Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Skism.1992

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:08.026929333Z 48 PC: 13048 | Get DOS version
2018-12-17T22:50:08.028176892Z 44 PC: 13050 | Get time 0x13050: mov byte ptr [0x103], dl
0x13054: mov ah, 0x2a
0x13056: int 0x21
0x13058: cmp dl, 0x19
0x1305b: jl 0x13061
0x1305d: cmp al, 5
0x1305f: je 0x13064
0x13061: jmp 0x130e4
0x13064: mov si, 0x138
0x13067: mov ax, 0xb800
0x1306a: mov es, ax
0x1306c: mov di, 0
0x1306f: mov cx, 0x504
0x13072: call 0x1307a
0x13075: jmp 0x13075
0x13077: jmp 0x1311c
0x1307a: push si
0x1307b: push di
0x1307c: push ax
0x1307d: push bx
2018-12-17T22:50:08.031504856Z 42 PC: 13058 | Get date 0x13058: cmp dl, 0x19
0x1305b: jl 0x13061
0x1305d: cmp al, 5
0x1305f: je 0x13064
0x13061: jmp 0x130e4
0x13064: mov si, 0x138
0x13067: mov ax, 0xb800
0x1306a: mov es, ax
0x1306c: mov di, 0
0x1306f: mov cx, 0x504
0x13072: call 0x1307a
0x13075: jmp 0x13075
0x13077: jmp 0x1311c
0x1307a: push si
0x1307b: push di
0x1307c: push ax
0x1307d: push bx
0x1307e: push cx
0x1307f: push dx
0x13080: jcxz 0x130dd
2018-12-17T22:50:08.033697335Z 47 PC: 130e8 | Get disk transfer address
2018-12-17T22:50:08.034806646Z 26 PC: 130f7 | Set disk transfer address
2018-12-17T22:50:08.036440796Z 25 PC: 130fb | Get default drive
2018-12-17T22:50:08.037678777Z 71 PC: 13106 | Get current directory
2018-12-17T22:50:08.040881078Z 59 PC: 1310d | Change current directory
2018-12-17T22:50:08.046386488Z 78 PC: 13117 | Find first file
2018-12-17T22:50:08.052822848Z 87 PC: 131f5 | Get or set file date and time
2018-12-17T22:50:08.054542409Z 59 PC: 131fc | Change current directory
2018-12-17T22:50:08.059548749Z 59 PC: 13203 | Change current directory
2018-12-17T22:50:08.061574316Z 76 PC: 13208 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10121,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:16.097980972Z 48 PC: 13048 | Get DOS version
2018-12-25T12:27:16.100345521Z 44 PC: 13050 | Get time 0x13050: mov byte ptr [0x103], dl
0x13054: mov ah, 0x2a
0x13056: int 0x21
0x13058: cmp dl, 0x19
0x1305b: jl 0x13061
0x1305d: cmp al, 5
0x1305f: je 0x13064
0x13061: jmp 0x130e4
0x13064: mov si, 0x138
0x13067: mov ax, 0xb800
0x1306a: mov es, ax
0x1306c: mov di, 0
0x1306f: mov cx, 0x504
0x13072: call 0x1307a
0x13075: jmp 0x13075
0x13077: jmp 0x1311c
0x1307a: push si
0x1307b: push di
0x1307c: push ax
0x1307d: push bx
2018-12-25T12:27:16.103039141Z 42 PC: 13058 | Get date 0x13058: cmp dl, 0x19
0x1305b: jl 0x13061
0x1305d: cmp al, 5
0x1305f: je 0x13064
0x13061: jmp 0x130e4
0x13064: mov si, 0x138
0x13067: mov ax, 0xb800
0x1306a: mov es, ax
0x1306c: mov di, 0
0x1306f: mov cx, 0x504
0x13072: call 0x1307a
0x13075: jmp 0x13075
0x13077: jmp 0x1311c
0x1307a: push si
0x1307b: push di
0x1307c: push ax
0x1307d: push bx
0x1307e: push cx
0x1307f: push dx
0x13080: jcxz 0x130dd
2018-12-25T12:27:16.10549371Z 47 PC: 130e8 | Get disk transfer address
2018-12-25T12:27:16.107612302Z 26 PC: 130f7 | Set disk transfer address
2018-12-25T12:27:16.109042827Z 25 PC: 130fb | Get default drive
2018-12-25T12:27:16.110362663Z 71 PC: 13106 | Get current directory
2018-12-25T12:27:16.113699253Z 59 PC: 1310d | Change current directory
2018-12-25T12:27:16.118416767Z 78 PC: 13117 | Find first file
2018-12-25T12:27:16.124472791Z 87 PC: 131f5 | Get or set file date and time
2018-12-25T12:27:16.12621795Z 59 PC: 131fc | Change current directory
2018-12-25T12:27:16.131094108Z 59 PC: 13203 | Change current directory
2018-12-25T12:27:16.133172654Z 76 PC: 13208 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":25,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10121,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:16.14620999Z 48 PC: 13048 | Get DOS version
2018-12-25T12:27:16.148492339Z 44 PC: 13050 | Get time 0x13050: mov byte ptr [0x103], dl
0x13054: mov ah, 0x2a
0x13056: int 0x21
0x13058: cmp dl, 0x19
0x1305b: jl 0x13061
0x1305d: cmp al, 5
0x1305f: je 0x13064
0x13061: jmp 0x130e4
0x13064: mov si, 0x138
0x13067: mov ax, 0xb800
0x1306a: mov es, ax
0x1306c: mov di, 0
0x1306f: mov cx, 0x504
0x13072: call 0x1307a
0x13075: jmp 0x13075
0x13077: jmp 0x1311c
0x1307a: push si
0x1307b: push di
0x1307c: push ax
0x1307d: push bx
2018-12-25T12:27:16.151036592Z 42 PC: 13058 | Get date 0x13058: cmp dl, 0x19
0x1305b: jl 0x13061
0x1305d: cmp al, 5
0x1305f: je 0x13064
0x13061: jmp 0x130e4
0x13064: mov si, 0x138
0x13067: mov ax, 0xb800
0x1306a: mov es, ax
0x1306c: mov di, 0
0x1306f: mov cx, 0x504
0x13072: call 0x1307a
0x13075: jmp 0x13075
0x13077: jmp 0x1311c
0x1307a: push si
0x1307b: push di
0x1307c: push ax
0x1307d: push bx
0x1307e: push cx
0x1307f: push dx
0x13080: jcxz 0x130dd

{"DateBased":true,"Day":26,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10121,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:16.337434113Z 48 PC: 13048 | Get DOS version
2018-12-25T12:27:16.339494005Z 44 PC: 13050 | Get time 0x13050: mov byte ptr [0x103], dl
0x13054: mov ah, 0x2a
0x13056: int 0x21
0x13058: cmp dl, 0x19
0x1305b: jl 0x13061
0x1305d: cmp al, 5
0x1305f: je 0x13064
0x13061: jmp 0x130e4
0x13064: mov si, 0x138
0x13067: mov ax, 0xb800
0x1306a: mov es, ax
0x1306c: mov di, 0
0x1306f: mov cx, 0x504
0x13072: call 0x1307a
0x13075: jmp 0x13075
0x13077: jmp 0x1311c
0x1307a: push si
0x1307b: push di
0x1307c: push ax
0x1307d: push bx
2018-12-25T12:27:16.341715989Z 42 PC: 13058 | Get date 0x13058: cmp dl, 0x19
0x1305b: jl 0x13061
0x1305d: cmp al, 5
0x1305f: je 0x13064
0x13061: jmp 0x130e4
0x13064: mov si, 0x138
0x13067: mov ax, 0xb800
0x1306a: mov es, ax
0x1306c: mov di, 0
0x1306f: mov cx, 0x504
0x13072: call 0x1307a
0x13075: jmp 0x13075
0x13077: jmp 0x1311c
0x1307a: push si
0x1307b: push di
0x1307c: push ax
0x1307d: push bx
0x1307e: push cx
0x1307f: push dx
0x13080: jcxz 0x130dd
2018-12-25T12:27:16.343821876Z 47 PC: 130e8 | Get disk transfer address
2018-12-25T12:27:16.345687513Z 26 PC: 130f7 | Set disk transfer address
2018-12-25T12:27:16.347699039Z 25 PC: 130fb | Get default drive
2018-12-25T12:27:16.349595861Z 71 PC: 13106 | Get current directory
2018-12-25T12:27:16.353748142Z 59 PC: 1310d | Change current directory
2018-12-25T12:27:16.358908067Z 78 PC: 13117 | Find first file
2018-12-25T12:27:16.381314266Z 87 PC: 131f5 | Get or set file date and time
2018-12-25T12:27:16.382896434Z 59 PC: 131fc | Change current directory
2018-12-25T12:27:16.387894474Z 59 PC: 13203 | Change current directory
2018-12-25T12:27:16.389954866Z 76 PC: 13208 | Terminate with return code (Return code = '0')