Sample viewer

vx.netlux.org/Virus.DOS.Leo.3948

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:40:07.374683838Z	26	PC: 12a6d \| Set disk transfer address
2018-12-17T22:40:07.377140312Z	71	PC: 12a77 \| Get current directory
2018-12-17T22:40:07.380279358Z	59	PC: 12a80 \| Change current directory
2018-12-17T22:40:07.383695474Z	78	PC: 12a8c \| Find first file
2018-12-17T22:40:07.389083795Z	79	PC: 12a98 \| Find next file
2018-12-17T22:40:07.392439708Z	59	PC: 12aa9 \| Change current directory
2018-12-17T22:40:07.398024657Z	47	PC: 12aad \| Get disk transfer address
2018-12-17T22:40:07.399156163Z	26	PC: 12abe \| Set disk transfer address
2018-12-17T22:40:07.400954771Z	78	PC: 12aca \| Find first file
2018-12-17T22:40:07.410599246Z	47	PC: 12af7 \| Get disk transfer address
2018-12-17T22:40:07.411907834Z	47	PC: 12b06 \| Get disk transfer address
2018-12-17T22:40:07.414603497Z	61	PC: 12b0b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:40:07.427246353Z	63	PC: 12b1b \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:07.4359814Z	66	PC: 12b26 \| Move file pointer
2018-12-17T22:40:07.438604878Z	66	PC: 12b3d \| Move file pointer
2018-12-17T22:40:07.440441477Z	63	PC: 12b49 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:40:07.444707339Z	66	PC: 12b79 \| Move file pointer
2018-12-17T22:40:07.447746487Z	64	PC: 12b87 \| Write file or device (Write 3948 bytes on handle 5)
2018-12-17T22:40:07.464489966Z	66	PC: 12b90 \| Move file pointer
2018-12-17T22:40:07.466618093Z	64	PC: 12b9c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:40:07.47461346Z	62	PC: 12ba0 \| Close file
2018-12-17T22:40:07.486408845Z	42	PC: 12ba4 \| Get date 0x12ba4: cmp dh, 0xc 0x12ba7: jne 0x12bc3 0x12ba9: cmp dl, 0x1f 0x12bac: jne 0x12bc3 0x12bae: mov si, 0x191 0x12bb1: add si, bp 0x12bb3: mov ax, 0xb800 0x12bb6: mov es, ax 0x12bb8: xor di, di 0x12bba: mov cx, 0x690 0x12bbd: rep movsd dword ptr es:[di], dword ptr [si] 0x12bbf: mov ah, 1 0x12bc1: int 0x21 0x12bc3: mov ah, 0x3b 0x12bc5: mov dx, 0xf4a 0x12bc8: add dx, bp 0x12bca: int 0x21 0x12bcc: mov ah, 0x3b 0x12bce: mov dx, word ptr [bp + 0xeb1] 0x12bd2: int 0x21
2018-12-17T22:40:07.4904689Z	59	PC: 12bcc \| Change current directory
2018-12-17T22:40:07.496576572Z	59	PC: 12bd4 \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6930,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:40.226220346Z	26	PC: 12a6d \| Set disk transfer address
2018-12-25T12:00:40.228161787Z	71	PC: 12a77 \| Get current directory
2018-12-25T12:00:40.231171785Z	59	PC: 12a80 \| Change current directory
2018-12-25T12:00:40.235195784Z	78	PC: 12a8c \| Find first file
2018-12-25T12:00:40.242116261Z	79	PC: 12a98 \| Find next file
2018-12-25T12:00:40.244616189Z	59	PC: 12aa9 \| Change current directory
2018-12-25T12:00:40.25029762Z	47	PC: 12aad \| Get disk transfer address
2018-12-25T12:00:40.252283927Z	26	PC: 12abe \| Set disk transfer address
2018-12-25T12:00:40.253595409Z	78	PC: 12aca \| Find first file
2018-12-25T12:00:40.263479836Z	47	PC: 12af7 \| Get disk transfer address
2018-12-25T12:00:40.264940278Z	47	PC: 12b06 \| Get disk transfer address
2018-12-25T12:00:40.265923067Z	61	PC: 12b0b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:40.276891855Z	63	PC: 12b1b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:40.284309455Z	66	PC: 12b26 \| Move file pointer
2018-12-25T12:00:40.285669988Z	66	PC: 12b3d \| Move file pointer
2018-12-25T12:00:40.286968488Z	63	PC: 12b49 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:00:40.290222905Z	66	PC: 12b79 \| Move file pointer
2018-12-25T12:00:40.291885239Z	64	PC: 12b87 \| Write file or device (Write 3948 bytes on handle 5)
2018-12-25T12:00:40.49687255Z	66	PC: 12b90 \| Move file pointer
2018-12-25T12:00:40.499594897Z	64	PC: 12b9c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:40.507734447Z	62	PC: 12ba0 \| Close file
2018-12-25T12:00:40.516142326Z	42	PC: 12ba4 \| Get date 0x12ba4: cmp dh, 0xc 0x12ba7: jne 0x12bc3 0x12ba9: cmp dl, 0x1f 0x12bac: jne 0x12bc3 0x12bae: mov si, 0x191 0x12bb1: add si, bp 0x12bb3: mov ax, 0xb800 0x12bb6: mov es, ax 0x12bb8: xor di, di 0x12bba: mov cx, 0x690 0x12bbd: rep movsd dword ptr es:[di], dword ptr [si] 0x12bbf: mov ah, 1 0x12bc1: int 0x21 0x12bc3: mov ah, 0x3b 0x12bc5: mov dx, 0xf4a 0x12bc8: add dx, bp 0x12bca: int 0x21 0x12bcc: mov ah, 0x3b 0x12bce: mov dx, word ptr [bp + 0xeb1] 0x12bd2: int 0x21
2018-12-25T12:00:40.518708938Z	59	PC: 12bcc \| Change current directory
2018-12-25T12:00:40.524766656Z	59	PC: 12bd4 \| Change current directory

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6930,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:40.224219317Z	26	PC: 12a6d \| Set disk transfer address
2018-12-25T12:00:40.225673231Z	71	PC: 12a77 \| Get current directory
2018-12-25T12:00:40.227540752Z	59	PC: 12a80 \| Change current directory
2018-12-25T12:00:40.230146303Z	78	PC: 12a8c \| Find first file
2018-12-25T12:00:40.234018399Z	79	PC: 12a98 \| Find next file
2018-12-25T12:00:40.236045808Z	59	PC: 12aa9 \| Change current directory
2018-12-25T12:00:40.242154678Z	47	PC: 12aad \| Get disk transfer address
2018-12-25T12:00:40.243644173Z	26	PC: 12abe \| Set disk transfer address
2018-12-25T12:00:40.245560264Z	78	PC: 12aca \| Find first file
2018-12-25T12:00:40.257137194Z	47	PC: 12af7 \| Get disk transfer address
2018-12-25T12:00:40.258562034Z	47	PC: 12b06 \| Get disk transfer address
2018-12-25T12:00:40.260499003Z	61	PC: 12b0b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:40.271934375Z	63	PC: 12b1b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:40.278246391Z	66	PC: 12b26 \| Move file pointer
2018-12-25T12:00:40.2805605Z	66	PC: 12b3d \| Move file pointer
2018-12-25T12:00:40.282116042Z	63	PC: 12b49 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:00:40.285489462Z	66	PC: 12b79 \| Move file pointer
2018-12-25T12:00:40.287661967Z	64	PC: 12b87 \| Write file or device (Write 3948 bytes on handle 5)
2018-12-25T12:00:40.495924161Z	66	PC: 12b90 \| Move file pointer
2018-12-25T12:00:40.498464723Z	64	PC: 12b9c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:40.505390754Z	62	PC: 12ba0 \| Close file
2018-12-25T12:00:40.513564033Z	42	PC: 12ba4 \| Get date 0x12ba4: cmp dh, 0xc 0x12ba7: jne 0x12bc3 0x12ba9: cmp dl, 0x1f 0x12bac: jne 0x12bc3 0x12bae: mov si, 0x191 0x12bb1: add si, bp 0x12bb3: mov ax, 0xb800 0x12bb6: mov es, ax 0x12bb8: xor di, di 0x12bba: mov cx, 0x690 0x12bbd: rep movsd dword ptr es:[di], dword ptr [si] 0x12bbf: mov ah, 1 0x12bc1: int 0x21 0x12bc3: mov ah, 0x3b 0x12bc5: mov dx, 0xf4a 0x12bc8: add dx, bp 0x12bca: int 0x21 0x12bcc: mov ah, 0x3b 0x12bce: mov dx, word ptr [bp + 0xeb1] 0x12bd2: int 0x21
2018-12-25T12:00:40.516107911Z	59	PC: 12bcc \| Change current directory
2018-12-25T12:00:40.520971985Z	59	PC: 12bd4 \| Change current directory

{"DateBased":true,"Day":31,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6930,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:41.807922946Z	26	PC: 12a6d \| Set disk transfer address
2018-12-25T12:00:41.809687376Z	71	PC: 12a77 \| Get current directory
2018-12-25T12:00:41.812343519Z	59	PC: 12a80 \| Change current directory
2018-12-25T12:00:41.816327058Z	78	PC: 12a8c \| Find first file
2018-12-25T12:00:41.822423594Z	79	PC: 12a98 \| Find next file
2018-12-25T12:00:41.825155111Z	59	PC: 12aa9 \| Change current directory
2018-12-25T12:00:41.83064929Z	47	PC: 12aad \| Get disk transfer address
2018-12-25T12:00:41.8317789Z	26	PC: 12abe \| Set disk transfer address
2018-12-25T12:00:41.833176062Z	78	PC: 12aca \| Find first file
2018-12-25T12:00:41.844244785Z	47	PC: 12af7 \| Get disk transfer address
2018-12-25T12:00:41.845039752Z	47	PC: 12b06 \| Get disk transfer address
2018-12-25T12:00:41.846970682Z	61	PC: 12b0b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:41.858456712Z	63	PC: 12b1b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:41.864914615Z	66	PC: 12b26 \| Move file pointer
2018-12-25T12:00:41.867042559Z	66	PC: 12b3d \| Move file pointer
2018-12-25T12:00:41.868381229Z	63	PC: 12b49 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:00:41.870779296Z	66	PC: 12b79 \| Move file pointer
2018-12-25T12:00:41.872381592Z	64	PC: 12b87 \| Write file or device (Write 3948 bytes on handle 5)
2018-12-25T12:00:41.886855799Z	66	PC: 12b90 \| Move file pointer
2018-12-25T12:00:41.888311544Z	64	PC: 12b9c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:41.89509308Z	62	PC: 12ba0 \| Close file
2018-12-25T12:00:41.902834808Z	42	PC: 12ba4 \| Get date 0x12ba4: cmp dh, 0xc 0x12ba7: jne 0x12bc3 0x12ba9: cmp dl, 0x1f 0x12bac: jne 0x12bc3 0x12bae: mov si, 0x191 0x12bb1: add si, bp 0x12bb3: mov ax, 0xb800 0x12bb6: mov es, ax 0x12bb8: xor di, di 0x12bba: mov cx, 0x690 0x12bbd: rep movsd dword ptr es:[di], dword ptr [si] 0x12bbf: mov ah, 1 0x12bc1: int 0x21 0x12bc3: mov ah, 0x3b 0x12bc5: mov dx, 0xf4a 0x12bc8: add dx, bp 0x12bca: int 0x21 0x12bcc: mov ah, 0x3b 0x12bce: mov dx, word ptr [bp + 0xeb1] 0x12bd2: int 0x21
2018-12-25T12:00:41.905593603Z	1	PC: 12bc3 \| Character input