Sample viewer

vx.netlux.org/Virus.DOS.VCL.516.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:07:44.659085653Z	47	PC: 12a65 \| Get disk transfer address
2018-12-17T22:07:44.660456666Z	26	PC: 12a6d \| Set disk transfer address
2018-12-17T22:07:44.662084459Z	71	PC: 12aba \| Get current directory
2018-12-17T22:07:44.66482841Z	47	PC: 12ae4 \| Get disk transfer address
2018-12-17T22:07:44.665885298Z	26	PC: 12af3 \| Set disk transfer address
2018-12-17T22:07:44.667857313Z	78	PC: 12afb \| Find first file
2018-12-17T22:07:44.673732627Z	47	PC: 12b13 \| Get disk transfer address
2018-12-17T22:07:44.674874921Z	61	PC: 12b2b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:07:44.681759009Z	63	PC: 12b37 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:07:44.687907947Z	66	PC: 12b3f \| Move file pointer
2018-12-17T22:07:44.689545086Z	62	PC: 12b44 \| Close file
2018-12-17T22:07:44.692105316Z	67	PC: 12b64 \| Get or set file attributes
2018-12-17T22:07:44.708335334Z	61	PC: 12b69 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:07:44.719828923Z	64	PC: 12b75 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:07:44.727733706Z	66	PC: 12b7d \| Move file pointer
2018-12-17T22:07:44.730214355Z	64	PC: 12c5b \| Write file or device (Write 516 bytes on handle 5)
2018-12-17T22:07:44.738559512Z	87	PC: 12b8d \| Get or set file date and time
2018-12-17T22:07:44.741288187Z	62	PC: 12b91 \| Close file
2018-12-17T22:07:44.749308555Z	67	PC: 12b9e \| Get or set file attributes
2018-12-17T22:07:44.758992653Z	26	PC: 12b0d \| Set disk transfer address
2018-12-17T22:07:44.76095713Z	59	PC: 12ac9 \| Change current directory
2018-12-17T22:07:44.765454735Z	59	PC: 12ad2 \| Change current directory
2018-12-17T22:07:44.767622495Z	42	PC: 12a81 \| Get date 0x12a81: cmp dx, 0x704 0x12a85: jne 0x12aa3 0x12a87: lea si, word ptr [di + 0x26b] 0x12a8b: mov ah, 0xe 0x12a8d: lodsb al, byte ptr [si] 0x12a8e: or al, al 0x12a90: je 0x12aa3 0x12a92: int 0x10 0x12a94: jmp 0x12a8b 0x12a96: sub ax, 0x5b3d 0x12a99: push si 0x12a9a: inc bx 0x12a9b: dec sp 0x12a9c: das 0x12a9d: inc dx 0x12a9e: inc bp 0x12a9f: jbe 0x12afe 0x12aa1: cmp ax, 0x5a2d 0x12aa4: mov ah, 0x1a 0x12aa6: int 0x21
2018-12-17T22:07:44.770919771Z	26	PC: 12aa8 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1982,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:38.757999799Z	47	PC: 12a65 \| Get disk transfer address
2018-12-25T11:44:38.76032986Z	26	PC: 12a6d \| Set disk transfer address
2018-12-25T11:44:38.762325483Z	71	PC: 12aba \| Get current directory
2018-12-25T11:44:38.765612789Z	47	PC: 12ae4 \| Get disk transfer address
2018-12-25T11:44:38.766806627Z	26	PC: 12af3 \| Set disk transfer address
2018-12-25T11:44:38.768112117Z	78	PC: 12afb \| Find first file
2018-12-25T11:44:38.774546767Z	47	PC: 12b13 \| Get disk transfer address
2018-12-25T11:44:38.775903193Z	61	PC: 12b2b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:38.789528274Z	63	PC: 12b37 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:38.797089726Z	66	PC: 12b3f \| Move file pointer
2018-12-25T11:44:38.798775617Z	62	PC: 12b44 \| Close file
2018-12-25T11:44:38.8016181Z	67	PC: 12b64 \| Get or set file attributes
2018-12-25T11:44:38.818745547Z	61	PC: 12b69 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:38.827092615Z	64	PC: 12b75 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:38.830903592Z	66	PC: 12b7d \| Move file pointer
2018-12-25T11:44:38.833559225Z	64	PC: 12c5b \| Write file or device (Write 516 bytes on handle 5)
2018-12-25T11:44:38.842878737Z	87	PC: 12b8d \| Get or set file date and time
2018-12-25T11:44:38.844620623Z	62	PC: 12b91 \| Close file
2018-12-25T11:44:38.853938889Z	67	PC: 12b9e \| Get or set file attributes
2018-12-25T11:44:38.86591497Z	26	PC: 12b0d \| Set disk transfer address
2018-12-25T11:44:38.867566396Z	59	PC: 12ac9 \| Change current directory
2018-12-25T11:44:38.872852649Z	59	PC: 12ad2 \| Change current directory
2018-12-25T11:44:38.87473973Z	42	PC: 12a81 \| Get date 0x12a81: cmp dx, 0x704 0x12a85: jne 0x12aa3 0x12a87: lea si, word ptr [di + 0x26b] 0x12a8b: mov ah, 0xe 0x12a8d: lodsb al, byte ptr [si] 0x12a8e: or al, al 0x12a90: je 0x12aa3 0x12a92: int 0x10 0x12a94: jmp 0x12a8b 0x12a96: sub ax, 0x5b3d 0x12a99: push si 0x12a9a: inc bx 0x12a9b: dec sp 0x12a9c: das 0x12a9d: inc dx 0x12a9e: inc bp 0x12a9f: jbe 0x12afe 0x12aa1: cmp ax, 0x5a2d 0x12aa4: mov ah, 0x1a 0x12aa6: int 0x21
2018-12-25T11:44:38.877295116Z	26	PC: 12aa8 \| Set disk transfer address

{"DateBased":true,"Day":4,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1982,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:39.040342908Z	47	PC: 12a65 \| Get disk transfer address
2018-12-25T11:44:39.042501495Z	26	PC: 12a6d \| Set disk transfer address
2018-12-25T11:44:39.044625814Z	71	PC: 12aba \| Get current directory
2018-12-25T11:44:39.048038858Z	47	PC: 12ae4 \| Get disk transfer address
2018-12-25T11:44:39.050020727Z	26	PC: 12af3 \| Set disk transfer address
2018-12-25T11:44:39.051769336Z	78	PC: 12afb \| Find first file
2018-12-25T11:44:39.058446755Z	47	PC: 12b13 \| Get disk transfer address
2018-12-25T11:44:39.059979922Z	61	PC: 12b2b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:39.067938514Z	63	PC: 12b37 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:39.074587139Z	66	PC: 12b3f \| Move file pointer
2018-12-25T11:44:39.07701827Z	62	PC: 12b44 \| Close file
2018-12-25T11:44:39.080150367Z	67	PC: 12b64 \| Get or set file attributes
2018-12-25T11:44:39.100981295Z	61	PC: 12b69 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:39.108577624Z	64	PC: 12b75 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:39.112677944Z	66	PC: 12b7d \| Move file pointer
2018-12-25T11:44:39.115412469Z	64	PC: 12c5b \| Write file or device (Write 516 bytes on handle 5)
2018-12-25T11:44:39.128653741Z	87	PC: 12b8d \| Get or set file date and time
2018-12-25T11:44:39.131536237Z	62	PC: 12b91 \| Close file
2018-12-25T11:44:39.139571216Z	67	PC: 12b9e \| Get or set file attributes
2018-12-25T11:44:39.150987311Z	26	PC: 12b0d \| Set disk transfer address
2018-12-25T11:44:39.153117045Z	59	PC: 12ac9 \| Change current directory
2018-12-25T11:44:39.157841525Z	59	PC: 12ad2 \| Change current directory
2018-12-25T11:44:39.159978503Z	42	PC: 12a81 \| Get date 0x12a81: cmp dx, 0x704 0x12a85: jne 0x12aa3 0x12a87: lea si, word ptr [di + 0x26b] 0x12a8b: mov ah, 0xe 0x12a8d: lodsb al, byte ptr [si] 0x12a8e: or al, al 0x12a90: je 0x12aa3 0x12a92: int 0x10 0x12a94: jmp 0x12a8b 0x12a96: sub ax, 0x5b3d 0x12a99: push si 0x12a9a: inc bx 0x12a9b: dec sp 0x12a9c: das 0x12a9d: inc dx 0x12a9e: inc bp 0x12a9f: jbe 0x12afe 0x12aa1: cmp ax, 0x5a2d 0x12aa4: mov ah, 0x1a 0x12aa6: int 0x21
2018-12-25T11:44:39.167073945Z	26	PC: 12aa8 \| Set disk transfer address