Sample viewer

vx.netlux.org/Virus.DOS.ARCV.1072

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:21:23.045150946Z	159	PC: 12a4c \| UNKNOWN!
2018-12-17T22:21:23.04644114Z	42	PC: 12a5d \| Get date 0x12a5d: cmp dl, 0x15 0x12a60: jne 0x12a70 0x12a62: cmp dh, 8 0x12a65: jne 0x12a70 0x12a67: mov ah, 9 0x12a69: mov dx, 0x3e5 0x12a6c: add dx, si 0x12a6e: int 0x21 0x12a70: mov ax, ds 0x12a72: dec ax 0x12a73: mov es, ax 0x12a75: pop ds 0x12a76: mov ax, word ptr [0x84] 0x12a79: mov cx, word ptr [0x86] 0x12a7d: mov word ptr cs:[si + 0x3b7], ax 0x12a82: mov word ptr cs:[si + 0x3b9], cx 0x12a87: cmp byte ptr es:[0], 0x5a 0x12a8d: jne 0x12ac1 0x12a8f: mov ax, word ptr es:[3] 0x12a93: sub ax, 0xbc

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3730,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:02.018263537Z	159	PC: 12a4c \| UNKNOWN!
2018-12-25T11:50:02.020044273Z	42	PC: 12a5d \| Get date 0x12a5d: cmp dl, 0x15 0x12a60: jne 0x12a70 0x12a62: cmp dh, 8 0x12a65: jne 0x12a70 0x12a67: mov ah, 9 0x12a69: mov dx, 0x3e5 0x12a6c: add dx, si 0x12a6e: int 0x21 0x12a70: mov ax, ds 0x12a72: dec ax 0x12a73: mov es, ax 0x12a75: pop ds 0x12a76: mov ax, word ptr [0x84] 0x12a79: mov cx, word ptr [0x86] 0x12a7d: mov word ptr cs:[si + 0x3b7], ax 0x12a82: mov word ptr cs:[si + 0x3b9], cx 0x12a87: cmp byte ptr es:[0], 0x5a 0x12a8d: jne 0x12ac1 0x12a8f: mov ax, word ptr es:[3] 0x12a93: sub ax, 0xbc

{"DateBased":true,"Day":21,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3730,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:02.052249153Z	159	PC: 12a4c \| UNKNOWN!
2018-12-25T11:50:02.054565278Z	42	PC: 12a5d \| Get date 0x12a5d: cmp dl, 0x15 0x12a60: jne 0x12a70 0x12a62: cmp dh, 8 0x12a65: jne 0x12a70 0x12a67: mov ah, 9 0x12a69: mov dx, 0x3e5 0x12a6c: add dx, si 0x12a6e: int 0x21 0x12a70: mov ax, ds 0x12a72: dec ax 0x12a73: mov es, ax 0x12a75: pop ds 0x12a76: mov ax, word ptr [0x84] 0x12a79: mov cx, word ptr [0x86] 0x12a7d: mov word ptr cs:[si + 0x3b7], ax 0x12a82: mov word ptr cs:[si + 0x3b9], cx 0x12a87: cmp byte ptr es:[0], 0x5a 0x12a8d: jne 0x12ac1 0x12a8f: mov ax, word ptr es:[3] 0x12a93: sub ax, 0xbc
2018-12-25T11:50:02.057015211Z	9	PC: 12a70 \| Display string (String= 'Reaper Man. (c) 92, Apache Warrior, ARCV Pres.')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3730,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:02.138575714Z	159	PC: 12a4c \| UNKNOWN!
2018-12-25T11:50:02.140843875Z	42	PC: 12a5d \| Get date 0x12a5d: cmp dl, 0x15 0x12a60: jne 0x12a70 0x12a62: cmp dh, 8 0x12a65: jne 0x12a70 0x12a67: mov ah, 9 0x12a69: mov dx, 0x3e5 0x12a6c: add dx, si 0x12a6e: int 0x21 0x12a70: mov ax, ds 0x12a72: dec ax 0x12a73: mov es, ax 0x12a75: pop ds 0x12a76: mov ax, word ptr [0x84] 0x12a79: mov cx, word ptr [0x86] 0x12a7d: mov word ptr cs:[si + 0x3b7], ax 0x12a82: mov word ptr cs:[si + 0x3b9], cx 0x12a87: cmp byte ptr es:[0], 0x5a 0x12a8d: jne 0x12ac1 0x12a8f: mov ax, word ptr es:[3] 0x12a93: sub ax, 0xbc