Sample viewer

vx.netlux.org/Virus.DOS.ARCV.Anna.734

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:10:00.306506816Z	42	PC: 14106 \| Get date 0x14106: jae 0x1410b 0x14108: jmp 0x14262 0x1410b: cmp dh, 0xc 0x1410e: jne 0x14113 0x14110: jmp 0x1423a 0x14113: mov ah, 0x47 0x14115: mov dl, 0 0x14117: push si 0x14118: lea bx, word ptr [si + 0x3ed] 0x1411c: mov si, bx 0x1411e: int 0x21 0x14120: jb 0x14108 0x14122: pop si 0x14123: mov byte ptr [si + 0x39f], 0 0x14128: mov ah, 0x1a 0x1412a: lea dx, word ptr [si + 0x42f] 0x1412e: int 0x21 0x14130: mov ah, 0x4e 0x14132: mov cx, 0 0x14135: lea dx, word ptr [si + 0x3a6]
2018-12-17T22:10:00.309475153Z	9	PC: 14242 \| Display string (String= ' Have a Cool Yule from the ARcV xCept Anna Jones I hope you get run over by a Reindeer Santas bringin' you a Bomb All my Lurve - SLarTiBarTfAsT (c) ARcV 1992 - England Raining Again ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2238,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:17.376031441Z	42	PC: 14106 \| Get date 0x14106: jae 0x1410b 0x14108: jmp 0x14262 0x1410b: cmp dh, 0xc 0x1410e: jne 0x14113 0x14110: jmp 0x1423a 0x14113: mov ah, 0x47 0x14115: mov dl, 0 0x14117: push si 0x14118: lea bx, word ptr [si + 0x3ed] 0x1411c: mov si, bx 0x1411e: int 0x21 0x14120: jb 0x14108 0x14122: pop si 0x14123: mov byte ptr [si + 0x39f], 0 0x14128: mov ah, 0x1a 0x1412a: lea dx, word ptr [si + 0x42f] 0x1412e: int 0x21 0x14130: mov ah, 0x4e 0x14132: mov cx, 0 0x14135: lea dx, word ptr [si + 0x3a6]
2018-12-25T11:45:17.378824571Z	71	PC: 14120 \| Get current directory
2018-12-25T11:45:17.381642981Z	26	PC: 14130 \| Set disk transfer address
2018-12-25T11:45:17.382719595Z	78	PC: 1413b \| Find first file
2018-12-25T11:45:17.388309923Z	61	PC: 1414e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:17.394839212Z	66	PC: 14163 \| Move file pointer
2018-12-25T11:45:17.396461618Z	63	PC: 14179 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:45:17.403156925Z	66	PC: 1419e \| Move file pointer
2018-12-25T11:45:17.411343566Z	63	PC: 141af \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:45:17.414112652Z	66	PC: 141be \| Move file pointer
2018-12-25T11:45:17.416646552Z	64	PC: 143b7 \| Write file or device (Write 734 bytes on handle 5)
2018-12-25T11:45:17.43181828Z	66	PC: 141d7 \| Move file pointer
2018-12-25T11:45:17.433189199Z	64	PC: 141e6 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:17.439946487Z	59	PC: 141ee \| Change current directory
2018-12-25T11:45:17.446960706Z	62	PC: 1424c \| Close file
2018-12-25T11:45:17.455709937Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:45:17.45686361Z	9	PC: 12a7a \| Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:45:17.467452629Z	61	PC: 12cb7 \| Open file (Filename = '')
2018-12-25T11:45:17.474469414Z	9	PC: 12a88 \| Display string (String= 'Self test: ')
2018-12-25T11:45:17.478266307Z	93	PC: 12b24 \| File sharing functions
2018-12-25T11:45:17.481505212Z	9	PC: 12b03 \| Display string (String= 'Size change=+02DEh/00734d. Virus might be activ? ')
2018-12-25T11:45:17.485664012Z	76	PC: 12b09 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2238,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:17.660405207Z	42	PC: 14106 \| Get date 0x14106: jae 0x1410b 0x14108: jmp 0x14262 0x1410b: cmp dh, 0xc 0x1410e: jne 0x14113 0x14110: jmp 0x1423a 0x14113: mov ah, 0x47 0x14115: mov dl, 0 0x14117: push si 0x14118: lea bx, word ptr [si + 0x3ed] 0x1411c: mov si, bx 0x1411e: int 0x21 0x14120: jb 0x14108 0x14122: pop si 0x14123: mov byte ptr [si + 0x39f], 0 0x14128: mov ah, 0x1a 0x1412a: lea dx, word ptr [si + 0x42f] 0x1412e: int 0x21 0x14130: mov ah, 0x4e 0x14132: mov cx, 0 0x14135: lea dx, word ptr [si + 0x3a6]
2018-12-25T11:45:17.66228639Z	9	PC: 14242 \| Display string (String= ' Have a Cool Yule from the ARcV xCept Anna Jones I hope you get run over by a Reindeer Santas bringin' you a Bomb All my Lurve - SLarTiBarTfAsT (c) ARcV 1992 - England Raining Again ')