Sample viewer

vx.netlux.org/Virus.DOS.ARCV.Alpha.743

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:32:53.661804471Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c9 0x12c5e: jb 0x12c7f 0x12c60: cmp dh, 3 0x12c63: jb 0x12c7f 0x12c65: cmp dl, 5 0x12c68: jne 0x12c7f 0x12c6a: jmp 0x12e1d 0x12c6d: mov dl, byte ptr [si + 0x3f7] 0x12c71: mov di, 0x3f8 0x12c74: add di, si 0x12c76: mov cx, 5 0x12c79: xor byte ptr [di], dl 0x12c7b: inc di 0x12c7c: loop 0x12c79 0x12c7e: ret 0x12c7f: call 0x22c6d 0x12c82: mov byte ptr [si + 0x565], 0 0x12c87: mov ah, 0x47 0x12c89: mov dl, 0 0x12c8b: push si
2018-12-17T22:32:53.665214231Z	71	PC: 12c93 \| Get current directory
2018-12-17T22:32:53.668274165Z	26	PC: 12cb4 \| Set disk transfer address
2018-12-17T22:32:53.669590889Z	78	PC: 12cc2 \| Find first file
2018-12-17T22:32:53.676594495Z	61	PC: 12cd6 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:32:53.684184026Z	63	PC: 12cec \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:32:53.690690802Z	66	PC: 12cfb \| Move file pointer
2018-12-17T22:32:53.692839145Z	63	PC: 12d10 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:32:53.696834695Z	64	PC: 12f12 \| Write file or device (Write 743 bytes on handle 5)
2018-12-17T22:32:53.712488529Z	66	PC: 12d7d \| Move file pointer
2018-12-17T22:32:53.714729451Z	64	PC: 12d8d \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:32:53.722665533Z	87	PC: 12d9e \| Get or set file date and time
2018-12-17T22:32:53.72427048Z	62	PC: 12da6 \| Close file
2018-12-17T22:32:53.73181634Z	59	PC: 12db5 \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5878,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:35.811356709Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c9 0x12c5e: jb 0x12c7f 0x12c60: cmp dh, 3 0x12c63: jb 0x12c7f 0x12c65: cmp dl, 5 0x12c68: jne 0x12c7f 0x12c6a: jmp 0x12e1d 0x12c6d: mov dl, byte ptr [si + 0x3f7] 0x12c71: mov di, 0x3f8 0x12c74: add di, si 0x12c76: mov cx, 5 0x12c79: xor byte ptr [di], dl 0x12c7b: inc di 0x12c7c: loop 0x12c79 0x12c7e: ret 0x12c7f: call 0x22c6d 0x12c82: mov byte ptr [si + 0x565], 0 0x12c87: mov ah, 0x47 0x12c89: mov dl, 0 0x12c8b: push si
2018-12-25T11:55:35.814408387Z	71	PC: 12c93 \| Get current directory
2018-12-25T11:55:35.818202055Z	26	PC: 12cb4 \| Set disk transfer address
2018-12-25T11:55:35.825275239Z	78	PC: 12cc2 \| Find first file
2018-12-25T11:55:35.834877375Z	61	PC: 12cd6 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:35.844656663Z	63	PC: 12cec \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:35.852288627Z	66	PC: 12cfb \| Move file pointer
2018-12-25T11:55:35.854042477Z	63	PC: 12d10 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:55:35.858343698Z	64	PC: 12f12 \| Write file or device (Write 743 bytes on handle 5)
2018-12-25T11:55:35.87447893Z	66	PC: 12d7d \| Move file pointer
2018-12-25T11:55:35.876018381Z	64	PC: 12d8d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:55:35.884546923Z	87	PC: 12d9e \| Get or set file date and time
2018-12-25T11:55:35.886399222Z	62	PC: 12da6 \| Close file
2018-12-25T11:55:35.894692079Z	59	PC: 12db5 \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5878,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:35.842012734Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c9 0x12c5e: jb 0x12c7f 0x12c60: cmp dh, 3 0x12c63: jb 0x12c7f 0x12c65: cmp dl, 5 0x12c68: jne 0x12c7f 0x12c6a: jmp 0x12e1d 0x12c6d: mov dl, byte ptr [si + 0x3f7] 0x12c71: mov di, 0x3f8 0x12c74: add di, si 0x12c76: mov cx, 5 0x12c79: xor byte ptr [di], dl 0x12c7b: inc di 0x12c7c: loop 0x12c79 0x12c7e: ret 0x12c7f: call 0x22c6d 0x12c82: mov byte ptr [si + 0x565], 0 0x12c87: mov ah, 0x47 0x12c89: mov dl, 0 0x12c8b: push si
2018-12-25T11:55:35.845602312Z	71	PC: 12c93 \| Get current directory
2018-12-25T11:55:35.849256959Z	26	PC: 12cb4 \| Set disk transfer address
2018-12-25T11:55:35.85088302Z	78	PC: 12cc2 \| Find first file
2018-12-25T11:55:35.858470204Z	61	PC: 12cd6 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:35.866588133Z	63	PC: 12cec \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:35.874602603Z	66	PC: 12cfb \| Move file pointer
2018-12-25T11:55:35.876625882Z	63	PC: 12d10 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:55:35.901482149Z	64	PC: 12f12 \| Write file or device (Write 743 bytes on handle 5)
2018-12-25T11:55:35.919106681Z	66	PC: 12d7d \| Move file pointer
2018-12-25T11:55:35.921267219Z	64	PC: 12d8d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:55:35.929748883Z	87	PC: 12d9e \| Get or set file date and time
2018-12-25T11:55:35.932257284Z	62	PC: 12da6 \| Close file
2018-12-25T11:55:35.941335526Z	59	PC: 12db5 \| Change current directory

{"DateBased":true,"Day":1,"Month":3,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5878,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:36.831786415Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c9 0x12c5e: jb 0x12c7f 0x12c60: cmp dh, 3 0x12c63: jb 0x12c7f 0x12c65: cmp dl, 5 0x12c68: jne 0x12c7f 0x12c6a: jmp 0x12e1d 0x12c6d: mov dl, byte ptr [si + 0x3f7] 0x12c71: mov di, 0x3f8 0x12c74: add di, si 0x12c76: mov cx, 5 0x12c79: xor byte ptr [di], dl 0x12c7b: inc di 0x12c7c: loop 0x12c79 0x12c7e: ret 0x12c7f: call 0x22c6d 0x12c82: mov byte ptr [si + 0x565], 0 0x12c87: mov ah, 0x47 0x12c89: mov dl, 0 0x12c8b: push si
2018-12-25T11:55:36.834604165Z	71	PC: 12c93 \| Get current directory
2018-12-25T11:55:36.837282298Z	26	PC: 12cb4 \| Set disk transfer address
2018-12-25T11:55:36.838301925Z	78	PC: 12cc2 \| Find first file
2018-12-25T11:55:36.844400827Z	61	PC: 12cd6 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:36.856166805Z	63	PC: 12cec \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:36.868820335Z	66	PC: 12cfb \| Move file pointer
2018-12-25T11:55:36.870549198Z	63	PC: 12d10 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:55:36.8736822Z	64	PC: 12f12 \| Write file or device (Write 743 bytes on handle 5)
2018-12-25T11:55:37.9472157Z	66	PC: 12d7d \| Move file pointer
2018-12-25T11:55:37.948951761Z	64	PC: 12d8d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:55:37.964088445Z	87	PC: 12d9e \| Get or set file date and time
2018-12-25T11:55:37.965566365Z	62	PC: 12da6 \| Close file
2018-12-25T11:55:38.027046446Z	59	PC: 12db5 \| Change current directory

{"DateBased":true,"Day":5,"Month":3,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5878,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:36.838991199Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c9 0x12c5e: jb 0x12c7f 0x12c60: cmp dh, 3 0x12c63: jb 0x12c7f 0x12c65: cmp dl, 5 0x12c68: jne 0x12c7f 0x12c6a: jmp 0x12e1d 0x12c6d: mov dl, byte ptr [si + 0x3f7] 0x12c71: mov di, 0x3f8 0x12c74: add di, si 0x12c76: mov cx, 5 0x12c79: xor byte ptr [di], dl 0x12c7b: inc di 0x12c7c: loop 0x12c79 0x12c7e: ret 0x12c7f: call 0x22c6d 0x12c82: mov byte ptr [si + 0x565], 0 0x12c87: mov ah, 0x47 0x12c89: mov dl, 0 0x12c8b: push si
2018-12-25T11:55:36.841476495Z	9	PC: 12e29 \| Display string (String= ' Youre PC has ALPHA virus. Brought to you by the ARCV. Made in ENGLAND. ')