Sample viewer

vx.netlux.org/Virus.DOS.VCL.Dagger.483

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:14.212140145Z	42	PC: 12ac8 \| Get date 0x12ac8: cmp al, 2 0x12aca: jne 0x12afe 0x12acc: mov ah, 0x2c 0x12ace: int 0x21 0x12ad0: cmp cl, 0x28 0x12ad3: jg 0x12afe 0x12ad5: xor bx, bx 0x12ad7: ror byte ptr [bx + 0x2dd], 1 0x12adb: inc bx 0x12adc: cmp bx, 9 0x12adf: jne 0x12ad7 0x12ae1: lea dx, word ptr [0x2dd] 0x12ae5: mov ah, 9 0x12ae7: int 0x21 0x12ae9: mov al, 2 0x12aeb: mov cx, 0x100 0x12aee: cdq 0x12aef: cli 0x12af0: int 0x26 0x12af2: mov al, 0x10
2018-12-17T22:43:14.215775685Z	47	PC: 12b02 \| Get disk transfer address
2018-12-17T22:43:14.217112869Z	26	PC: 12b0a \| Set disk transfer address
2018-12-17T22:43:14.218399246Z	71	PC: 12b27 \| Get current directory
2018-12-17T22:43:14.221846108Z	59	PC: 12b2f \| Change current directory
2018-12-17T22:43:14.227786211Z	47	PC: 12b44 \| Get disk transfer address
2018-12-17T22:43:14.229302474Z	26	PC: 12b52 \| Set disk transfer address
2018-12-17T22:43:14.230819153Z	78	PC: 12b5d \| Find first file
2018-12-17T22:43:14.238093592Z	79	PC: 12b85 \| Find next file
2018-12-17T22:43:14.241036793Z	79	PC: 12b85 \| Find next file
2018-12-17T22:43:14.243957102Z	79	PC: 12b85 \| Find next file
2018-12-17T22:43:14.247345393Z	79	PC: 12b85 \| Find next file
2018-12-17T22:43:14.250052831Z	79	PC: 12b85 \| Find next file
2018-12-17T22:43:14.253276153Z	79	PC: 12b85 \| Find next file
2018-12-17T22:43:14.257181407Z	79	PC: 12b85 \| Find next file
2018-12-17T22:43:14.260072635Z	79	PC: 12b85 \| Find next file
2018-12-17T22:43:14.262844501Z	79	PC: 12b85 \| Find next file
2018-12-17T22:43:14.265872456Z	47	PC: 12ba9 \| Get disk transfer address
2018-12-17T22:43:14.267274066Z	26	PC: 12bb8 \| Set disk transfer address
2018-12-17T22:43:14.268562929Z	78	PC: 12bc0 \| Find first file
2018-12-17T22:43:14.275282647Z	47	PC: 12bd8 \| Get disk transfer address
2018-12-17T22:43:14.276787724Z	61	PC: 12bf2 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:14.28447071Z	63	PC: 12bfe \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:14.291629831Z	66	PC: 12c07 \| Move file pointer
2018-12-17T22:43:14.293543862Z	62	PC: 12c0c \| Close file
2018-12-17T22:43:14.29592555Z	67	PC: 12c2d \| Get or set file attributes
2018-12-17T22:43:14.313746847Z	61	PC: 12c33 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:14.321667366Z	64	PC: 12c3f \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:14.324535094Z	66	PC: 12c48 \| Move file pointer
2018-12-17T22:43:14.325989729Z	64	PC: 12c53 \| Write file or device (Write 483 bytes on handle 5)
2018-12-17T22:43:14.336007589Z	87	PC: 12c5f \| Get or set file date and time
2018-12-17T22:43:14.337787598Z	62	PC: 12c63 \| Close file
2018-12-17T22:43:14.346267129Z	67	PC: 12c71 \| Get or set file attributes
2018-12-17T22:43:14.358693416Z	26	PC: 12bd2 \| Set disk transfer address
2018-12-17T22:43:14.359965335Z	26	PC: 12b95 \| Set disk transfer address
2018-12-17T22:43:14.361601602Z	59	PC: 12b39 \| Change current directory
2018-12-17T22:43:14.364435321Z	26	PC: 12b12 \| Set disk transfer address
2018-12-17T22:43:14.365716839Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7810,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:44.233902245Z	42	PC: 12ac8 \| Get date 0x12ac8: cmp al, 2 0x12aca: jne 0x12afe 0x12acc: mov ah, 0x2c 0x12ace: int 0x21 0x12ad0: cmp cl, 0x28 0x12ad3: jg 0x12afe 0x12ad5: xor bx, bx 0x12ad7: ror byte ptr [bx + 0x2dd], 1 0x12adb: inc bx 0x12adc: cmp bx, 9 0x12adf: jne 0x12ad7 0x12ae1: lea dx, word ptr [0x2dd] 0x12ae5: mov ah, 9 0x12ae7: int 0x21 0x12ae9: mov al, 2 0x12aeb: mov cx, 0x100 0x12aee: cdq 0x12aef: cli 0x12af0: int 0x26 0x12af2: mov al, 0x10
2018-12-25T12:02:44.236870541Z	44	PC: 12ad0 \| Get time 0x12ad0: cmp cl, 0x28 0x12ad3: jg 0x12afe 0x12ad5: xor bx, bx 0x12ad7: ror byte ptr [bx + 0x2dd], 1 0x12adb: inc bx 0x12adc: cmp bx, 9 0x12adf: jne 0x12ad7 0x12ae1: lea dx, word ptr [0x2dd] 0x12ae5: mov ah, 9 0x12ae7: int 0x21 0x12ae9: mov al, 2 0x12aeb: mov cx, 0x100 0x12aee: cdq 0x12aef: cli 0x12af0: int 0x26 0x12af2: mov al, 0x10 0x12af4: out 0x70, al 0x12af6: xor al, al 0x12af8: out 0x71, al 0x12afa: cdq
2018-12-25T12:02:44.239217476Z	9	PC: 12ae9 \| Display string (Could not find end pointer)
2018-12-25T12:02:44.262716624Z	61	PC: 12bf2 \| Open file (Filename = '��/%')
2018-12-25T12:02:44.267484192Z	63	PC: 12bfe \| Read file or device (Read 3 bytes on handle 3)
2018-12-25T12:02:46.082055727Z	66	PC: 12c07 \| Move file pointer
2018-12-25T12:02:46.083580298Z	62	PC: 12c0c \| Close file

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7810,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:46.731873847Z	42	PC: 12ac8 \| Get date 0x12ac8: cmp al, 2 0x12aca: jne 0x12afe 0x12acc: mov ah, 0x2c 0x12ace: int 0x21 0x12ad0: cmp cl, 0x28 0x12ad3: jg 0x12afe 0x12ad5: xor bx, bx 0x12ad7: ror byte ptr [bx + 0x2dd], 1 0x12adb: inc bx 0x12adc: cmp bx, 9 0x12adf: jne 0x12ad7 0x12ae1: lea dx, word ptr [0x2dd] 0x12ae5: mov ah, 9 0x12ae7: int 0x21 0x12ae9: mov al, 2 0x12aeb: mov cx, 0x100 0x12aee: cdq 0x12aef: cli 0x12af0: int 0x26 0x12af2: mov al, 0x10
2018-12-25T12:02:46.735866151Z	47	PC: 12b02 \| Get disk transfer address
2018-12-25T12:02:46.737560137Z	26	PC: 12b0a \| Set disk transfer address
2018-12-25T12:02:46.738972086Z	71	PC: 12b27 \| Get current directory
2018-12-25T12:02:46.742347198Z	59	PC: 12b2f \| Change current directory
2018-12-25T12:02:46.747436579Z	47	PC: 12b44 \| Get disk transfer address
2018-12-25T12:02:46.749177502Z	26	PC: 12b52 \| Set disk transfer address
2018-12-25T12:02:46.75080753Z	78	PC: 12b5d \| Find first file
2018-12-25T12:02:46.758466282Z	79	PC: 12b85 \| Find next file
2018-12-25T12:02:46.761854461Z	79	PC: 12b85 \| Find next file (See above)
2018-12-25T12:02:46.765253637Z	79	PC: 12b85 \| Find next file (See above)
2018-12-25T12:02:46.769076826Z	79	PC: 12b85 \| Find next file (See above)
2018-12-25T12:02:46.772110221Z	79	PC: 12b85 \| Find next file (See above)
2018-12-25T12:02:46.775646221Z	79	PC: 12b85 \| Find next file (See above)
2018-12-25T12:02:46.779808136Z	79	PC: 12b85 \| Find next file (See above)
2018-12-25T12:02:46.7831617Z	79	PC: 12b85 \| Find next file (See above)
2018-12-25T12:02:46.786569667Z	79	PC: 12b85 \| Find next file (See above)
2018-12-25T12:02:46.789663536Z	47	PC: 12ba9 \| Get disk transfer address
2018-12-25T12:02:46.794974902Z	26	PC: 12bb8 \| Set disk transfer address
2018-12-25T12:02:46.796619671Z	78	PC: 12bc0 \| Find first file
2018-12-25T12:02:46.80457987Z	47	PC: 12bd8 \| Get disk transfer address
2018-12-25T12:02:46.806209753Z	61	PC: 12bf2 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:46.813885447Z	63	PC: 12bfe \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:46.821193093Z	66	PC: 12c07 \| Move file pointer
2018-12-25T12:02:46.823198857Z	62	PC: 12c0c \| Close file
2018-12-25T12:02:46.825551619Z	67	PC: 12c2d \| Get or set file attributes
2018-12-25T12:02:46.844172237Z	61	PC: 12c33 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:46.851902407Z	64	PC: 12c3f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:46.854928082Z	66	PC: 12c48 \| Move file pointer
2018-12-25T12:02:46.856634767Z	64	PC: 12c53 \| Write file or device (Write 483 bytes on handle 5)
2018-12-25T12:02:46.866876638Z	87	PC: 12c5f \| Get or set file date and time
2018-12-25T12:02:46.868817802Z	62	PC: 12c63 \| Close file
2018-12-25T12:02:46.877917431Z	67	PC: 12c71 \| Get or set file attributes
2018-12-25T12:02:46.897026441Z	26	PC: 12bd2 \| Set disk transfer address
2018-12-25T12:02:46.89885189Z	26	PC: 12b95 \| Set disk transfer address
2018-12-25T12:02:46.90063154Z	59	PC: 12b39 \| Change current directory
2018-12-25T12:02:46.90432257Z	26	PC: 12b12 \| Set disk transfer address
2018-12-25T12:02:46.916336462Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')