Sample viewer

vx.netlux.org/Virus.DOS.ARCV.Ice.639

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:52:06.770090744Z	42	PC: 12e39 \| Get date 0x12e39: cmp dh, 1 0x12e3c: jne 0x12e65 0x12e3e: cmp dl, 7 0x12e41: jae 0x12e65 0x12e43: mov di, 0x310 0x12e46: add di, si 0x12e48: mov al, 0x99 0x12e4a: mov cx, 0x71 0x12e4d: mov ah, byte ptr [di] 0x12e4f: mov dl, ah 0x12e51: xor ah, al 0x12e53: mov byte ptr [di], ah 0x12e55: mov al, dl 0x12e57: inc di 0x12e58: loop 0x12e4d 0x12e5a: mov ah, 9 0x12e5c: mov dx, 0x310 0x12e5f: add dx, si 0x12e61: int 0x21 0x12e63: jmp 0x12e63
2018-12-17T21:52:06.773362839Z	255	PC: 12e79 \| UNKNOWN!
2018-12-17T21:52:06.774803709Z	49	PC: 12ebe \| Terminate and stay resident (Return code = '0' \| Memory size = '68')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":207,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:21.891743469Z	42	PC: 12e39 \| Get date 0x12e39: cmp dh, 1 0x12e3c: jne 0x12e65 0x12e3e: cmp dl, 7 0x12e41: jae 0x12e65 0x12e43: mov di, 0x310 0x12e46: add di, si 0x12e48: mov al, 0x99 0x12e4a: mov cx, 0x71 0x12e4d: mov ah, byte ptr [di] 0x12e4f: mov dl, ah 0x12e51: xor ah, al 0x12e53: mov byte ptr [di], ah 0x12e55: mov al, dl 0x12e57: inc di 0x12e58: loop 0x12e4d 0x12e5a: mov ah, 9 0x12e5c: mov dx, 0x310 0x12e5f: add dx, si 0x12e61: int 0x21 0x12e63: jmp 0x12e63
2018-12-25T11:40:21.895202731Z	9	PC: 12e63 \| Display string (String= ' Happy New Year from the ARCV Released 1 June 1992. Made in England by ICE-9 ')

{"DateBased":true,"Day":8,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":207,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:22.041565082Z	42	PC: 12e39 \| Get date 0x12e39: cmp dh, 1 0x12e3c: jne 0x12e65 0x12e3e: cmp dl, 7 0x12e41: jae 0x12e65 0x12e43: mov di, 0x310 0x12e46: add di, si 0x12e48: mov al, 0x99 0x12e4a: mov cx, 0x71 0x12e4d: mov ah, byte ptr [di] 0x12e4f: mov dl, ah 0x12e51: xor ah, al 0x12e53: mov byte ptr [di], ah 0x12e55: mov al, dl 0x12e57: inc di 0x12e58: loop 0x12e4d 0x12e5a: mov ah, 9 0x12e5c: mov dx, 0x310 0x12e5f: add dx, si 0x12e61: int 0x21 0x12e63: jmp 0x12e63
2018-12-25T11:40:22.044146771Z	255	PC: 12e79 \| UNKNOWN!
2018-12-25T11:40:22.045181438Z	49	PC: 12ebe \| Terminate and stay resident (Return code = '0' \| Memory size = '68')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":207,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:22.103978667Z	42	PC: 12e39 \| Get date 0x12e39: cmp dh, 1 0x12e3c: jne 0x12e65 0x12e3e: cmp dl, 7 0x12e41: jae 0x12e65 0x12e43: mov di, 0x310 0x12e46: add di, si 0x12e48: mov al, 0x99 0x12e4a: mov cx, 0x71 0x12e4d: mov ah, byte ptr [di] 0x12e4f: mov dl, ah 0x12e51: xor ah, al 0x12e53: mov byte ptr [di], ah 0x12e55: mov al, dl 0x12e57: inc di 0x12e58: loop 0x12e4d 0x12e5a: mov ah, 9 0x12e5c: mov dx, 0x310 0x12e5f: add dx, si 0x12e61: int 0x21 0x12e63: jmp 0x12e63
2018-12-25T11:40:22.107956582Z	255	PC: 12e79 \| UNKNOWN!
2018-12-25T11:40:22.10977041Z	49	PC: 12ebe \| Terminate and stay resident (Return code = '0' \| Memory size = '68')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":207,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:06:44.488437475Z	42	PC: 12e39 \| Get date 0x12e39: cmp dh, 1 0x12e3c: jne 0x12e65 0x12e3e: cmp dl, 7 0x12e41: jae 0x12e65 0x12e43: mov di, 0x310 0x12e46: add di, si 0x12e48: mov al, 0x99 0x12e4a: mov cx, 0x71 0x12e4d: mov ah, byte ptr [di] 0x12e4f: mov dl, ah 0x12e51: xor ah, al 0x12e53: mov byte ptr [di], ah 0x12e55: mov al, dl 0x12e57: inc di 0x12e58: loop 0x12e4d 0x12e5a: mov ah, 9 0x12e5c: mov dx, 0x310 0x12e5f: add dx, si 0x12e61: int 0x21 0x12e63: jmp 0x12e63
2018-12-25T13:06:44.492743683Z	9	PC: 12e63 \| Display string (String= ' Happy New Year from the ARCV Released 1 June 1992. Made in England by ICE-9 ')

{"DateBased":true,"Day":8,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":207,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:22.275591123Z	42	PC: 12e39 \| Get date 0x12e39: cmp dh, 1 0x12e3c: jne 0x12e65 0x12e3e: cmp dl, 7 0x12e41: jae 0x12e65 0x12e43: mov di, 0x310 0x12e46: add di, si 0x12e48: mov al, 0x99 0x12e4a: mov cx, 0x71 0x12e4d: mov ah, byte ptr [di] 0x12e4f: mov dl, ah 0x12e51: xor ah, al 0x12e53: mov byte ptr [di], ah 0x12e55: mov al, dl 0x12e57: inc di 0x12e58: loop 0x12e4d 0x12e5a: mov ah, 9 0x12e5c: mov dx, 0x310 0x12e5f: add dx, si 0x12e61: int 0x21 0x12e63: jmp 0x12e63
2018-12-25T11:40:22.278063465Z	255	PC: 12e79 \| UNKNOWN!
2018-12-25T11:40:22.279010024Z	49	PC: 12ebe \| Terminate and stay resident (Return code = '0' \| Memory size = '68')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":207,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:06:44.546563466Z	42	PC: 12e39 \| Get date 0x12e39: cmp dh, 1 0x12e3c: jne 0x12e65 0x12e3e: cmp dl, 7 0x12e41: jae 0x12e65 0x12e43: mov di, 0x310 0x12e46: add di, si 0x12e48: mov al, 0x99 0x12e4a: mov cx, 0x71 0x12e4d: mov ah, byte ptr [di] 0x12e4f: mov dl, ah 0x12e51: xor ah, al 0x12e53: mov byte ptr [di], ah 0x12e55: mov al, dl 0x12e57: inc di 0x12e58: loop 0x12e4d 0x12e5a: mov ah, 9 0x12e5c: mov dx, 0x310 0x12e5f: add dx, si 0x12e61: int 0x21 0x12e63: jmp 0x12e63
2018-12-25T13:06:44.549084127Z	255	PC: 12e79 \| UNKNOWN!
2018-12-25T13:06:44.551359519Z	49	PC: 12ebe \| Terminate and stay resident (Return code = '0' \| Memory size = '68')