Sample viewer

vx.netlux.org/Virus.DOS.Stink.1254.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:13.639547238Z	53	PC: 12fb0 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:13.641609956Z	53	PC: 12f9c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:13.643553168Z	78	PC: 13058 \| Find first file
2018-12-17T22:50:13.652350774Z	47	PC: 13062 \| Get disk transfer address
2018-12-17T22:50:13.654076351Z	67	PC: 130be \| Get or set file attributes
2018-12-17T22:50:13.660828424Z	67	PC: 130d0 \| Get or set file attributes
2018-12-17T22:50:13.679525197Z	61	PC: 130ed \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:13.687315737Z	66	PC: 13104 \| Move file pointer
2018-12-17T22:50:13.689242733Z	63	PC: 13112 \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:50:13.701342748Z	87	PC: 1325c \| Get or set file date and time
2018-12-17T22:50:13.703116495Z	66	PC: 13149 \| Move file pointer
2018-12-17T22:50:13.705065402Z	66	PC: 131b2 \| Move file pointer
2018-12-17T22:50:13.707507301Z	63	PC: 131c0 \| Read file or device (Read 259 bytes on handle 5)
2018-12-17T22:50:13.716618102Z	66	PC: 13149 \| Move file pointer
2018-12-17T22:50:13.718652628Z	64	PC: 131d1 \| Write file or device (Write 259 bytes on handle 5)
2018-12-17T22:50:13.72865364Z	66	PC: 13149 \| Move file pointer
2018-12-17T22:50:13.730943507Z	66	PC: 131fb \| Move file pointer
2018-12-17T22:50:13.733117551Z	64	PC: 13224 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:13.742049219Z	66	PC: 13193 \| Move file pointer
2018-12-17T22:50:13.744952955Z	64	PC: 131a1 \| Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:50:13.748420265Z	66	PC: 13149 \| Move file pointer
2018-12-17T22:50:13.750794876Z	64	PC: 13174 \| Write file or device (Write 995 bytes on handle 5)
2018-12-17T22:50:13.761467029Z	87	PC: 13251 \| Get or set file date and time
2018-12-17T22:50:13.763711324Z	62	PC: 1322d \| Close file
2018-12-17T22:50:13.786325219Z	67	PC: 1323e \| Get or set file attributes
2018-12-17T22:50:13.798857749Z	44	PC: 13016 \| Get time 0x13016: cmp dh, cl 0x13018: jne 0x1301d 0x1301a: call 0x22fe1 0x1301d: ret 0x1301e: mov si, 0xfb00 0x13021: mov di, 0x80 0x13024: mov cx, 0x80 0x13027: cld 0x13028: rep movsb byte ptr es:[di], byte ptr [si] 0x1302a: ret 0x1302b: mov bx, word ptr [0x189] 0x1302f: mov word ptr [0x187], bx 0x13033: mov bx, word ptr [0x176] 0x13037: mov word ptr [0x174], bx 0x1303b: ret 0x1303c: mov ax, word ptr [0x174] 0x1303f: mov si, ax 0x13041: mov di, 0x100 0x13044: mov cx, 0x103 0x13047: cld
2018-12-17T22:50:13.802398785Z	53	PC: 12f79 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:13.804518422Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10153,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:20.345212297Z	53	PC: 12fb0 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:20.346966133Z	53	PC: 12f9c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:20.348389412Z	78	PC: 13058 \| Find first file
2018-12-25T12:27:20.354943073Z	47	PC: 13062 \| Get disk transfer address
2018-12-25T12:27:20.356620884Z	67	PC: 130be \| Get or set file attributes
2018-12-25T12:27:20.362792664Z	67	PC: 130d0 \| Get or set file attributes
2018-12-25T12:27:20.383322822Z	61	PC: 130ed \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:20.390663087Z	66	PC: 13104 \| Move file pointer
2018-12-25T12:27:20.392477771Z	63	PC: 13112 \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:27:20.399453548Z	87	PC: 1325c \| Get or set file date and time
2018-12-25T12:27:20.400914512Z	66	PC: 13149 \| Move file pointer
2018-12-25T12:27:20.402529556Z	66	PC: 131b2 \| Move file pointer
2018-12-25T12:27:20.403908718Z	63	PC: 131c0 \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:27:20.406487801Z	66	PC: 13149 \| Move file pointer (See above)
2018-12-25T12:27:20.4149488Z	64	PC: 131d1 \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:27:20.423551624Z	66	PC: 13149 \| Move file pointer (See above)
2018-12-25T12:27:20.424823258Z	66	PC: 131fb \| Move file pointer
2018-12-25T12:27:20.426506441Z	64	PC: 13224 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:20.433950909Z	66	PC: 13193 \| Move file pointer
2018-12-25T12:27:20.435349191Z	64	PC: 131a1 \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:27:20.438478592Z	66	PC: 13149 \| Move file pointer (See above)
2018-12-25T12:27:20.4399542Z	64	PC: 13174 \| Write file or device (Write 995 bytes on handle 5)
2018-12-25T12:27:20.449043718Z	87	PC: 13251 \| Get or set file date and time
2018-12-25T12:27:20.451575733Z	62	PC: 1322d \| Close file
2018-12-25T12:27:20.460406188Z	67	PC: 1323e \| Get or set file attributes
2018-12-25T12:27:20.471134735Z	44	PC: 13016 \| Get time 0x13016: cmp dh, cl 0x13018: jne 0x1301d 0x1301a: call 0x22fe1 0x1301d: ret 0x1301e: mov si, 0xfb00 0x13021: mov di, 0x80 0x13024: mov cx, 0x80 0x13027: cld 0x13028: rep movsb byte ptr es:[di], byte ptr [si] 0x1302a: ret 0x1302b: mov bx, word ptr [0x189] 0x1302f: mov word ptr [0x187], bx 0x13033: mov bx, word ptr [0x176] 0x13037: mov word ptr [0x174], bx 0x1303b: ret 0x1303c: mov ax, word ptr [0x174] 0x1303f: mov si, ax 0x13041: mov di, 0x100 0x13044: mov cx, 0x103 0x13047: cld
2018-12-25T12:27:20.473378285Z	53	PC: 12f79 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:20.475122403Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10153,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:20.42915899Z	53	PC: 12fb0 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:20.439455383Z	53	PC: 12f9c \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:20.440846354Z	78	PC: 13058 \| Find first file
2018-12-25T12:27:20.455280725Z	47	PC: 13062 \| Get disk transfer address
2018-12-25T12:27:20.457744001Z	67	PC: 130be \| Get or set file attributes
2018-12-25T12:27:20.464999769Z	67	PC: 130d0 \| Get or set file attributes
2018-12-25T12:27:20.483804971Z	61	PC: 130ed \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:20.491292945Z	66	PC: 13104 \| Move file pointer
2018-12-25T12:27:20.493012157Z	63	PC: 13112 \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:27:20.499511307Z	87	PC: 1325c \| Get or set file date and time
2018-12-25T12:27:20.502007199Z	66	PC: 13149 \| Move file pointer
2018-12-25T12:27:20.50367118Z	66	PC: 131b2 \| Move file pointer
2018-12-25T12:27:20.505282668Z	63	PC: 131c0 \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:27:20.508215103Z	66	PC: 13149 \| Move file pointer (See above)
2018-12-25T12:27:20.510632251Z	64	PC: 131d1 \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:27:20.518636285Z	66	PC: 13149 \| Move file pointer (See above)
2018-12-25T12:27:20.52002205Z	66	PC: 131fb \| Move file pointer
2018-12-25T12:27:20.522948465Z	64	PC: 13224 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:20.529216986Z	66	PC: 13193 \| Move file pointer
2018-12-25T12:27:20.530531075Z	64	PC: 131a1 \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:27:20.534602575Z	66	PC: 13149 \| Move file pointer (See above)
2018-12-25T12:27:20.536409851Z	64	PC: 13174 \| Write file or device (Write 995 bytes on handle 5)
2018-12-25T12:27:20.545111449Z	87	PC: 13251 \| Get or set file date and time
2018-12-25T12:27:20.547781177Z	62	PC: 1322d \| Close file
2018-12-25T12:27:20.570810597Z	67	PC: 1323e \| Get or set file attributes
2018-12-25T12:27:20.577561981Z	44	PC: 13016 \| Get time 0x13016: cmp dh, cl 0x13018: jne 0x1301d 0x1301a: call 0x22fe1 0x1301d: ret 0x1301e: mov si, 0xfb00 0x13021: mov di, 0x80 0x13024: mov cx, 0x80 0x13027: cld 0x13028: rep movsb byte ptr es:[di], byte ptr [si] 0x1302a: ret 0x1302b: mov bx, word ptr [0x189] 0x1302f: mov word ptr [0x187], bx 0x13033: mov bx, word ptr [0x176] 0x13037: mov word ptr [0x174], bx 0x1303b: ret 0x1303c: mov ax, word ptr [0x174] 0x1303f: mov si, ax 0x13041: mov di, 0x100 0x13044: mov cx, 0x103 0x13047: cld
2018-12-25T12:27:20.585027582Z	53	PC: 12f79 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:20.586201282Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')