Sample viewer

vx.netlux.org/Virus.DOS.Stink.1273.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:27.372146889Z	53	PC: 13f91 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:27.374251212Z	53	PC: 13fdf \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:27.375637456Z	78	PC: 14076 \| Find first file
2018-12-17T22:54:27.383020856Z	47	PC: 14091 \| Get disk transfer address
2018-12-17T22:54:27.384542136Z	67	PC: 140c2 \| Get or set file attributes
2018-12-17T22:54:27.391697841Z	67	PC: 140d4 \| Get or set file attributes
2018-12-17T22:54:27.692334248Z	61	PC: 140f1 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:27.700525243Z	66	PC: 14139 \| Move file pointer
2018-12-17T22:54:27.703040838Z	63	PC: 14147 \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:54:27.710143105Z	87	PC: 14282 \| Get or set file date and time
2018-12-17T22:54:27.711750579Z	66	PC: 1408c \| Move file pointer
2018-12-17T22:54:27.714435461Z	66	PC: 141e7 \| Move file pointer
2018-12-17T22:54:27.716055182Z	63	PC: 141f5 \| Read file or device (Read 259 bytes on handle 5)
2018-12-17T22:54:27.719076752Z	66	PC: 1408c \| Move file pointer
2018-12-17T22:54:27.721637822Z	64	PC: 14206 \| Write file or device (Write 259 bytes on handle 5)
2018-12-17T22:54:27.730385409Z	66	PC: 1408c \| Move file pointer
2018-12-17T22:54:27.731922646Z	66	PC: 1421d \| Move file pointer
2018-12-17T22:54:27.734133822Z	64	PC: 14246 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:54:27.741912602Z	66	PC: 141c8 \| Move file pointer
2018-12-17T22:54:27.743421155Z	64	PC: 141d6 \| Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:54:27.746740023Z	66	PC: 1408c \| Move file pointer
2018-12-17T22:54:27.748390339Z	64	PC: 141a9 \| Write file or device (Write 1014 bytes on handle 5)
2018-12-17T22:54:27.757622582Z	87	PC: 14259 \| Get or set file date and time
2018-12-17T22:54:27.759783205Z	62	PC: 14262 \| Close file
2018-12-17T22:54:27.768738549Z	67	PC: 14273 \| Get or set file attributes
2018-12-17T22:54:27.779571974Z	44	PC: 13fc6 \| Get time 0x13fc6: cmp ch, cl 0x13fc8: jne 0x13fcd 0x13fca: call 0x1400a 0x13fcd: nop 0x13fce: ret 0x13fcf: int 0x13 0x13fd1: push es 0x13fd2: push ds 0x13fd3: pushaw 0x13fd4: push cs 0x13fd5: pop cx 0x13fd6: mov dx, 4 0x13fd9: mov ah, 0x35 0x13fdb: mov al, 0x24 0x13fdd: int 0x21 0x13fdf: push es 0x13fe0: pop ds 0x13fe1: mov word ptr [bx + 2], dx 0x13fe4: mov word ptr [bx], cx 0x13fe6: popaw
2018-12-17T22:54:27.781941593Z	53	PC: 13faf \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:54:27.783519412Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:54:27.789785631Z	0	PC: 12a89 \| Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11555,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:50.34269307Z	53	PC: 13f91 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:50.344979415Z	53	PC: 13fdf \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:50.346435053Z	78	PC: 14076 \| Find first file
2018-12-25T12:30:50.352942008Z	47	PC: 14091 \| Get disk transfer address
2018-12-25T12:30:50.35465772Z	67	PC: 140c2 \| Get or set file attributes
2018-12-25T12:30:50.36107619Z	67	PC: 140d4 \| Get or set file attributes
2018-12-25T12:30:50.379558455Z	61	PC: 140f1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:50.387704755Z	66	PC: 14139 \| Move file pointer
2018-12-25T12:30:50.390015186Z	63	PC: 14147 \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:30:50.397371979Z	87	PC: 14282 \| Get or set file date and time
2018-12-25T12:30:50.399050192Z	66	PC: 1408c \| Move file pointer
2018-12-25T12:30:50.401742043Z	66	PC: 141e7 \| Move file pointer
2018-12-25T12:30:50.403344822Z	63	PC: 141f5 \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:30:50.406340901Z	66	PC: 1408c \| Move file pointer (See above)
2018-12-25T12:30:50.408854323Z	64	PC: 14206 \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:30:50.421169946Z	66	PC: 1408c \| Move file pointer (See above)
2018-12-25T12:30:50.422597254Z	66	PC: 1421d \| Move file pointer
2018-12-25T12:30:50.424524424Z	64	PC: 14246 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:50.429738441Z	66	PC: 141c8 \| Move file pointer
2018-12-25T12:30:50.430926414Z	64	PC: 141d6 \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:30:50.433541248Z	66	PC: 1408c \| Move file pointer (See above)
2018-12-25T12:30:50.434666823Z	64	PC: 141a9 \| Write file or device (Write 1014 bytes on handle 5)
2018-12-25T12:30:50.441117897Z	87	PC: 14259 \| Get or set file date and time
2018-12-25T12:30:50.449531852Z	62	PC: 14262 \| Close file
2018-12-25T12:30:50.461364425Z	67	PC: 14273 \| Get or set file attributes
2018-12-25T12:30:50.476220434Z	44	PC: 13fc6 \| Get time 0x13fc6: cmp ch, cl 0x13fc8: jne 0x13fcd 0x13fca: call 0x1400a 0x13fcd: nop 0x13fce: ret 0x13fcf: int 0x13 0x13fd1: push es 0x13fd2: push ds 0x13fd3: pushaw 0x13fd4: push cs 0x13fd5: pop cx 0x13fd6: mov dx, 4 0x13fd9: mov ah, 0x35 0x13fdb: mov al, 0x24 0x13fdd: int 0x21 0x13fdf: push es 0x13fe0: pop ds 0x13fe1: mov word ptr [bx + 2], dx 0x13fe4: mov word ptr [bx], cx 0x13fe6: popaw
2018-12-25T12:30:50.482258142Z	9	PC: 14031 \| Display string (String= ':' %!!:tni/:n:&'=n/;"n ;-%"' i')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":11555,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:50.436626339Z	53	PC: 13f91 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:50.439519988Z	53	PC: 13fdf \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:50.44120357Z	78	PC: 14076 \| Find first file
2018-12-25T12:30:50.448870221Z	47	PC: 14091 \| Get disk transfer address
2018-12-25T12:30:50.450673029Z	67	PC: 140c2 \| Get or set file attributes
2018-12-25T12:30:50.455961513Z	67	PC: 140d4 \| Get or set file attributes
2018-12-25T12:30:50.477204076Z	61	PC: 140f1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:50.486422535Z	66	PC: 14139 \| Move file pointer
2018-12-25T12:30:50.488958623Z	63	PC: 14147 \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:30:50.494202359Z	87	PC: 14282 \| Get or set file date and time
2018-12-25T12:30:50.49544537Z	66	PC: 1408c \| Move file pointer
2018-12-25T12:30:50.497781053Z	66	PC: 141e7 \| Move file pointer
2018-12-25T12:30:50.498995375Z	63	PC: 141f5 \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:30:50.500795702Z	66	PC: 1408c \| Move file pointer (See above)
2018-12-25T12:30:50.502786537Z	64	PC: 14206 \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:30:50.512407032Z	66	PC: 1408c \| Move file pointer (See above)
2018-12-25T12:30:50.514532677Z	66	PC: 1421d \| Move file pointer
2018-12-25T12:30:50.520076769Z	64	PC: 14246 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:50.527527485Z	66	PC: 141c8 \| Move file pointer
2018-12-25T12:30:50.529352428Z	64	PC: 141d6 \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:30:50.534008755Z	66	PC: 1408c \| Move file pointer (See above)
2018-12-25T12:30:50.536093602Z	64	PC: 141a9 \| Write file or device (Write 1014 bytes on handle 5)
2018-12-25T12:30:50.546029728Z	87	PC: 14259 \| Get or set file date and time
2018-12-25T12:30:50.548394182Z	62	PC: 14262 \| Close file
2018-12-25T12:30:50.563250345Z	67	PC: 14273 \| Get or set file attributes
2018-12-25T12:30:50.588315905Z	44	PC: 13fc6 \| Get time 0x13fc6: cmp ch, cl 0x13fc8: jne 0x13fcd 0x13fca: call 0x1400a 0x13fcd: nop 0x13fce: ret 0x13fcf: int 0x13 0x13fd1: push es 0x13fd2: push ds 0x13fd3: pushaw 0x13fd4: push cs 0x13fd5: pop cx 0x13fd6: mov dx, 4 0x13fd9: mov ah, 0x35 0x13fdb: mov al, 0x24 0x13fdd: int 0x21 0x13fdf: push es 0x13fe0: pop ds 0x13fe1: mov word ptr [bx + 2], dx 0x13fe4: mov word ptr [bx], cx 0x13fe6: popaw
2018-12-25T12:30:50.591242926Z	53	PC: 13faf \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:50.609076314Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:30:50.615349628Z	0	PC: 12a89 \| Program terminate