Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Ultra.1306

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:24.61587586Z	48	PC: 12b6a \| Get DOS version
2018-12-17T22:51:24.617515037Z	44	PC: 12b72 \| Get time 0x12b72: mov byte ptr [0x10a], dl 0x12b76: cmp byte ptr [0x10a], 0xe 0x12b7b: jne 0x12b87 0x12b7d: mov ah, 9 0x12b7f: mov dx, 0x3d0 0x12b82: int 0x21 0x12b84: jmp 0x12ccf 0x12b87: mov dx, 0x161 0x12b8a: mov ah, 0x1a 0x12b8c: int 0x21 0x12b8e: mov ah, 0x19 0x12b90: int 0x21 0x12b92: mov byte ptr [0x1bf], al 0x12b95: mov dl, al 0x12b97: inc dl 0x12b99: mov ah, 0x47 0x12b9b: mov si, 0x1c0 0x12b9e: int 0x21 0x12ba0: mov dx, 0x15f 0x12ba3: mov ah, 0x3b
2018-12-17T22:51:24.620479454Z	26	PC: 12b8e \| Set disk transfer address
2018-12-17T22:51:24.621618231Z	25	PC: 12b92 \| Get default drive
2018-12-17T22:51:24.622780112Z	71	PC: 12ba0 \| Get current directory
2018-12-17T22:51:24.626625625Z	59	PC: 12ba7 \| Change current directory
2018-12-17T22:51:24.631602218Z	78	PC: 12bb1 \| Find first file
2018-12-17T22:51:24.644584911Z	87	PC: 12c90 \| Get or set file date and time
2018-12-17T22:51:24.64758202Z	67	PC: 12c9c \| Get or set file attributes
2018-12-17T22:51:24.654150823Z	59	PC: 12ca3 \| Change current directory
2018-12-17T22:51:24.658883349Z	59	PC: 12caa \| Change current directory
2018-12-17T22:51:24.662359618Z	42	PC: 12cae \| Get date 0x12cae: cmp dl, 0xb 0x12cb1: jne 0x12ccf 0x12cb3: cmp al, 5 0x12cb5: jne 0x12ccf 0x12cb7: mov al, byte ptr [0x1bf] 0x12cba: mov bx, 0x514 0x12cbd: mov cx, 0xff 0x12cc0: mov dx, 1 0x12cc3: int 0x26 0x12cc5: add sp, 2 0x12cc8: mov ah, 9 0x12cca: mov dx, 0x394 0x12ccd: int 0x21 0x12ccf: mov ax, 0x4c00 0x12cd2: int 0x21 0x12cd4: je 0x12d41 0x12cd9: imul si, word ptr [bp + di + 0x20], 0x7369 0x12cde: and byte ptr [bp + si + 0x75], ch 0x12ce1: jae 0x12d57 0x12ce3: and byte ptr [si + 0x68], dh
2018-12-17T22:51:24.664782248Z	76	PC: 12cd4 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10537,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:18.61895783Z	48	PC: 12b6a \| Get DOS version
2018-12-25T12:28:18.62043206Z	44	PC: 12b72 \| Get time 0x12b72: mov byte ptr [0x10a], dl 0x12b76: cmp byte ptr [0x10a], 0xe 0x12b7b: jne 0x12b87 0x12b7d: mov ah, 9 0x12b7f: mov dx, 0x3d0 0x12b82: int 0x21 0x12b84: jmp 0x12ccf 0x12b87: mov dx, 0x161 0x12b8a: mov ah, 0x1a 0x12b8c: int 0x21 0x12b8e: mov ah, 0x19 0x12b90: int 0x21 0x12b92: mov byte ptr [0x1bf], al 0x12b95: mov dl, al 0x12b97: inc dl 0x12b99: mov ah, 0x47 0x12b9b: mov si, 0x1c0 0x12b9e: int 0x21 0x12ba0: mov dx, 0x15f 0x12ba3: mov ah, 0x3b
2018-12-25T12:28:18.632003242Z	26	PC: 12b8e \| Set disk transfer address
2018-12-25T12:28:18.633319216Z	25	PC: 12b92 \| Get default drive
2018-12-25T12:28:18.634570356Z	71	PC: 12ba0 \| Get current directory
2018-12-25T12:28:18.638418213Z	59	PC: 12ba7 \| Change current directory
2018-12-25T12:28:18.643082791Z	78	PC: 12bb1 \| Find first file
2018-12-25T12:28:18.655619874Z	87	PC: 12c90 \| Get or set file date and time
2018-12-25T12:28:18.657931561Z	67	PC: 12c9c \| Get or set file attributes
2018-12-25T12:28:18.670488383Z	59	PC: 12ca3 \| Change current directory
2018-12-25T12:28:18.675051946Z	59	PC: 12caa \| Change current directory
2018-12-25T12:28:18.677473155Z	42	PC: 12cae \| Get date 0x12cae: cmp dl, 0xb 0x12cb1: jne 0x12ccf 0x12cb3: cmp al, 5 0x12cb5: jne 0x12ccf 0x12cb7: mov al, byte ptr [0x1bf] 0x12cba: mov bx, 0x514 0x12cbd: mov cx, 0xff 0x12cc0: mov dx, 1 0x12cc3: int 0x26 0x12cc5: add sp, 2 0x12cc8: mov ah, 9 0x12cca: mov dx, 0x394 0x12ccd: int 0x21 0x12ccf: mov ax, 0x4c00 0x12cd2: int 0x21 0x12cd4: je 0x12d41 0x12cd9: imul si, word ptr [bp + di + 0x20], 0x7369 0x12cde: and byte ptr [bp + si + 0x75], ch 0x12ce1: jae 0x12d57 0x12ce3: and byte ptr [si + 0x68], dh
2018-12-25T12:28:18.680479828Z	76	PC: 12cd4 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":11,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10537,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:18.661365847Z	48	PC: 12b6a \| Get DOS version
2018-12-25T12:28:18.662738154Z	44	PC: 12b72 \| Get time 0x12b72: mov byte ptr [0x10a], dl 0x12b76: cmp byte ptr [0x10a], 0xe 0x12b7b: jne 0x12b87 0x12b7d: mov ah, 9 0x12b7f: mov dx, 0x3d0 0x12b82: int 0x21 0x12b84: jmp 0x12ccf 0x12b87: mov dx, 0x161 0x12b8a: mov ah, 0x1a 0x12b8c: int 0x21 0x12b8e: mov ah, 0x19 0x12b90: int 0x21 0x12b92: mov byte ptr [0x1bf], al 0x12b95: mov dl, al 0x12b97: inc dl 0x12b99: mov ah, 0x47 0x12b9b: mov si, 0x1c0 0x12b9e: int 0x21 0x12ba0: mov dx, 0x15f 0x12ba3: mov ah, 0x3b
2018-12-25T12:28:18.665899165Z	26	PC: 12b8e \| Set disk transfer address
2018-12-25T12:28:18.667107348Z	25	PC: 12b92 \| Get default drive
2018-12-25T12:28:18.668343542Z	71	PC: 12ba0 \| Get current directory
2018-12-25T12:28:18.672496442Z	59	PC: 12ba7 \| Change current directory
2018-12-25T12:28:18.677087694Z	78	PC: 12bb1 \| Find first file
2018-12-25T12:28:18.683744648Z	87	PC: 12c90 \| Get or set file date and time
2018-12-25T12:28:18.69044146Z	67	PC: 12c9c \| Get or set file attributes
2018-12-25T12:28:18.69671596Z	59	PC: 12ca3 \| Change current directory
2018-12-25T12:28:18.706433984Z	59	PC: 12caa \| Change current directory
2018-12-25T12:28:18.7088672Z	42	PC: 12cae \| Get date 0x12cae: cmp dl, 0xb 0x12cb1: jne 0x12ccf 0x12cb3: cmp al, 5 0x12cb5: jne 0x12ccf 0x12cb7: mov al, byte ptr [0x1bf] 0x12cba: mov bx, 0x514 0x12cbd: mov cx, 0xff 0x12cc0: mov dx, 1 0x12cc3: int 0x26 0x12cc5: add sp, 2 0x12cc8: mov ah, 9 0x12cca: mov dx, 0x394 0x12ccd: int 0x21 0x12ccf: mov ax, 0x4c00 0x12cd2: int 0x21 0x12cd4: je 0x12d41 0x12cd9: imul si, word ptr [bp + di + 0x20], 0x7369 0x12cde: and byte ptr [bp + si + 0x75], ch 0x12ce1: jae 0x12d57 0x12ce3: and byte ptr [si + 0x68], dh
2018-12-25T12:28:18.72837607Z	9	PC: 12ccf \| Display string (String= '...this is just the beginning, next time, we come in force!')
2018-12-25T12:28:18.732472827Z	76	PC: 12cd4 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":11,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10537,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:18.998710926Z	48	PC: 12b6a \| Get DOS version
2018-12-25T12:28:19.000669151Z	44	PC: 12b72 \| Get time 0x12b72: mov byte ptr [0x10a], dl 0x12b76: cmp byte ptr [0x10a], 0xe 0x12b7b: jne 0x12b87 0x12b7d: mov ah, 9 0x12b7f: mov dx, 0x3d0 0x12b82: int 0x21 0x12b84: jmp 0x12ccf 0x12b87: mov dx, 0x161 0x12b8a: mov ah, 0x1a 0x12b8c: int 0x21 0x12b8e: mov ah, 0x19 0x12b90: int 0x21 0x12b92: mov byte ptr [0x1bf], al 0x12b95: mov dl, al 0x12b97: inc dl 0x12b99: mov ah, 0x47 0x12b9b: mov si, 0x1c0 0x12b9e: int 0x21 0x12ba0: mov dx, 0x15f 0x12ba3: mov ah, 0x3b
2018-12-25T12:28:19.003738174Z	26	PC: 12b8e \| Set disk transfer address
2018-12-25T12:28:19.005348043Z	25	PC: 12b92 \| Get default drive
2018-12-25T12:28:19.006945223Z	71	PC: 12ba0 \| Get current directory
2018-12-25T12:28:19.01192863Z	59	PC: 12ba7 \| Change current directory
2018-12-25T12:28:19.016214245Z	78	PC: 12bb1 \| Find first file
2018-12-25T12:28:19.021634721Z	87	PC: 12c90 \| Get or set file date and time
2018-12-25T12:28:19.023625481Z	67	PC: 12c9c \| Get or set file attributes
2018-12-25T12:28:19.027963245Z	59	PC: 12ca3 \| Change current directory
2018-12-25T12:28:19.031799885Z	59	PC: 12caa \| Change current directory
2018-12-25T12:28:19.035632018Z	42	PC: 12cae \| Get date 0x12cae: cmp dl, 0xb 0x12cb1: jne 0x12ccf 0x12cb3: cmp al, 5 0x12cb5: jne 0x12ccf 0x12cb7: mov al, byte ptr [0x1bf] 0x12cba: mov bx, 0x514 0x12cbd: mov cx, 0xff 0x12cc0: mov dx, 1 0x12cc3: int 0x26 0x12cc5: add sp, 2 0x12cc8: mov ah, 9 0x12cca: mov dx, 0x394 0x12ccd: int 0x21 0x12ccf: mov ax, 0x4c00 0x12cd2: int 0x21 0x12cd4: je 0x12d41 0x12cd9: imul si, word ptr [bp + di + 0x20], 0x7369 0x12cde: and byte ptr [bp + si + 0x75], ch 0x12ce1: jae 0x12d57 0x12ce3: and byte ptr [si + 0x68], dh
2018-12-25T12:28:19.037398392Z	76	PC: 12cd4 \| Terminate with return code (Return code = '0')