Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.814

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:01.36971189Z	48	PC: 12b36 \| Get DOS version
2018-12-17T22:50:01.371398551Z	44	PC: 12b3e \| Get time 0x12b3e: mov byte ptr [0x103], dl 0x12b42: mov dx, 0x146 0x12b45: mov ah, 0x1a 0x12b47: int 0x21 0x12b49: mov ah, 0x19 0x12b4b: int 0x21 0x12b4d: mov dl, al 0x12b4f: inc dl 0x12b51: mov ah, 0x47 0x12b53: mov si, 0x1a5 0x12b56: int 0x21 0x12b58: mov dx, 0x144 0x12b5b: mov ah, 0x3b 0x12b5d: int 0x21 0x12b5f: mov cx, 0x13 0x12b62: mov dx, 0x138 0x12b65: mov ah, 0x4e 0x12b67: int 0x21 0x12b69: cmp ax, 0x12 0x12b6c: jne 0x12b71
2018-12-17T22:50:01.374679403Z	26	PC: 12b49 \| Set disk transfer address
2018-12-17T22:50:01.376256902Z	25	PC: 12b4d \| Get default drive
2018-12-17T22:50:01.377859418Z	71	PC: 12b58 \| Get current directory
2018-12-17T22:50:01.381904008Z	59	PC: 12b5f \| Change current directory
2018-12-17T22:50:01.386671219Z	78	PC: 12b69 \| Find first file
2018-12-17T22:50:01.393447362Z	87	PC: 12c4d \| Get or set file date and time
2018-12-17T22:50:01.396233007Z	67	PC: 12c59 \| Get or set file attributes
2018-12-17T22:50:01.398640795Z	59	PC: 12c60 \| Change current directory
2018-12-17T22:50:01.403416158Z	59	PC: 12c67 \| Change current directory
2018-12-17T22:50:01.406445838Z	42	PC: 12c6b \| Get date 0x12c6b: cmp cx, 0x7c8 0x12c6f: jb 0x12ca1 0x12c71: cmp dl, 0x1d 0x12c74: jb 0x12ca1 0x12c76: cmp al, 6 0x12c78: jne 0x12ca1 0x12c7a: mov dx, 0x146 0x12c7d: mov ah, 0x1a 0x12c7f: int 0x21 0x12c81: mov ah, 0x4e 0x12c83: mov cx, 7 0x12c86: mov dx, 0x140 0x12c89: int 0x21 0x12c8b: jb 0x12ca1 0x12c8d: mov ax, 0x4301 0x12c90: xor cx, cx 0x12c92: int 0x21 0x12c94: mov dx, 0x164 0x12c97: mov ah, 0x3c 0x12c99: int 0x21
2018-12-17T22:50:01.409044752Z	76	PC: 12ca6 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":29,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10080,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:09.807391648Z	48	PC: 12b36 \| Get DOS version
2018-12-25T12:27:09.811113124Z	44	PC: 12b3e \| Get time 0x12b3e: mov byte ptr [0x103], dl 0x12b42: mov dx, 0x146 0x12b45: mov ah, 0x1a 0x12b47: int 0x21 0x12b49: mov ah, 0x19 0x12b4b: int 0x21 0x12b4d: mov dl, al 0x12b4f: inc dl 0x12b51: mov ah, 0x47 0x12b53: mov si, 0x1a5 0x12b56: int 0x21 0x12b58: mov dx, 0x144 0x12b5b: mov ah, 0x3b 0x12b5d: int 0x21 0x12b5f: mov cx, 0x13 0x12b62: mov dx, 0x138 0x12b65: mov ah, 0x4e 0x12b67: int 0x21 0x12b69: cmp ax, 0x12 0x12b6c: jne 0x12b71
2018-12-25T12:27:09.814362149Z	26	PC: 12b49 \| Set disk transfer address
2018-12-25T12:27:09.816304326Z	25	PC: 12b4d \| Get default drive
2018-12-25T12:27:09.819338512Z	71	PC: 12b58 \| Get current directory
2018-12-25T12:27:09.823011434Z	59	PC: 12b5f \| Change current directory
2018-12-25T12:27:09.827220504Z	78	PC: 12b69 \| Find first file
2018-12-25T12:27:09.838354449Z	87	PC: 12c4d \| Get or set file date and time
2018-12-25T12:27:09.854971246Z	67	PC: 12c59 \| Get or set file attributes
2018-12-25T12:27:09.857058639Z	59	PC: 12c60 \| Change current directory
2018-12-25T12:27:09.861203209Z	59	PC: 12c67 \| Change current directory
2018-12-25T12:27:09.863316599Z	42	PC: 12c6b \| Get date 0x12c6b: cmp cx, 0x7c8 0x12c6f: jb 0x12ca1 0x12c71: cmp dl, 0x1d 0x12c74: jb 0x12ca1 0x12c76: cmp al, 6 0x12c78: jne 0x12ca1 0x12c7a: mov dx, 0x146 0x12c7d: mov ah, 0x1a 0x12c7f: int 0x21 0x12c81: mov ah, 0x4e 0x12c83: mov cx, 7 0x12c86: mov dx, 0x140 0x12c89: int 0x21 0x12c8b: jb 0x12ca1 0x12c8d: mov ax, 0x4301 0x12c90: xor cx, cx 0x12c92: int 0x21 0x12c94: mov dx, 0x164 0x12c97: mov ah, 0x3c 0x12c99: int 0x21
2018-12-25T12:27:09.865428495Z	76	PC: 12ca6 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":29,"Month":2,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10080,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:09.919962195Z	48	PC: 12b36 \| Get DOS version
2018-12-25T12:27:09.922630304Z	44	PC: 12b3e \| Get time 0x12b3e: mov byte ptr [0x103], dl 0x12b42: mov dx, 0x146 0x12b45: mov ah, 0x1a 0x12b47: int 0x21 0x12b49: mov ah, 0x19 0x12b4b: int 0x21 0x12b4d: mov dl, al 0x12b4f: inc dl 0x12b51: mov ah, 0x47 0x12b53: mov si, 0x1a5 0x12b56: int 0x21 0x12b58: mov dx, 0x144 0x12b5b: mov ah, 0x3b 0x12b5d: int 0x21 0x12b5f: mov cx, 0x13 0x12b62: mov dx, 0x138 0x12b65: mov ah, 0x4e 0x12b67: int 0x21 0x12b69: cmp ax, 0x12 0x12b6c: jne 0x12b71
2018-12-25T12:27:09.924863198Z	26	PC: 12b49 \| Set disk transfer address
2018-12-25T12:27:09.926053599Z	25	PC: 12b4d \| Get default drive
2018-12-25T12:27:09.927243928Z	71	PC: 12b58 \| Get current directory
2018-12-25T12:27:09.930681038Z	59	PC: 12b5f \| Change current directory
2018-12-25T12:27:09.934639077Z	78	PC: 12b69 \| Find first file
2018-12-25T12:27:09.940619322Z	87	PC: 12c4d \| Get or set file date and time
2018-12-25T12:27:09.943475533Z	67	PC: 12c59 \| Get or set file attributes
2018-12-25T12:27:09.945709625Z	59	PC: 12c60 \| Change current directory
2018-12-25T12:27:09.95008484Z	59	PC: 12c67 \| Change current directory
2018-12-25T12:27:09.952471393Z	42	PC: 12c6b \| Get date 0x12c6b: cmp cx, 0x7c8 0x12c6f: jb 0x12ca1 0x12c71: cmp dl, 0x1d 0x12c74: jb 0x12ca1 0x12c76: cmp al, 6 0x12c78: jne 0x12ca1 0x12c7a: mov dx, 0x146 0x12c7d: mov ah, 0x1a 0x12c7f: int 0x21 0x12c81: mov ah, 0x4e 0x12c83: mov cx, 7 0x12c86: mov dx, 0x140 0x12c89: int 0x21 0x12c8b: jb 0x12ca1 0x12c8d: mov ax, 0x4301 0x12c90: xor cx, cx 0x12c92: int 0x21 0x12c94: mov dx, 0x164 0x12c97: mov ah, 0x3c 0x12c99: int 0x21
2018-12-25T12:27:09.954770064Z	26	PC: 12c81 \| Set disk transfer address
2018-12-25T12:27:09.956047267Z	78	PC: 12c8b \| Find first file
2018-12-25T12:27:09.970988013Z	67	PC: 12c94 \| Get or set file attributes
2018-12-25T12:27:09.980842905Z	60	PC: 12c9b \| Create or truncate file
2018-12-25T12:27:10.67799239Z	79	PC: 12c8b \| Find next file (See above)
2018-12-25T12:27:10.681517477Z	67	PC: 12c94 \| Get or set file attributes (See above)
2018-12-25T12:27:10.698148849Z	60	PC: 12c9b \| Create or truncate file (See above)
2018-12-25T12:27:10.718295499Z	79	PC: 12c8b \| Find next file (See above)
2018-12-25T12:27:10.721879007Z	67	PC: 12c94 \| Get or set file attributes (See above)
2018-12-25T12:27:10.737989384Z	60	PC: 12c9b \| Create or truncate file (See above)
2018-12-25T12:27:10.756478332Z	79	PC: 12c8b \| Find next file (See above)
2018-12-25T12:27:10.760774841Z	67	PC: 12c94 \| Get or set file attributes (See above)
2018-12-25T12:27:10.775387528Z	60	PC: 12c9b \| Create or truncate file (See above)
2018-12-25T12:27:10.795513929Z	79	PC: 12c8b \| Find next file (See above)
2018-12-25T12:27:10.798703305Z	67	PC: 12c94 \| Get or set file attributes (See above)
2018-12-25T12:27:10.814969785Z	60	PC: 12c9b \| Create or truncate file (See above)
2018-12-25T12:27:10.825117536Z	79	PC: 12c8b \| Find next file (See above)
2018-12-25T12:27:10.827151624Z	67	PC: 12c94 \| Get or set file attributes (See above)
2018-12-25T12:27:10.84016533Z	60	PC: 12c9b \| Create or truncate file (See above)
2018-12-25T12:27:10.850825052Z	79	PC: 12c8b \| Find next file (See above)
2018-12-25T12:27:10.852823013Z	67	PC: 12c94 \| Get or set file attributes (See above)
2018-12-25T12:27:10.861325474Z	60	PC: 12c9b \| Create or truncate file (See above)
2018-12-25T12:27:10.871158702Z	79	PC: 12c8b \| Find next file (See above)
2018-12-25T12:27:10.873255695Z	67	PC: 12c94 \| Get or set file attributes (See above)
2018-12-25T12:27:10.886677512Z	60	PC: 12c9b \| Create or truncate file (See above)
2018-12-25T12:27:10.926925592Z	79	PC: 12c8b \| Find next file (See above)
2018-12-25T12:27:10.930333729Z	67	PC: 12c94 \| Get or set file attributes (See above)
2018-12-25T12:27:10.951467325Z	60	PC: 12c9b \| Create or truncate file (See above)
2018-12-25T12:27:10.965791626Z	79	PC: 12c8b \| Find next file (See above)
2018-12-25T12:27:10.968419051Z	76	PC: 12ca6 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10080,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:10.053809319Z	48	PC: 12b36 \| Get DOS version
2018-12-25T12:27:10.056150346Z	44	PC: 12b3e \| Get time 0x12b3e: mov byte ptr [0x103], dl 0x12b42: mov dx, 0x146 0x12b45: mov ah, 0x1a 0x12b47: int 0x21 0x12b49: mov ah, 0x19 0x12b4b: int 0x21 0x12b4d: mov dl, al 0x12b4f: inc dl 0x12b51: mov ah, 0x47 0x12b53: mov si, 0x1a5 0x12b56: int 0x21 0x12b58: mov dx, 0x144 0x12b5b: mov ah, 0x3b 0x12b5d: int 0x21 0x12b5f: mov cx, 0x13 0x12b62: mov dx, 0x138 0x12b65: mov ah, 0x4e 0x12b67: int 0x21 0x12b69: cmp ax, 0x12 0x12b6c: jne 0x12b71
2018-12-25T12:27:10.058878655Z	26	PC: 12b49 \| Set disk transfer address
2018-12-25T12:27:10.060188375Z	25	PC: 12b4d \| Get default drive
2018-12-25T12:27:10.061506426Z	71	PC: 12b58 \| Get current directory
2018-12-25T12:27:10.065165195Z	59	PC: 12b5f \| Change current directory
2018-12-25T12:27:10.069318673Z	78	PC: 12b69 \| Find first file
2018-12-25T12:27:10.081061371Z	87	PC: 12c4d \| Get or set file date and time
2018-12-25T12:27:10.084084662Z	67	PC: 12c59 \| Get or set file attributes
2018-12-25T12:27:10.085810392Z	59	PC: 12c60 \| Change current directory
2018-12-25T12:27:10.089928369Z	59	PC: 12c67 \| Change current directory
2018-12-25T12:27:10.093981032Z	42	PC: 12c6b \| Get date 0x12c6b: cmp cx, 0x7c8 0x12c6f: jb 0x12ca1 0x12c71: cmp dl, 0x1d 0x12c74: jb 0x12ca1 0x12c76: cmp al, 6 0x12c78: jne 0x12ca1 0x12c7a: mov dx, 0x146 0x12c7d: mov ah, 0x1a 0x12c7f: int 0x21 0x12c81: mov ah, 0x4e 0x12c83: mov cx, 7 0x12c86: mov dx, 0x140 0x12c89: int 0x21 0x12c8b: jb 0x12ca1 0x12c8d: mov ax, 0x4301 0x12c90: xor cx, cx 0x12c92: int 0x21 0x12c94: mov dx, 0x164 0x12c97: mov ah, 0x3c 0x12c99: int 0x21
2018-12-25T12:27:10.096113131Z	76	PC: 12ca6 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10080,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:10.27617341Z	48	PC: 12b36 \| Get DOS version
2018-12-25T12:27:10.283192607Z	44	PC: 12b3e \| Get time 0x12b3e: mov byte ptr [0x103], dl 0x12b42: mov dx, 0x146 0x12b45: mov ah, 0x1a 0x12b47: int 0x21 0x12b49: mov ah, 0x19 0x12b4b: int 0x21 0x12b4d: mov dl, al 0x12b4f: inc dl 0x12b51: mov ah, 0x47 0x12b53: mov si, 0x1a5 0x12b56: int 0x21 0x12b58: mov dx, 0x144 0x12b5b: mov ah, 0x3b 0x12b5d: int 0x21 0x12b5f: mov cx, 0x13 0x12b62: mov dx, 0x138 0x12b65: mov ah, 0x4e 0x12b67: int 0x21 0x12b69: cmp ax, 0x12 0x12b6c: jne 0x12b71
2018-12-25T12:27:10.285860933Z	26	PC: 12b49 \| Set disk transfer address
2018-12-25T12:27:10.28719773Z	25	PC: 12b4d \| Get default drive
2018-12-25T12:27:10.288556896Z	71	PC: 12b58 \| Get current directory
2018-12-25T12:27:10.294216248Z	59	PC: 12b5f \| Change current directory
2018-12-25T12:27:10.304614177Z	78	PC: 12b69 \| Find first file
2018-12-25T12:27:10.32506425Z	87	PC: 12c4d \| Get or set file date and time
2018-12-25T12:27:10.337219375Z	67	PC: 12c59 \| Get or set file attributes
2018-12-25T12:27:10.339770227Z	59	PC: 12c60 \| Change current directory
2018-12-25T12:27:10.344793535Z	59	PC: 12c67 \| Change current directory
2018-12-25T12:27:10.348572105Z	42	PC: 12c6b \| Get date 0x12c6b: cmp cx, 0x7c8 0x12c6f: jb 0x12ca1 0x12c71: cmp dl, 0x1d 0x12c74: jb 0x12ca1 0x12c76: cmp al, 6 0x12c78: jne 0x12ca1 0x12c7a: mov dx, 0x146 0x12c7d: mov ah, 0x1a 0x12c7f: int 0x21 0x12c81: mov ah, 0x4e 0x12c83: mov cx, 7 0x12c86: mov dx, 0x140 0x12c89: int 0x21 0x12c8b: jb 0x12ca1 0x12c8d: mov ax, 0x4301 0x12c90: xor cx, cx 0x12c92: int 0x21 0x12c94: mov dx, 0x164 0x12c97: mov ah, 0x3c 0x12c99: int 0x21
2018-12-25T12:27:10.35155873Z	76	PC: 12ca6 \| Terminate with return code (Return code = '0')