Sample viewer

vx.netlux.org/Virus.DOS.ARCV.570

Time	Syscall Op	Syscall Name
2018-12-17T22:08:45.131094196Z	42	PC: 12a77 \| Get date 0x12a77: cmp dx, 0x305 0x12a7b: jne 0x12a86 0x12a7d: mov ah, 9 0x12a7f: mov dx, 0x285 0x12a82: int 0x21 0x12a84: jmp 0x12a84 0x12a86: push cs 0x12a87: pop es 0x12a88: mov ah, 0x1a 0x12a8a: mov dx, 0x383 0x12a8d: int 0x21 0x12a8f: mov ah, 0x4e 0x12a91: mov cx, 3 0x12a94: mov dx, 0x2fd 0x12a97: int 0x21 0x12a99: jae 0x12aa8 0x12a9b: jmp 0x12b7d 0x12a9e: call 0x12ba4 0x12aa1: mov ah, 0x4f 0x12aa3: call 0x12c66
2018-12-17T22:08:45.133502635Z	26	PC: 12a8f \| Set disk transfer address
2018-12-17T22:08:45.134445845Z	78	PC: 12a99 \| Find first file

Time	Syscall Op	Syscall Name
2018-12-25T11:44:56.618137973Z	42	PC: 12a77 \| Get date 0x12a77: cmp dx, 0x305 0x12a7b: jne 0x12a86 0x12a7d: mov ah, 9 0x12a7f: mov dx, 0x285 0x12a82: int 0x21 0x12a84: jmp 0x12a84 0x12a86: push cs 0x12a87: pop es 0x12a88: mov ah, 0x1a 0x12a8a: mov dx, 0x383 0x12a8d: int 0x21 0x12a8f: mov ah, 0x4e 0x12a91: mov cx, 3 0x12a94: mov dx, 0x2fd 0x12a97: int 0x21 0x12a99: jae 0x12aa8 0x12a9b: jmp 0x12b7d 0x12a9e: call 0x12ba4 0x12aa1: mov ah, 0x4f 0x12aa3: call 0x12c66
2018-12-25T11:44:56.620564098Z	26	PC: 12a8f \| Set disk transfer address
2018-12-25T11:44:56.622625636Z	78	PC: 12a99 \| Find first file

Time	Syscall Op	Syscall Name
2018-12-25T11:44:56.703138882Z	42	PC: 12a77 \| Get date 0x12a77: cmp dx, 0x305 0x12a7b: jne 0x12a86 0x12a7d: mov ah, 9 0x12a7f: mov dx, 0x285 0x12a82: int 0x21 0x12a84: jmp 0x12a84 0x12a86: push cs 0x12a87: pop es 0x12a88: mov ah, 0x1a 0x12a8a: mov dx, 0x383 0x12a8d: int 0x21 0x12a8f: mov ah, 0x4e 0x12a91: mov cx, 3 0x12a94: mov dx, 0x2fd 0x12a97: int 0x21 0x12a99: jae 0x12aa8 0x12a9b: jmp 0x12b7d 0x12a9e: call 0x12ba4 0x12aa1: mov ah, 0x4f 0x12aa3: call 0x12c66
2018-12-25T11:44:56.706366622Z	9	PC: 12a84 \| Display string (String= ' ICE-9 Presents In Association with The ARcV [X-1] Michelangelo activates -< TOMORROW >- ')