Sample viewer

vx.netlux.org/Virus.DOS.ARCV.771

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:16.733848083Z	26	PC: 12df4 \| Set disk transfer address
2018-12-17T22:30:16.735758047Z	53	PC: 12df9 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:16.737131872Z	37	PC: 12e0a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:16.738355505Z	122	PC: 12e13 \| UNKNOWN!
2018-12-17T22:30:16.740164353Z	78	PC: 12e80 \| Find first file
2018-12-17T22:30:16.746026044Z	61	PC: 12ed1 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:30:16.752374916Z	63	PC: 12e92 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:30:16.760289241Z	62	PC: 12e96 \| Close file
2018-12-17T22:30:16.76281953Z	79	PC: 12e80 \| Find next file
2018-12-17T22:30:16.765638924Z	61	PC: 12ed1 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:30:16.773836557Z	63	PC: 12e92 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:30:16.778185123Z	62	PC: 12e96 \| Close file
2018-12-17T22:30:16.78049827Z	79	PC: 12e80 \| Find next file
2018-12-17T22:30:16.783527532Z	61	PC: 12ed1 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:30:16.791092258Z	63	PC: 12e92 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:30:16.798095726Z	62	PC: 12e96 \| Close file
2018-12-17T22:30:16.799793629Z	79	PC: 12e80 \| Find next file
2018-12-17T22:30:16.803790266Z	61	PC: 12ed1 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:30:16.810075781Z	63	PC: 12e92 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:30:16.816197435Z	62	PC: 12e96 \| Close file
2018-12-17T22:30:16.819038928Z	79	PC: 12e80 \| Find next file
2018-12-17T22:30:16.823107319Z	61	PC: 12ed1 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:30:16.829773399Z	63	PC: 12e92 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:30:16.836994455Z	62	PC: 12e96 \| Close file
2018-12-17T22:30:16.839030952Z	79	PC: 12e80 \| Find next file
2018-12-17T22:30:16.842143943Z	61	PC: 12ed1 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:30:16.849691494Z	63	PC: 12e92 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:30:16.856250173Z	62	PC: 12e96 \| Close file
2018-12-17T22:30:16.858525544Z	79	PC: 12e80 \| Find next file
2018-12-17T22:30:16.868331342Z	61	PC: 12ed1 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:30:16.874969867Z	63	PC: 12e92 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:30:16.88191907Z	62	PC: 12e96 \| Close file
2018-12-17T22:30:16.88494192Z	79	PC: 12e80 \| Find next file
2018-12-17T22:30:16.88765181Z	61	PC: 12ed1 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:30:16.894025832Z	63	PC: 12e92 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:30:16.896958963Z	62	PC: 12e96 \| Close file
2018-12-17T22:30:16.898768966Z	79	PC: 12e80 \| Find next file
2018-12-17T22:30:16.90135098Z	42	PC: 12ed7 \| Get date 0x12ed7: cmp dl, 0x1d 0x12eda: jne 0x12ef0 0x12edc: mov ax, 0x1300 0x12edf: mov bx, 0xe 0x12ee2: mov cx, 0x19 0x12ee5: mov dx, 0xc1b 0x12ee8: push bp 0x12ee9: lea bp, word ptr [bp + 0x23e] 0x12eed: int 0x10 0x12eef: pop bp 0x12ef0: lds dx, ptr [bp + 0x434] 0x12ef4: mov ax, 0x2524 0x12ef7: int 0x21 0x12ef9: pop ds 0x12efa: pop es 0x12efb: xor ax, ax 0x12efd: cdq 0x12efe: mov bx, ax 0x12f00: ret 0x12f01: jmp 0x12f04
2018-12-17T22:30:16.905436332Z	37	PC: 12ef9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5411,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:26.879538906Z	26	PC: 12df4 \| Set disk transfer address
2018-12-25T11:54:26.880909499Z	53	PC: 12df9 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:26.882516996Z	37	PC: 12e0a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:26.883808212Z	122	PC: 12e13 \| UNKNOWN!
2018-12-25T11:54:26.884964758Z	78	PC: 12e80 \| Find first file
2018-12-25T11:54:26.892306749Z	61	PC: 12ed1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:26.899593322Z	63	PC: 12e92 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:54:26.906790863Z	62	PC: 12e96 \| Close file
2018-12-25T11:54:26.910375277Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:26.913960237Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:26.921937063Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:26.934541197Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:26.936636594Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:26.939583179Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:26.949382627Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:26.956562631Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:26.958825133Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:26.962236169Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:26.979252993Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:26.983567523Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:26.985537238Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:26.988986013Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:26.997439728Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:27.005036463Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:27.008760743Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.011917758Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:27.016676716Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:27.024034826Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:27.026021648Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.029122583Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:27.038842295Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:27.049676271Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:27.051627934Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.054712261Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:27.062291571Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:27.064921604Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:27.066845465Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.069850806Z	42	PC: 12ed7 \| Get date 0x12ed7: cmp dl, 0x1d 0x12eda: jne 0x12ef0 0x12edc: mov ax, 0x1300 0x12edf: mov bx, 0xe 0x12ee2: mov cx, 0x19 0x12ee5: mov dx, 0xc1b 0x12ee8: push bp 0x12ee9: lea bp, word ptr [bp + 0x23e] 0x12eed: int 0x10 0x12eef: pop bp 0x12ef0: lds dx, ptr [bp + 0x434] 0x12ef4: mov ax, 0x2524 0x12ef7: int 0x21 0x12ef9: pop ds 0x12efa: pop es 0x12efb: xor ax, ax 0x12efd: cdq 0x12efe: mov bx, ax 0x12f00: ret 0x12f01: jmp 0x12f04
2018-12-25T11:54:27.072303785Z	37	PC: 12ef9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":29,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5411,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:27.251465367Z	26	PC: 12df4 \| Set disk transfer address
2018-12-25T11:54:27.253337591Z	53	PC: 12df9 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:27.255527439Z	37	PC: 12e0a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:27.25690622Z	122	PC: 12e13 \| UNKNOWN!
2018-12-25T11:54:27.258055676Z	78	PC: 12e80 \| Find first file
2018-12-25T11:54:27.265406164Z	61	PC: 12ed1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:27.272992049Z	63	PC: 12e92 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:54:27.280494185Z	62	PC: 12e96 \| Close file
2018-12-25T11:54:27.28421125Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.287372744Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:27.29519211Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:27.302981988Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:27.305938376Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.310714121Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:27.320901891Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:27.328164109Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:27.330256059Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.33444457Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:27.343315257Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:27.351158049Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:27.353609663Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.357520162Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:27.365126354Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:27.372313634Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:27.37602038Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.379440217Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:27.387243762Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:27.395079382Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:27.397181693Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.400673608Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:27.409592879Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:27.42182729Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:27.424020491Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.427713306Z	61	PC: 12ed1 \| Open file (See above)
2018-12-25T11:54:27.43533567Z	63	PC: 12e92 \| Read file or device (See above)
2018-12-25T11:54:27.438567216Z	62	PC: 12e96 \| Close file (See above)
2018-12-25T11:54:27.442655363Z	79	PC: 12e80 \| Find next file (See above)
2018-12-25T11:54:27.446014531Z	42	PC: 12ed7 \| Get date 0x12ed7: cmp dl, 0x1d 0x12eda: jne 0x12ef0 0x12edc: mov ax, 0x1300 0x12edf: mov bx, 0xe 0x12ee2: mov cx, 0x19 0x12ee5: mov dx, 0xc1b 0x12ee8: push bp 0x12ee9: lea bp, word ptr [bp + 0x23e] 0x12eed: int 0x10 0x12eef: pop bp 0x12ef0: lds dx, ptr [bp + 0x434] 0x12ef4: mov ax, 0x2524 0x12ef7: int 0x21 0x12ef9: pop ds 0x12efa: pop es 0x12efb: xor ax, ax 0x12efd: cdq 0x12efe: mov bx, ax 0x12f00: ret 0x12f01: jmp 0x12f04
2018-12-25T11:54:27.449300254Z	37	PC: 12ef9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')