Sample viewer

vx.netlux.org/Virus.DOS.VCL.Bev.505

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:10.417655618Z	47	PC: 12a68 \| Get disk transfer address
2018-12-17T21:56:10.418900831Z	26	PC: 12a70 \| Set disk transfer address
2018-12-17T21:56:10.419939015Z	42	PC: 12a80 \| Get date 0x12a80: cmp dx, 0x301 0x12a84: jne 0x12aa8 0x12a86: cmp cx, 0x7c9 0x12a8a: jl 0x12aa8 0x12a8c: lea si, word ptr [di + 0x275] 0x12a90: mov ah, 0xe 0x12a92: lodsb al, byte ptr [si] 0x12a93: or al, al 0x12a95: je 0x12aa8 0x12a97: int 0x10 0x12a99: jmp 0x12a90 0x12a9b: sub ax, 0x5b3d 0x12a9e: push si 0x12a9f: inc bx 0x12aa0: dec sp 0x12aa1: das 0x12aa2: inc dx 0x12aa3: inc bp 0x12aa4: jbe 0x12b03 0x12aa6: cmp ax, 0x5a2d
2018-12-17T21:56:10.42144613Z	26	PC: 12aad \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":673,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:25.270494381Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T11:41:25.273274713Z	26	PC: 12a70 \| Set disk transfer address
2018-12-25T11:41:25.275247085Z	71	PC: 12abf \| Get current directory
2018-12-25T11:41:25.278839611Z	47	PC: 12ae9 \| Get disk transfer address
2018-12-25T11:41:25.280518241Z	26	PC: 12af8 \| Set disk transfer address
2018-12-25T11:41:25.283313226Z	78	PC: 12b00 \| Find first file
2018-12-25T11:41:25.290017569Z	47	PC: 12b18 \| Get disk transfer address
2018-12-25T11:41:25.291174623Z	61	PC: 12b31 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:25.302238715Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:25.309440992Z	66	PC: 12b47 \| Move file pointer
2018-12-25T11:41:25.311116633Z	62	PC: 12b4c \| Close file
2018-12-25T11:41:25.314150181Z	67	PC: 12b6c \| Get or set file attributes
2018-12-25T11:41:25.335651725Z	61	PC: 12b71 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:25.341663768Z	64	PC: 12b7d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:25.345092013Z	66	PC: 12b87 \| Move file pointer
2018-12-25T11:41:25.346895749Z	64	PC: 12c52 \| Write file or device (Write 505 bytes on handle 5)
2018-12-25T11:41:25.352464797Z	87	PC: 12b97 \| Get or set file date and time
2018-12-25T11:41:25.354040777Z	62	PC: 12b9b \| Close file
2018-12-25T11:41:25.364279736Z	67	PC: 12ba8 \| Get or set file attributes
2018-12-25T11:41:25.372192228Z	26	PC: 12b12 \| Set disk transfer address
2018-12-25T11:41:25.373235021Z	59	PC: 12ace \| Change current directory
2018-12-25T11:41:25.376685285Z	59	PC: 12ad7 \| Change current directory
2018-12-25T11:41:25.378190502Z	42	PC: 12a80 \| Get date 0x12a80: cmp dx, 0x301 0x12a84: jne 0x12aa8 0x12a86: cmp cx, 0x7c9 0x12a8a: jl 0x12aa8 0x12a8c: lea si, word ptr [di + 0x275] 0x12a90: mov ah, 0xe 0x12a92: lodsb al, byte ptr [si] 0x12a93: or al, al 0x12a95: je 0x12aa8 0x12a97: int 0x10 0x12a99: jmp 0x12a90 0x12a9b: sub ax, 0x5b3d 0x12a9e: push si 0x12a9f: inc bx 0x12aa0: dec sp 0x12aa1: das 0x12aa2: inc dx 0x12aa3: inc bp 0x12aa4: jbe 0x12b03 0x12aa6: cmp ax, 0x5a2d
2018-12-25T11:41:25.379958296Z	26	PC: 12aad \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":673,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:25.33088889Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T11:41:25.332230439Z	26	PC: 12a70 \| Set disk transfer address
2018-12-25T11:41:25.333719941Z	71	PC: 12abf \| Get current directory
2018-12-25T11:41:25.336424351Z	47	PC: 12ae9 \| Get disk transfer address
2018-12-25T11:41:25.337652681Z	26	PC: 12af8 \| Set disk transfer address
2018-12-25T11:41:25.338741979Z	78	PC: 12b00 \| Find first file
2018-12-25T11:41:25.342661495Z	47	PC: 12b18 \| Get disk transfer address
2018-12-25T11:41:25.343956163Z	61	PC: 12b31 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:25.35017138Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:25.35629729Z	66	PC: 12b47 \| Move file pointer
2018-12-25T11:41:25.35781913Z	62	PC: 12b4c \| Close file
2018-12-25T11:41:25.359373233Z	67	PC: 12b6c \| Get or set file attributes
2018-12-25T11:41:25.375982402Z	61	PC: 12b71 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:25.38753377Z	64	PC: 12b7d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:25.401923086Z	66	PC: 12b87 \| Move file pointer
2018-12-25T11:41:25.404378116Z	64	PC: 12c52 \| Write file or device (Write 505 bytes on handle 5)
2018-12-25T11:41:25.412925178Z	87	PC: 12b97 \| Get or set file date and time
2018-12-25T11:41:25.414416205Z	62	PC: 12b9b \| Close file
2018-12-25T11:41:25.421604256Z	67	PC: 12ba8 \| Get or set file attributes
2018-12-25T11:41:25.431419569Z	26	PC: 12b12 \| Set disk transfer address
2018-12-25T11:41:25.432248833Z	59	PC: 12ace \| Change current directory
2018-12-25T11:41:25.43476054Z	59	PC: 12ad7 \| Change current directory
2018-12-25T11:41:25.436716279Z	42	PC: 12a80 \| Get date 0x12a80: cmp dx, 0x301 0x12a84: jne 0x12aa8 0x12a86: cmp cx, 0x7c9 0x12a8a: jl 0x12aa8 0x12a8c: lea si, word ptr [di + 0x275] 0x12a90: mov ah, 0xe 0x12a92: lodsb al, byte ptr [si] 0x12a93: or al, al 0x12a95: je 0x12aa8 0x12a97: int 0x10 0x12a99: jmp 0x12a90 0x12a9b: sub ax, 0x5b3d 0x12a9e: push si 0x12a9f: inc bx 0x12aa0: dec sp 0x12aa1: das 0x12aa2: inc dx 0x12aa3: inc bp 0x12aa4: jbe 0x12b03 0x12aa6: cmp ax, 0x5a2d
2018-12-25T11:41:25.43866661Z	26	PC: 12aad \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":3,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":673,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:25.443738605Z	47	PC: 12a68 \| Get disk transfer address
2018-12-25T11:41:25.445514172Z	26	PC: 12a70 \| Set disk transfer address
2018-12-25T11:41:25.447970734Z	71	PC: 12abf \| Get current directory
2018-12-25T11:41:25.451552103Z	47	PC: 12ae9 \| Get disk transfer address
2018-12-25T11:41:25.453180875Z	26	PC: 12af8 \| Set disk transfer address
2018-12-25T11:41:25.461357712Z	78	PC: 12b00 \| Find first file
2018-12-25T11:41:25.468545753Z	47	PC: 12b18 \| Get disk transfer address
2018-12-25T11:41:25.4702177Z	61	PC: 12b31 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:25.478905191Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:41:25.486788773Z	66	PC: 12b47 \| Move file pointer
2018-12-25T11:41:25.488363308Z	62	PC: 12b4c \| Close file
2018-12-25T11:41:25.491410539Z	67	PC: 12b6c \| Get or set file attributes
2018-12-25T11:41:25.509566782Z	61	PC: 12b71 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:25.517940872Z	64	PC: 12b7d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:41:25.521760354Z	66	PC: 12b87 \| Move file pointer
2018-12-25T11:41:25.524191052Z	64	PC: 12c52 \| Write file or device (Write 505 bytes on handle 5)
2018-12-25T11:41:25.534478754Z	87	PC: 12b97 \| Get or set file date and time
2018-12-25T11:41:25.537335394Z	62	PC: 12b9b \| Close file
2018-12-25T11:41:25.548237022Z	67	PC: 12ba8 \| Get or set file attributes
2018-12-25T11:41:25.560052847Z	26	PC: 12b12 \| Set disk transfer address
2018-12-25T11:41:25.562231292Z	59	PC: 12ace \| Change current directory
2018-12-25T11:41:25.567774218Z	59	PC: 12ad7 \| Change current directory
2018-12-25T11:41:25.570183014Z	42	PC: 12a80 \| Get date 0x12a80: cmp dx, 0x301 0x12a84: jne 0x12aa8 0x12a86: cmp cx, 0x7c9 0x12a8a: jl 0x12aa8 0x12a8c: lea si, word ptr [di + 0x275] 0x12a90: mov ah, 0xe 0x12a92: lodsb al, byte ptr [si] 0x12a93: or al, al 0x12a95: je 0x12aa8 0x12a97: int 0x10 0x12a99: jmp 0x12a90 0x12a9b: sub ax, 0x5b3d 0x12a9e: push si 0x12a9f: inc bx 0x12aa0: dec sp 0x12aa1: das 0x12aa2: inc dx 0x12aa3: inc bp 0x12aa4: jbe 0x12b03 0x12aa6: cmp ax, 0x5a2d
2018-12-25T11:41:25.578123255Z	26	PC: 12aad \| Set disk transfer address