Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Riot.808

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:41.550463592Z	48	PC: 12b36 \| Get DOS version
2018-12-17T23:02:41.552124761Z	44	PC: 12b3e \| Get time 0x12b3e: mov byte ptr [0x103], dl 0x12b42: mov dx, 0x146 0x12b45: mov ah, 0x1a 0x12b47: int 0x21 0x12b49: mov ah, 0x19 0x12b4b: int 0x21 0x12b4d: mov dl, al 0x12b4f: inc dl 0x12b51: mov ah, 0x47 0x12b53: mov si, 0x1a5 0x12b56: int 0x21 0x12b58: mov dx, 0x144 0x12b5b: mov ah, 0x3b 0x12b5d: int 0x21 0x12b5f: mov cx, 0x13 0x12b62: mov dx, 0x138 0x12b65: mov ah, 0x4e 0x12b67: int 0x21 0x12b69: cmp ax, 0x12 0x12b6c: jne 0x12b71
2018-12-17T23:02:41.554333213Z	26	PC: 12b49 \| Set disk transfer address
2018-12-17T23:02:41.555468447Z	25	PC: 12b4d \| Get default drive
2018-12-17T23:02:41.557647172Z	71	PC: 12b58 \| Get current directory
2018-12-17T23:02:41.561274918Z	59	PC: 12b5f \| Change current directory
2018-12-17T23:02:41.566023115Z	78	PC: 12b69 \| Find first file
2018-12-17T23:02:41.579001453Z	87	PC: 12c4d \| Get or set file date and time
2018-12-17T23:02:41.580839607Z	67	PC: 12c59 \| Get or set file attributes
2018-12-17T23:02:41.582954063Z	59	PC: 12c60 \| Change current directory
2018-12-17T23:02:41.58709004Z	59	PC: 12c67 \| Change current directory
2018-12-17T23:02:41.602753405Z	42	PC: 12c6b \| Get date 0x12c6b: cmp cx, 0x7c9 0x12c6f: jb 0x12c9d 0x12c71: cmp dl, 0xa 0x12c74: jne 0x12c9d 0x12c76: mov dx, 0x146 0x12c79: mov ah, 0x1a 0x12c7b: int 0x21 0x12c7d: mov ah, 0x4e 0x12c7f: mov cx, 7 0x12c82: mov dx, 0x140 0x12c85: int 0x21 0x12c87: jb 0x12c9d 0x12c89: mov ax, 0x4301 0x12c8c: xor cx, cx 0x12c8e: int 0x21 0x12c90: mov dx, 0x164 0x12c93: mov ah, 0x3c 0x12c95: int 0x21 0x12c97: jb 0x12c9d 0x12c99: mov ah, 0x4f
2018-12-17T23:02:41.604458922Z	76	PC: 12ca2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14292,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:17.342697932Z	48	PC: 12b36 \| Get DOS version
2018-12-25T12:40:17.345661635Z	44	PC: 12b3e \| Get time 0x12b3e: mov byte ptr [0x103], dl 0x12b42: mov dx, 0x146 0x12b45: mov ah, 0x1a 0x12b47: int 0x21 0x12b49: mov ah, 0x19 0x12b4b: int 0x21 0x12b4d: mov dl, al 0x12b4f: inc dl 0x12b51: mov ah, 0x47 0x12b53: mov si, 0x1a5 0x12b56: int 0x21 0x12b58: mov dx, 0x144 0x12b5b: mov ah, 0x3b 0x12b5d: int 0x21 0x12b5f: mov cx, 0x13 0x12b62: mov dx, 0x138 0x12b65: mov ah, 0x4e 0x12b67: int 0x21 0x12b69: cmp ax, 0x12 0x12b6c: jne 0x12b71
2018-12-25T12:40:17.348106599Z	26	PC: 12b49 \| Set disk transfer address
2018-12-25T12:40:17.349467864Z	25	PC: 12b4d \| Get default drive
2018-12-25T12:40:17.351651871Z	71	PC: 12b58 \| Get current directory
2018-12-25T12:40:17.354725916Z	59	PC: 12b5f \| Change current directory
2018-12-25T12:40:17.358916044Z	78	PC: 12b69 \| Find first file
2018-12-25T12:40:17.370052843Z	87	PC: 12c4d \| Get or set file date and time
2018-12-25T12:40:17.371545103Z	67	PC: 12c59 \| Get or set file attributes
2018-12-25T12:40:17.373191799Z	59	PC: 12c60 \| Change current directory
2018-12-25T12:40:17.383637274Z	59	PC: 12c67 \| Change current directory
2018-12-25T12:40:17.385342107Z	42	PC: 12c6b \| Get date 0x12c6b: cmp cx, 0x7c9 0x12c6f: jb 0x12c9d 0x12c71: cmp dl, 0xa 0x12c74: jne 0x12c9d 0x12c76: mov dx, 0x146 0x12c79: mov ah, 0x1a 0x12c7b: int 0x21 0x12c7d: mov ah, 0x4e 0x12c7f: mov cx, 7 0x12c82: mov dx, 0x140 0x12c85: int 0x21 0x12c87: jb 0x12c9d 0x12c89: mov ax, 0x4301 0x12c8c: xor cx, cx 0x12c8e: int 0x21 0x12c90: mov dx, 0x164 0x12c93: mov ah, 0x3c 0x12c95: int 0x21 0x12c97: jb 0x12c9d 0x12c99: mov ah, 0x4f
2018-12-25T12:40:17.387348521Z	76	PC: 12ca2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14292,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:17.375303307Z	48	PC: 12b36 \| Get DOS version
2018-12-25T12:40:17.377056341Z	44	PC: 12b3e \| Get time 0x12b3e: mov byte ptr [0x103], dl 0x12b42: mov dx, 0x146 0x12b45: mov ah, 0x1a 0x12b47: int 0x21 0x12b49: mov ah, 0x19 0x12b4b: int 0x21 0x12b4d: mov dl, al 0x12b4f: inc dl 0x12b51: mov ah, 0x47 0x12b53: mov si, 0x1a5 0x12b56: int 0x21 0x12b58: mov dx, 0x144 0x12b5b: mov ah, 0x3b 0x12b5d: int 0x21 0x12b5f: mov cx, 0x13 0x12b62: mov dx, 0x138 0x12b65: mov ah, 0x4e 0x12b67: int 0x21 0x12b69: cmp ax, 0x12 0x12b6c: jne 0x12b71
2018-12-25T12:40:17.383132631Z	26	PC: 12b49 \| Set disk transfer address
2018-12-25T12:40:17.384679785Z	25	PC: 12b4d \| Get default drive
2018-12-25T12:40:17.386708799Z	71	PC: 12b58 \| Get current directory
2018-12-25T12:40:17.389793951Z	59	PC: 12b5f \| Change current directory
2018-12-25T12:40:17.393018672Z	78	PC: 12b69 \| Find first file
2018-12-25T12:40:17.403740809Z	87	PC: 12c4d \| Get or set file date and time
2018-12-25T12:40:17.405687199Z	67	PC: 12c59 \| Get or set file attributes
2018-12-25T12:40:17.407826502Z	59	PC: 12c60 \| Change current directory
2018-12-25T12:40:17.412531577Z	59	PC: 12c67 \| Change current directory
2018-12-25T12:40:17.414360292Z	42	PC: 12c6b \| Get date 0x12c6b: cmp cx, 0x7c9 0x12c6f: jb 0x12c9d 0x12c71: cmp dl, 0xa 0x12c74: jne 0x12c9d 0x12c76: mov dx, 0x146 0x12c79: mov ah, 0x1a 0x12c7b: int 0x21 0x12c7d: mov ah, 0x4e 0x12c7f: mov cx, 7 0x12c82: mov dx, 0x140 0x12c85: int 0x21 0x12c87: jb 0x12c9d 0x12c89: mov ax, 0x4301 0x12c8c: xor cx, cx 0x12c8e: int 0x21 0x12c90: mov dx, 0x164 0x12c93: mov ah, 0x3c 0x12c95: int 0x21 0x12c97: jb 0x12c9d 0x12c99: mov ah, 0x4f
2018-12-25T12:40:17.416654534Z	76	PC: 12ca2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":10,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14292,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:17.379121387Z	48	PC: 12b36 \| Get DOS version
2018-12-25T12:40:17.382917813Z	44	PC: 12b3e \| Get time 0x12b3e: mov byte ptr [0x103], dl 0x12b42: mov dx, 0x146 0x12b45: mov ah, 0x1a 0x12b47: int 0x21 0x12b49: mov ah, 0x19 0x12b4b: int 0x21 0x12b4d: mov dl, al 0x12b4f: inc dl 0x12b51: mov ah, 0x47 0x12b53: mov si, 0x1a5 0x12b56: int 0x21 0x12b58: mov dx, 0x144 0x12b5b: mov ah, 0x3b 0x12b5d: int 0x21 0x12b5f: mov cx, 0x13 0x12b62: mov dx, 0x138 0x12b65: mov ah, 0x4e 0x12b67: int 0x21 0x12b69: cmp ax, 0x12 0x12b6c: jne 0x12b71
2018-12-25T12:40:17.385342606Z	26	PC: 12b49 \| Set disk transfer address
2018-12-25T12:40:17.386760173Z	25	PC: 12b4d \| Get default drive
2018-12-25T12:40:17.389394019Z	71	PC: 12b58 \| Get current directory
2018-12-25T12:40:17.392466207Z	59	PC: 12b5f \| Change current directory
2018-12-25T12:40:17.396660027Z	78	PC: 12b69 \| Find first file
2018-12-25T12:40:17.403407432Z	87	PC: 12c4d \| Get or set file date and time
2018-12-25T12:40:17.405535058Z	67	PC: 12c59 \| Get or set file attributes
2018-12-25T12:40:17.407359833Z	59	PC: 12c60 \| Change current directory
2018-12-25T12:40:17.412304272Z	59	PC: 12c67 \| Change current directory
2018-12-25T12:40:17.414612639Z	42	PC: 12c6b \| Get date 0x12c6b: cmp cx, 0x7c9 0x12c6f: jb 0x12c9d 0x12c71: cmp dl, 0xa 0x12c74: jne 0x12c9d 0x12c76: mov dx, 0x146 0x12c79: mov ah, 0x1a 0x12c7b: int 0x21 0x12c7d: mov ah, 0x4e 0x12c7f: mov cx, 7 0x12c82: mov dx, 0x140 0x12c85: int 0x21 0x12c87: jb 0x12c9d 0x12c89: mov ax, 0x4301 0x12c8c: xor cx, cx 0x12c8e: int 0x21 0x12c90: mov dx, 0x164 0x12c93: mov ah, 0x3c 0x12c95: int 0x21 0x12c97: jb 0x12c9d 0x12c99: mov ah, 0x4f
2018-12-25T12:40:17.416968003Z	26	PC: 12c7d \| Set disk transfer address
2018-12-25T12:40:17.418052437Z	78	PC: 12c87 \| Find first file
2018-12-25T12:40:17.430107471Z	67	PC: 12c90 \| Get or set file attributes
2018-12-25T12:40:17.43492072Z	60	PC: 12c97 \| Create or truncate file
2018-12-25T12:40:18.208719045Z	79	PC: 12c87 \| Find next file (See above)
2018-12-25T12:40:18.21580151Z	67	PC: 12c90 \| Get or set file attributes (See above)
2018-12-25T12:40:18.225473803Z	60	PC: 12c97 \| Create or truncate file (See above)
2018-12-25T12:40:18.237574187Z	79	PC: 12c87 \| Find next file (See above)
2018-12-25T12:40:18.241540006Z	67	PC: 12c90 \| Get or set file attributes (See above)
2018-12-25T12:40:18.253109314Z	60	PC: 12c97 \| Create or truncate file (See above)
2018-12-25T12:40:18.265853821Z	79	PC: 12c87 \| Find next file (See above)
2018-12-25T12:40:18.268675951Z	67	PC: 12c90 \| Get or set file attributes (See above)
2018-12-25T12:40:18.276215672Z	60	PC: 12c97 \| Create or truncate file (See above)
2018-12-25T12:40:18.288680236Z	79	PC: 12c87 \| Find next file (See above)
2018-12-25T12:40:18.292411285Z	67	PC: 12c90 \| Get or set file attributes (See above)
2018-12-25T12:40:18.302032903Z	60	PC: 12c97 \| Create or truncate file (See above)
2018-12-25T12:40:18.315528709Z	79	PC: 12c87 \| Find next file (See above)
2018-12-25T12:40:18.318818651Z	67	PC: 12c90 \| Get or set file attributes (See above)
2018-12-25T12:40:18.328974495Z	60	PC: 12c97 \| Create or truncate file (See above)
2018-12-25T12:40:18.33672424Z	79	PC: 12c87 \| Find next file (See above)
2018-12-25T12:40:18.34052616Z	67	PC: 12c90 \| Get or set file attributes (See above)
2018-12-25T12:40:18.350231245Z	60	PC: 12c97 \| Create or truncate file (See above)
2018-12-25T12:40:18.362087828Z	79	PC: 12c87 \| Find next file (See above)
2018-12-25T12:40:18.365895196Z	67	PC: 12c90 \| Get or set file attributes (See above)
2018-12-25T12:40:18.372539911Z	60	PC: 12c97 \| Create or truncate file (See above)
2018-12-25T12:40:18.386313997Z	79	PC: 12c87 \| Find next file (See above)
2018-12-25T12:40:18.388864691Z	67	PC: 12c90 \| Get or set file attributes (See above)
2018-12-25T12:40:18.395279097Z	60	PC: 12c97 \| Create or truncate file (See above)
2018-12-25T12:40:18.403899448Z	79	PC: 12c87 \| Find next file (See above)
2018-12-25T12:40:18.406352578Z	76	PC: 12ca2 \| Terminate with return code (Return code = '0')