Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Riot.664.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:15:58.017928083Z	44	PC: 12b47 \| Get time 0x12b47: cmp byte ptr [0x106], 0 0x12b4c: je 0x12b53 0x12b4e: cmp dh, 0xf 0x12b51: jg 0x12b5c 0x12b53: cmp dl, 0 0x12b56: je 0x12b43 0x12b58: mov byte ptr [0x106], dl 0x12b5c: mov byte ptr [0x1f8], 0 0x12b61: mov byte ptr [0x1f9], 4 0x12b66: mov byte ptr [0x202], 0 0x12b6b: mov cx, 0x27 0x12b6e: mov dx, 0x12e 0x12b71: mov ah, 0x4e 0x12b73: int 0x21 0x12b75: cmp ax, 0x12 0x12b78: je 0x12b7d 0x12b7a: call 0x12b9f 0x12b7d: mov cx, 0x27 0x12b80: mov dx, 0x134 0x12b83: mov ah, 0x4e
2018-12-17T22:15:58.02071475Z	78	PC: 12b75 \| Find first file
2018-12-17T22:15:58.027018874Z	78	PC: 12b87 \| Find first file
2018-12-17T22:15:58.037717621Z	67	PC: 12bc0 \| Get or set file attributes
2018-12-17T22:15:58.055514204Z	61	PC: 12bc6 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:15:58.068427939Z	63	PC: 12bd5 \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:15:58.075455017Z	62	PC: 12c09 \| Close file
2018-12-17T22:15:58.07740174Z	61	PC: 12c12 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:15:58.084685771Z	64	PC: 12a57 \| Write file or device (Write 664 bytes on handle 5)
2018-12-17T22:15:58.092737632Z	42	PC: 12c71 \| Get date 0x12c71: cmp dl, 0xa 0x12c74: je 0x12c50 0x12c76: jmp 0x12c79 0x12c78: nop 0x12c79: ret 0x12c7a: cmp byte ptr [0x1f8], 0xf 0x12c7f: jl 0x12c92 0x12c81: cmp byte ptr [0x202], 0 0x12c86: jg 0x12c92 0x12c88: mov ah, 9 0x12c8a: mov dx, 0x160 0x12c8d: int 0x21 0x12c8f: jmp 0x12c99 0x12c91: nop 0x12c92: mov ah, 9 0x12c94: mov dx, 0x13d 0x12c97: int 0x21 0x12c99: mov ah, 0x4c 0x12c9b: int 0x21 0x12c9d: nop
2018-12-17T22:15:58.094904701Z	87	PC: 12c3a \| Get or set file date and time
2018-12-17T22:15:58.097230109Z	62	PC: 12c42 \| Close file
2018-12-17T22:15:58.104899956Z	67	PC: 12c4f \| Get or set file attributes
2018-12-17T22:15:58.109753555Z	79	PC: 12bf9 \| Find next file
2018-12-17T22:15:58.113651266Z	67	PC: 12bc0 \| Get or set file attributes
2018-12-17T22:15:58.124334043Z	61	PC: 12bc6 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:15:58.132153354Z	63	PC: 12bd5 \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:15:58.139340206Z	62	PC: 12c09 \| Close file
2018-12-17T22:15:58.14135923Z	61	PC: 12c12 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:15:58.148157724Z	64	PC: 12a57 \| Write file or device (Write 664 bytes on handle 5)
2018-12-17T22:15:58.157737649Z	42	PC: 12c71 \| Get date 0x12c71: cmp dl, 0xa 0x12c74: je 0x12c50 0x12c76: jmp 0x12c79 0x12c78: nop 0x12c79: ret 0x12c7a: cmp byte ptr [0x1f8], 0xf 0x12c7f: jl 0x12c92 0x12c81: cmp byte ptr [0x202], 0 0x12c86: jg 0x12c92 0x12c88: mov ah, 9 0x12c8a: mov dx, 0x160 0x12c8d: int 0x21 0x12c8f: jmp 0x12c99 0x12c91: nop 0x12c92: mov ah, 9 0x12c94: mov dx, 0x13d 0x12c97: int 0x21 0x12c99: mov ah, 0x4c 0x12c9b: int 0x21 0x12c9d: nop
2018-12-17T22:15:58.160173886Z	87	PC: 12c3a \| Get or set file date and time
2018-12-17T22:15:58.162015716Z	62	PC: 12c42 \| Close file
2018-12-17T22:15:58.170598684Z	67	PC: 12c4f \| Get or set file attributes
2018-12-17T22:15:58.175878022Z	79	PC: 12bf9 \| Find next file
2018-12-17T22:15:58.17835209Z	67	PC: 12bc0 \| Get or set file attributes
2018-12-17T22:15:58.188855711Z	61	PC: 12bc6 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:15:58.201259884Z	63	PC: 12bd5 \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:15:58.207523288Z	62	PC: 12c09 \| Close file
2018-12-17T22:15:58.209535477Z	61	PC: 12c12 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:15:58.216875205Z	64	PC: 12a57 \| Write file or device (Write 664 bytes on handle 5)
2018-12-17T22:15:58.225190182Z	42	PC: 12c71 \| Get date 0x12c71: cmp dl, 0xa 0x12c74: je 0x12c50 0x12c76: jmp 0x12c79 0x12c78: nop 0x12c79: ret 0x12c7a: cmp byte ptr [0x1f8], 0xf 0x12c7f: jl 0x12c92 0x12c81: cmp byte ptr [0x202], 0 0x12c86: jg 0x12c92 0x12c88: mov ah, 9 0x12c8a: mov dx, 0x160 0x12c8d: int 0x21 0x12c8f: jmp 0x12c99 0x12c91: nop 0x12c92: mov ah, 9 0x12c94: mov dx, 0x13d 0x12c97: int 0x21 0x12c99: mov ah, 0x4c 0x12c9b: int 0x21 0x12c9d: nop
2018-12-17T22:15:58.227850664Z	87	PC: 12c3a \| Get or set file date and time
2018-12-17T22:15:58.229957404Z	62	PC: 12c42 \| Close file
2018-12-17T22:15:58.237976825Z	67	PC: 12c4f \| Get or set file attributes
2018-12-17T22:15:58.243114016Z	79	PC: 12bf9 \| Find next file
2018-12-17T22:15:58.247142265Z	67	PC: 12bc0 \| Get or set file attributes
2018-12-17T22:15:58.259152999Z	61	PC: 12bc6 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:15:58.266572474Z	63	PC: 12bd5 \| Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:15:58.27400524Z	62	PC: 12c09 \| Close file
2018-12-17T22:15:58.276112103Z	61	PC: 12c12 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:15:58.282924491Z	64	PC: 12a57 \| Write file or device (Write 664 bytes on handle 5)
2018-12-17T22:15:58.292193829Z	42	PC: 12c71 \| Get date 0x12c71: cmp dl, 0xa 0x12c74: je 0x12c50 0x12c76: jmp 0x12c79 0x12c78: nop 0x12c79: ret 0x12c7a: cmp byte ptr [0x1f8], 0xf 0x12c7f: jl 0x12c92 0x12c81: cmp byte ptr [0x202], 0 0x12c86: jg 0x12c92 0x12c88: mov ah, 9 0x12c8a: mov dx, 0x160 0x12c8d: int 0x21 0x12c8f: jmp 0x12c99 0x12c91: nop 0x12c92: mov ah, 9 0x12c94: mov dx, 0x13d 0x12c97: int 0x21 0x12c99: mov ah, 0x4c 0x12c9b: int 0x21 0x12c9d: nop
2018-12-17T22:15:58.294927408Z	87	PC: 12c3a \| Get or set file date and time
2018-12-17T22:15:58.296447945Z	62	PC: 12c42 \| Close file
2018-12-17T22:15:58.305251234Z	67	PC: 12c4f \| Get or set file attributes
2018-12-17T22:15:58.309994353Z	9	PC: 12c99 \| Display string (String= ' Program too big to fit in memory')
2018-12-17T22:15:58.313923101Z	76	PC: 12c9d \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2884,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:39.552823549Z	44	PC: 12b47 \| Get time 0x12b47: cmp byte ptr [0x106], 0 0x12b4c: je 0x12b53 0x12b4e: cmp dh, 0xf 0x12b51: jg 0x12b5c 0x12b53: cmp dl, 0 0x12b56: je 0x12b43 0x12b58: mov byte ptr [0x106], dl 0x12b5c: mov byte ptr [0x1f8], 0 0x12b61: mov byte ptr [0x1f9], 4 0x12b66: mov byte ptr [0x202], 0 0x12b6b: mov cx, 0x27 0x12b6e: mov dx, 0x12e 0x12b71: mov ah, 0x4e 0x12b73: int 0x21 0x12b75: cmp ax, 0x12 0x12b78: je 0x12b7d 0x12b7a: call 0x12b9f 0x12b7d: mov cx, 0x27 0x12b80: mov dx, 0x134 0x12b83: mov ah, 0x4e
2018-12-25T11:47:39.555250303Z	78	PC: 12b75 \| Find first file
2018-12-25T11:47:39.560466177Z	78	PC: 12b87 \| Find first file
2018-12-25T11:47:39.565610102Z	67	PC: 12bc0 \| Get or set file attributes
2018-12-25T11:47:39.580991593Z	61	PC: 12bc6 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:39.587052879Z	63	PC: 12bd5 \| Read file or device (Read 20 bytes on handle 5)
2018-12-25T11:47:39.592613464Z	62	PC: 12c09 \| Close file
2018-12-25T11:47:39.594734269Z	61	PC: 12c12 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:39.608358656Z	64	PC: 12a57 \| Write file or device (Write 664 bytes on handle 5)
2018-12-25T11:47:39.617153477Z	42	PC: 12c71 \| Get date 0x12c71: cmp dl, 0xa 0x12c74: je 0x12c50 0x12c76: jmp 0x12c79 0x12c78: nop 0x12c79: ret 0x12c7a: cmp byte ptr [0x1f8], 0xf 0x12c7f: jl 0x12c92 0x12c81: cmp byte ptr [0x202], 0 0x12c86: jg 0x12c92 0x12c88: mov ah, 9 0x12c8a: mov dx, 0x160 0x12c8d: int 0x21 0x12c8f: jmp 0x12c99 0x12c91: nop 0x12c92: mov ah, 9 0x12c94: mov dx, 0x13d 0x12c97: int 0x21 0x12c99: mov ah, 0x4c 0x12c9b: int 0x21 0x12c9d: nop
2018-12-25T11:47:39.619446996Z	87	PC: 12c3a \| Get or set file date and time
2018-12-25T11:47:39.621073256Z	62	PC: 12c42 \| Close file
2018-12-25T11:47:39.629333173Z	67	PC: 12c4f \| Get or set file attributes
2018-12-25T11:47:39.634332486Z	79	PC: 12bf9 \| Find next file
2018-12-25T11:47:39.63755184Z	67	PC: 12bc0 \| Get or set file attributes (See above)
2018-12-25T11:47:39.648401819Z	61	PC: 12bc6 \| Open file (See above)
2018-12-25T11:47:39.655720253Z	63	PC: 12bd5 \| Read file or device (See above)
2018-12-25T11:47:39.663711114Z	62	PC: 12c09 \| Close file (See above)
2018-12-25T11:47:39.666179423Z	61	PC: 12c12 \| Open file (See above)
2018-12-25T11:47:39.674128023Z	64	PC: 12a57 \| Write file or device (See above)
2018-12-25T11:47:39.684485129Z	42	PC: 12c71 \| Get date (See above)
2018-12-25T11:47:39.686866255Z	87	PC: 12c3a \| Get or set file date and time (See above)
2018-12-25T11:47:39.68843231Z	62	PC: 12c42 \| Close file (See above)
2018-12-25T11:47:39.697818847Z	67	PC: 12c4f \| Get or set file attributes (See above)
2018-12-25T11:47:39.703142655Z	79	PC: 12bf9 \| Find next file (See above)
2018-12-25T11:47:39.706158868Z	67	PC: 12bc0 \| Get or set file attributes (See above)
2018-12-25T11:47:39.717732268Z	61	PC: 12bc6 \| Open file (See above)
2018-12-25T11:47:39.731359689Z	63	PC: 12bd5 \| Read file or device (See above)
2018-12-25T11:47:39.738540224Z	62	PC: 12c09 \| Close file (See above)
2018-12-25T11:47:39.740696378Z	61	PC: 12c12 \| Open file (See above)
2018-12-25T11:47:39.763322456Z	64	PC: 12a57 \| Write file or device (See above)
2018-12-25T11:47:39.771991925Z	42	PC: 12c71 \| Get date (See above)
2018-12-25T11:47:39.773656175Z	87	PC: 12c3a \| Get or set file date and time (See above)
2018-12-25T11:47:39.775231468Z	62	PC: 12c42 \| Close file (See above)
2018-12-25T11:47:39.780766359Z	67	PC: 12c4f \| Get or set file attributes (See above)
2018-12-25T11:47:39.786043242Z	79	PC: 12bf9 \| Find next file (See above)
2018-12-25T11:47:39.789953098Z	67	PC: 12bc0 \| Get or set file attributes (See above)
2018-12-25T11:47:39.801875727Z	61	PC: 12bc6 \| Open file (See above)
2018-12-25T11:47:39.810058803Z	63	PC: 12bd5 \| Read file or device (See above)
2018-12-25T11:47:39.817792635Z	62	PC: 12c09 \| Close file (See above)
2018-12-25T11:47:39.819597963Z	61	PC: 12c12 \| Open file (See above)
2018-12-25T11:47:39.826966328Z	64	PC: 12a57 \| Write file or device (See above)
2018-12-25T11:47:39.836269087Z	42	PC: 12c71 \| Get date (See above)
2018-12-25T11:47:39.838562388Z	87	PC: 12c3a \| Get or set file date and time (See above)
2018-12-25T11:47:39.840067652Z	62	PC: 12c42 \| Close file (See above)
2018-12-25T11:47:39.849061297Z	67	PC: 12c4f \| Get or set file attributes (See above)
2018-12-25T11:47:39.854295056Z	9	PC: 12c99 \| Display string (String= ' Program too big to fit in memory')
2018-12-25T11:47:39.85874679Z	76	PC: 12c9d \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":10,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2884,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:39.924711066Z	44	PC: 12b47 \| Get time 0x12b47: cmp byte ptr [0x106], 0 0x12b4c: je 0x12b53 0x12b4e: cmp dh, 0xf 0x12b51: jg 0x12b5c 0x12b53: cmp dl, 0 0x12b56: je 0x12b43 0x12b58: mov byte ptr [0x106], dl 0x12b5c: mov byte ptr [0x1f8], 0 0x12b61: mov byte ptr [0x1f9], 4 0x12b66: mov byte ptr [0x202], 0 0x12b6b: mov cx, 0x27 0x12b6e: mov dx, 0x12e 0x12b71: mov ah, 0x4e 0x12b73: int 0x21 0x12b75: cmp ax, 0x12 0x12b78: je 0x12b7d 0x12b7a: call 0x12b9f 0x12b7d: mov cx, 0x27 0x12b80: mov dx, 0x134 0x12b83: mov ah, 0x4e
2018-12-25T11:47:39.932130975Z	78	PC: 12b75 \| Find first file
2018-12-25T11:47:39.939275663Z	78	PC: 12b87 \| Find first file
2018-12-25T11:47:39.946186758Z	67	PC: 12bc0 \| Get or set file attributes
2018-12-25T11:47:39.963624564Z	61	PC: 12bc6 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:39.973781425Z	63	PC: 12bd5 \| Read file or device (Read 20 bytes on handle 5)
2018-12-25T11:47:39.980822848Z	62	PC: 12c09 \| Close file
2018-12-25T11:47:39.982644117Z	61	PC: 12c12 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:39.996064946Z	64	PC: 12a57 \| Write file or device (Write 664 bytes on handle 5)
2018-12-25T11:47:40.005101038Z	42	PC: 12c71 \| Get date 0x12c71: cmp dl, 0xa 0x12c74: je 0x12c50 0x12c76: jmp 0x12c79 0x12c78: nop 0x12c79: ret 0x12c7a: cmp byte ptr [0x1f8], 0xf 0x12c7f: jl 0x12c92 0x12c81: cmp byte ptr [0x202], 0 0x12c86: jg 0x12c92 0x12c88: mov ah, 9 0x12c8a: mov dx, 0x160 0x12c8d: int 0x21 0x12c8f: jmp 0x12c99 0x12c91: nop 0x12c92: mov ah, 9 0x12c94: mov dx, 0x13d 0x12c97: int 0x21 0x12c99: mov ah, 0x4c 0x12c9b: int 0x21 0x12c9d: nop
2018-12-25T11:47:40.324105865Z	44	PC: 12b47 \| Get time (See above)
2018-12-25T11:47:40.333623374Z	78	PC: 12b75 \| Find first file (See above)
2018-12-25T11:47:40.338840028Z	67	PC: 12bc0 \| Get or set file attributes (See above)
2018-12-25T11:47:40.344549087Z	61	PC: 12bc6 \| Open file (See above)
2018-12-25T11:47:40.350854757Z	63	PC: 12bd5 \| Read file or device (See above)