Sample viewer

vx.netlux.org/Virus.DOS.Stink.1251

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:07:32.947295548Z	53	PC: 12cc9 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:32.949630647Z	53	PC: 12cb5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:32.952073759Z	78	PC: 12d71 \| Find first file
2018-12-17T23:07:32.959370616Z	47	PC: 12d7b \| Get disk transfer address
2018-12-17T23:07:32.961049152Z	67	PC: 12dd7 \| Get or set file attributes
2018-12-17T23:07:32.968106047Z	67	PC: 12de9 \| Get or set file attributes
2018-12-17T23:07:32.985176365Z	61	PC: 12e06 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:32.992999811Z	66	PC: 12e1d \| Move file pointer
2018-12-17T23:07:32.995759228Z	63	PC: 12e2b \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T23:07:33.002966707Z	87	PC: 12f74 \| Get or set file date and time
2018-12-17T23:07:33.004765068Z	66	PC: 12eb9 \| Move file pointer
2018-12-17T23:07:33.007527901Z	66	PC: 12eca \| Move file pointer
2018-12-17T23:07:33.009666902Z	63	PC: 12ed8 \| Read file or device (Read 259 bytes on handle 5)
2018-12-17T23:07:33.013929595Z	66	PC: 12eb9 \| Move file pointer
2018-12-17T23:07:33.029060247Z	64	PC: 12ee9 \| Write file or device (Write 259 bytes on handle 5)
2018-12-17T23:07:33.038506534Z	66	PC: 12eb9 \| Move file pointer
2018-12-17T23:07:33.040395204Z	66	PC: 12f13 \| Move file pointer
2018-12-17T23:07:33.042219694Z	64	PC: 12f3c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:33.050122499Z	66	PC: 12e9a \| Move file pointer
2018-12-17T23:07:33.051899019Z	64	PC: 12ea8 \| Write file or device (Write 256 bytes on handle 5)
2018-12-17T23:07:33.054968498Z	66	PC: 12eb9 \| Move file pointer
2018-12-17T23:07:33.06044302Z	64	PC: 12e7b \| Write file or device (Write 995 bytes on handle 5)
2018-12-17T23:07:33.079595161Z	87	PC: 12f69 \| Get or set file date and time
2018-12-17T23:07:33.081324552Z	62	PC: 12f45 \| Close file
2018-12-17T23:07:33.091933835Z	67	PC: 12f56 \| Get or set file attributes
2018-12-17T23:07:33.10323006Z	44	PC: 12d2f \| Get time 0x12d2f: cmp dh, cl 0x12d31: jne 0x12d36 0x12d33: call 0x22cfa 0x12d36: ret 0x12d37: mov si, 0xfb00 0x12d3a: mov di, 0x80 0x12d3d: mov cx, 0x80 0x12d40: cld 0x12d41: rep movsb byte ptr es:[di], byte ptr [si] 0x12d43: ret 0x12d44: mov bx, word ptr [0x189] 0x12d48: mov word ptr [0x187], bx 0x12d4c: mov bx, word ptr [0x176] 0x12d50: mov word ptr [0x174], bx 0x12d54: ret 0x12d55: mov ax, word ptr [0x174] 0x12d58: mov si, ax 0x12d5a: mov di, 0x100 0x12d5d: mov cx, 0x103 0x12d60: cld
2018-12-17T23:07:33.105749125Z	53	PC: 12c94 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:33.111503191Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15898,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:51.322303455Z	53	PC: 12cc9 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:51.324667238Z	53	PC: 12cb5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:51.32622099Z	78	PC: 12d71 \| Find first file
2018-12-25T12:44:51.332537538Z	47	PC: 12d7b \| Get disk transfer address
2018-12-25T12:44:51.333691795Z	67	PC: 12dd7 \| Get or set file attributes
2018-12-25T12:44:51.33989819Z	67	PC: 12de9 \| Get or set file attributes
2018-12-25T12:44:51.356539382Z	61	PC: 12e06 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:51.363885232Z	66	PC: 12e1d \| Move file pointer
2018-12-25T12:44:51.366061112Z	63	PC: 12e2b \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:44:51.373142949Z	87	PC: 12f74 \| Get or set file date and time
2018-12-25T12:44:51.375004521Z	66	PC: 12eb9 \| Move file pointer
2018-12-25T12:44:51.392156977Z	66	PC: 12eca \| Move file pointer
2018-12-25T12:44:51.393657928Z	63	PC: 12ed8 \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:44:51.396379622Z	66	PC: 12eb9 \| Move file pointer (See above)
2018-12-25T12:44:51.406904942Z	64	PC: 12ee9 \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:44:51.415706251Z	66	PC: 12eb9 \| Move file pointer (See above)
2018-12-25T12:44:51.417176156Z	66	PC: 12f13 \| Move file pointer
2018-12-25T12:44:51.418564309Z	64	PC: 12f3c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:51.426135847Z	66	PC: 12e9a \| Move file pointer
2018-12-25T12:44:51.427590127Z	64	PC: 12ea8 \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:44:51.430224958Z	66	PC: 12eb9 \| Move file pointer (See above)
2018-12-25T12:44:51.431922146Z	64	PC: 12e7b \| Write file or device (Write 995 bytes on handle 5)
2018-12-25T12:44:51.441090336Z	87	PC: 12f69 \| Get or set file date and time
2018-12-25T12:44:51.442513105Z	62	PC: 12f45 \| Close file
2018-12-25T12:44:51.451549632Z	67	PC: 12f56 \| Get or set file attributes
2018-12-25T12:44:51.46261012Z	44	PC: 12d2f \| Get time 0x12d2f: cmp dh, cl 0x12d31: jne 0x12d36 0x12d33: call 0x22cfa 0x12d36: ret 0x12d37: mov si, 0xfb00 0x12d3a: mov di, 0x80 0x12d3d: mov cx, 0x80 0x12d40: cld 0x12d41: rep movsb byte ptr es:[di], byte ptr [si] 0x12d43: ret 0x12d44: mov bx, word ptr [0x189] 0x12d48: mov word ptr [0x187], bx 0x12d4c: mov bx, word ptr [0x176] 0x12d50: mov word ptr [0x174], bx 0x12d54: ret 0x12d55: mov ax, word ptr [0x174] 0x12d58: mov si, ax 0x12d5a: mov di, 0x100 0x12d5d: mov cx, 0x103 0x12d60: cld
2018-12-25T12:44:51.46570348Z	53	PC: 12c94 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:51.468111254Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15898,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:51.711643144Z	53	PC: 12cc9 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:51.713480019Z	53	PC: 12cb5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:51.715032471Z	78	PC: 12d71 \| Find first file
2018-12-25T12:44:51.721107719Z	47	PC: 12d7b \| Get disk transfer address
2018-12-25T12:44:51.7232679Z	67	PC: 12dd7 \| Get or set file attributes
2018-12-25T12:44:51.72891946Z	67	PC: 12de9 \| Get or set file attributes
2018-12-25T12:44:51.744485671Z	61	PC: 12e06 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:51.751793989Z	66	PC: 12e1d \| Move file pointer
2018-12-25T12:44:51.753235264Z	63	PC: 12e2b \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:44:51.759512958Z	87	PC: 12f74 \| Get or set file date and time
2018-12-25T12:44:51.761134979Z	66	PC: 12eb9 \| Move file pointer
2018-12-25T12:44:51.762915187Z	66	PC: 12eca \| Move file pointer
2018-12-25T12:44:51.764112216Z	63	PC: 12ed8 \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:44:51.766523296Z	66	PC: 12eb9 \| Move file pointer (See above)
2018-12-25T12:44:51.76799174Z	64	PC: 12ee9 \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:44:51.77576193Z	66	PC: 12eb9 \| Move file pointer (See above)
2018-12-25T12:44:51.776975345Z	66	PC: 12f13 \| Move file pointer
2018-12-25T12:44:51.778587244Z	64	PC: 12f3c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:51.785276778Z	66	PC: 12e9a \| Move file pointer
2018-12-25T12:44:51.786442707Z	64	PC: 12ea8 \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:44:51.789473282Z	66	PC: 12eb9 \| Move file pointer (See above)
2018-12-25T12:44:51.791117316Z	64	PC: 12e7b \| Write file or device (Write 995 bytes on handle 5)
2018-12-25T12:44:51.799558479Z	87	PC: 12f69 \| Get or set file date and time
2018-12-25T12:44:51.801769132Z	62	PC: 12f45 \| Close file
2018-12-25T12:44:51.809413074Z	67	PC: 12f56 \| Get or set file attributes
2018-12-25T12:44:51.819339123Z	44	PC: 12d2f \| Get time 0x12d2f: cmp dh, cl 0x12d31: jne 0x12d36 0x12d33: call 0x22cfa 0x12d36: ret 0x12d37: mov si, 0xfb00 0x12d3a: mov di, 0x80 0x12d3d: mov cx, 0x80 0x12d40: cld 0x12d41: rep movsb byte ptr es:[di], byte ptr [si] 0x12d43: ret 0x12d44: mov bx, word ptr [0x189] 0x12d48: mov word ptr [0x187], bx 0x12d4c: mov bx, word ptr [0x176] 0x12d50: mov word ptr [0x174], bx 0x12d54: ret 0x12d55: mov ax, word ptr [0x174] 0x12d58: mov si, ax 0x12d5a: mov di, 0x100 0x12d5d: mov cx, 0x103 0x12d60: cld
2018-12-25T12:44:51.822645958Z	53	PC: 12c94 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:51.823976409Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')