Sample viewer

vx.netlux.org/Virus.DOS.Lacimehc.723

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:25.584013603Z	42	PC: 12c6d \| Get date 0x12c6d: cmp dl, 0x17 0x12c70: jne 0x12cad 0x12c72: cmp dh, 0xa 0x12c75: jne 0x12ca1 0x12c77: mov ax, 0x5f08 0x12c7a: mov dl, 0 0x12c7c: int 0x21 0x12c7e: mov ax, 0x5f08 0x12c81: mov dl, 1 0x12c83: int 0x21 0x12c85: mov ax, 0x5f08 0x12c88: mov dl, 3 0x12c8a: int 0x21 0x12c8c: mov ax, 0x5f08 0x12c8f: mov dl, 4 0x12c91: int 0x21 0x12c93: mov ax, 0x5f08 0x12c96: mov dl, 5 0x12c98: int 0x21 0x12c9a: mov ax, 0x5f08
2018-12-17T23:12:25.587512032Z	26	PC: 12ade \| Set disk transfer address
2018-12-17T23:12:25.588761171Z	78	PC: 12ae9 \| Find first file
2018-12-17T23:12:25.596284548Z	67	PC: 12af7 \| Get or set file attributes
2018-12-17T23:12:25.603516477Z	67	PC: 12b00 \| Get or set file attributes
2018-12-17T23:12:25.621319915Z	61	PC: 12b05 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:12:25.62835283Z	87	PC: 12b10 \| Get or set file date and time
2018-12-17T23:12:25.62992199Z	63	PC: 12b1d \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:12:25.633350426Z	87	PC: 12c15 \| Get or set file date and time
2018-12-17T23:12:25.634987234Z	62	PC: 12c19 \| Close file
2018-12-17T23:12:25.644752988Z	67	PC: 12c20 \| Get or set file attributes
2018-12-17T23:12:25.656178974Z	79	PC: 12ae9 \| Find next file
2018-12-17T23:12:25.658795944Z	26	PC: 12c40 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17515,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:51.713611916Z	42	PC: 12c6d \| Get date 0x12c6d: cmp dl, 0x17 0x12c70: jne 0x12cad 0x12c72: cmp dh, 0xa 0x12c75: jne 0x12ca1 0x12c77: mov ax, 0x5f08 0x12c7a: mov dl, 0 0x12c7c: int 0x21 0x12c7e: mov ax, 0x5f08 0x12c81: mov dl, 1 0x12c83: int 0x21 0x12c85: mov ax, 0x5f08 0x12c88: mov dl, 3 0x12c8a: int 0x21 0x12c8c: mov ax, 0x5f08 0x12c8f: mov dl, 4 0x12c91: int 0x21 0x12c93: mov ax, 0x5f08 0x12c96: mov dl, 5 0x12c98: int 0x21 0x12c9a: mov ax, 0x5f08
2018-12-25T12:55:51.716184116Z	26	PC: 12ade \| Set disk transfer address
2018-12-25T12:55:51.717311481Z	78	PC: 12ae9 \| Find first file
2018-12-25T12:55:51.723220169Z	67	PC: 12af7 \| Get or set file attributes
2018-12-25T12:55:51.729402302Z	67	PC: 12b00 \| Get or set file attributes
2018-12-25T12:55:51.745111573Z	61	PC: 12b05 \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:55:51.7514043Z	87	PC: 12b10 \| Get or set file date and time
2018-12-25T12:55:51.753106292Z	63	PC: 12b1d \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:55:51.755655008Z	87	PC: 12c15 \| Get or set file date and time
2018-12-25T12:55:51.756921544Z	62	PC: 12c19 \| Close file
2018-12-25T12:55:51.765869508Z	67	PC: 12c20 \| Get or set file attributes
2018-12-25T12:55:51.778399823Z	79	PC: 12ae9 \| Find next file (See above)
2018-12-25T12:55:51.780744028Z	26	PC: 12c40 \| Set disk transfer address

{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17515,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:51.711060768Z	42	PC: 12c6d \| Get date 0x12c6d: cmp dl, 0x17 0x12c70: jne 0x12cad 0x12c72: cmp dh, 0xa 0x12c75: jne 0x12ca1 0x12c77: mov ax, 0x5f08 0x12c7a: mov dl, 0 0x12c7c: int 0x21 0x12c7e: mov ax, 0x5f08 0x12c81: mov dl, 1 0x12c83: int 0x21 0x12c85: mov ax, 0x5f08 0x12c88: mov dl, 3 0x12c8a: int 0x21 0x12c8c: mov ax, 0x5f08 0x12c8f: mov dl, 4 0x12c91: int 0x21 0x12c93: mov ax, 0x5f08 0x12c96: mov dl, 5 0x12c98: int 0x21 0x12c9a: mov ax, 0x5f08
2018-12-25T12:55:51.71348805Z	9	PC: 12ca9 \| Display string (String= ' Infected with Lacimehc, coded by KilJaeden of the Codebreakers 1998 on 17/06/98 ')

{"DateBased":true,"Day":23,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17515,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:51.705004569Z	42	PC: 12c6d \| Get date 0x12c6d: cmp dl, 0x17 0x12c70: jne 0x12cad 0x12c72: cmp dh, 0xa 0x12c75: jne 0x12ca1 0x12c77: mov ax, 0x5f08 0x12c7a: mov dl, 0 0x12c7c: int 0x21 0x12c7e: mov ax, 0x5f08 0x12c81: mov dl, 1 0x12c83: int 0x21 0x12c85: mov ax, 0x5f08 0x12c88: mov dl, 3 0x12c8a: int 0x21 0x12c8c: mov ax, 0x5f08 0x12c8f: mov dl, 4 0x12c91: int 0x21 0x12c93: mov ax, 0x5f08 0x12c96: mov dl, 5 0x12c98: int 0x21 0x12c9a: mov ax, 0x5f08
2018-12-25T12:55:51.707188504Z	95	PC: 12c7e \| Network redirection functions
2018-12-25T12:55:51.708187988Z	95	PC: 12c85 \| Network redirection functions
2018-12-25T12:55:51.709129963Z	95	PC: 12c8c \| Network redirection functions
2018-12-25T12:55:51.710841806Z	95	PC: 12c93 \| Network redirection functions
2018-12-25T12:55:51.71190989Z	95	PC: 12c9a \| Network redirection functions
2018-12-25T12:55:51.712913364Z	95	PC: 12ca1 \| Network redirection functions
2018-12-25T12:55:51.71460203Z	9	PC: 12ca9 \| Display string (String= ' Infected with Lacimehc, coded by KilJaeden of the Codebreakers 1998 on 17/06/98 ')