Sample viewer

vx.netlux.org/Virus.DOS.ARCV.570.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:16:50.930881777Z 42 PC: 14137 | Get date 0x14137: cmp dx, 0x305
0x1413b: jne 0x14146
0x1413d: mov ah, 9
0x1413f: mov dx, 0x285
0x14142: int 0x21
0x14144: jmp 0x14144
0x14146: push cs
0x14147: pop es
0x14148: mov ah, 0x1a
0x1414a: mov dx, 0x383
0x1414d: int 0x21
0x1414f: mov ah, 0x4e
0x14151: mov cx, 3
0x14154: mov dx, 0x2fd
0x14157: int 0x21
0x14159: jae 0x14168
0x1415b: jmp 0x1423d
0x1415e: call 0x14264
0x14161: mov ah, 0x4f
0x14163: call 0x14326
2018-12-17T22:16:50.939968274Z 26 PC: 1414f | Set disk transfer address
2018-12-17T22:16:50.941322503Z 78 PC: 14159 | Find first file
2018-12-17T22:16:50.947080276Z 67 PC: 1432c | Get or set file attributes
2018-12-17T22:16:50.973339574Z 61 PC: 1417d | Open file (Filename = 'TEST.EXE')
2018-12-17T22:16:50.98048465Z 63 PC: 1432c | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:16:50.983197705Z 66 PC: 1432c | Move file pointer
2018-12-17T22:16:50.984951531Z 63 PC: 1432c | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:16:50.98793108Z 62 PC: 1432c | Close file
2018-12-17T22:16:50.989595035Z 67 PC: 1432c | Get or set file attributes
2018-12-17T22:16:51.000543997Z 67 PC: 1432c | Get or set file attributes
2018-12-17T22:16:51.010940268Z 79 PC: 1432c | Find next file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2983,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:56.421441667Z 42 PC: 14137 | Get date 0x14137: cmp dx, 0x305
0x1413b: jne 0x14146
0x1413d: mov ah, 9
0x1413f: mov dx, 0x285
0x14142: int 0x21
0x14144: jmp 0x14144
0x14146: push cs
0x14147: pop es
0x14148: mov ah, 0x1a
0x1414a: mov dx, 0x383
0x1414d: int 0x21
0x1414f: mov ah, 0x4e
0x14151: mov cx, 3
0x14154: mov dx, 0x2fd
0x14157: int 0x21
0x14159: jae 0x14168
0x1415b: jmp 0x1423d
0x1415e: call 0x14264
0x14161: mov ah, 0x4f
0x14163: call 0x14326
2018-12-25T11:47:56.424225431Z 26 PC: 1414f | Set disk transfer address
2018-12-25T11:47:56.425172764Z 78 PC: 14159 | Find first file
2018-12-25T11:47:56.430908726Z 67 PC: 1432c | Get or set file attributes
2018-12-25T11:47:56.451321337Z 61 PC: 1417d | Open file (Filename = 'TEST.EXE')
2018-12-25T11:47:56.463022571Z 63 PC: 1432c | Read file or device (See above)
2018-12-25T11:47:56.469479136Z 66 PC: 1432c | Move file pointer (See above)
2018-12-25T11:47:56.472057344Z 63 PC: 1432c | Read file or device (See above)
2018-12-25T11:47:56.479211719Z 62 PC: 1432c | Close file (See above)
2018-12-25T11:47:56.481160725Z 67 PC: 1432c | Get or set file attributes (See above)
2018-12-25T11:47:56.49184803Z 67 PC: 1432c | Get or set file attributes (See above)
2018-12-25T11:47:56.501750137Z 79 PC: 1432c | Find next file (See above)

{"DateBased":true,"Day":5,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2983,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:57.225809383Z 42 PC: 14137 | Get date 0x14137: cmp dx, 0x305
0x1413b: jne 0x14146
0x1413d: mov ah, 9
0x1413f: mov dx, 0x285
0x14142: int 0x21
0x14144: jmp 0x14144
0x14146: push cs
0x14147: pop es
0x14148: mov ah, 0x1a
0x1414a: mov dx, 0x383
0x1414d: int 0x21
0x1414f: mov ah, 0x4e
0x14151: mov cx, 3
0x14154: mov dx, 0x2fd
0x14157: int 0x21
0x14159: jae 0x14168
0x1415b: jmp 0x1423d
0x1415e: call 0x14264
0x14161: mov ah, 0x4f
0x14163: call 0x14326
2018-12-25T11:47:57.22821953Z 9 PC: 14144 | Display string (Could not find end pointer)