632Z	66	PC: 12acc \| Move file pointer
2018-12-25T12:56:23.026181617Z	63	PC: 12ae2 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:56:23.03363287Z	66	PC: 12b07 \| Move file pointer
2018-12-25T12:56:23.040077023Z	63	PC: 12b18 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:56:23.043726706Z	66	PC: 12b27 \| Move file pointer
2018-12-25T12:56:23.046505696Z	64	PC: 12d28 \| Write file or device (Write 742 bytes on handle 5)
2018-12-25T12:56:23.06463416Z	66	PC: 12b40 \| Move file pointer
2018-12-25T12:56:23.06634652Z	64	PC: 12b4f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:56:23.07475007Z	59	PC: 12b57 \| Change current directory
2018-12-25T12:56:23.080123307Z	62	PC: 12bb5 \| Close file
2018-12-25T12:56:23.091619491Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17693,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:23.069813786Z	42	PC: 12a6f \| Get date 0x12a6f: jae 0x12a74 0x12a71: jmp 0x12bcb 0x12a74: cmp dh, 0xc 0x12a77: jne 0x12a7c 0x12a79: jmp 0x12ba3 0x12a7c: mov ah, 0x47 0x12a7e: mov dl, 0 0x12a80: push si 0x12a81: lea bx, word ptr [si + 0x3f5] 0x12a85: mov si, bx 0x12a87: int 0x21 0x12a89: jb 0x12a71 0x12a8b: pop si 0x12a8c: mov byte ptr [si + 0x39f], 0 0x12a91: mov ah, 0x1a 0x12a93: lea dx, word ptr [si + 0x437] 0x12a97: int 0x21 0x12a99: mov ah, 0x4e 0x12a9b: mov cx, 0 0x12a9e: lea dx, word ptr [si + 0x3a6]
2018-12-25T12:56:23.072389748Z	9	PC: 12bab \| Display string (String= ' Have a Cool Yule from the ARcV xCept Anna Jones I hope you get run over by a Reindeer Santas bringin' you a Bomb All my Lurve - SLarTiBarTfAsT (c) ARcV 1992 - England Raining Again ')