Sample viewer

vx.netlux.org/Virus.DOS.ARCV.Zaphod.399

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:17:36.085301284Z	42	PC: 12a68 \| Get date 0x12a68: cmp dh, 2 0x12a6b: jne 0x12a75 0x12a6d: cmp dl, 0x1c 0x12a70: jne 0x12a75 0x12a72: jmp 0x12bab 0x12a75: mov ah, 0x1a 0x12a77: mov dx, 0x2a6 0x12a7a: add dx, si 0x12a7c: int 0x21 0x12a7e: jae 0x12a83 0x12a80: jmp 0x12b70 0x12a83: push si 0x12a84: mov di, 0x100 0x12a87: mov ax, 0x293 0x12a8a: add si, ax 0x12a8c: mov cx, 5 0x12a8f: push cs 0x12a90: pop es 0x12a91: cld 0x12a92: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:17:36.087589259Z	26	PC: 12a7e \| Set disk transfer address
2018-12-17T22:17:36.089227323Z	78	PC: 12ab1 \| Find first file
2018-12-17T22:17:36.094749791Z	61	PC: 12abd \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:17:36.101310216Z	66	PC: 12ad2 \| Move file pointer
2018-12-17T22:17:36.103005918Z	63	PC: 12ae7 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:17:36.109069505Z	66	PC: 12b12 \| Move file pointer
2018-12-17T22:17:36.111106875Z	63	PC: 12b2a \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:17:36.113877422Z	66	PC: 12b37 \| Move file pointer
2018-12-17T22:17:36.115171339Z	64	PC: 12b47 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:17:36.118096966Z	66	PC: 12b54 \| Move file pointer
2018-12-17T22:17:36.119936532Z	64	PC: 12b66 \| Write file or device (Write 399 bytes on handle 5)
2018-12-17T22:17:36.222436593Z	62	PC: 12b70 \| Close file
2018-12-17T22:17:36.231035528Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3069,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:11.055668713Z	42	PC: 12a68 \| Get date 0x12a68: cmp dh, 2 0x12a6b: jne 0x12a75 0x12a6d: cmp dl, 0x1c 0x12a70: jne 0x12a75 0x12a72: jmp 0x12bab 0x12a75: mov ah, 0x1a 0x12a77: mov dx, 0x2a6 0x12a7a: add dx, si 0x12a7c: int 0x21 0x12a7e: jae 0x12a83 0x12a80: jmp 0x12b70 0x12a83: push si 0x12a84: mov di, 0x100 0x12a87: mov ax, 0x293 0x12a8a: add si, ax 0x12a8c: mov cx, 5 0x12a8f: push cs 0x12a90: pop es 0x12a91: cld 0x12a92: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T11:48:11.057844965Z	26	PC: 12a7e \| Set disk transfer address
2018-12-25T11:48:11.058910844Z	78	PC: 12ab1 \| Find first file
2018-12-25T11:48:11.064147534Z	61	PC: 12abd \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:11.070502783Z	66	PC: 12ad2 \| Move file pointer
2018-12-25T11:48:11.07197244Z	63	PC: 12ae7 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:48:11.07767355Z	66	PC: 12b12 \| Move file pointer
2018-12-25T11:48:11.078919956Z	63	PC: 12b2a \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:48:11.081481761Z	66	PC: 12b37 \| Move file pointer
2018-12-25T11:48:11.082663586Z	64	PC: 12b47 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:11.085017506Z	66	PC: 12b54 \| Move file pointer
2018-12-25T11:48:11.086839127Z	64	PC: 12b66 \| Write file or device (Write 399 bytes on handle 5)
2018-12-25T11:48:11.099729331Z	62	PC: 12b70 \| Close file
2018-12-25T11:48:11.10691936Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3069,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:11.3042762Z	42	PC: 12a68 \| Get date 0x12a68: cmp dh, 2 0x12a6b: jne 0x12a75 0x12a6d: cmp dl, 0x1c 0x12a70: jne 0x12a75 0x12a72: jmp 0x12bab 0x12a75: mov ah, 0x1a 0x12a77: mov dx, 0x2a6 0x12a7a: add dx, si 0x12a7c: int 0x21 0x12a7e: jae 0x12a83 0x12a80: jmp 0x12b70 0x12a83: push si 0x12a84: mov di, 0x100 0x12a87: mov ax, 0x293 0x12a8a: add si, ax 0x12a8c: mov cx, 5 0x12a8f: push cs 0x12a90: pop es 0x12a91: cld 0x12a92: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T11:48:11.306709102Z	26	PC: 12a7e \| Set disk transfer address
2018-12-25T11:48:11.307974423Z	78	PC: 12ab1 \| Find first file
2018-12-25T11:48:11.314422618Z	61	PC: 12abd \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:11.321565588Z	66	PC: 12ad2 \| Move file pointer
2018-12-25T11:48:11.323012065Z	63	PC: 12ae7 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:48:11.329211047Z	66	PC: 12b12 \| Move file pointer
2018-12-25T11:48:11.330413159Z	63	PC: 12b2a \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:48:11.333490105Z	66	PC: 12b37 \| Move file pointer
2018-12-25T11:48:11.33457989Z	64	PC: 12b47 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:11.336527688Z	66	PC: 12b54 \| Move file pointer
2018-12-25T11:48:11.338747854Z	64	PC: 12b66 \| Write file or device (Write 399 bytes on handle 5)
2018-12-25T11:48:11.354180214Z	62	PC: 12b70 \| Close file
2018-12-25T11:48:11.362935499Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":28,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3069,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:11.345934649Z	42	PC: 12a68 \| Get date 0x12a68: cmp dh, 2 0x12a6b: jne 0x12a75 0x12a6d: cmp dl, 0x1c 0x12a70: jne 0x12a75 0x12a72: jmp 0x12bab 0x12a75: mov ah, 0x1a 0x12a77: mov dx, 0x2a6 0x12a7a: add dx, si 0x12a7c: int 0x21 0x12a7e: jae 0x12a83 0x12a80: jmp 0x12b70 0x12a83: push si 0x12a84: mov di, 0x100 0x12a87: mov ax, 0x293 0x12a8a: add si, ax 0x12a8c: mov cx, 5 0x12a8f: push cs 0x12a90: pop es 0x12a91: cld 0x12a92: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T11:48:11.348261887Z	9	PC: 12bb7 \| Display string (String= 'Greetings from ZAPHOD.')