Sample viewer

vx.netlux.org/Virus.DOS.ARCV.657

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:40:21.165488937Z	26	PC: 12a71 \| Set disk transfer address
2018-12-17T22:40:21.16694559Z	71	PC: 12a7b \| Get current directory
2018-12-17T22:40:21.171022504Z	53	PC: 12a85 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:21.172246723Z	37	PC: 12a95 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:21.173469205Z	78	PC: 12aa2 \| Find first file
2018-12-17T22:40:21.185604662Z	61	PC: 12cad \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:40:21.209302984Z	63	PC: 12ab4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:40:21.216473795Z	62	PC: 12ab8 \| Close file
2018-12-17T22:40:21.219648612Z	79	PC: 12aa2 \| Find next file
2018-12-17T22:40:21.222802313Z	61	PC: 12cad \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:40:21.230120161Z	63	PC: 12ab4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:40:21.237747715Z	62	PC: 12ab8 \| Close file
2018-12-17T22:40:21.241481127Z	79	PC: 12aa2 \| Find next file
2018-12-17T22:40:21.24500845Z	61	PC: 12cad \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:40:21.252737574Z	63	PC: 12ab4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:40:21.260354114Z	62	PC: 12ab8 \| Close file
2018-12-17T22:40:21.263113701Z	79	PC: 12aa2 \| Find next file
2018-12-17T22:40:21.266019059Z	61	PC: 12cad \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:40:21.274348949Z	63	PC: 12ab4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:40:21.281767537Z	62	PC: 12ab8 \| Close file
2018-12-17T22:40:21.284202078Z	79	PC: 12aa2 \| Find next file
2018-12-17T22:40:21.288648519Z	61	PC: 12cad \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:40:21.295980167Z	63	PC: 12ab4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:40:21.303395782Z	62	PC: 12ab8 \| Close file
2018-12-17T22:40:21.30653924Z	79	PC: 12aa2 \| Find next file
2018-12-17T22:40:21.309749726Z	61	PC: 12cad \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:40:21.317613258Z	63	PC: 12ab4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:40:21.326114118Z	62	PC: 12ab8 \| Close file
2018-12-17T22:40:21.328273559Z	79	PC: 12aa2 \| Find next file
2018-12-17T22:40:21.332387683Z	61	PC: 12cad \| Open file (Filename = 'PAH.COM')
2018-12-17T22:40:21.340478911Z	63	PC: 12ab4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:40:21.347607507Z	62	PC: 12ab8 \| Close file
2018-12-17T22:40:21.349630841Z	79	PC: 12aa2 \| Find next file
2018-12-17T22:40:21.352898113Z	61	PC: 12cad \| Open file (Filename = 'TEST.COM')
2018-12-17T22:40:21.360480211Z	63	PC: 12ab4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:40:21.367724564Z	62	PC: 12ab8 \| Close file
2018-12-17T22:40:21.370098327Z	79	PC: 12aa2 \| Find next file
2018-12-17T22:40:21.373898682Z	42	PC: 12ae7 \| Get date 0x12ae7: cmp dh, 2 0x12aea: je 0x12b23 0x12aec: mov ax, 0x2524 0x12aef: lds dx, ptr [bp + 0x3c2] 0x12af3: int 0x21 0x12af5: push cs 0x12af6: pop ds 0x12af7: mov ah, 0x3b 0x12af9: lea dx, word ptr [bp + 0x3c6] 0x12afd: int 0x21 0x12aff: mov ah, 0x1a 0x12b01: mov dx, 0x80 0x12b04: int 0x21 0x12b06: ret 0x12b07: int 0x20 0x12b09: add byte ptr [bp + di + 0x41], bl 0x12b0c: push dx 0x12b0d: inc bx 0x12b0e: push si 0x12b0f: sub ax, 0x5d33
2018-12-17T22:40:21.376677109Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:40:21.378310817Z	59	PC: 12aff \| Change current directory
2018-12-17T22:40:21.383470297Z	26	PC: 12b06 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6966,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:46.836436501Z	26	PC: 12a71 \| Set disk transfer address
2018-12-25T12:00:46.838376209Z	71	PC: 12a7b \| Get current directory
2018-12-25T12:00:46.842673349Z	53	PC: 12a85 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:46.844266809Z	37	PC: 12a95 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:46.845810072Z	78	PC: 12aa2 \| Find first file
2018-12-25T12:00:46.853679368Z	61	PC: 12cad \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:46.861326112Z	63	PC: 12ab4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:00:46.868702006Z	62	PC: 12ab8 \| Close file
2018-12-25T12:00:46.871764654Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T12:00:46.875115456Z	61	PC: 12cad \| Open file (See above)
2018-12-25T12:00:46.882801549Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T12:00:46.890887Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T12:00:46.893590741Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T12:00:46.896954652Z	61	PC: 12cad \| Open file (See above)
2018-12-25T12:00:46.911243254Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T12:00:46.918606312Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T12:00:46.920588892Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T12:00:46.923727055Z	61	PC: 12cad \| Open file (See above)
2018-12-25T12:00:46.93192345Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T12:00:46.939536265Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T12:00:46.942032282Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T12:00:46.956783927Z	61	PC: 12cad \| Open file (See above)
2018-12-25T12:00:46.964584087Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T12:00:46.972082472Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T12:00:46.974743646Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T12:00:46.97888321Z	61	PC: 12cad \| Open file (See above)
2018-12-25T12:00:46.986450215Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T12:00:46.994381254Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T12:00:46.996671211Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T12:00:46.999901477Z	61	PC: 12cad \| Open file (See above)
2018-12-25T12:00:47.008546362Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T12:00:47.021419992Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T12:00:47.023979879Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T12:00:47.028453601Z	61	PC: 12cad \| Open file (See above)
2018-12-25T12:00:47.036793044Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T12:00:47.044833945Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T12:00:47.047620304Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T12:00:47.051186414Z	42	PC: 12ae7 \| Get date 0x12ae7: cmp dh, 2 0x12aea: je 0x12b23 0x12aec: mov ax, 0x2524 0x12aef: lds dx, ptr [bp + 0x3c2] 0x12af3: int 0x21 0x12af5: push cs 0x12af6: pop ds 0x12af7: mov ah, 0x3b 0x12af9: lea dx, word ptr [bp + 0x3c6] 0x12afd: int 0x21 0x12aff: mov ah, 0x1a 0x12b01: mov dx, 0x80 0x12b04: int 0x21 0x12b06: ret 0x12b07: int 0x20 0x12b09: add byte ptr [bp + di + 0x41], bl 0x12b0c: push dx 0x12b0d: inc bx 0x12b0e: push si 0x12b0f: sub ax, 0x5d33
2018-12-25T12:00:47.054538494Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:47.055874118Z	59	PC: 12aff \| Change current directory
2018-12-25T12:00:47.060994061Z	26	PC: 12b06 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6966,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:07:09.014532302Z	26	PC: 12a71 \| Set disk transfer address
2018-12-25T13:07:09.016801435Z	71	PC: 12a7b \| Get current directory
2018-12-25T13:07:09.019520875Z	53	PC: 12a85 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:09.020627665Z	37	PC: 12a95 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:09.022174195Z	78	PC: 12aa2 \| Find first file
2018-12-25T13:07:09.028353878Z	61	PC: 12cad \| Open file (Filename = 'SLEEP.COM')
2018-12-25T13:07:09.034800245Z	63	PC: 12ab4 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T13:07:09.046443998Z	62	PC: 12ab8 \| Close file
2018-12-25T13:07:09.047790672Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T13:07:09.050413137Z	61	PC: 12cad \| Open file (See above)
2018-12-25T13:07:09.05506187Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T13:07:09.059228872Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T13:07:09.060460474Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T13:07:09.062508085Z	61	PC: 12cad \| Open file (See above)
2018-12-25T13:07:09.070020485Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T13:07:09.075991707Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T13:07:09.077612941Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T13:07:09.07965569Z	61	PC: 12cad \| Open file (See above)
2018-12-25T13:07:09.083649955Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T13:07:09.088103268Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T13:07:09.089808795Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T13:07:09.092787152Z	61	PC: 12cad \| Open file (See above)
2018-12-25T13:07:09.097172714Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T13:07:09.102373407Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T13:07:09.103567974Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T13:07:09.10535774Z	61	PC: 12cad \| Open file (See above)
2018-12-25T13:07:09.111199587Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T13:07:09.117160456Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T13:07:09.118741125Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T13:07:09.122318444Z	61	PC: 12cad \| Open file (See above)
2018-12-25T13:07:09.128990394Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T13:07:09.135642051Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T13:07:09.142252423Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T13:07:09.148919569Z	61	PC: 12cad \| Open file (See above)
2018-12-25T13:07:09.155076796Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T13:07:09.161626645Z	62	PC: 12ab8 \| Close file (See above)
2018-12-25T13:07:09.163239082Z	79	PC: 12aa2 \| Find next file (See above)
2018-12-25T13:07:09.165504836Z	42	PC: 12ae7 \| Get date 0x12ae7: cmp dh, 2 0x12aea: je 0x12b23 0x12aec: mov ax, 0x2524 0x12aef: lds dx, ptr [bp + 0x3c2] 0x12af3: int 0x21 0x12af5: push cs 0x12af6: pop ds 0x12af7: mov ah, 0x3b 0x12af9: lea dx, word ptr [bp + 0x3c6] 0x12afd: int 0x21 0x12aff: mov ah, 0x1a 0x12b01: mov dx, 0x80 0x12b04: int 0x21 0x12b06: ret 0x12b07: int 0x20 0x12b09: add byte ptr [bp + di + 0x41], bl 0x12b0c: push dx 0x12b0d: inc bx 0x12b0e: push si 0x12b0f: sub ax, 0x5d33
2018-12-25T13:07:09.167984258Z	9	PC: 12b2d \| Display string (String= ' Yo.. I`ve Just Found a Virus.. Opps.. Sorry I`m the Virus. Well let me introduce myself.. I am ARCV-3 Virus, by Apache Warrior. Long Live The ARCV and Whats an Hard ECU? Vote Yes to the Best Vote ARCV.. ')
2018-12-25T13:07:09.181740363Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:09.182790085Z	59	PC: 12aff \| Change current directory
2018-12-25T13:07:09.188545248Z	26	PC: 12b06 \| Set disk transfer address