Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Oss.591

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:08.840381618Z 44 PC: 12b48 | Get time 0x12b48: cmp dh, 0x37
0x12b4b: jg 0x12b55
0x12b4d: or dl, dl
0x12b4f: jne 0x12b51
0x12b51: mov byte ptr [0x106], dl
0x12b55: mov byte ptr [0x363], 0
0x12b5a: mov byte ptr [0x364], 3
0x12b5f: mov byte ptr [0x36d], 0
0x12b64: mov cx, 0x27
0x12b67: mov dx, 0x13e
0x12b6a: mov ah, 0x4e
0x12b6c: int 0x21
0x12b6e: jb 0x12b73
0x12b70: call 0x12b8e
0x12b73: mov cx, 0x27
0x12b76: mov dx, 0x144
0x12b79: mov ah, 0x4e
0x12b7b: int 0x21
0x12b7d: jb 0x12b82
0x12b7f: call 0x12b8e
2018-12-17T22:25:08.843256768Z 78 PC: 12b6e | Find first file
2018-12-17T22:25:08.850268204Z 78 PC: 12b7d | Find first file
2018-12-17T22:25:08.856807368Z 67 PC: 12bad | Get or set file attributes
2018-12-17T22:25:08.874207187Z 61 PC: 12bb2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:25:08.88220621Z 63 PC: 12bc1 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:25:08.889012657Z 62 PC: 12bec | Close file
2018-12-17T22:25:08.890867523Z 61 PC: 12bf4 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:25:08.904702666Z 64 PC: 12a5a | Write file or device (Write 591 bytes on handle 5)
2018-12-17T22:25:08.913637407Z 87 PC: 12c24 | Get or set file date and time
2018-12-17T22:25:08.915442644Z 62 PC: 12c28 | Close file
2018-12-17T22:25:08.924054794Z 67 PC: 12c34 | Get or set file attributes
2018-12-17T22:25:08.929366397Z 79 PC: 12be1 | Find next file
2018-12-17T22:25:08.932567238Z 67 PC: 12bad | Get or set file attributes
2018-12-17T22:25:08.944074639Z 61 PC: 12bb2 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:25:08.951475074Z 63 PC: 12bc1 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:25:08.95853855Z 62 PC: 12bec | Close file
2018-12-17T22:25:08.961636782Z 61 PC: 12bf4 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:25:08.969340932Z 64 PC: 12a5a | Write file or device (Write 591 bytes on handle 5)
2018-12-17T22:25:08.978324983Z 87 PC: 12c24 | Get or set file date and time
2018-12-17T22:25:08.980313935Z 62 PC: 12c28 | Close file
2018-12-17T22:25:08.988865185Z 67 PC: 12c34 | Get or set file attributes
2018-12-17T22:25:08.994249879Z 79 PC: 12be1 | Find next file
2018-12-17T22:25:08.997568046Z 67 PC: 12bad | Get or set file attributes
2018-12-17T22:25:09.008171299Z 61 PC: 12bb2 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:25:09.015481154Z 63 PC: 12bc1 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:25:09.023405237Z 62 PC: 12bec | Close file
2018-12-17T22:25:09.025996515Z 61 PC: 12bf4 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:25:09.046851746Z 64 PC: 12a5a | Write file or device (Write 591 bytes on handle 5)
2018-12-17T22:25:09.059819214Z 87 PC: 12c24 | Get or set file date and time
2018-12-17T22:25:09.062206762Z 62 PC: 12c28 | Close file
2018-12-17T22:25:09.070883787Z 67 PC: 12c34 | Get or set file attributes
2018-12-17T22:25:09.07618323Z 9 PC: 12c6c | Display string (String= 'Program too big to fit in memory ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":56,"TimeBased":true,"OriginalID":4444,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:52.103748088Z 44 PC: 12b48 | Get time 0x12b48: cmp dh, 0x37
0x12b4b: jg 0x12b55
0x12b4d: or dl, dl
0x12b4f: jne 0x12b51
0x12b51: mov byte ptr [0x106], dl
0x12b55: mov byte ptr [0x363], 0
0x12b5a: mov byte ptr [0x364], 3
0x12b5f: mov byte ptr [0x36d], 0
0x12b64: mov cx, 0x27
0x12b67: mov dx, 0x13e
0x12b6a: mov ah, 0x4e
0x12b6c: int 0x21
0x12b6e: jb 0x12b73
0x12b70: call 0x12b8e
0x12b73: mov cx, 0x27
0x12b76: mov dx, 0x144
0x12b79: mov ah, 0x4e
0x12b7b: int 0x21
0x12b7d: jb 0x12b82
0x12b7f: call 0x12b8e
2018-12-25T11:51:52.10637439Z 78 PC: 12b6e | Find first file
2018-12-25T11:51:52.113327996Z 78 PC: 12b7d | Find first file
2018-12-25T11:51:52.119697748Z 67 PC: 12bad | Get or set file attributes
2018-12-25T11:51:52.138151947Z 61 PC: 12bb2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:52.145458715Z 63 PC: 12bc1 | Read file or device (Read 20 bytes on handle 5)
2018-12-25T11:51:52.152875324Z 62 PC: 12bec | Close file
2018-12-25T11:51:52.155279539Z 61 PC: 12bf4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:52.162984853Z 64 PC: 12a5a | Write file or device (Write 591 bytes on handle 5)
2018-12-25T11:51:52.172063963Z 87 PC: 12c24 | Get or set file date and time
2018-12-25T11:51:52.17374941Z 62 PC: 12c28 | Close file
2018-12-25T11:51:52.182906708Z 67 PC: 12c34 | Get or set file attributes
2018-12-25T11:51:52.188068751Z 79 PC: 12be1 | Find next file
2018-12-25T11:51:52.191211667Z 67 PC: 12bad | Get or set file attributes (See above)
2018-12-25T11:51:52.202856551Z 61 PC: 12bb2 | Open file (See above)
2018-12-25T11:51:52.21061414Z 63 PC: 12bc1 | Read file or device (See above)
2018-12-25T11:51:52.218634487Z 62 PC: 12bec | Close file (See above)
2018-12-25T11:51:52.221992318Z 61 PC: 12bf4 | Open file (See above)
2018-12-25T11:51:52.22971147Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:51:52.238869404Z 87 PC: 12c24 | Get or set file date and time (See above)
2018-12-25T11:51:52.241020278Z 62 PC: 12c28 | Close file (See above)
2018-12-25T11:51:52.249343492Z 67 PC: 12c34 | Get or set file attributes (See above)
2018-12-25T11:51:52.254454941Z 79 PC: 12be1 | Find next file (See above)
2018-12-25T11:51:52.257839066Z 67 PC: 12bad | Get or set file attributes (See above)
2018-12-25T11:51:52.268565018Z 61 PC: 12bb2 | Open file (See above)
2018-12-25T11:51:52.281748824Z 63 PC: 12bc1 | Read file or device (See above)
2018-12-25T11:51:52.289176055Z 62 PC: 12bec | Close file (See above)
2018-12-25T11:51:52.291319648Z 61 PC: 12bf4 | Open file (See above)
2018-12-25T11:51:52.298858294Z 64 PC: 12a5a | Write file or device (See above)
2018-12-25T11:51:52.307878455Z 87 PC: 12c24 | Get or set file date and time (See above)
2018-12-25T11:51:52.309638494Z 62 PC: 12c28 | Close file (See above)
2018-12-25T11:51:52.317928737Z 67 PC: 12c34 | Get or set file attributes (See above)
2018-12-25T11:51:52.322921477Z 9 PC: 12c6c | Display string (String= 'Program too big to fit in memory ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4444,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:52.045185355Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:51:52.052797243Z 41 PC: 94fae | Parse filename
2018-12-25T11:51:52.057938018Z 41 PC: 9502f | Parse filename
2018-12-25T11:51:52.059626514Z 41 PC: 9504c | Parse filename
2018-12-25T11:51:52.061294751Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T11:51:52.064233269Z 71 PC: 986f3 | Get current directory
2018-12-25T11:51:52.067532473Z 78 PC: 986fe | Find first file
2018-12-25T11:51:52.074238608Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:51:52.076776295Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:51:52.086336027Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:51:52.089430745Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:51:52.091018869Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:51:52.09191352Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:52.09289681Z 62 PC: 122ab | Close file
2018-12-25T11:51:52.094709961Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.09621302Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.097782546Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.101460986Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.103170403Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.104634727Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.10623117Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.108074874Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.109655521Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.111930114Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.114441145Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.116005006Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.117531027Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.122179108Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:51:52.124241401Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T11:51:52.12552323Z 56 PC: 94df9 | Get or set country info
2018-12-25T11:51:52.12809943Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:51:52.133033111Z 25 PC: 94e62 | Get default drive
2018-12-25T11:51:52.134758906Z 71 PC: 970dd | Get current directory
2018-12-25T11:51:52.140205378Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:51:52.143517612Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T11:51:52.145814082Z 93 PC: 94f20 | File sharing functions
2018-12-25T11:51:52.147614197Z 93 PC: 94f27 | File sharing functions
2018-12-25T11:51:52.160568082Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T11:52:07.091070868Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:52:08.446144626Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:52:08.548829875Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:52:08.555437495Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T11:52:08.558921089Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T11:52:08.562518018Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T11:52:08.567755233Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T11:52:08.570410181Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:52:08.579324978Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:52:08.589764794Z 71 PC: 9856c | Get current directory
2018-12-25T11:52:08.594081505Z 73 PC: 97c09 | Release memory
2018-12-25T11:52:08.595808464Z 75 PC: 11821 | Execute program
2018-12-25T11:52:08.611116087Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T11:52:08.617819763Z 76 PC: 12a4b | Terminate with return code (Return code = '36')