Sample viewer

vx.netlux.org/Virus.DOS.Stink.1273.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:38.045124191Z	53	PC: 1a977 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:38.047245918Z	53	PC: 1a9c5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:38.048970218Z	78	PC: 1aa5c \| Find first file
2018-12-17T22:48:38.055945483Z	47	PC: 1aa77 \| Get disk transfer address
2018-12-17T22:48:38.057526134Z	67	PC: 1aaa8 \| Get or set file attributes
2018-12-17T22:48:38.064622397Z	67	PC: 1aaba \| Get or set file attributes
2018-12-17T22:48:38.092174636Z	61	PC: 1aad7 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:38.099874995Z	66	PC: 1ab1f \| Move file pointer
2018-12-17T22:48:38.101981824Z	63	PC: 1ab2d \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:48:38.109320041Z	87	PC: 1ac68 \| Get or set file date and time
2018-12-17T22:48:38.111212547Z	66	PC: 1aa72 \| Move file pointer
2018-12-17T22:48:38.115590323Z	66	PC: 1abcd \| Move file pointer
2018-12-17T22:48:38.11864915Z	63	PC: 1abdb \| Read file or device (Read 259 bytes on handle 5)
2018-12-17T22:48:38.121463548Z	66	PC: 1aa72 \| Move file pointer
2018-12-17T22:48:38.12407204Z	64	PC: 1abec \| Write file or device (Write 259 bytes on handle 5)
2018-12-17T22:48:38.133141641Z	66	PC: 1aa72 \| Move file pointer
2018-12-17T22:48:38.134985054Z	66	PC: 1ac03 \| Move file pointer
2018-12-17T22:48:38.137426041Z	64	PC: 1ac2c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:38.145211369Z	66	PC: 1abae \| Move file pointer
2018-12-17T22:48:38.147592894Z	64	PC: 1abbc \| Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:48:38.151572762Z	66	PC: 1aa72 \| Move file pointer
2018-12-17T22:48:38.153254452Z	64	PC: 1ab8f \| Write file or device (Write 1014 bytes on handle 5)
2018-12-17T22:48:38.162895547Z	87	PC: 1ac3f \| Get or set file date and time
2018-12-17T22:48:38.164963282Z	62	PC: 1ac48 \| Close file
2018-12-17T22:48:38.174829079Z	67	PC: 1ac59 \| Get or set file attributes
2018-12-17T22:48:38.186153647Z	53	PC: 1a4c8 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:38.18802303Z	53	PC: 1a4b4 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:38.19012015Z	78	PC: 1a570 \| Find first file
2018-12-17T22:48:38.196785634Z	47	PC: 1a57a \| Get disk transfer address
2018-12-17T22:48:38.198533408Z	67	PC: 1a5d6 \| Get or set file attributes
2018-12-17T22:48:38.205496431Z	67	PC: 1a5e8 \| Get or set file attributes
2018-12-17T22:48:38.226671468Z	61	PC: 1a605 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:38.234287077Z	66	PC: 1a61c \| Move file pointer
2018-12-17T22:48:38.242022572Z	63	PC: 1a62a \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:48:38.250141467Z	87	PC: 1a774 \| Get or set file date and time
2018-12-17T22:48:38.252747684Z	66	PC: 1a661 \| Move file pointer
2018-12-17T22:48:38.257206491Z	66	PC: 1a6ca \| Move file pointer
2018-12-17T22:48:38.259261963Z	63	PC: 1a6d8 \| Read file or device (Read 259 bytes on handle 5)
2018-12-17T22:48:38.262398807Z	66	PC: 1a661 \| Move file pointer
2018-12-17T22:48:38.265233404Z	64	PC: 1a6e9 \| Write file or device (Write 259 bytes on handle 5)
2018-12-17T22:48:38.27336403Z	66	PC: 1a661 \| Move file pointer
2018-12-17T22:48:38.275174482Z	66	PC: 1a713 \| Move file pointer
2018-12-17T22:48:38.277203535Z	64	PC: 1a73c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:38.28082012Z	66	PC: 1a6ab \| Move file pointer
2018-12-17T22:48:38.282600996Z	64	PC: 1a6b9 \| Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:48:38.285673339Z	66	PC: 1a661 \| Move file pointer
2018-12-17T22:48:38.287938335Z	64	PC: 1a68c \| Write file or device (Write 995 bytes on handle 5)
2018-12-17T22:48:38.297724121Z	87	PC: 1a769 \| Get or set file date and time
2018-12-17T22:48:38.299491823Z	62	PC: 1a745 \| Close file
2018-12-17T22:48:38.30924587Z	67	PC: 1a756 \| Get or set file attributes
2018-12-17T22:48:38.321182248Z	44	PC: 1a52e \| Get time 0x1a52e: cmp dh, cl 0x1a530: jne 0x1a535 0x1a532: call 0x2a4f9 0x1a535: ret 0x1a536: mov si, 0xfb00 0x1a539: mov di, 0x80 0x1a53c: mov cx, 0x80 0x1a53f: cld 0x1a540: rep movsb byte ptr es:[di], byte ptr [si] 0x1a542: ret 0x1a543: mov bx, word ptr [0x189] 0x1a547: mov word ptr [0x187], bx 0x1a54b: mov bx, word ptr [0x176] 0x1a54f: mov word ptr [0x174], bx 0x1a553: ret 0x1a554: mov ax, word ptr [0x174] 0x1a557: mov si, ax 0x1a559: mov di, 0x100 0x1a55c: mov cx, 0x103 0x1a55f: cld
2018-12-17T22:48:38.323543234Z	53	PC: 1a491 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:38.326080481Z	48	PC: 132ae \| Get DOS version
2018-12-17T22:48:38.327641334Z	74	PC: 132ae \| Reallocate memory
2018-12-17T22:48:38.408149415Z	26	PC: 16f93 \| Set disk transfer address
2018-12-17T22:48:38.414417652Z	44	PC: 132ae \| Get time 0x132ae: pop bp 0x132af: ret 0x132b0: push si 0x132b1: push cx 0x132b2: mov si, word ptr [0x17a] 0x132b6: mov cx, word ptr [0x17c] 0x132ba: cmp word ptr [si], 0 0x132bd: je 0x132ca 0x132bf: inc si 0x132c0: inc si 0x132c1: loop 0x132ba 0x132c3: pop cx 0x132c4: pop si 0x132c5: mov ax, 4 0x132c8: stc 0x132c9: ret 0x132ca: pop cx 0x132cb: push ds 0x132cc: push es 0x132cd: pop ds
2018-12-17T22:48:38.419227119Z	7	PC: 16aa6 \| Direct console input without echo

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":9611,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:21.006412033Z	53	PC: 1a977 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:21.009055868Z	53	PC: 1a9c5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:21.010499381Z	78	PC: 1aa5c \| Find first file
2018-12-25T12:23:21.016423286Z	47	PC: 1aa77 \| Get disk transfer address
2018-12-25T12:23:21.017939824Z	67	PC: 1aaa8 \| Get or set file attributes
2018-12-25T12:23:21.023770344Z	67	PC: 1aaba \| Get or set file attributes
2018-12-25T12:23:21.04253283Z	61	PC: 1aad7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:21.049179161Z	66	PC: 1ab1f \| Move file pointer
2018-12-25T12:23:21.051189265Z	63	PC: 1ab2d \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:23:21.057472277Z	87	PC: 1ac68 \| Get or set file date and time
2018-12-25T12:23:21.059028631Z	66	PC: 1aa72 \| Move file pointer
2018-12-25T12:23:21.061189235Z	66	PC: 1abcd \| Move file pointer
2018-12-25T12:23:21.062783168Z	63	PC: 1abdb \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:23:21.065391751Z	66	PC: 1aa72 \| Move file pointer (See above)
2018-12-25T12:23:21.069578558Z	64	PC: 1abec \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:23:21.077135847Z	66	PC: 1aa72 \| Move file pointer (See above)
2018-12-25T12:23:21.078425071Z	66	PC: 1ac03 \| Move file pointer
2018-12-25T12:23:21.080972244Z	64	PC: 1ac2c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:21.087819705Z	66	PC: 1abae \| Move file pointer
2018-12-25T12:23:21.089436038Z	64	PC: 1abbc \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:23:21.093224481Z	66	PC: 1aa72 \| Move file pointer (See above)
2018-12-25T12:23:21.094585226Z	64	PC: 1ab8f \| Write file or device (Write 1014 bytes on handle 5)
2018-12-25T12:23:21.103071271Z	87	PC: 1ac3f \| Get or set file date and time
2018-12-25T12:23:21.105588466Z	62	PC: 1ac48 \| Close file
2018-12-25T12:23:21.113496929Z	67	PC: 1ac59 \| Get or set file attributes
2018-12-25T12:23:21.124052463Z	53	PC: 1a4c8 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:21.12643009Z	53	PC: 1a4b4 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:21.143040404Z	78	PC: 1a570 \| Find first file
2018-12-25T12:23:21.147906428Z	47	PC: 1a57a \| Get disk transfer address
2018-12-25T12:23:21.149523842Z	67	PC: 1a5d6 \| Get or set file attributes
2018-12-25T12:23:21.153706168Z	67	PC: 1a5e8 \| Get or set file attributes
2018-12-25T12:23:21.161083603Z	61	PC: 1a605 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:21.165801241Z	66	PC: 1a61c \| Move file pointer
2018-12-25T12:23:21.166868378Z	63	PC: 1a62a \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:23:21.168587262Z	87	PC: 1a774 \| Get or set file date and time
2018-12-25T12:23:21.17016654Z	66	PC: 1a661 \| Move file pointer
2018-12-25T12:23:21.172288341Z	66	PC: 1a6ca \| Move file pointer
2018-12-25T12:23:21.17353198Z	63	PC: 1a6d8 \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:23:21.176013466Z	66	PC: 1a661 \| Move file pointer (See above)
2018-12-25T12:23:21.177097558Z	64	PC: 1a6e9 \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:23:21.17956694Z	66	PC: 1a661 \| Move file pointer (See above)
2018-12-25T12:23:21.1811979Z	66	PC: 1a713 \| Move file pointer
2018-12-25T12:23:21.182735356Z	64	PC: 1a73c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:21.18460482Z	66	PC: 1a6ab \| Move file pointer
2018-12-25T12:23:21.186729358Z	64	PC: 1a6b9 \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:23:21.189465158Z	66	PC: 1a661 \| Move file pointer (See above)
2018-12-25T12:23:21.190824091Z	64	PC: 1a68c \| Write file or device (Write 995 bytes on handle 5)
2018-12-25T12:23:21.197907145Z	87	PC: 1a769 \| Get or set file date and time
2018-12-25T12:23:21.199657675Z	62	PC: 1a745 \| Close file
2018-12-25T12:23:21.208043605Z	67	PC: 1a756 \| Get or set file attributes
2018-12-25T12:23:21.218617442Z	44	PC: 1a52e \| Get time 0x1a52e: cmp dh, cl 0x1a530: jne 0x1a535 0x1a532: call 0x2a4f9 0x1a535: ret 0x1a536: mov si, 0xfb00 0x1a539: mov di, 0x80 0x1a53c: mov cx, 0x80 0x1a53f: cld 0x1a540: rep movsb byte ptr es:[di], byte ptr [si] 0x1a542: ret 0x1a543: mov bx, word ptr [0x189] 0x1a547: mov word ptr [0x187], bx 0x1a54b: mov bx, word ptr [0x176] 0x1a54f: mov word ptr [0x174], bx 0x1a553: ret 0x1a554: mov ax, word ptr [0x174] 0x1a557: mov si, ax 0x1a559: mov di, 0x100 0x1a55c: mov cx, 0x103 0x1a55f: cld
2018-12-25T12:23:21.221092781Z	53	PC: 1a491 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:21.222523455Z	48	PC: 132ae \| Get DOS version
2018-12-25T12:23:21.224058637Z	74	PC: 132ae \| Reallocate memory (See above)
2018-12-25T12:23:21.332271543Z	26	PC: 16f93 \| Set disk transfer address
2018-12-25T12:23:21.337287515Z	44	PC: 132ae \| Get time (See above)
2018-12-25T12:23:21.340947866Z	7	PC: 16aa6 \| Direct console input without echo

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9611,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:21.559886454Z	53	PC: 1a977 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:21.564178868Z	53	PC: 1a9c5 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:21.566249786Z	78	PC: 1aa5c \| Find first file
2018-12-25T12:23:21.573001835Z	47	PC: 1aa77 \| Get disk transfer address
2018-12-25T12:23:21.575315758Z	67	PC: 1aaa8 \| Get or set file attributes
2018-12-25T12:23:21.581548913Z	67	PC: 1aaba \| Get or set file attributes
2018-12-25T12:23:21.598076173Z	61	PC: 1aad7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:21.605980122Z	66	PC: 1ab1f \| Move file pointer
2018-12-25T12:23:21.607419081Z	63	PC: 1ab2d \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:23:21.614765536Z	87	PC: 1ac68 \| Get or set file date and time
2018-12-25T12:23:21.616760457Z	66	PC: 1aa72 \| Move file pointer
2018-12-25T12:23:21.618434859Z	66	PC: 1abcd \| Move file pointer
2018-12-25T12:23:21.619792785Z	63	PC: 1abdb \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:23:21.623353229Z	66	PC: 1aa72 \| Move file pointer (See above)
2018-12-25T12:23:21.625265452Z	64	PC: 1abec \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:23:21.634702178Z	66	PC: 1aa72 \| Move file pointer (See above)
2018-12-25T12:23:21.636823856Z	66	PC: 1ac03 \| Move file pointer
2018-12-25T12:23:21.639045471Z	64	PC: 1ac2c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:21.646438579Z	66	PC: 1abae \| Move file pointer
2018-12-25T12:23:21.648033106Z	64	PC: 1abbc \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:23:21.651587473Z	66	PC: 1aa72 \| Move file pointer (See above)
2018-12-25T12:23:21.653511715Z	64	PC: 1ab8f \| Write file or device (Write 1014 bytes on handle 5)
2018-12-25T12:23:21.663104977Z	87	PC: 1ac3f \| Get or set file date and time
2018-12-25T12:23:21.665351424Z	62	PC: 1ac48 \| Close file
2018-12-25T12:23:21.674801485Z	67	PC: 1ac59 \| Get or set file attributes
2018-12-25T12:23:21.685852962Z	53	PC: 1a4c8 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:21.688368793Z	53	PC: 1a4b4 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:21.690138462Z	78	PC: 1a570 \| Find first file
2018-12-25T12:23:21.697999929Z	47	PC: 1a57a \| Get disk transfer address
2018-12-25T12:23:21.700222826Z	67	PC: 1a5d6 \| Get or set file attributes
2018-12-25T12:23:21.706711988Z	67	PC: 1a5e8 \| Get or set file attributes
2018-12-25T12:23:21.717764042Z	61	PC: 1a605 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:21.725556889Z	66	PC: 1a61c \| Move file pointer
2018-12-25T12:23:21.727190723Z	63	PC: 1a62a \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:23:21.730108036Z	87	PC: 1a774 \| Get or set file date and time
2018-12-25T12:23:21.732186368Z	66	PC: 1a661 \| Move file pointer
2018-12-25T12:23:21.733263573Z	66	PC: 1a6ca \| Move file pointer
2018-12-25T12:23:21.734178397Z	63	PC: 1a6d8 \| Read file or device (Read 259 bytes on handle 5)
2018-12-25T12:23:21.735926161Z	66	PC: 1a661 \| Move file pointer (See above)
2018-12-25T12:23:21.737213021Z	64	PC: 1a6e9 \| Write file or device (Write 259 bytes on handle 5)
2018-12-25T12:23:21.739357534Z	66	PC: 1a661 \| Move file pointer (See above)
2018-12-25T12:23:21.740483115Z	66	PC: 1a713 \| Move file pointer
2018-12-25T12:23:21.749780651Z	64	PC: 1a73c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:21.752766622Z	66	PC: 1a6ab \| Move file pointer
2018-12-25T12:23:21.754121138Z	64	PC: 1a6b9 \| Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:23:21.757845492Z	66	PC: 1a661 \| Move file pointer (See above)
2018-12-25T12:23:21.759823954Z	64	PC: 1a68c \| Write file or device (Write 995 bytes on handle 5)
2018-12-25T12:23:21.769701812Z	87	PC: 1a769 \| Get or set file date and time
2018-12-25T12:23:21.772090472Z	62	PC: 1a745 \| Close file
2018-12-25T12:23:21.78164632Z	67	PC: 1a756 \| Get or set file attributes
2018-12-25T12:23:21.7934457Z	44	PC: 1a52e \| Get time 0x1a52e: cmp dh, cl 0x1a530: jne 0x1a535 0x1a532: call 0x2a4f9 0x1a535: ret 0x1a536: mov si, 0xfb00 0x1a539: mov di, 0x80 0x1a53c: mov cx, 0x80 0x1a53f: cld 0x1a540: rep movsb byte ptr es:[di], byte ptr [si] 0x1a542: ret 0x1a543: mov bx, word ptr [0x189] 0x1a547: mov word ptr [0x187], bx 0x1a54b: mov bx, word ptr [0x176] 0x1a54f: mov word ptr [0x174], bx 0x1a553: ret 0x1a554: mov ax, word ptr [0x174] 0x1a557: mov si, ax 0x1a559: mov di, 0x100 0x1a55c: mov cx, 0x103 0x1a55f: cld
2018-12-25T12:23:21.797413522Z	53	PC: 1a491 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:21.79927988Z	48	PC: 132ae \| Get DOS version
2018-12-25T12:23:21.801080841Z	74	PC: 132ae \| Reallocate memory (See above)
2018-12-25T12:23:21.89173568Z	26	PC: 16f93 \| Set disk transfer address
2018-12-25T12:23:21.895580565Z	44	PC: 132ae \| Get time (See above)
2018-12-25T12:23:21.89967726Z	7	PC: 16aa6 \| Direct console input without echo