Sample viewer

vx.netlux.org/Virus.DOS.Stink.1254.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:15.392445723Z	53	PC: 12fd3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:15.393699636Z	53	PC: 12fbf \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:15.395087517Z	78	PC: 1307b \| Find first file
2018-12-17T23:12:15.401224251Z	47	PC: 13085 \| Get disk transfer address
2018-12-17T23:12:15.402249441Z	67	PC: 130ea \| Get or set file attributes
2018-12-17T23:12:15.408838134Z	67	PC: 130fc \| Get or set file attributes
2018-12-17T23:12:15.426515029Z	61	PC: 13119 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:12:15.43375379Z	66	PC: 13130 \| Move file pointer
2018-12-17T23:12:15.43563482Z	63	PC: 1313e \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T23:12:15.442612211Z	87	PC: 13287 \| Get or set file date and time
2018-12-17T23:12:15.444010258Z	66	PC: 131cc \| Move file pointer
2018-12-17T23:12:15.445979452Z	66	PC: 131dd \| Move file pointer
2018-12-17T23:12:15.447494157Z	63	PC: 131eb \| Read file or device (Read 259 bytes on handle 5)
2018-12-17T23:12:15.450056731Z	66	PC: 131cc \| Move file pointer
2018-12-17T23:12:15.452083572Z	64	PC: 131fc \| Write file or device (Write 259 bytes on handle 5)
2018-12-17T23:12:15.460733173Z	66	PC: 131cc \| Move file pointer
2018-12-17T23:12:15.462402949Z	66	PC: 13226 \| Move file pointer
2018-12-17T23:12:15.464116433Z	64	PC: 1324f \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:15.472667833Z	66	PC: 131ad \| Move file pointer
2018-12-17T23:12:15.475751527Z	64	PC: 131bb \| Write file or device (Write 256 bytes on handle 5)
2018-12-17T23:12:15.480112021Z	66	PC: 131cc \| Move file pointer
2018-12-17T23:12:15.482649356Z	64	PC: 1318e \| Write file or device (Write 995 bytes on handle 5)
2018-12-17T23:12:15.492527824Z	87	PC: 1327c \| Get or set file date and time
2018-12-17T23:12:15.494645995Z	62	PC: 13258 \| Close file
2018-12-17T23:12:15.5047018Z	67	PC: 13269 \| Get or set file attributes
2018-12-17T23:12:15.515842612Z	44	PC: 13039 \| Get time 0x13039: cmp dh, cl 0x1303b: jne 0x13040 0x1303d: call 0x23004 0x13040: ret 0x13041: mov si, 0xfb00 0x13044: mov di, 0x80 0x13047: mov cx, 0x80 0x1304a: cld 0x1304b: rep movsb byte ptr es:[di], byte ptr [si] 0x1304d: ret 0x1304e: mov bx, word ptr [0x189] 0x13052: mov word ptr [0x187], bx 0x13056: mov bx, word ptr [0x176] 0x1305a: mov word ptr [0x174], bx 0x1305e: ret 0x1305f: mov ax, word ptr [0x174] 0x13062: mov si, ax 0x13064: mov di, 0x100 0x13067: mov cx, 0x103 0x1306a: cld
2018-12-17T23:12:15.518435825Z	53	PC: 12f9e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:15.527689196Z	76	PC: 12e51 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17457,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:50.194653895Z	53	PC: 12fd3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:50.196143375Z	53	PC: 12fbf \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:50.19719345Z	78	PC: 1307b \| Find first file
2018-12-25T12:55:50.202867401Z	47	PC: 13085 \| Get disk transfer address
2018-12-25T12:55:50.204428815Z	67	PC: 130ea \| Get or set file attributes
2018-12-25T12:55:50.209835129Z	67	PC: 130fc \| Get or set file attributes
2018-12-25T12:55:50.229932603Z	61	PC: 13119 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:50.236638969Z	66	PC: 13130 \| Move file pointer
2018-12-25T12:55:50.237919663Z	63	PC: 1313e \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:55:50.244001342Z	87	PC: 13287 \| Get or set file date and time
2018-12-25T12:55:50.246164815Z	66	PC: 131cc \| Move file pointer
2018-12-25T12:55:50.247761904Z	66	PC: 131dd \| Move file pointer
2018-12-25T12:55:50.249190938Z	63	PC: 131eb \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:55:50.251936353Z	66	PC: 131cc \| Move file pointer (See above)
2018-12-25T12:55:50.253982745Z	64	PC: 131fc \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:55:50.261620856Z	66	PC: 131cc \| Move file pointer (See above)
2018-12-25T12:55:50.262896197Z	66	PC: 13226 \| Move file pointer
2018-12-25T12:55:50.264752565Z	64	PC: 1324f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:50.270949193Z	66	PC: 131ad \| Move file pointer
2018-12-25T12:55:50.273277787Z	64	PC: 131bb \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:55:50.276478248Z	66	PC: 131cc \| Move file pointer (See above)
2018-12-25T12:55:50.277834296Z	64	PC: 1318e \| Write file or device (Write 995 bytes on handle 5)
2018-12-25T12:55:50.28913197Z	87	PC: 1327c \| Get or set file date and time
2018-12-25T12:55:50.291300676Z	62	PC: 13258 \| Close file
2018-12-25T12:55:50.299824231Z	67	PC: 13269 \| Get or set file attributes
2018-12-25T12:55:50.309510554Z	44	PC: 13039 \| Get time 0x13039: cmp dh, cl 0x1303b: jne 0x13040 0x1303d: call 0x23004 0x13040: ret 0x13041: mov si, 0xfb00 0x13044: mov di, 0x80 0x13047: mov cx, 0x80 0x1304a: cld 0x1304b: rep movsb byte ptr es:[di], byte ptr [si] 0x1304d: ret 0x1304e: mov bx, word ptr [0x189] 0x13052: mov word ptr [0x187], bx 0x13056: mov bx, word ptr [0x176] 0x1305a: mov word ptr [0x174], bx 0x1305e: ret 0x1305f: mov ax, word ptr [0x174] 0x13062: mov si, ax 0x13064: mov di, 0x100 0x13067: mov cx, 0x103 0x1306a: cld
2018-12-25T12:55:50.312127139Z	53	PC: 12f9e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:50.313556893Z	76	PC: 12e51 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":17457,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:50.212904624Z	53	PC: 12fd3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:50.217416501Z	53	PC: 12fbf \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:50.2189841Z	78	PC: 1307b \| Find first file
2018-12-25T12:55:50.22677208Z	47	PC: 13085 \| Get disk transfer address
2018-12-25T12:55:50.228959721Z	67	PC: 130ea \| Get or set file attributes
2018-12-25T12:55:50.23605197Z	67	PC: 130fc \| Get or set file attributes
2018-12-25T12:55:50.256318827Z	61	PC: 13119 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:50.263730958Z	66	PC: 13130 \| Move file pointer
2018-12-25T12:55:50.26589508Z	63	PC: 1313e \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:55:50.273236967Z	87	PC: 13287 \| Get or set file date and time
2018-12-25T12:55:50.274874812Z	66	PC: 131cc \| Move file pointer
2018-12-25T12:55:50.277070755Z	66	PC: 131dd \| Move file pointer
2018-12-25T12:55:50.278645511Z	63	PC: 131eb \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:55:50.28128725Z	66	PC: 131cc \| Move file pointer (See above)
2018-12-25T12:55:50.288808924Z	64	PC: 131fc \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:55:50.29942101Z	66	PC: 131cc \| Move file pointer (See above)
2018-12-25T12:55:50.301617965Z	66	PC: 13226 \| Move file pointer
2018-12-25T12:55:50.304391935Z	64	PC: 1324f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:50.313177435Z	66	PC: 131ad \| Move file pointer
2018-12-25T12:55:50.314679496Z	64	PC: 131bb \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:55:50.32036278Z	66	PC: 131cc \| Move file pointer (See above)
2018-12-25T12:55:50.321978525Z	64	PC: 1318e \| Write file or device (Write 995 bytes on handle 5)
2018-12-25T12:55:50.33339381Z	87	PC: 1327c \| Get or set file date and time
2018-12-25T12:55:50.335368434Z	62	PC: 13258 \| Close file
2018-12-25T12:55:50.344249842Z	67	PC: 13269 \| Get or set file attributes
2018-12-25T12:55:50.35489635Z	44	PC: 13039 \| Get time 0x13039: cmp dh, cl 0x1303b: jne 0x13040 0x1303d: call 0x23004 0x13040: ret 0x13041: mov si, 0xfb00 0x13044: mov di, 0x80 0x13047: mov cx, 0x80 0x1304a: cld 0x1304b: rep movsb byte ptr es:[di], byte ptr [si] 0x1304d: ret 0x1304e: mov bx, word ptr [0x189] 0x13052: mov word ptr [0x187], bx 0x13056: mov bx, word ptr [0x176] 0x1305a: mov word ptr [0x174], bx 0x1305e: ret 0x1305f: mov ax, word ptr [0x174] 0x13062: mov si, ax 0x13064: mov di, 0x100 0x13067: mov cx, 0x103 0x1306a: cld
2018-12-25T12:55:50.357177334Z	53	PC: 12f9e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:50.359567282Z	76	PC: 12e51 \| Terminate with return code (Return code = '0')