Sample viewer

vx.netlux.org/Virus.DOS.EDS.692

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:46.629564514Z 78 PC: 1378b | Find first file
2018-12-17T22:49:46.636479449Z 79 PC: 1379f | Find next file
2018-12-17T22:49:46.639759612Z 79 PC: 1379f | Find next file
2018-12-17T22:49:46.642383345Z 79 PC: 1379f | Find next file
2018-12-17T22:49:46.644990732Z 79 PC: 1379f | Find next file
2018-12-17T22:49:46.648653637Z 79 PC: 1379f | Find next file
2018-12-17T22:49:46.651727139Z 61 PC: 137c3 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:49:46.65956854Z 87 PC: 137d7 | Get or set file date and time
2018-12-17T22:49:46.670204786Z 66 PC: 137ef | Move file pointer
2018-12-17T22:49:46.672112272Z 63 PC: 13804 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:46.679298447Z 66 PC: 13817 | Move file pointer
2018-12-17T22:49:46.680977741Z 64 PC: 1382d | Write file or device (Write 692 bytes on handle 5)
2018-12-17T22:49:46.699947007Z 66 PC: 13840 | Move file pointer
2018-12-17T22:49:46.701507362Z 64 PC: 13855 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:49:46.710961687Z 64 PC: 1387c | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:49:46.714380617Z 87 PC: 13890 | Get or set file date and time
2018-12-17T22:49:46.716465155Z 62 PC: 1389e | Close file
2018-12-17T22:49:46.72567401Z 44 PC: 138ca | Get time 0x138ca: cmp ch, 0x11
0x138cd: je 0x138eb
0x138cf: cld
0x138d0: mov cx, 0x7f
0x138d3: mov di, si
0x138d5: lea si, word ptr [di + 0x103]
0x138d9: mov di, 0x80
0x138dc: rep movsb byte ptr es:[di], byte ptr [si]
0x138de: mov ax, cs
0x138e0: push ax
0x138e1: mov ax, 0x100
0x138e4: push ax
0x138e5: retf
0x138e6: mov ax, 0x4c01
0x138e9: int 0x21
0x138eb: mov ah, 9
0x138ed: lea dx, word ptr [si + 0x19a]
0x138f1: int 0x21
0x138f3: mov ax, 0x4c00
0x138f6: int 0x21
2018-12-17T22:49:46.729560358Z 78 PC: 134d7 | Find first file
2018-12-17T22:49:46.73674971Z 79 PC: 134eb | Find next file
2018-12-17T22:49:46.739889578Z 79 PC: 134eb | Find next file
2018-12-17T22:49:46.743803519Z 79 PC: 134eb | Find next file
2018-12-17T22:49:46.746680277Z 79 PC: 134eb | Find next file
2018-12-17T22:49:46.749567501Z 79 PC: 134eb | Find next file
2018-12-17T22:49:46.753129341Z 61 PC: 1350f | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:49:46.760286449Z 87 PC: 13523 | Get or set file date and time
2018-12-17T22:49:46.761847098Z 66 PC: 1353b | Move file pointer
2018-12-17T22:49:46.764869174Z 63 PC: 13550 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:46.767699246Z 66 PC: 13563 | Move file pointer
2018-12-17T22:49:46.769359564Z 64 PC: 13579 | Write file or device (Write 692 bytes on handle 5)
2018-12-17T22:49:46.779128191Z 66 PC: 1358c | Move file pointer
2018-12-17T22:49:46.780333539Z 64 PC: 135a1 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:49:46.782356258Z 64 PC: 135c8 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:49:46.786701411Z 87 PC: 135dc | Get or set file date and time
2018-12-17T22:49:46.788721085Z 62 PC: 135ea | Close file
2018-12-17T22:49:46.794536056Z 44 PC: 13616 | Get time 0x13616: cmp ch, 0x11
0x13619: je 0x13637
0x1361b: cld
0x1361c: mov cx, 0x7f
0x1361f: mov di, si
0x13621: lea si, word ptr [di + 0x103]
0x13625: mov di, 0x80
0x13628: rep movsb byte ptr es:[di], byte ptr [si]
0x1362a: mov ax, cs
0x1362c: push ax
0x1362d: mov ax, 0x100
0x13630: push ax
0x13631: retf
0x13632: mov ax, 0x4c01
0x13635: int 0x21
0x13637: mov ah, 9
0x13639: lea dx, word ptr [si + 0x19a]
0x1363d: int 0x21
0x1363f: mov ax, 0x4c00
0x13642: int 0x21
2018-12-17T22:49:46.797190266Z 78 PC: 13223 | Find first file
2018-12-17T22:49:46.803873383Z 79 PC: 13237 | Find next file
2018-12-17T22:49:46.806575932Z 79 PC: 13237 | Find next file
2018-12-17T22:49:46.809692356Z 79 PC: 13237 | Find next file
2018-12-17T22:49:46.812754287Z 79 PC: 13237 | Find next file
2018-12-17T22:49:46.815322925Z 79 PC: 13237 | Find next file
2018-12-17T22:49:46.817882896Z 61 PC: 1325b | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:49:46.825643617Z 87 PC: 1326f | Get or set file date and time
2018-12-17T22:49:46.827068975Z 66 PC: 13287 | Move file pointer
2018-12-17T22:49:46.828516786Z 63 PC: 1329c | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:46.831490049Z 66 PC: 132af | Move file pointer
2018-12-17T22:49:46.832876422Z 64 PC: 132c5 | Write file or device (Write 692 bytes on handle 5)
2018-12-17T22:49:46.842834869Z 66 PC: 132d8 | Move file pointer
2018-12-17T22:49:46.844998Z 64 PC: 132ed | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:49:46.847983214Z 64 PC: 13314 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:49:46.850803182Z 87 PC: 13328 | Get or set file date and time
2018-12-17T22:49:46.853683663Z 62 PC: 13336 | Close file
2018-12-17T22:49:46.862602985Z 44 PC: 13362 | Get time 0x13362: cmp ch, 0x11
0x13365: je 0x13383
0x13367: cld
0x13368: mov cx, 0x7f
0x1336b: mov di, si
0x1336d: lea si, word ptr [di + 0x103]
0x13371: mov di, 0x80
0x13374: rep movsb byte ptr es:[di], byte ptr [si]
0x13376: mov ax, cs
0x13378: push ax
0x13379: mov ax, 0x100
0x1337c: push ax
0x1337d: retf
0x1337e: mov ax, 0x4c01
0x13381: int 0x21
0x13383: mov ah, 9
0x13385: lea dx, word ptr [si + 0x19a]
0x13389: int 0x21
0x1338b: mov ax, 0x4c00
0x1338e: int 0x21
2018-12-17T22:49:46.86508774Z 78 PC: 12f6f | Find first file
2018-12-17T22:49:46.872172587Z 79 PC: 12f83 | Find next file
2018-12-17T22:49:46.875263509Z 79 PC: 12f83 | Find next file
2018-12-17T22:49:46.878050989Z 79 PC: 12f83 | Find next file
2018-12-17T22:49:46.881640179Z 79 PC: 12f83 | Find next file
2018-12-17T22:49:46.88731664Z 79 PC: 12f83 | Find next file
2018-12-17T22:49:46.890167908Z 61 PC: 12fa7 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:49:46.897445271Z 87 PC: 12fbb | Get or set file date and time
2018-12-17T22:49:46.899090174Z 66 PC: 12fd3 | Move file pointer
2018-12-17T22:49:46.900917803Z 63 PC: 12fe8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:46.903806Z 66 PC: 12ffb | Move file pointer
2018-12-17T22:49:46.907113216Z 64 PC: 13011 | Write file or device (Write 692 bytes on handle 5)
2018-12-17T22:49:46.916653606Z 66 PC: 13024 | Move file pointer
2018-12-17T22:49:46.918257011Z 64 PC: 13039 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:49:46.922099543Z 64 PC: 13060 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:49:46.924981654Z 87 PC: 13074 | Get or set file date and time
2018-12-17T22:49:46.9267927Z 62 PC: 13082 | Close file
2018-12-17T22:49:46.93607391Z 44 PC: 130ae | Get time 0x130ae: cmp ch, 0x11
0x130b1: je 0x130cf
0x130b3: cld
0x130b4: mov cx, 0x7f
0x130b7: mov di, si
0x130b9: lea si, word ptr [di + 0x103]
0x130bd: mov di, 0x80
0x130c0: rep movsb byte ptr es:[di], byte ptr [si]
0x130c2: mov ax, cs
0x130c4: push ax
0x130c5: mov ax, 0x100
0x130c8: push ax
0x130c9: retf
0x130ca: mov ax, 0x4c01
0x130cd: int 0x21
0x130cf: mov ah, 9
0x130d1: lea dx, word ptr [si + 0x19a]
0x130d5: int 0x21
0x130d7: mov ax, 0x4c00
0x130da: int 0x21
2018-12-17T22:49:46.938549848Z 9 PC: 12e26 | Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":17,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10004,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:26:52.708988089Z 78 PC: 1378b | Find first file
2018-12-25T12:26:52.715182368Z 79 PC: 1379f | Find next file
2018-12-25T12:26:52.717591792Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:52.719864627Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:52.722528979Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:52.724795473Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:52.727141952Z 61 PC: 137c3 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:52.733353066Z 87 PC: 137d7 | Get or set file date and time
2018-12-25T12:26:52.734348469Z 66 PC: 137ef | Move file pointer
2018-12-25T12:26:52.735287474Z 63 PC: 13804 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:52.739390663Z 66 PC: 13817 | Move file pointer
2018-12-25T12:26:52.740942927Z 64 PC: 1382d | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:52.756011299Z 66 PC: 13840 | Move file pointer
2018-12-25T12:26:52.75770537Z 64 PC: 13855 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:52.765154335Z 64 PC: 1387c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:52.767522807Z 87 PC: 13890 | Get or set file date and time
2018-12-25T12:26:52.768881243Z 62 PC: 1389e | Close file
2018-12-25T12:26:52.777103235Z 44 PC: 138ca | Get time 0x138ca: cmp ch, 0x11
0x138cd: je 0x138eb
0x138cf: cld
0x138d0: mov cx, 0x7f
0x138d3: mov di, si
0x138d5: lea si, word ptr [di + 0x103]
0x138d9: mov di, 0x80
0x138dc: rep movsb byte ptr es:[di], byte ptr [si]
0x138de: mov ax, cs
0x138e0: push ax
0x138e1: mov ax, 0x100
0x138e4: push ax
0x138e5: retf
0x138e6: mov ax, 0x4c01
0x138e9: int 0x21
0x138eb: mov ah, 9
0x138ed: lea dx, word ptr [si + 0x19a]
0x138f1: int 0x21
0x138f3: mov ax, 0x4c00
0x138f6: int 0x21
2018-12-25T12:26:52.779077297Z 9 PC: 138f3 | Display string (String= 'Welcome in the EDS Virus Version 2.0 (c) 1992 The Ultimate Virus Creator Copy me ! I want to travel ! ')
2018-12-25T12:26:52.787159693Z 76 PC: 138f8 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10004,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:26:52.789329711Z 78 PC: 1378b | Find first file
2018-12-25T12:26:52.795485183Z 79 PC: 1379f | Find next file
2018-12-25T12:26:52.799117979Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:52.801621894Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:52.804966434Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:52.807263123Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:52.809551274Z 61 PC: 137c3 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:52.816657713Z 87 PC: 137d7 | Get or set file date and time
2018-12-25T12:26:52.81790032Z 66 PC: 137ef | Move file pointer
2018-12-25T12:26:52.819124092Z 63 PC: 13804 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:52.82613332Z 66 PC: 13817 | Move file pointer
2018-12-25T12:26:52.832141317Z 64 PC: 1382d | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:52.847902313Z 66 PC: 13840 | Move file pointer
2018-12-25T12:26:52.849307242Z 64 PC: 13855 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:52.856523673Z 64 PC: 1387c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:52.858991289Z 87 PC: 13890 | Get or set file date and time
2018-12-25T12:26:52.860412149Z 62 PC: 1389e | Close file
2018-12-25T12:26:52.872084118Z 44 PC: 138ca | Get time 0x138ca: cmp ch, 0x11
0x138cd: je 0x138eb
0x138cf: cld
0x138d0: mov cx, 0x7f
0x138d3: mov di, si
0x138d5: lea si, word ptr [di + 0x103]
0x138d9: mov di, 0x80
0x138dc: rep movsb byte ptr es:[di], byte ptr [si]
0x138de: mov ax, cs
0x138e0: push ax
0x138e1: mov ax, 0x100
0x138e4: push ax
0x138e5: retf
0x138e6: mov ax, 0x4c01
0x138e9: int 0x21
0x138eb: mov ah, 9
0x138ed: lea dx, word ptr [si + 0x19a]
0x138f1: int 0x21
0x138f3: mov ax, 0x4c00
0x138f6: int 0x21
2018-12-25T12:26:52.87480513Z 78 PC: 134d7 | Find first file
2018-12-25T12:26:52.88061545Z 79 PC: 134eb | Find next file
2018-12-25T12:26:52.884091957Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:52.886750092Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:52.889377474Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:52.892190928Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:52.894830113Z 61 PC: 1350f | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:52.900940802Z 87 PC: 13523 | Get or set file date and time
2018-12-25T12:26:52.902411485Z 66 PC: 1353b | Move file pointer
2018-12-25T12:26:52.904366836Z 63 PC: 13550 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:52.906737776Z 66 PC: 13563 | Move file pointer
2018-12-25T12:26:52.907993677Z 64 PC: 13579 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:52.916526662Z 66 PC: 1358c | Move file pointer
2018-12-25T12:26:52.918741974Z 64 PC: 135a1 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:52.921292657Z 64 PC: 135c8 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:52.924481016Z 87 PC: 135dc | Get or set file date and time
2018-12-25T12:26:52.925853921Z 62 PC: 135ea | Close file
2018-12-25T12:26:52.93371955Z 44 PC: 13616 | Get time 0x13616: cmp ch, 0x11
0x13619: je 0x13637
0x1361b: cld
0x1361c: mov cx, 0x7f
0x1361f: mov di, si
0x13621: lea si, word ptr [di + 0x103]
0x13625: mov di, 0x80
0x13628: rep movsb byte ptr es:[di], byte ptr [si]
0x1362a: mov ax, cs
0x1362c: push ax
0x1362d: mov ax, 0x100
0x13630: push ax
0x13631: retf
0x13632: mov ax, 0x4c01
0x13635: int 0x21
0x13637: mov ah, 9
0x13639: lea dx, word ptr [si + 0x19a]
0x1363d: int 0x21
0x1363f: mov ax, 0x4c00
0x13642: int 0x21
2018-12-25T12:26:52.936448686Z 78 PC: 13223 | Find first file
2018-12-25T12:26:52.942130138Z 79 PC: 13237 | Find next file
2018-12-25T12:26:52.944450617Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:52.947470207Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:52.949282263Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:52.951151716Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:52.953279161Z 61 PC: 1325b | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:52.959656256Z 87 PC: 1326f | Get or set file date and time
2018-12-25T12:26:52.96089318Z 66 PC: 13287 | Move file pointer
2018-12-25T12:26:52.962658129Z 63 PC: 1329c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:52.965069824Z 66 PC: 132af | Move file pointer
2018-12-25T12:26:52.96630295Z 64 PC: 132c5 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:52.97484512Z 66 PC: 132d8 | Move file pointer
2018-12-25T12:26:52.976053676Z 64 PC: 132ed | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:52.978607631Z 64 PC: 13314 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:52.981450729Z 87 PC: 13328 | Get or set file date and time
2018-12-25T12:26:52.982779077Z 62 PC: 13336 | Close file
2018-12-25T12:26:52.990746591Z 44 PC: 13362 | Get time 0x13362: cmp ch, 0x11
0x13365: je 0x13383
0x13367: cld
0x13368: mov cx, 0x7f
0x1336b: mov di, si
0x1336d: lea si, word ptr [di + 0x103]
0x13371: mov di, 0x80
0x13374: rep movsb byte ptr es:[di], byte ptr [si]
0x13376: mov ax, cs
0x13378: push ax
0x13379: mov ax, 0x100
0x1337c: push ax
0x1337d: retf
0x1337e: mov ax, 0x4c01
0x13381: int 0x21
0x13383: mov ah, 9
0x13385: lea dx, word ptr [si + 0x19a]
0x13389: int 0x21
0x1338b: mov ax, 0x4c00
0x1338e: int 0x21
2018-12-25T12:26:52.993620208Z 78 PC: 12f6f | Find first file
2018-12-25T12:26:52.999515651Z 79 PC: 12f83 | Find next file
2018-12-25T12:26:53.001948974Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:53.01335096Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:53.015843931Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:53.018273352Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:53.021347585Z 61 PC: 12fa7 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:53.027793805Z 87 PC: 12fbb | Get or set file date and time
2018-12-25T12:26:53.029049948Z 66 PC: 12fd3 | Move file pointer
2018-12-25T12:26:53.03079881Z 63 PC: 12fe8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:53.033169895Z 66 PC: 12ffb | Move file pointer
2018-12-25T12:26:53.034416554Z 64 PC: 13011 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:53.042890462Z 66 PC: 13024 | Move file pointer
2018-12-25T12:26:53.044246605Z 64 PC: 13039 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:53.046916141Z 64 PC: 13060 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:53.050103657Z 87 PC: 13074 | Get or set file date and time
2018-12-25T12:26:53.051587822Z 62 PC: 13082 | Close file
2018-12-25T12:26:53.059437085Z 44 PC: 130ae | Get time 0x130ae: cmp ch, 0x11
0x130b1: je 0x130cf
0x130b3: cld
0x130b4: mov cx, 0x7f
0x130b7: mov di, si
0x130b9: lea si, word ptr [di + 0x103]
0x130bd: mov di, 0x80
0x130c0: rep movsb byte ptr es:[di], byte ptr [si]
0x130c2: mov ax, cs
0x130c4: push ax
0x130c5: mov ax, 0x100
0x130c8: push ax
0x130c9: retf
0x130ca: mov ax, 0x4c01
0x130cd: int 0x21
0x130cf: mov ah, 9
0x130d1: lea dx, word ptr [si + 0x19a]
0x130d5: int 0x21
0x130d7: mov ax, 0x4c00
0x130da: int 0x21
2018-12-25T12:26:53.061990069Z 9 PC: 12e26 | Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10004,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:26:53.135843562Z 78 PC: 1378b | Find first file
2018-12-25T12:26:53.14001737Z 79 PC: 1379f | Find next file
2018-12-25T12:26:53.141681108Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.143256011Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.145057528Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.146640268Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.148195741Z 61 PC: 137c3 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:53.152399511Z 87 PC: 137d7 | Get or set file date and time
2018-12-25T12:26:53.153367515Z 66 PC: 137ef | Move file pointer
2018-12-25T12:26:53.154315574Z 63 PC: 13804 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:53.158444119Z 66 PC: 13817 | Move file pointer
2018-12-25T12:26:53.159364758Z 64 PC: 1382d | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:53.170290134Z 66 PC: 13840 | Move file pointer
2018-12-25T12:26:53.171673359Z 64 PC: 13855 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:53.175693644Z 64 PC: 1387c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:53.177295452Z 87 PC: 13890 | Get or set file date and time
2018-12-25T12:26:53.182362613Z 62 PC: 1389e | Close file
2018-12-25T12:26:53.187742249Z 44 PC: 138ca | Get time 0x138ca: cmp ch, 0x11
0x138cd: je 0x138eb
0x138cf: cld
0x138d0: mov cx, 0x7f
0x138d3: mov di, si
0x138d5: lea si, word ptr [di + 0x103]
0x138d9: mov di, 0x80
0x138dc: rep movsb byte ptr es:[di], byte ptr [si]
0x138de: mov ax, cs
0x138e0: push ax
0x138e1: mov ax, 0x100
0x138e4: push ax
0x138e5: retf
0x138e6: mov ax, 0x4c01
0x138e9: int 0x21
0x138eb: mov ah, 9
0x138ed: lea dx, word ptr [si + 0x19a]
0x138f1: int 0x21
0x138f3: mov ax, 0x4c00
0x138f6: int 0x21
2018-12-25T12:26:53.189260091Z 78 PC: 134d7 | Find first file
2018-12-25T12:26:53.192971166Z 79 PC: 134eb | Find next file
2018-12-25T12:26:53.195307771Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:53.197524477Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:53.200136945Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:53.202583081Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:53.20552207Z 61 PC: 1350f | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:53.211727109Z 87 PC: 13523 | Get or set file date and time
2018-12-25T12:26:53.213585957Z 66 PC: 1353b | Move file pointer
2018-12-25T12:26:53.214680526Z 63 PC: 13550 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:53.217019813Z 66 PC: 13563 | Move file pointer
2018-12-25T12:26:53.218755115Z 64 PC: 13579 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:53.226490014Z 66 PC: 1358c | Move file pointer
2018-12-25T12:26:53.227474678Z 64 PC: 135a1 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:53.230974426Z 64 PC: 135c8 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:53.232630523Z 87 PC: 135dc | Get or set file date and time
2018-12-25T12:26:53.234026434Z 62 PC: 135ea | Close file
2018-12-25T12:26:53.241767036Z 44 PC: 13616 | Get time 0x13616: cmp ch, 0x11
0x13619: je 0x13637
0x1361b: cld
0x1361c: mov cx, 0x7f
0x1361f: mov di, si
0x13621: lea si, word ptr [di + 0x103]
0x13625: mov di, 0x80
0x13628: rep movsb byte ptr es:[di], byte ptr [si]
0x1362a: mov ax, cs
0x1362c: push ax
0x1362d: mov ax, 0x100
0x13630: push ax
0x13631: retf
0x13632: mov ax, 0x4c01
0x13635: int 0x21
0x13637: mov ah, 9
0x13639: lea dx, word ptr [si + 0x19a]
0x1363d: int 0x21
0x1363f: mov ax, 0x4c00
0x13642: int 0x21
2018-12-25T12:26:53.244472907Z 78 PC: 13223 | Find first file
2018-12-25T12:26:53.250231352Z 79 PC: 13237 | Find next file
2018-12-25T12:26:53.252703126Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:53.255024923Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:53.257264715Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:53.260110913Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:53.262311277Z 61 PC: 1325b | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:53.268354169Z 87 PC: 1326f | Get or set file date and time
2018-12-25T12:26:53.270578684Z 66 PC: 13287 | Move file pointer
2018-12-25T12:26:53.271793363Z 63 PC: 1329c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:53.274232112Z 66 PC: 132af | Move file pointer
2018-12-25T12:26:53.285762456Z 64 PC: 132c5 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:53.294289406Z 66 PC: 132d8 | Move file pointer
2018-12-25T12:26:53.296029077Z 64 PC: 132ed | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:53.299031729Z 64 PC: 13314 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:53.301381356Z 87 PC: 13328 | Get or set file date and time
2018-12-25T12:26:53.302720636Z 62 PC: 13336 | Close file
2018-12-25T12:26:53.310605131Z 44 PC: 13362 | Get time 0x13362: cmp ch, 0x11
0x13365: je 0x13383
0x13367: cld
0x13368: mov cx, 0x7f
0x1336b: mov di, si
0x1336d: lea si, word ptr [di + 0x103]
0x13371: mov di, 0x80
0x13374: rep movsb byte ptr es:[di], byte ptr [si]
0x13376: mov ax, cs
0x13378: push ax
0x13379: mov ax, 0x100
0x1337c: push ax
0x1337d: retf
0x1337e: mov ax, 0x4c01
0x13381: int 0x21
0x13383: mov ah, 9
0x13385: lea dx, word ptr [si + 0x19a]
0x13389: int 0x21
0x1338b: mov ax, 0x4c00
0x1338e: int 0x21
2018-12-25T12:26:53.312696699Z 78 PC: 12f6f | Find first file
2018-12-25T12:26:53.318252814Z 79 PC: 12f83 | Find next file
2018-12-25T12:26:53.321616758Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:53.32392832Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:53.326116772Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:53.329140408Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:53.331572713Z 61 PC: 12fa7 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:53.33800714Z 87 PC: 12fbb | Get or set file date and time
2018-12-25T12:26:53.340501175Z 66 PC: 12fd3 | Move file pointer
2018-12-25T12:26:53.342014924Z 63 PC: 12fe8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:53.344691887Z 66 PC: 12ffb | Move file pointer
2018-12-25T12:26:53.347317374Z 64 PC: 13011 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:53.355831963Z 66 PC: 13024 | Move file pointer
2018-12-25T12:26:53.357079422Z 64 PC: 13039 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:53.360770548Z 64 PC: 13060 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:53.36337079Z 87 PC: 13074 | Get or set file date and time
2018-12-25T12:26:53.364776288Z 62 PC: 13082 | Close file
2018-12-25T12:26:53.372990857Z 44 PC: 130ae | Get time 0x130ae: cmp ch, 0x11
0x130b1: je 0x130cf
0x130b3: cld
0x130b4: mov cx, 0x7f
0x130b7: mov di, si
0x130b9: lea si, word ptr [di + 0x103]
0x130bd: mov di, 0x80
0x130c0: rep movsb byte ptr es:[di], byte ptr [si]
0x130c2: mov ax, cs
0x130c4: push ax
0x130c5: mov ax, 0x100
0x130c8: push ax
0x130c9: retf
0x130ca: mov ax, 0x4c01
0x130cd: int 0x21
0x130cf: mov ah, 9
0x130d1: lea dx, word ptr [si + 0x19a]
0x130d5: int 0x21
0x130d7: mov ax, 0x4c00
0x130da: int 0x21
2018-12-25T12:26:53.375032671Z 9 PC: 12e26 | Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":17,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10004,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:26:53.172158996Z 78 PC: 1378b | Find first file
2018-12-25T12:26:53.178380707Z 79 PC: 1379f | Find next file
2018-12-25T12:26:53.180770131Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.183168386Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.187735369Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.190182843Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.192485593Z 61 PC: 137c3 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:53.199475798Z 87 PC: 137d7 | Get or set file date and time
2018-12-25T12:26:53.200894206Z 66 PC: 137ef | Move file pointer
2018-12-25T12:26:53.20225503Z 63 PC: 13804 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:53.208658298Z 66 PC: 13817 | Move file pointer
2018-12-25T12:26:53.210215983Z 64 PC: 1382d | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:53.224368853Z 66 PC: 13840 | Move file pointer
2018-12-25T12:26:53.225793025Z 64 PC: 13855 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:53.23267391Z 64 PC: 1387c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:53.235162684Z 87 PC: 13890 | Get or set file date and time
2018-12-25T12:26:53.236630596Z 62 PC: 1389e | Close file
2018-12-25T12:26:53.244991346Z 44 PC: 138ca | Get time 0x138ca: cmp ch, 0x11
0x138cd: je 0x138eb
0x138cf: cld
0x138d0: mov cx, 0x7f
0x138d3: mov di, si
0x138d5: lea si, word ptr [di + 0x103]
0x138d9: mov di, 0x80
0x138dc: rep movsb byte ptr es:[di], byte ptr [si]
0x138de: mov ax, cs
0x138e0: push ax
0x138e1: mov ax, 0x100
0x138e4: push ax
0x138e5: retf
0x138e6: mov ax, 0x4c01
0x138e9: int 0x21
0x138eb: mov ah, 9
0x138ed: lea dx, word ptr [si + 0x19a]
0x138f1: int 0x21
0x138f3: mov ax, 0x4c00
0x138f6: int 0x21
2018-12-25T12:26:53.247842091Z 9 PC: 138f3 | Display string (String= 'Welcome in the EDS Virus Version 2.0 (c) 1992 The Ultimate Virus Creator Copy me ! I want to travel ! ')
2018-12-25T12:26:53.256664222Z 76 PC: 138f8 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":17,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10004,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:26:53.917977524Z 78 PC: 1378b | Find first file
2018-12-25T12:26:53.924100975Z 79 PC: 1379f | Find next file
2018-12-25T12:26:53.926416912Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.928635055Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.931475841Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.933754301Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:53.935920874Z 61 PC: 137c3 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:53.942476759Z 87 PC: 137d7 | Get or set file date and time
2018-12-25T12:26:53.94366844Z 66 PC: 137ef | Move file pointer
2018-12-25T12:26:53.944821273Z 63 PC: 13804 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:53.951239283Z 66 PC: 13817 | Move file pointer
2018-12-25T12:26:53.952535799Z 64 PC: 1382d | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:53.965738526Z 66 PC: 13840 | Move file pointer
2018-12-25T12:26:53.966740988Z 64 PC: 13855 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:53.973127772Z 64 PC: 1387c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:53.976290152Z 87 PC: 13890 | Get or set file date and time
2018-12-25T12:26:53.977531748Z 62 PC: 1389e | Close file
2018-12-25T12:26:53.989725694Z 44 PC: 138ca | Get time 0x138ca: cmp ch, 0x11
0x138cd: je 0x138eb
0x138cf: cld
0x138d0: mov cx, 0x7f
0x138d3: mov di, si
0x138d5: lea si, word ptr [di + 0x103]
0x138d9: mov di, 0x80
0x138dc: rep movsb byte ptr es:[di], byte ptr [si]
0x138de: mov ax, cs
0x138e0: push ax
0x138e1: mov ax, 0x100
0x138e4: push ax
0x138e5: retf
0x138e6: mov ax, 0x4c01
0x138e9: int 0x21
0x138eb: mov ah, 9
0x138ed: lea dx, word ptr [si + 0x19a]
0x138f1: int 0x21
0x138f3: mov ax, 0x4c00
0x138f6: int 0x21
2018-12-25T12:26:53.9917799Z 9 PC: 138f3 | Display string (String= 'Welcome in the EDS Virus Version 2.0 (c) 1992 The Ultimate Virus Creator Copy me ! I want to travel ! ')
2018-12-25T12:26:53.999491025Z 76 PC: 138f8 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10004,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:26:54.289860748Z 78 PC: 1378b | Find first file
2018-12-25T12:26:54.296870885Z 79 PC: 1379f | Find next file
2018-12-25T12:26:54.299368433Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.30180296Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.304520508Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.307463168Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.310277711Z 61 PC: 137c3 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:54.316889584Z 87 PC: 137d7 | Get or set file date and time
2018-12-25T12:26:54.332089706Z 66 PC: 137ef | Move file pointer
2018-12-25T12:26:54.333415873Z 63 PC: 13804 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:54.339702609Z 66 PC: 13817 | Move file pointer
2018-12-25T12:26:54.341314482Z 64 PC: 1382d | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:54.359055979Z 66 PC: 13840 | Move file pointer
2018-12-25T12:26:54.360476755Z 64 PC: 13855 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:54.367316861Z 64 PC: 1387c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:54.369679379Z 87 PC: 13890 | Get or set file date and time
2018-12-25T12:26:54.371143521Z 62 PC: 1389e | Close file
2018-12-25T12:26:54.37920476Z 44 PC: 138ca | Get time 0x138ca: cmp ch, 0x11
0x138cd: je 0x138eb
0x138cf: cld
0x138d0: mov cx, 0x7f
0x138d3: mov di, si
0x138d5: lea si, word ptr [di + 0x103]
0x138d9: mov di, 0x80
0x138dc: rep movsb byte ptr es:[di], byte ptr [si]
0x138de: mov ax, cs
0x138e0: push ax
0x138e1: mov ax, 0x100
0x138e4: push ax
0x138e5: retf
0x138e6: mov ax, 0x4c01
0x138e9: int 0x21
0x138eb: mov ah, 9
0x138ed: lea dx, word ptr [si + 0x19a]
0x138f1: int 0x21
0x138f3: mov ax, 0x4c00
0x138f6: int 0x21
2018-12-25T12:26:54.38191799Z 78 PC: 134d7 | Find first file
2018-12-25T12:26:54.388014363Z 79 PC: 134eb | Find next file
2018-12-25T12:26:54.391773682Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:54.394274414Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:54.397217548Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:54.401020964Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:54.403859002Z 61 PC: 1350f | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:54.41054851Z 87 PC: 13523 | Get or set file date and time
2018-12-25T12:26:54.412425738Z 66 PC: 1353b | Move file pointer
2018-12-25T12:26:54.414597672Z 63 PC: 13550 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:54.417186946Z 66 PC: 13563 | Move file pointer
2018-12-25T12:26:54.418566124Z 64 PC: 13579 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:54.427585643Z 66 PC: 1358c | Move file pointer
2018-12-25T12:26:54.428901554Z 64 PC: 135a1 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:54.431530016Z 64 PC: 135c8 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:54.435032402Z 87 PC: 135dc | Get or set file date and time
2018-12-25T12:26:54.436600118Z 62 PC: 135ea | Close file
2018-12-25T12:26:54.444394641Z 44 PC: 13616 | Get time 0x13616: cmp ch, 0x11
0x13619: je 0x13637
0x1361b: cld
0x1361c: mov cx, 0x7f
0x1361f: mov di, si
0x13621: lea si, word ptr [di + 0x103]
0x13625: mov di, 0x80
0x13628: rep movsb byte ptr es:[di], byte ptr [si]
0x1362a: mov ax, cs
0x1362c: push ax
0x1362d: mov ax, 0x100
0x13630: push ax
0x13631: retf
0x13632: mov ax, 0x4c01
0x13635: int 0x21
0x13637: mov ah, 9
0x13639: lea dx, word ptr [si + 0x19a]
0x1363d: int 0x21
0x1363f: mov ax, 0x4c00
0x13642: int 0x21
2018-12-25T12:26:54.451620472Z 78 PC: 13223 | Find first file
2018-12-25T12:26:54.457773575Z 79 PC: 13237 | Find next file
2018-12-25T12:26:54.460678199Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:54.46474499Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:54.467695995Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:54.470308541Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:54.473692207Z 61 PC: 1325b | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:54.480432235Z 87 PC: 1326f | Get or set file date and time
2018-12-25T12:26:54.482222588Z 66 PC: 13287 | Move file pointer
2018-12-25T12:26:54.485675814Z 63 PC: 1329c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:54.488712768Z 66 PC: 132af | Move file pointer
2018-12-25T12:26:54.490444911Z 64 PC: 132c5 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:54.499554713Z 66 PC: 132d8 | Move file pointer
2018-12-25T12:26:54.502149659Z 64 PC: 132ed | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:54.504898442Z 64 PC: 13314 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:54.508654356Z 87 PC: 13328 | Get or set file date and time
2018-12-25T12:26:54.510044171Z 62 PC: 13336 | Close file
2018-12-25T12:26:54.517836321Z 44 PC: 13362 | Get time 0x13362: cmp ch, 0x11
0x13365: je 0x13383
0x13367: cld
0x13368: mov cx, 0x7f
0x1336b: mov di, si
0x1336d: lea si, word ptr [di + 0x103]
0x13371: mov di, 0x80
0x13374: rep movsb byte ptr es:[di], byte ptr [si]
0x13376: mov ax, cs
0x13378: push ax
0x13379: mov ax, 0x100
0x1337c: push ax
0x1337d: retf
0x1337e: mov ax, 0x4c01
0x13381: int 0x21
0x13383: mov ah, 9
0x13385: lea dx, word ptr [si + 0x19a]
0x13389: int 0x21
0x1338b: mov ax, 0x4c00
0x1338e: int 0x21
2018-12-25T12:26:54.521099893Z 78 PC: 12f6f | Find first file
2018-12-25T12:26:54.528153479Z 79 PC: 12f83 | Find next file
2018-12-25T12:26:54.530930286Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:54.53390167Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:54.53785648Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:54.540928367Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:54.54391122Z 61 PC: 12fa7 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:54.551861047Z 87 PC: 12fbb | Get or set file date and time
2018-12-25T12:26:54.554069001Z 66 PC: 12fd3 | Move file pointer
2018-12-25T12:26:54.555929506Z 63 PC: 12fe8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:54.559904235Z 66 PC: 12ffb | Move file pointer
2018-12-25T12:26:54.561725012Z 64 PC: 13011 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:54.570191404Z 66 PC: 13024 | Move file pointer
2018-12-25T12:26:54.572953923Z 64 PC: 13039 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:54.576726485Z 64 PC: 13060 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:54.579637045Z 87 PC: 13074 | Get or set file date and time
2018-12-25T12:26:54.582368451Z 62 PC: 13082 | Close file
2018-12-25T12:26:54.590787213Z 44 PC: 130ae | Get time 0x130ae: cmp ch, 0x11
0x130b1: je 0x130cf
0x130b3: cld
0x130b4: mov cx, 0x7f
0x130b7: mov di, si
0x130b9: lea si, word ptr [di + 0x103]
0x130bd: mov di, 0x80
0x130c0: rep movsb byte ptr es:[di], byte ptr [si]
0x130c2: mov ax, cs
0x130c4: push ax
0x130c5: mov ax, 0x100
0x130c8: push ax
0x130c9: retf
0x130ca: mov ax, 0x4c01
0x130cd: int 0x21
0x130cf: mov ah, 9
0x130d1: lea dx, word ptr [si + 0x19a]
0x130d5: int 0x21
0x130d7: mov ax, 0x4c00
0x130da: int 0x21
2018-12-25T12:26:54.593245754Z 9 PC: 12e26 | Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10004,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:26:54.618414576Z 78 PC: 1378b | Find first file
2018-12-25T12:26:54.634531325Z 79 PC: 1379f | Find next file
2018-12-25T12:26:54.644576578Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.647008607Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.65790622Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.661094055Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.663784529Z 61 PC: 137c3 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:54.671792986Z 87 PC: 137d7 | Get or set file date and time
2018-12-25T12:26:54.673283174Z 66 PC: 137ef | Move file pointer
2018-12-25T12:26:54.674595207Z 63 PC: 13804 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:54.681570058Z 66 PC: 13817 | Move file pointer
2018-12-25T12:26:54.683637138Z 64 PC: 1382d | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:54.697820736Z 66 PC: 13840 | Move file pointer
2018-12-25T12:26:54.699444543Z 64 PC: 13855 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:54.706602636Z 64 PC: 1387c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:54.708963025Z 87 PC: 13890 | Get or set file date and time
2018-12-25T12:26:54.710451465Z 62 PC: 1389e | Close file
2018-12-25T12:26:54.718779886Z 44 PC: 138ca | Get time 0x138ca: cmp ch, 0x11
0x138cd: je 0x138eb
0x138cf: cld
0x138d0: mov cx, 0x7f
0x138d3: mov di, si
0x138d5: lea si, word ptr [di + 0x103]
0x138d9: mov di, 0x80
0x138dc: rep movsb byte ptr es:[di], byte ptr [si]
0x138de: mov ax, cs
0x138e0: push ax
0x138e1: mov ax, 0x100
0x138e4: push ax
0x138e5: retf
0x138e6: mov ax, 0x4c01
0x138e9: int 0x21
0x138eb: mov ah, 9
0x138ed: lea dx, word ptr [si + 0x19a]
0x138f1: int 0x21
0x138f3: mov ax, 0x4c00
0x138f6: int 0x21
2018-12-25T12:26:54.721008067Z 78 PC: 134d7 | Find first file
2018-12-25T12:26:54.726687169Z 79 PC: 134eb | Find next file
2018-12-25T12:26:54.729757948Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:54.732251599Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:54.734636414Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:54.737812554Z 79 PC: 134eb | Find next file (See above)
2018-12-25T12:26:54.740657151Z 61 PC: 1350f | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:54.747322384Z 87 PC: 13523 | Get or set file date and time
2018-12-25T12:26:54.750439214Z 66 PC: 1353b | Move file pointer
2018-12-25T12:26:54.751987221Z 63 PC: 13550 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:54.754705927Z 66 PC: 13563 | Move file pointer
2018-12-25T12:26:54.757253825Z 64 PC: 13579 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:54.775327802Z 66 PC: 1358c | Move file pointer
2018-12-25T12:26:54.777094177Z 64 PC: 135a1 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:54.780450501Z 64 PC: 135c8 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:54.783511777Z 87 PC: 135dc | Get or set file date and time
2018-12-25T12:26:54.785239879Z 62 PC: 135ea | Close file
2018-12-25T12:26:54.794472783Z 44 PC: 13616 | Get time 0x13616: cmp ch, 0x11
0x13619: je 0x13637
0x1361b: cld
0x1361c: mov cx, 0x7f
0x1361f: mov di, si
0x13621: lea si, word ptr [di + 0x103]
0x13625: mov di, 0x80
0x13628: rep movsb byte ptr es:[di], byte ptr [si]
0x1362a: mov ax, cs
0x1362c: push ax
0x1362d: mov ax, 0x100
0x13630: push ax
0x13631: retf
0x13632: mov ax, 0x4c01
0x13635: int 0x21
0x13637: mov ah, 9
0x13639: lea dx, word ptr [si + 0x19a]
0x1363d: int 0x21
0x1363f: mov ax, 0x4c00
0x13642: int 0x21
2018-12-25T12:26:54.796949505Z 78 PC: 13223 | Find first file
2018-12-25T12:26:54.802851044Z 79 PC: 13237 | Find next file
2018-12-25T12:26:54.809024556Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:54.811629626Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:54.814458452Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:54.817648427Z 79 PC: 13237 | Find next file (See above)
2018-12-25T12:26:54.820069531Z 61 PC: 1325b | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:54.82632414Z 87 PC: 1326f | Get or set file date and time
2018-12-25T12:26:54.828531991Z 66 PC: 13287 | Move file pointer
2018-12-25T12:26:54.829870517Z 63 PC: 1329c | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:54.833023581Z 66 PC: 132af | Move file pointer
2018-12-25T12:26:54.834987438Z 64 PC: 132c5 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:54.843421424Z 66 PC: 132d8 | Move file pointer
2018-12-25T12:26:54.844705786Z 64 PC: 132ed | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:54.847528822Z 64 PC: 13314 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:54.850622202Z 87 PC: 13328 | Get or set file date and time
2018-12-25T12:26:54.852035533Z 62 PC: 13336 | Close file
2018-12-25T12:26:54.859850839Z 44 PC: 13362 | Get time 0x13362: cmp ch, 0x11
0x13365: je 0x13383
0x13367: cld
0x13368: mov cx, 0x7f
0x1336b: mov di, si
0x1336d: lea si, word ptr [di + 0x103]
0x13371: mov di, 0x80
0x13374: rep movsb byte ptr es:[di], byte ptr [si]
0x13376: mov ax, cs
0x13378: push ax
0x13379: mov ax, 0x100
0x1337c: push ax
0x1337d: retf
0x1337e: mov ax, 0x4c01
0x13381: int 0x21
0x13383: mov ah, 9
0x13385: lea dx, word ptr [si + 0x19a]
0x13389: int 0x21
0x1338b: mov ax, 0x4c00
0x1338e: int 0x21
2018-12-25T12:26:54.862839015Z 78 PC: 12f6f | Find first file
2018-12-25T12:26:54.868869755Z 79 PC: 12f83 | Find next file
2018-12-25T12:26:54.871616301Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:54.874805493Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:54.877514632Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:54.880236112Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T12:26:54.883381403Z 61 PC: 12fa7 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:54.889942289Z 87 PC: 12fbb | Get or set file date and time
2018-12-25T12:26:54.891584744Z 66 PC: 12fd3 | Move file pointer
2018-12-25T12:26:54.893573102Z 63 PC: 12fe8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:54.896299021Z 66 PC: 12ffb | Move file pointer
2018-12-25T12:26:54.897904358Z 64 PC: 13011 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:54.907009503Z 66 PC: 13024 | Move file pointer
2018-12-25T12:26:54.908281772Z 64 PC: 13039 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:54.911046149Z 64 PC: 13060 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:54.914282761Z 87 PC: 13074 | Get or set file date and time
2018-12-25T12:26:54.915701783Z 62 PC: 13082 | Close file
2018-12-25T12:26:54.923644565Z 44 PC: 130ae | Get time 0x130ae: cmp ch, 0x11
0x130b1: je 0x130cf
0x130b3: cld
0x130b4: mov cx, 0x7f
0x130b7: mov di, si
0x130b9: lea si, word ptr [di + 0x103]
0x130bd: mov di, 0x80
0x130c0: rep movsb byte ptr es:[di], byte ptr [si]
0x130c2: mov ax, cs
0x130c4: push ax
0x130c5: mov ax, 0x100
0x130c8: push ax
0x130c9: retf
0x130ca: mov ax, 0x4c01
0x130cd: int 0x21
0x130cf: mov ah, 9
0x130d1: lea dx, word ptr [si + 0x19a]
0x130d5: int 0x21
0x130d7: mov ax, 0x4c00
0x130da: int 0x21
2018-12-25T12:26:54.926434943Z 9 PC: 12e26 | Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":17,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10004,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:26:54.729638978Z 78 PC: 1378b | Find first file
2018-12-25T12:26:54.736447077Z 79 PC: 1379f | Find next file
2018-12-25T12:26:54.739000995Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.741623775Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.744596696Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.74744599Z 79 PC: 1379f | Find next file (See above)
2018-12-25T12:26:54.749820811Z 61 PC: 137c3 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:26:54.756356183Z 87 PC: 137d7 | Get or set file date and time
2018-12-25T12:26:54.758053292Z 66 PC: 137ef | Move file pointer
2018-12-25T12:26:54.759495699Z 63 PC: 13804 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:54.765992147Z 66 PC: 13817 | Move file pointer
2018-12-25T12:26:54.767624845Z 64 PC: 1382d | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:26:54.781177166Z 66 PC: 13840 | Move file pointer
2018-12-25T12:26:54.782291902Z 64 PC: 13855 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:26:54.789377213Z 64 PC: 1387c | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:26:54.792101384Z 87 PC: 13890 | Get or set file date and time
2018-12-25T12:26:54.793725918Z 62 PC: 1389e | Close file
2018-12-25T12:26:54.805413744Z 44 PC: 138ca | Get time 0x138ca: cmp ch, 0x11
0x138cd: je 0x138eb
0x138cf: cld
0x138d0: mov cx, 0x7f
0x138d3: mov di, si
0x138d5: lea si, word ptr [di + 0x103]
0x138d9: mov di, 0x80
0x138dc: rep movsb byte ptr es:[di], byte ptr [si]
0x138de: mov ax, cs
0x138e0: push ax
0x138e1: mov ax, 0x100
0x138e4: push ax
0x138e5: retf
0x138e6: mov ax, 0x4c01
0x138e9: int 0x21
0x138eb: mov ah, 9
0x138ed: lea dx, word ptr [si + 0x19a]
0x138f1: int 0x21
0x138f3: mov ax, 0x4c00
0x138f6: int 0x21
2018-12-25T12:26:54.807562171Z 9 PC: 138f3 | Display string (String= 'Welcome in the EDS Virus Version 2.0 (c) 1992 The Ultimate Virus Creator Copy me ! I want to travel ! ')
2018-12-25T12:26:54.815245617Z 76 PC: 138f8 | Terminate with return code (Return code = '0')