Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Seneca.390

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:21:25.119423138Z	42	PC: 12a54 \| Get date 0x12a54: cmp cx, 0x7bc 0x12a58: jle 0x12a75 0x12a5a: jmp 0x12a5d 0x12a5d: mov ah, 0x2a 0x12a5f: int 0x21 0x12a61: cmp dh, 0xb 0x12a64: je 0x12a69 0x12a66: jmp 0x12a81 0x12a69: mov ah, 0x2a 0x12a6b: int 0x21 0x12a6d: cmp dl, 0x19 0x12a70: je 0x12ab0 0x12a72: jmp 0x12a81 0x12a75: mov ah, 0x2c 0x12a77: int 0x21 0x12a79: cmp cl, 0x1e 0x12a7c: jge 0x12aa6 0x12a7e: jmp 0x12a81 0x12a81: mov dx, 0x275 0x12a84: mov ah, 0x4e
2018-12-17T22:21:25.133285709Z	42	PC: 12a61 \| Get date 0x12a61: cmp dh, 0xb 0x12a64: je 0x12a69 0x12a66: jmp 0x12a81 0x12a69: mov ah, 0x2a 0x12a6b: int 0x21 0x12a6d: cmp dl, 0x19 0x12a70: je 0x12ab0 0x12a72: jmp 0x12a81 0x12a75: mov ah, 0x2c 0x12a77: int 0x21 0x12a79: cmp cl, 0x1e 0x12a7c: jge 0x12aa6 0x12a7e: jmp 0x12a81 0x12a81: mov dx, 0x275 0x12a84: mov ah, 0x4e 0x12a86: xor cx, cx 0x12a88: int 0x21 0x12a8a: jb 0x12a9b 0x12a8c: jmp 0x12ac7 0x12a8f: mov ah, 0x4f
2018-12-17T22:21:25.138859292Z	78	PC: 12a8a \| Find first file
2018-12-17T22:21:25.146315285Z	61	PC: 12ae2 \| Open file (Filename = '*.exe')
2018-12-17T22:21:25.152534255Z	62	PC: 12aed \| Close file
2018-12-17T22:21:25.15568502Z	61	PC: 12af6 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:21:25.163964653Z	64	PC: 12b07 \| Write file or device (Write 390 bytes on handle 2)
2018-12-17T22:21:25.167473902Z	87	PC: 12b19 \| Get or set file date and time
2018-12-17T22:21:25.170470409Z	62	PC: 12b21 \| Close file
2018-12-17T22:21:25.40968436Z	67	PC: 12b2e \| Get or set file attributes
2018-12-17T22:21:25.415563073Z	79	PC: 12a93 \| Find next file
2018-12-17T22:21:25.418949312Z	59	PC: 12aa2 \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3736,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:02.229618298Z	42	PC: 12a54 \| Get date 0x12a54: cmp cx, 0x7bc 0x12a58: jle 0x12a75 0x12a5a: jmp 0x12a5d 0x12a5d: mov ah, 0x2a 0x12a5f: int 0x21 0x12a61: cmp dh, 0xb 0x12a64: je 0x12a69 0x12a66: jmp 0x12a81 0x12a69: mov ah, 0x2a 0x12a6b: int 0x21 0x12a6d: cmp dl, 0x19 0x12a70: je 0x12ab0 0x12a72: jmp 0x12a81 0x12a75: mov ah, 0x2c 0x12a77: int 0x21 0x12a79: cmp cl, 0x1e 0x12a7c: jge 0x12aa6 0x12a7e: jmp 0x12a81 0x12a81: mov dx, 0x275 0x12a84: mov ah, 0x4e
2018-12-25T11:50:02.232267898Z	44	PC: 12a79 \| Get time 0x12a79: cmp cl, 0x1e 0x12a7c: jge 0x12aa6 0x12a7e: jmp 0x12a81 0x12a81: mov dx, 0x275 0x12a84: mov ah, 0x4e 0x12a86: xor cx, cx 0x12a88: int 0x21 0x12a8a: jb 0x12a9b 0x12a8c: jmp 0x12ac7 0x12a8f: mov ah, 0x4f 0x12a91: int 0x21 0x12a93: cmp ax, 0x12 0x12a96: je 0x12a9b 0x12a98: jmp 0x12ac7 0x12a9b: mov dx, 0x27b 0x12a9e: mov ah, 0x3b 0x12aa0: int 0x21 0x12aa2: jb 0x12ac5 0x12aa4: jmp 0x12a81 0x12aa6: mov ah, 9
2018-12-25T11:50:02.233915803Z	9	PC: 12aad \| Display string (String= 'You shouldn't use your computer so much, its bad for you and your computer. ')
2018-12-25T11:50:02.241695493Z	25	PC: 12abb \| Get default drive

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3736,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:02.386222233Z	42	PC: 12a54 \| Get date 0x12a54: cmp cx, 0x7bc 0x12a58: jle 0x12a75 0x12a5a: jmp 0x12a5d 0x12a5d: mov ah, 0x2a 0x12a5f: int 0x21 0x12a61: cmp dh, 0xb 0x12a64: je 0x12a69 0x12a66: jmp 0x12a81 0x12a69: mov ah, 0x2a 0x12a6b: int 0x21 0x12a6d: cmp dl, 0x19 0x12a70: je 0x12ab0 0x12a72: jmp 0x12a81 0x12a75: mov ah, 0x2c 0x12a77: int 0x21 0x12a79: cmp cl, 0x1e 0x12a7c: jge 0x12aa6 0x12a7e: jmp 0x12a81 0x12a81: mov dx, 0x275 0x12a84: mov ah, 0x4e
2018-12-25T11:50:02.388814044Z	44	PC: 12a79 \| Get time 0x12a79: cmp cl, 0x1e 0x12a7c: jge 0x12aa6 0x12a7e: jmp 0x12a81 0x12a81: mov dx, 0x275 0x12a84: mov ah, 0x4e 0x12a86: xor cx, cx 0x12a88: int 0x21 0x12a8a: jb 0x12a9b 0x12a8c: jmp 0x12ac7 0x12a8f: mov ah, 0x4f 0x12a91: int 0x21 0x12a93: cmp ax, 0x12 0x12a96: je 0x12a9b 0x12a98: jmp 0x12ac7 0x12a9b: mov dx, 0x27b 0x12a9e: mov ah, 0x3b 0x12aa0: int 0x21 0x12aa2: jb 0x12ac5 0x12aa4: jmp 0x12a81 0x12aa6: mov ah, 9
2018-12-25T11:50:02.392189457Z	9	PC: 12aad \| Display string (String= 'You shouldn't use your computer so much, its bad for you and your computer. ')
2018-12-25T11:50:02.399704411Z	25	PC: 12abb \| Get default drive