Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Riot.664.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:16:11.156558947Z 44 PC: 12b47 | Get time 0x12b47: cmp byte ptr [0x106], 0
0x12b4c: je 0x12b53
0x12b4e: cmp dh, 0xf
0x12b51: jg 0x12b5c
0x12b53: cmp dl, 0
0x12b56: je 0x12b43
0x12b58: mov byte ptr [0x106], dl
0x12b5c: mov byte ptr [0x1f8], 0
0x12b61: mov byte ptr [0x1f9], 4
0x12b66: mov byte ptr [0x202], 0
0x12b6b: mov cx, 0x27
0x12b6e: mov dx, 0x12e
0x12b71: mov ah, 0x4e
0x12b73: int 0x21
0x12b75: cmp ax, 0x12
0x12b78: je 0x12b7d
0x12b7a: call 0x12b9f
0x12b7d: mov cx, 0x27
0x12b80: mov dx, 0x134
0x12b83: mov ah, 0x4e
2018-12-17T23:16:11.159076298Z 78 PC: 12b75 | Find first file
2018-12-17T23:16:11.164889738Z 78 PC: 12b87 | Find first file
2018-12-17T23:16:11.169096599Z 67 PC: 12bc0 | Get or set file attributes
2018-12-17T23:16:11.184415372Z 61 PC: 12bc6 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:16:11.191260943Z 63 PC: 12bd5 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T23:16:11.196655624Z 62 PC: 12c09 | Close file
2018-12-17T23:16:11.198461527Z 61 PC: 12c12 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:16:11.206058301Z 64 PC: 12a57 | Write file or device (Write 664 bytes on handle 5)
2018-12-17T23:16:11.212404573Z 42 PC: 12c70 | Get date 0x12c70: cmp dl, 0xa
0x12c73: je 0x12c50
0x12c75: jmp 0x12c77
0x12c77: ret
0x12c78: cmp byte ptr [0x1f8], 0xf
0x12c7d: jl 0x12c8f
0x12c7f: cmp byte ptr [0x202], 0
0x12c84: jg 0x12c8f
0x12c86: mov ah, 9
0x12c88: mov dx, 0x160
0x12c8b: int 0x21
0x12c8d: jmp 0x12c96
0x12c8f: mov ah, 9
0x12c91: mov dx, 0x13d
0x12c94: int 0x21
0x12c96: mov ah, 0x4c
0x12c98: int 0x21
0x12c9a: nop
0x12c9b: nop
0x12c9c: nop
2018-12-17T23:16:11.214298035Z 87 PC: 12c3a | Get or set file date and time
2018-12-17T23:16:11.215829481Z 62 PC: 12c42 | Close file
2018-12-17T23:16:11.221050575Z 67 PC: 12c4f | Get or set file attributes
2018-12-17T23:16:11.224386181Z 79 PC: 12bf9 | Find next file
2018-12-17T23:16:11.22680725Z 67 PC: 12bc0 | Get or set file attributes
2018-12-17T23:16:11.233000107Z 61 PC: 12bc6 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:16:11.237368443Z 63 PC: 12bd5 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T23:16:11.24208113Z 62 PC: 12c09 | Close file
2018-12-17T23:16:11.243321633Z 61 PC: 12c12 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:16:11.249402338Z 64 PC: 12a57 | Write file or device (Write 664 bytes on handle 5)
2018-12-17T23:16:11.255289221Z 42 PC: 12c70 | Get date 0x12c70: cmp dl, 0xa
0x12c73: je 0x12c50
0x12c75: jmp 0x12c77
0x12c77: ret
0x12c78: cmp byte ptr [0x1f8], 0xf
0x12c7d: jl 0x12c8f
0x12c7f: cmp byte ptr [0x202], 0
0x12c84: jg 0x12c8f
0x12c86: mov ah, 9
0x12c88: mov dx, 0x160
0x12c8b: int 0x21
0x12c8d: jmp 0x12c96
0x12c8f: mov ah, 9
0x12c91: mov dx, 0x13d
0x12c94: int 0x21
0x12c96: mov ah, 0x4c
0x12c98: int 0x21
0x12c9a: nop
0x12c9b: nop
0x12c9c: nop
2018-12-17T23:16:11.256803256Z 87 PC: 12c3a | Get or set file date and time
2018-12-17T23:16:11.257950106Z 62 PC: 12c42 | Close file
2018-12-17T23:16:11.263634751Z 67 PC: 12c4f | Get or set file attributes
2018-12-17T23:16:11.269942918Z 79 PC: 12bf9 | Find next file
2018-12-17T23:16:11.276645868Z 67 PC: 12bc0 | Get or set file attributes
2018-12-17T23:16:11.290162319Z 61 PC: 12bc6 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:16:11.296622741Z 63 PC: 12bd5 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T23:16:11.303357327Z 62 PC: 12c09 | Close file
2018-12-17T23:16:11.305644206Z 61 PC: 12c12 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:16:11.312432446Z 64 PC: 12a57 | Write file or device (Write 664 bytes on handle 5)
2018-12-17T23:16:11.320609726Z 42 PC: 12c70 | Get date 0x12c70: cmp dl, 0xa
0x12c73: je 0x12c50
0x12c75: jmp 0x12c77
0x12c77: ret
0x12c78: cmp byte ptr [0x1f8], 0xf
0x12c7d: jl 0x12c8f
0x12c7f: cmp byte ptr [0x202], 0
0x12c84: jg 0x12c8f
0x12c86: mov ah, 9
0x12c88: mov dx, 0x160
0x12c8b: int 0x21
0x12c8d: jmp 0x12c96
0x12c8f: mov ah, 9
0x12c91: mov dx, 0x13d
0x12c94: int 0x21
0x12c96: mov ah, 0x4c
0x12c98: int 0x21
0x12c9a: nop
0x12c9b: nop
0x12c9c: nop
2018-12-17T23:16:11.323601842Z 87 PC: 12c3a | Get or set file date and time
2018-12-17T23:16:11.32518116Z 62 PC: 12c42 | Close file
2018-12-17T23:16:11.333228799Z 67 PC: 12c4f | Get or set file attributes
2018-12-17T23:16:11.338307601Z 79 PC: 12bf9 | Find next file
2018-12-17T23:16:11.341074585Z 67 PC: 12bc0 | Get or set file attributes
2018-12-17T23:16:11.353601095Z 61 PC: 12bc6 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:16:11.366516238Z 63 PC: 12bd5 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T23:16:11.372999991Z 62 PC: 12c09 | Close file
2018-12-17T23:16:11.3748655Z 61 PC: 12c12 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:16:11.381860377Z 64 PC: 12a57 | Write file or device (Write 664 bytes on handle 5)
2018-12-17T23:16:11.390263688Z 42 PC: 12c70 | Get date 0x12c70: cmp dl, 0xa
0x12c73: je 0x12c50
0x12c75: jmp 0x12c77
0x12c77: ret
0x12c78: cmp byte ptr [0x1f8], 0xf
0x12c7d: jl 0x12c8f
0x12c7f: cmp byte ptr [0x202], 0
0x12c84: jg 0x12c8f
0x12c86: mov ah, 9
0x12c88: mov dx, 0x160
0x12c8b: int 0x21
0x12c8d: jmp 0x12c96
0x12c8f: mov ah, 9
0x12c91: mov dx, 0x13d
0x12c94: int 0x21
0x12c96: mov ah, 0x4c
0x12c98: int 0x21
0x12c9a: nop
0x12c9b: nop
0x12c9c: nop
2018-12-17T23:16:11.392383941Z 87 PC: 12c3a | Get or set file date and time
2018-12-17T23:16:11.393827748Z 62 PC: 12c42 | Close file
2018-12-17T23:16:11.401799216Z 67 PC: 12c4f | Get or set file attributes
2018-12-17T23:16:11.40658051Z 9 PC: 12c96 | Display string (String= ' Program too big to fit in memory')
2018-12-17T23:16:11.41080954Z 76 PC: 12c9a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16360,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:34.872184776Z 44 PC: 12b47 | Get time 0x12b47: cmp byte ptr [0x106], 0
0x12b4c: je 0x12b53
0x12b4e: cmp dh, 0xf
0x12b51: jg 0x12b5c
0x12b53: cmp dl, 0
0x12b56: je 0x12b43
0x12b58: mov byte ptr [0x106], dl
0x12b5c: mov byte ptr [0x1f8], 0
0x12b61: mov byte ptr [0x1f9], 4
0x12b66: mov byte ptr [0x202], 0
0x12b6b: mov cx, 0x27
0x12b6e: mov dx, 0x12e
0x12b71: mov ah, 0x4e
0x12b73: int 0x21
0x12b75: cmp ax, 0x12
0x12b78: je 0x12b7d
0x12b7a: call 0x12b9f
0x12b7d: mov cx, 0x27
0x12b80: mov dx, 0x134
0x12b83: mov ah, 0x4e
2018-12-25T12:52:34.874177649Z 78 PC: 12b75 | Find first file
2018-12-25T12:52:34.877759273Z 78 PC: 12b87 | Find first file
2018-12-25T12:52:34.8812565Z 67 PC: 12bc0 | Get or set file attributes
2018-12-25T12:52:34.949220297Z 61 PC: 12bc6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:52:34.960128849Z 63 PC: 12bd5 | Read file or device (Read 20 bytes on handle 5)
2018-12-25T12:52:34.967331394Z 62 PC: 12c09 | Close file
2018-12-25T12:52:34.969569024Z 61 PC: 12c12 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:52:34.973981095Z 64 PC: 12a57 | Write file or device (Write 664 bytes on handle 5)
2018-12-25T12:52:34.979060014Z 42 PC: 12c70 | Get date 0x12c70: cmp dl, 0xa
0x12c73: je 0x12c50
0x12c75: jmp 0x12c77
0x12c77: ret
0x12c78: cmp byte ptr [0x1f8], 0xf
0x12c7d: jl 0x12c8f
0x12c7f: cmp byte ptr [0x202], 0
0x12c84: jg 0x12c8f
0x12c86: mov ah, 9
0x12c88: mov dx, 0x160
0x12c8b: int 0x21
0x12c8d: jmp 0x12c96
0x12c8f: mov ah, 9
0x12c91: mov dx, 0x13d
0x12c94: int 0x21
0x12c96: mov ah, 0x4c
0x12c98: int 0x21
0x12c9a: nop
0x12c9b: nop
0x12c9c: nop
2018-12-25T12:52:34.980835617Z 87 PC: 12c3a | Get or set file date and time
2018-12-25T12:52:34.982006888Z 62 PC: 12c42 | Close file
2018-12-25T12:52:34.987334432Z 67 PC: 12c4f | Get or set file attributes
2018-12-25T12:52:34.991141956Z 79 PC: 12bf9 | Find next file
2018-12-25T12:52:34.993654756Z 67 PC: 12bc0 | Get or set file attributes (See above)
2018-12-25T12:52:34.999899519Z 61 PC: 12bc6 | Open file (See above)
2018-12-25T12:52:35.007063533Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T12:52:35.015061966Z 62 PC: 12c09 | Close file (See above)
2018-12-25T12:52:35.016618706Z 61 PC: 12c12 | Open file (See above)
2018-12-25T12:52:35.028514554Z 64 PC: 12a57 | Write file or device (See above)
2018-12-25T12:52:35.037411957Z 42 PC: 12c70 | Get date (See above)
2018-12-25T12:52:35.039604016Z 87 PC: 12c3a | Get or set file date and time (See above)
2018-12-25T12:52:35.041076064Z 62 PC: 12c42 | Close file (See above)
2018-12-25T12:52:35.04910292Z 67 PC: 12c4f | Get or set file attributes (See above)
2018-12-25T12:52:35.053712654Z 79 PC: 12bf9 | Find next file (See above)
2018-12-25T12:52:35.056280166Z 67 PC: 12bc0 | Get or set file attributes (See above)
2018-12-25T12:52:35.066226074Z 61 PC: 12bc6 | Open file (See above)
2018-12-25T12:52:35.07258157Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T12:52:35.078748593Z 62 PC: 12c09 | Close file (See above)
2018-12-25T12:52:35.086891709Z 61 PC: 12c12 | Open file (See above)
2018-12-25T12:52:35.098516193Z 64 PC: 12a57 | Write file or device (See above)
2018-12-25T12:52:35.106336223Z 42 PC: 12c70 | Get date (See above)
2018-12-25T12:52:35.110539171Z 87 PC: 12c3a | Get or set file date and time (See above)
2018-12-25T12:52:35.11191878Z 62 PC: 12c42 | Close file (See above)
2018-12-25T12:52:35.11947402Z 67 PC: 12c4f | Get or set file attributes (See above)
2018-12-25T12:52:35.124605759Z 79 PC: 12bf9 | Find next file (See above)
2018-12-25T12:52:35.130021022Z 67 PC: 12bc0 | Get or set file attributes (See above)
2018-12-25T12:52:35.14093602Z 61 PC: 12bc6 | Open file (See above)
2018-12-25T12:52:35.148161808Z 63 PC: 12bd5 | Read file or device (See above)
2018-12-25T12:52:35.154479621Z 62 PC: 12c09 | Close file (See above)
2018-12-25T12:52:35.155746807Z 61 PC: 12c12 | Open file (See above)
2018-12-25T12:52:35.163120989Z 64 PC: 12a57 | Write file or device (See above)
2018-12-25T12:52:35.171330125Z 42 PC: 12c70 | Get date (See above)
2018-12-25T12:52:35.173274573Z 87 PC: 12c3a | Get or set file date and time (See above)
2018-12-25T12:52:35.174986783Z 62 PC: 12c42 | Close file (See above)
2018-12-25T12:52:35.187167252Z 67 PC: 12c4f | Get or set file attributes (See above)
2018-12-25T12:52:35.192309196Z 9 PC: 12c96 | Display string (String= ' Program too big to fit in memory')
2018-12-25T12:52:35.197179368Z 76 PC: 12c9a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":10,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16360,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:35.1645548Z 44 PC: 12b47 | Get time 0x12b47: cmp byte ptr [0x106], 0
0x12b4c: je 0x12b53
0x12b4e: cmp dh, 0xf
0x12b51: jg 0x12b5c
0x12b53: cmp dl, 0
0x12b56: je 0x12b43
0x12b58: mov byte ptr [0x106], dl
0x12b5c: mov byte ptr [0x1f8], 0
0x12b61: mov byte ptr [0x1f9], 4
0x12b66: mov byte ptr [0x202], 0
0x12b6b: mov cx, 0x27
0x12b6e: mov dx, 0x12e
0x12b71: mov ah, 0x4e
0x12b73: int 0x21
0x12b75: cmp ax, 0x12
0x12b78: je 0x12b7d
0x12b7a: call 0x12b9f
0x12b7d: mov cx, 0x27
0x12b80: mov dx, 0x134
0x12b83: mov ah, 0x4e
2018-12-25T12:52:35.166434595Z 78 PC: 12b75 | Find first file
2018-12-25T12:52:35.169954925Z 78 PC: 12b87 | Find first file
2018-12-25T12:52:35.17392642Z 67 PC: 12bc0 | Get or set file attributes
2018-12-25T12:52:35.196332908Z 61 PC: 12bc6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:52:35.203561681Z 63 PC: 12bd5 | Read file or device (Read 20 bytes on handle 5)
2018-12-25T12:52:35.207622148Z 62 PC: 12c09 | Close file
2018-12-25T12:52:35.209372223Z 61 PC: 12c12 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:52:35.216903222Z 64 PC: 12a57 | Write file or device (Write 664 bytes on handle 5)
2018-12-25T12:52:35.221899978Z 42 PC: 12c70 | Get date 0x12c70: cmp dl, 0xa
0x12c73: je 0x12c50
0x12c75: jmp 0x12c77
0x12c77: ret
0x12c78: cmp byte ptr [0x1f8], 0xf
0x12c7d: jl 0x12c8f
0x12c7f: cmp byte ptr [0x202], 0
0x12c84: jg 0x12c8f
0x12c86: mov ah, 9
0x12c88: mov dx, 0x160
0x12c8b: int 0x21
0x12c8d: jmp 0x12c96
0x12c8f: mov ah, 9
0x12c91: mov dx, 0x13d
0x12c94: int 0x21
0x12c96: mov ah, 0x4c
0x12c98: int 0x21
0x12c9a: nop
0x12c9b: nop
0x12c9c: nop
2018-12-25T12:52:36.261321534Z 40 PC: 12b2e | Random block write
2018-12-25T12:52:36.263866512Z 9 PC: 12b38 | Display string (Could not find end pointer)