Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.47857.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:06.495650724Z	48	PC: 12c37 \| Get DOS version
2018-12-17T22:52:06.497491071Z	44	PC: 12c3f \| Get time 0x12c3f: mov byte ptr [0x102], dl 0x12c43: mov dx, 0x147 0x12c46: mov ah, 0x1a 0x12c48: int 0x21 0x12c4a: mov ah, 0x19 0x12c4c: int 0x21 0x12c4e: mov dl, al 0x12c50: inc dl 0x12c52: mov ah, 0x47 0x12c54: mov si, 0x1a6 0x12c57: int 0x21 0x12c59: mov dx, 0x145 0x12c5c: mov ah, 0x3b 0x12c5e: int 0x21 0x12c60: mov cx, 0x13 0x12c63: mov dx, 0x139 0x12c66: mov ah, 0x4e 0x12c68: int 0x21 0x12c6a: cmp ax, 0x12 0x12c6d: jne 0x12c71
2018-12-17T22:52:06.501071467Z	26	PC: 12c4a \| Set disk transfer address
2018-12-17T22:52:06.502598886Z	25	PC: 12c4e \| Get default drive
2018-12-17T22:52:06.504086851Z	71	PC: 12c59 \| Get current directory
2018-12-17T22:52:06.507754911Z	59	PC: 12c60 \| Change current directory
2018-12-17T22:52:06.50968673Z	78	PC: 12c6a \| Find first file
2018-12-17T22:52:06.511429283Z	79	PC: 12c75 \| Find next file
2018-12-17T22:52:06.513816548Z	87	PC: 12d4c \| Get or set file date and time
2018-12-17T22:52:06.515316866Z	67	PC: 12d58 \| Get or set file attributes
2018-12-17T22:52:06.51710746Z	59	PC: 12d5f \| Change current directory
2018-12-17T22:52:06.519463496Z	59	PC: 12d66 \| Change current directory
2018-12-17T22:52:06.522591903Z	42	PC: 12d6a \| Get date 0x12d6a: cmp cx, 0x7c7 0x12d6e: jb 0x12da0 0x12d70: cmp dl, 0x19 0x12d73: jb 0x12da0 0x12d75: cmp al, 5 0x12d77: jne 0x12da0 0x12d79: mov dx, 0x147 0x12d7c: mov ah, 0x1a 0x12d7e: int 0x21 0x12d80: mov ah, 0x4e 0x12d82: mov cx, 7 0x12d85: mov dx, 0x141 0x12d88: int 0x21 0x12d8a: jb 0x12da0 0x12d8c: mov ax, 0x4301 0x12d8f: xor cx, cx 0x12d91: int 0x21 0x12d93: mov dx, 0x165 0x12d96: mov ah, 0x3c 0x12d98: int 0x21
2018-12-17T22:52:06.525279972Z	76	PC: 12da5 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":25,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10781,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:14.02281892Z	48	PC: 12c37 \| Get DOS version
2018-12-25T12:29:14.027151824Z	44	PC: 12c3f \| Get time 0x12c3f: mov byte ptr [0x102], dl 0x12c43: mov dx, 0x147 0x12c46: mov ah, 0x1a 0x12c48: int 0x21 0x12c4a: mov ah, 0x19 0x12c4c: int 0x21 0x12c4e: mov dl, al 0x12c50: inc dl 0x12c52: mov ah, 0x47 0x12c54: mov si, 0x1a6 0x12c57: int 0x21 0x12c59: mov dx, 0x145 0x12c5c: mov ah, 0x3b 0x12c5e: int 0x21 0x12c60: mov cx, 0x13 0x12c63: mov dx, 0x139 0x12c66: mov ah, 0x4e 0x12c68: int 0x21 0x12c6a: cmp ax, 0x12 0x12c6d: jne 0x12c71
2018-12-25T12:29:14.029908164Z	26	PC: 12c4a \| Set disk transfer address
2018-12-25T12:29:14.03124711Z	25	PC: 12c4e \| Get default drive
2018-12-25T12:29:14.03235997Z	71	PC: 12c59 \| Get current directory
2018-12-25T12:29:14.035489231Z	59	PC: 12c60 \| Change current directory
2018-12-25T12:29:14.037317548Z	78	PC: 12c6a \| Find first file
2018-12-25T12:29:14.038953731Z	79	PC: 12c75 \| Find next file
2018-12-25T12:29:14.041309102Z	87	PC: 12d4c \| Get or set file date and time
2018-12-25T12:29:14.04281949Z	67	PC: 12d58 \| Get or set file attributes
2018-12-25T12:29:14.044780632Z	59	PC: 12d5f \| Change current directory
2018-12-25T12:29:14.047087911Z	59	PC: 12d66 \| Change current directory
2018-12-25T12:29:14.049013358Z	42	PC: 12d6a \| Get date 0x12d6a: cmp cx, 0x7c7 0x12d6e: jb 0x12da0 0x12d70: cmp dl, 0x19 0x12d73: jb 0x12da0 0x12d75: cmp al, 5 0x12d77: jne 0x12da0 0x12d79: mov dx, 0x147 0x12d7c: mov ah, 0x1a 0x12d7e: int 0x21 0x12d80: mov ah, 0x4e 0x12d82: mov cx, 7 0x12d85: mov dx, 0x141 0x12d88: int 0x21 0x12d8a: jb 0x12da0 0x12d8c: mov ax, 0x4301 0x12d8f: xor cx, cx 0x12d91: int 0x21 0x12d93: mov dx, 0x165 0x12d96: mov ah, 0x3c 0x12d98: int 0x21
2018-12-25T12:29:14.051868181Z	26	PC: 12d80 \| Set disk transfer address
2018-12-25T12:29:14.053791305Z	78	PC: 12d8a \| Find first file
2018-12-25T12:29:14.055745176Z	76	PC: 12da5 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":26,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10781,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:14.388424999Z	48	PC: 12c37 \| Get DOS version
2018-12-25T12:29:14.389825561Z	44	PC: 12c3f \| Get time 0x12c3f: mov byte ptr [0x102], dl 0x12c43: mov dx, 0x147 0x12c46: mov ah, 0x1a 0x12c48: int 0x21 0x12c4a: mov ah, 0x19 0x12c4c: int 0x21 0x12c4e: mov dl, al 0x12c50: inc dl 0x12c52: mov ah, 0x47 0x12c54: mov si, 0x1a6 0x12c57: int 0x21 0x12c59: mov dx, 0x145 0x12c5c: mov ah, 0x3b 0x12c5e: int 0x21 0x12c60: mov cx, 0x13 0x12c63: mov dx, 0x139 0x12c66: mov ah, 0x4e 0x12c68: int 0x21 0x12c6a: cmp ax, 0x12 0x12c6d: jne 0x12c71
2018-12-25T12:29:14.391432867Z	26	PC: 12c4a \| Set disk transfer address
2018-12-25T12:29:14.392207202Z	25	PC: 12c4e \| Get default drive
2018-12-25T12:29:14.393193769Z	71	PC: 12c59 \| Get current directory
2018-12-25T12:29:14.395271516Z	59	PC: 12c60 \| Change current directory
2018-12-25T12:29:14.396795505Z	78	PC: 12c6a \| Find first file
2018-12-25T12:29:14.397934663Z	79	PC: 12c75 \| Find next file
2018-12-25T12:29:14.399577019Z	87	PC: 12d4c \| Get or set file date and time
2018-12-25T12:29:14.400905249Z	67	PC: 12d58 \| Get or set file attributes
2018-12-25T12:29:14.402428483Z	59	PC: 12d5f \| Change current directory
2018-12-25T12:29:14.404616283Z	59	PC: 12d66 \| Change current directory
2018-12-25T12:29:14.406123146Z	42	PC: 12d6a \| Get date 0x12d6a: cmp cx, 0x7c7 0x12d6e: jb 0x12da0 0x12d70: cmp dl, 0x19 0x12d73: jb 0x12da0 0x12d75: cmp al, 5 0x12d77: jne 0x12da0 0x12d79: mov dx, 0x147 0x12d7c: mov ah, 0x1a 0x12d7e: int 0x21 0x12d80: mov ah, 0x4e 0x12d82: mov cx, 7 0x12d85: mov dx, 0x141 0x12d88: int 0x21 0x12d8a: jb 0x12da0 0x12d8c: mov ax, 0x4301 0x12d8f: xor cx, cx 0x12d91: int 0x21 0x12d93: mov dx, 0x165 0x12d96: mov ah, 0x3c 0x12d98: int 0x21
2018-12-25T12:29:14.407787477Z	76	PC: 12da5 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10781,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:14.411633727Z	48	PC: 12c37 \| Get DOS version
2018-12-25T12:29:14.422922102Z	44	PC: 12c3f \| Get time 0x12c3f: mov byte ptr [0x102], dl 0x12c43: mov dx, 0x147 0x12c46: mov ah, 0x1a 0x12c48: int 0x21 0x12c4a: mov ah, 0x19 0x12c4c: int 0x21 0x12c4e: mov dl, al 0x12c50: inc dl 0x12c52: mov ah, 0x47 0x12c54: mov si, 0x1a6 0x12c57: int 0x21 0x12c59: mov dx, 0x145 0x12c5c: mov ah, 0x3b 0x12c5e: int 0x21 0x12c60: mov cx, 0x13 0x12c63: mov dx, 0x139 0x12c66: mov ah, 0x4e 0x12c68: int 0x21 0x12c6a: cmp ax, 0x12 0x12c6d: jne 0x12c71
2018-12-25T12:29:14.42442665Z	26	PC: 12c4a \| Set disk transfer address
2018-12-25T12:29:14.425205762Z	25	PC: 12c4e \| Get default drive
2018-12-25T12:29:14.427395406Z	71	PC: 12c59 \| Get current directory
2018-12-25T12:29:14.430486882Z	59	PC: 12c60 \| Change current directory
2018-12-25T12:29:14.432427586Z	78	PC: 12c6a \| Find first file
2018-12-25T12:29:14.437624511Z	79	PC: 12c75 \| Find next file
2018-12-25T12:29:14.441527067Z	87	PC: 12d4c \| Get or set file date and time
2018-12-25T12:29:14.444620525Z	67	PC: 12d58 \| Get or set file attributes
2018-12-25T12:29:14.448175055Z	59	PC: 12d5f \| Change current directory
2018-12-25T12:29:14.450493877Z	59	PC: 12d66 \| Change current directory
2018-12-25T12:29:14.452567683Z	42	PC: 12d6a \| Get date 0x12d6a: cmp cx, 0x7c7 0x12d6e: jb 0x12da0 0x12d70: cmp dl, 0x19 0x12d73: jb 0x12da0 0x12d75: cmp al, 5 0x12d77: jne 0x12da0 0x12d79: mov dx, 0x147 0x12d7c: mov ah, 0x1a 0x12d7e: int 0x21 0x12d80: mov ah, 0x4e 0x12d82: mov cx, 7 0x12d85: mov dx, 0x141 0x12d88: int 0x21 0x12d8a: jb 0x12da0 0x12d8c: mov ax, 0x4301 0x12d8f: xor cx, cx 0x12d91: int 0x21 0x12d93: mov dx, 0x165 0x12d96: mov ah, 0x3c 0x12d98: int 0x21
2018-12-25T12:29:14.4601809Z	76	PC: 12da5 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10781,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:14.425638439Z	48	PC: 12c37 \| Get DOS version
2018-12-25T12:29:14.426849405Z	44	PC: 12c3f \| Get time 0x12c3f: mov byte ptr [0x102], dl 0x12c43: mov dx, 0x147 0x12c46: mov ah, 0x1a 0x12c48: int 0x21 0x12c4a: mov ah, 0x19 0x12c4c: int 0x21 0x12c4e: mov dl, al 0x12c50: inc dl 0x12c52: mov ah, 0x47 0x12c54: mov si, 0x1a6 0x12c57: int 0x21 0x12c59: mov dx, 0x145 0x12c5c: mov ah, 0x3b 0x12c5e: int 0x21 0x12c60: mov cx, 0x13 0x12c63: mov dx, 0x139 0x12c66: mov ah, 0x4e 0x12c68: int 0x21 0x12c6a: cmp ax, 0x12 0x12c6d: jne 0x12c71
2018-12-25T12:29:14.430018751Z	26	PC: 12c4a \| Set disk transfer address
2018-12-25T12:29:14.431629915Z	25	PC: 12c4e \| Get default drive
2018-12-25T12:29:14.432897721Z	71	PC: 12c59 \| Get current directory
2018-12-25T12:29:14.436567789Z	59	PC: 12c60 \| Change current directory
2018-12-25T12:29:14.438492721Z	78	PC: 12c6a \| Find first file
2018-12-25T12:29:14.440418598Z	79	PC: 12c75 \| Find next file
2018-12-25T12:29:14.445094188Z	87	PC: 12d4c \| Get or set file date and time
2018-12-25T12:29:14.447571198Z	67	PC: 12d58 \| Get or set file attributes
2018-12-25T12:29:14.450402452Z	59	PC: 12d5f \| Change current directory
2018-12-25T12:29:14.453261983Z	59	PC: 12d66 \| Change current directory
2018-12-25T12:29:14.455139824Z	42	PC: 12d6a \| Get date 0x12d6a: cmp cx, 0x7c7 0x12d6e: jb 0x12da0 0x12d70: cmp dl, 0x19 0x12d73: jb 0x12da0 0x12d75: cmp al, 5 0x12d77: jne 0x12da0 0x12d79: mov dx, 0x147 0x12d7c: mov ah, 0x1a 0x12d7e: int 0x21 0x12d80: mov ah, 0x4e 0x12d82: mov cx, 7 0x12d85: mov dx, 0x141 0x12d88: int 0x21 0x12d8a: jb 0x12da0 0x12d8c: mov ax, 0x4301 0x12d8f: xor cx, cx 0x12d91: int 0x21 0x12d93: mov dx, 0x165 0x12d96: mov ah, 0x3c 0x12d98: int 0x21
2018-12-25T12:29:14.457381589Z	76	PC: 12da5 \| Terminate with return code (Return code = '0')