Sample viewer

vx.netlux.org/Virus.DOS.Ionkin.231

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:07.922849529Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:07.926050223Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:07.93338519Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:07.940977453Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:07.948713293Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:07.950760436Z	62	PC: 16931 \| Close file
2018-12-17T22:52:07.952982701Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:07.955757589Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:07.963519036Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:07.973670166Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:07.976743925Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:07.978617135Z	62	PC: 16931 \| Close file
2018-12-17T22:52:07.981348795Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:07.983915111Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:07.992694791Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.000085015Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.003204168Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.008543993Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.010738994Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.01362818Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.022089831Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.030236368Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.032678302Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.035261384Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.036946494Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.038925548Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.043872379Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.051641137Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.054599186Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.056593334Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.06067152Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.063551928Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.068165791Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.073696816Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.07582429Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.076911017Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.079083369Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.081527474Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.085718687Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.09067949Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.092605143Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.094241947Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.096211632Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.097871649Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.101992386Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.107048232Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.109193752Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.110463048Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.112495767Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.114222576Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.11829594Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.123331446Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.12588317Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.127981705Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.131102067Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.134183775Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.14107671Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.148794281Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.152381543Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.153919666Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.155565074Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.158860013Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.164227489Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.170070761Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.172977612Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.174458678Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.176248394Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.179681358Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.185862465Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.190276897Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.192936873Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.194190382Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.195833096Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.198056472Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.202627969Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.207319104Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.209814514Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.212418587Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.214630518Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.216963162Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.22215583Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.229257316Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.231857843Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.233047726Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.235467996Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.238626789Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.248947839Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.256018704Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.258661087Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.260140852Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.264399547Z	44	PC: 16892 \| Get time 0x16892: mov ah, dh 0x16894: shr ah, 1 0x16896: add ah, 0x41 0x16899: lea dx, word ptr [bp + 0xe] 0x1689c: mov bx, dx 0x1689e: mov byte ptr [bx], ah 0x168a0: mov cx, 0x20 0x168a3: mov ah, 0x4e 0x168a5: int 0x21 0x168a7: jae 0x168ac 0x168a9: jmp 0x1693f 0x168ac: mov dx, 0x9e 0x168af: mov ah, 0x3d 0x168b1: mov al, 2 0x168b3: int 0x21 0x168b5: jae 0x168ba 0x168b7: jmp 0x1693f 0x168ba: push ax 0x168bb: mov bx, ax 0x168bd: mov ah, 0x3f
2018-12-17T22:52:08.267072995Z	78	PC: 168a7 \| Find first file
2018-12-17T22:52:08.271957061Z	61	PC: 168b5 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:08.277961882Z	63	PC: 168c7 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:52:08.281373653Z	66	PC: 168f0 \| Move file pointer
2018-12-17T22:52:08.283437646Z	62	PC: 16931 \| Close file
2018-12-17T22:52:08.287685911Z	48	PC: 12dcf \| Get DOS version
2018-12-17T22:52:08.289194494Z	9	PC: 12ddd \| Display string (Could not find end pointer)