Sample viewer

vx.netlux.org/Virus.DOS.DeathDragon.528

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:43.2871042Z 26 PC: 12a5d | Set disk transfer address
2018-12-17T22:50:43.288734232Z 78 PC: 12a68 | Find first file
2018-12-17T22:50:43.296867431Z 67 PC: 12a89 | Get or set file attributes
2018-12-17T22:50:43.313895692Z 61 PC: 12a8f | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:43.321501901Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:43.330613168Z 62 PC: 12ab4 | Close file
2018-12-17T22:50:43.332831886Z 61 PC: 12ac7 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:43.341464514Z 64 PC: 12aef | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:43.346175885Z 66 PC: 12af9 | Move file pointer
2018-12-17T22:50:43.348156987Z 64 PC: 12b04 | Write file or device (Write 528 bytes on handle 5)
2018-12-17T22:50:43.357991973Z 62 PC: 12b08 | Close file
2018-12-17T22:50:43.367754003Z 79 PC: 12a68 | Find next file
2018-12-17T22:50:43.370669099Z 67 PC: 12a89 | Get or set file attributes
2018-12-17T22:50:43.381207648Z 61 PC: 12a8f | Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:43.388646933Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:43.397214679Z 62 PC: 12ab4 | Close file
2018-12-17T22:50:43.399586765Z 61 PC: 12ac7 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:43.407854387Z 64 PC: 12aef | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:43.412205562Z 66 PC: 12af9 | Move file pointer
2018-12-17T22:50:43.414226989Z 64 PC: 12b04 | Write file or device (Write 528 bytes on handle 5)
2018-12-17T22:50:43.423253187Z 62 PC: 12b08 | Close file
2018-12-17T22:50:43.433311853Z 79 PC: 12a68 | Find next file
2018-12-17T22:50:43.436257648Z 67 PC: 12a89 | Get or set file attributes
2018-12-17T22:50:43.446776208Z 61 PC: 12a8f | Open file (Filename = 'HELLO.COM')
2018-12-17T22:50:43.454584026Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:43.462505918Z 62 PC: 12ab4 | Close file
2018-12-17T22:50:43.465027155Z 61 PC: 12ac7 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:50:43.474201451Z 64 PC: 12aef | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:43.478531585Z 66 PC: 12af9 | Move file pointer
2018-12-17T22:50:43.480944168Z 64 PC: 12b04 | Write file or device (Write 528 bytes on handle 5)
2018-12-17T22:50:43.490164359Z 62 PC: 12b08 | Close file
2018-12-17T22:50:43.500051734Z 79 PC: 12a68 | Find next file
2018-12-17T22:50:43.514244437Z 67 PC: 12a89 | Get or set file attributes
2018-12-17T22:50:43.526071647Z 61 PC: 12a8f | Open file (Filename = 'PHANG.COM')
2018-12-17T22:50:43.53436685Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:43.542679577Z 62 PC: 12ab4 | Close file
2018-12-17T22:50:43.545118559Z 61 PC: 12ac7 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:50:43.553395969Z 64 PC: 12aef | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:43.557759817Z 66 PC: 12af9 | Move file pointer
2018-12-17T22:50:43.559762219Z 64 PC: 12b04 | Write file or device (Write 528 bytes on handle 5)
2018-12-17T22:50:43.568767507Z 62 PC: 12b08 | Close file
2018-12-17T22:50:43.579638179Z 79 PC: 12a68 | Find next file
2018-12-17T22:50:43.58306646Z 67 PC: 12a89 | Get or set file attributes
2018-12-17T22:50:43.594177083Z 61 PC: 12a8f | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:50:43.602556525Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:43.609679646Z 62 PC: 12ab4 | Close file
2018-12-17T22:50:43.612032196Z 61 PC: 12ac7 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:50:43.620555158Z 64 PC: 12aef | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:43.623938223Z 66 PC: 12af9 | Move file pointer
2018-12-17T22:50:43.625760857Z 64 PC: 12b04 | Write file or device (Write 528 bytes on handle 5)
2018-12-17T22:50:43.634762378Z 62 PC: 12b08 | Close file
2018-12-17T22:50:43.64409991Z 79 PC: 12a68 | Find next file
2018-12-17T22:50:43.647206116Z 67 PC: 12a89 | Get or set file attributes
2018-12-17T22:50:43.658249061Z 61 PC: 12a8f | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:50:43.665906788Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:43.672923911Z 62 PC: 12ab4 | Close file
2018-12-17T22:50:43.675271791Z 61 PC: 12ac7 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:50:43.684714781Z 64 PC: 12aef | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:43.688252387Z 66 PC: 12af9 | Move file pointer
2018-12-17T22:50:43.690284756Z 64 PC: 12b04 | Write file or device (Write 528 bytes on handle 5)
2018-12-17T22:50:43.6997088Z 62 PC: 12b08 | Close file
2018-12-17T22:50:43.708749264Z 79 PC: 12a68 | Find next file
2018-12-17T22:50:43.711727309Z 67 PC: 12a89 | Get or set file attributes
2018-12-17T22:50:43.72314622Z 61 PC: 12a8f | Open file (Filename = 'PAH.COM')
2018-12-17T22:50:43.730540111Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:43.737690354Z 62 PC: 12ab4 | Close file
2018-12-17T22:50:43.741417977Z 61 PC: 12ac7 | Open file (Filename = 'PAH.COM')
2018-12-17T22:50:43.761669182Z 64 PC: 12aef | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:43.765363272Z 66 PC: 12af9 | Move file pointer
2018-12-17T22:50:43.767341619Z 64 PC: 12b04 | Write file or device (Write 528 bytes on handle 5)
2018-12-17T22:50:43.777431905Z 62 PC: 12b08 | Close file
2018-12-17T22:50:43.787101781Z 79 PC: 12a68 | Find next file
2018-12-17T22:50:43.790307112Z 67 PC: 12a89 | Get or set file attributes
2018-12-17T22:50:43.802534774Z 61 PC: 12a8f | Open file (Filename = 'TEST.COM')
2018-12-17T22:50:43.810787628Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:43.81543567Z 62 PC: 12ab4 | Close file
2018-12-17T22:50:43.818972355Z 79 PC: 12a68 | Find next file
2018-12-17T22:50:43.822979843Z 26 PC: 12b14 | Set disk transfer address
2018-12-17T22:50:43.824832514Z 42 PC: 12b18 | Get date 0x12b18: cmp dh, 4
0x12b1b: jne 0x12b4f
0x12b1d: mov ah, 0x3d
0x12b1f: mov al, 2
0x12b21: lea dx, word ptr [bp + 0x2ba]
0x12b25: int 0x21
0x12b27: jb 0x12b4f
0x12b29: xchg ax, bx
0x12b2a: mov ah, 0x42
0x12b2c: xor cx, cx
0x12b2e: xor dx, dx
0x12b30: mov al, 2
0x12b32: int 0x21
0x12b34: mov ah, 0x40
0x12b36: mov cx, 0x61
0x12b39: lea dx, word ptr [bp + 0x210]
0x12b3d: int 0x21
0x12b3f: mov ah, 0x3e
0x12b41: int 0x21
0x12b43: mov ah, 9

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10317,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:42.308430343Z 26 PC: 12a5d | Set disk transfer address
2018-12-25T12:27:42.310992092Z 78 PC: 12a68 | Find first file
2018-12-25T12:27:42.318489981Z 67 PC: 12a89 | Get or set file attributes
2018-12-25T12:27:42.337389121Z 61 PC: 12a8f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:42.345334578Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:42.354682221Z 62 PC: 12ab4 | Close file
2018-12-25T12:27:42.357107923Z 61 PC: 12ac7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:42.365363862Z 64 PC: 12aef | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:42.369830926Z 66 PC: 12af9 | Move file pointer
2018-12-25T12:27:42.371777645Z 64 PC: 12b04 | Write file or device (Write 528 bytes on handle 5)
2018-12-25T12:27:42.381679741Z 62 PC: 12b08 | Close file
2018-12-25T12:27:42.392248277Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.395571121Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.406706758Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.415639657Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.423913318Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.426014992Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.433739486Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.438061034Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.439597382Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.448564039Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.45947971Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.46223675Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.472901445Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.483861422Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.491053241Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.493049161Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.501013633Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.505144039Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.507076971Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.519864436Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.526410631Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.528410471Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.535228114Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.542415853Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.547588977Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.549531475Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.555328018Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.557605329Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.55912126Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.564932664Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.571626345Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.573645698Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.58196205Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.589378726Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.59623207Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.598653629Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.61082851Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.617941631Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.620198322Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.628180524Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.63605725Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.646857796Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.659812419Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.668077275Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.676067288Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.67971469Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.687749526Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.691344239Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.694311642Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.704798976Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.714505419Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.718708113Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.730282567Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.737216528Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.745883428Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.749487543Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.759232961Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.762786601Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.765998159Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.775307444Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.784966064Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.789245989Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.800900716Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.809508348Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.818607217Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.821502014Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.82461542Z 26 PC: 12b14 | Set disk transfer address
2018-12-25T12:27:42.826686902Z 42 PC: 12b18 | Get date 0x12b18: cmp dh, 4
0x12b1b: jne 0x12b4f
0x12b1d: mov ah, 0x3d
0x12b1f: mov al, 2
0x12b21: lea dx, word ptr [bp + 0x2ba]
0x12b25: int 0x21
0x12b27: jb 0x12b4f
0x12b29: xchg ax, bx
0x12b2a: mov ah, 0x42
0x12b2c: xor cx, cx
0x12b2e: xor dx, dx
0x12b30: mov al, 2
0x12b32: int 0x21
0x12b34: mov ah, 0x40
0x12b36: mov cx, 0x61
0x12b39: lea dx, word ptr [bp + 0x210]
0x12b3d: int 0x21
0x12b3f: mov ah, 0x3e
0x12b41: int 0x21
0x12b43: mov ah, 9

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10317,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:42.354774486Z 26 PC: 12a5d | Set disk transfer address
2018-12-25T12:27:42.357429607Z 78 PC: 12a68 | Find first file
2018-12-25T12:27:42.364376609Z 67 PC: 12a89 | Get or set file attributes
2018-12-25T12:27:42.387936749Z 61 PC: 12a8f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:42.39897749Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:42.411472278Z 62 PC: 12ab4 | Close file
2018-12-25T12:27:42.413504742Z 61 PC: 12ac7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:42.422282845Z 64 PC: 12aef | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:42.426405825Z 66 PC: 12af9 | Move file pointer
2018-12-25T12:27:42.428832741Z 64 PC: 12b04 | Write file or device (Write 528 bytes on handle 5)
2018-12-25T12:27:42.439429809Z 62 PC: 12b08 | Close file
2018-12-25T12:27:42.45170594Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.458924751Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.472663457Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.483133369Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.491634797Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.494209191Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.501890356Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.506081229Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.507926889Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.520016037Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.530368706Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.534204717Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.548046182Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.557384542Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.570598495Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.582479876Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.591637723Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.608760476Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.621723953Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.630956845Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.640768258Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.643784009Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.654547909Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.66312903Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.670473132Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.67295221Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.681669261Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.685230543Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.687163484Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.704700465Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.714167513Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.717126651Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.729087906Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.736474491Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.744318761Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.747026515Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.755481053Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.759003542Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.760985949Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.771586944Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.780860067Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.784253521Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.793723631Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.798196812Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.805427951Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.809747708Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.817859436Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.821318736Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.823724037Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.833798358Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.843206144Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.846634851Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.858704359Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.866487762Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.874008885Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.877055401Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.884759979Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.89229375Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.894790603Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.904649139Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.91394009Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.917694991Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.929085597Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.936858973Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.940867517Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.943563118Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.947107074Z 26 PC: 12b14 | Set disk transfer address
2018-12-25T12:27:42.948736446Z 42 PC: 12b18 | Get date 0x12b18: cmp dh, 4
0x12b1b: jne 0x12b4f
0x12b1d: mov ah, 0x3d
0x12b1f: mov al, 2
0x12b21: lea dx, word ptr [bp + 0x2ba]
0x12b25: int 0x21
0x12b27: jb 0x12b4f
0x12b29: xchg ax, bx
0x12b2a: mov ah, 0x42
0x12b2c: xor cx, cx
0x12b2e: xor dx, dx
0x12b30: mov al, 2
0x12b32: int 0x21
0x12b34: mov ah, 0x40
0x12b36: mov cx, 0x61
0x12b39: lea dx, word ptr [bp + 0x210]
0x12b3d: int 0x21
0x12b3f: mov ah, 0x3e
0x12b41: int 0x21
0x12b43: mov ah, 9
2018-12-25T12:27:42.951872907Z 61 PC: 12b27 | Open file (Filename = 'c:\autoexec.bat')
2018-12-25T12:27:42.959091244Z 66 PC: 12b34 | Move file pointer
2018-12-25T12:27:42.961329931Z 64 PC: 12b3f | Write file or device (Write 97 bytes on handle 5)
2018-12-25T12:27:42.965646154Z 62 PC: 12b43 | Close file
2018-12-25T12:27:43.305390979Z 9 PC: 12b4b | Display string (String= 'Eddie has returned on tour (1993) - VMAG version press a key... ')
2018-12-25T12:27:43.313592679Z 7 PC: 12b4f | Direct console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10317,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:42.371724573Z 26 PC: 12a5d | Set disk transfer address
2018-12-25T12:27:42.373480695Z 78 PC: 12a68 | Find first file
2018-12-25T12:27:42.381647227Z 67 PC: 12a89 | Get or set file attributes
2018-12-25T12:27:42.398645275Z 61 PC: 12a8f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:42.40646362Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:42.415766128Z 62 PC: 12ab4 | Close file
2018-12-25T12:27:42.418620116Z 61 PC: 12ac7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:42.426535633Z 64 PC: 12aef | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:42.430961304Z 66 PC: 12af9 | Move file pointer
2018-12-25T12:27:42.433385368Z 64 PC: 12b04 | Write file or device (Write 528 bytes on handle 5)
2018-12-25T12:27:42.442653436Z 62 PC: 12b08 | Close file
2018-12-25T12:27:42.451896385Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.456527885Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.467795597Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.47561703Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.484620997Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.487514996Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.495504805Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.499894751Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.502295725Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.51335723Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.535160012Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.542741298Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.564536732Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.579498192Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.597154747Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.600676523Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.609705452Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.614629826Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.616442076Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.633304562Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.643274205Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.646877948Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.658420883Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.667097748Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.695288836Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.69792071Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.706102394Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.715012772Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.730326242Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.74001441Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.750488707Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.753894103Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.765160091Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.774023807Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.781907728Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.784371194Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.793113485Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.797008288Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.799019141Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.808619518Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.81890116Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.822277532Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.833376416Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.842381962Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.849939911Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.852399288Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.861170555Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.865067076Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.867080064Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.878040959Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.887456091Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.89079637Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.902290677Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.913700892Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.921255172Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.923690986Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.932638824Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.936125055Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.93832468Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.948093854Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.95696124Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.960082264Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.972056026Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.981081335Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.984263142Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.987336875Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.990616115Z 26 PC: 12b14 | Set disk transfer address
2018-12-25T12:27:42.992132341Z 42 PC: 12b18 | Get date 0x12b18: cmp dh, 4
0x12b1b: jne 0x12b4f
0x12b1d: mov ah, 0x3d
0x12b1f: mov al, 2
0x12b21: lea dx, word ptr [bp + 0x2ba]
0x12b25: int 0x21
0x12b27: jb 0x12b4f
0x12b29: xchg ax, bx
0x12b2a: mov ah, 0x42
0x12b2c: xor cx, cx
0x12b2e: xor dx, dx
0x12b30: mov al, 2
0x12b32: int 0x21
0x12b34: mov ah, 0x40
0x12b36: mov cx, 0x61
0x12b39: lea dx, word ptr [bp + 0x210]
0x12b3d: int 0x21
0x12b3f: mov ah, 0x3e
0x12b41: int 0x21
0x12b43: mov ah, 9

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10317,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:42.485697988Z 26 PC: 12a5d | Set disk transfer address
2018-12-25T12:27:42.487456253Z 78 PC: 12a68 | Find first file
2018-12-25T12:27:42.495657784Z 67 PC: 12a89 | Get or set file attributes
2018-12-25T12:27:42.513621122Z 61 PC: 12a8f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:42.52660662Z 63 PC: 12aa0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:42.553734287Z 62 PC: 12ab4 | Close file
2018-12-25T12:27:42.557579851Z 61 PC: 12ac7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:42.566348721Z 64 PC: 12aef | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:42.570752737Z 66 PC: 12af9 | Move file pointer
2018-12-25T12:27:42.572832284Z 64 PC: 12b04 | Write file or device (Write 528 bytes on handle 5)
2018-12-25T12:27:42.582550521Z 62 PC: 12b08 | Close file
2018-12-25T12:27:42.592548869Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.597060243Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.609025692Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.627408743Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.640067138Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.645377827Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.656249746Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.664325743Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.666431909Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.676123293Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.686921503Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.690110652Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.701092404Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.70934389Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.717622264Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.720072217Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.728057519Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.732227906Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.733814878Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.743152468Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.756880594Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.76059789Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.776370251Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.784984603Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.790304294Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.792907906Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.801911935Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.806281568Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.808470737Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.81869852Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.828557976Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.846534787Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.859189268Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.868217026Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.87583344Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.878236927Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.888006663Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.891593245Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.893602381Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.903831515Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:42.913113367Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:42.916452968Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:42.928577375Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:42.938014127Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:42.945550215Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:42.948688757Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:42.956887839Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:42.960371951Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:42.96231715Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:42.97379309Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:43.20254467Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:43.20644191Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:43.306330647Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:43.314427745Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:43.322122093Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:43.325596129Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:27:43.334725149Z 64 PC: 12aef | Write file or device (See above)
2018-12-25T12:27:43.338366008Z 66 PC: 12af9 | Move file pointer (See above)
2018-12-25T12:27:43.341478774Z 64 PC: 12b04 | Write file or device (See above)
2018-12-25T12:27:43.35167609Z 62 PC: 12b08 | Close file (See above)
2018-12-25T12:27:43.361091444Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:43.36458556Z 67 PC: 12a89 | Get or set file attributes (See above)
2018-12-25T12:27:43.378384655Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:27:43.387365841Z 63 PC: 12aa0 | Read file or device (See above)
2018-12-25T12:27:43.390777694Z 62 PC: 12ab4 | Close file (See above)
2018-12-25T12:27:43.394321425Z 79 PC: 12a68 | Find next file (See above)
2018-12-25T12:27:43.397553321Z 26 PC: 12b14 | Set disk transfer address
2018-12-25T12:27:43.399413204Z 42 PC: 12b18 | Get date 0x12b18: cmp dh, 4
0x12b1b: jne 0x12b4f
0x12b1d: mov ah, 0x3d
0x12b1f: mov al, 2
0x12b21: lea dx, word ptr [bp + 0x2ba]
0x12b25: int 0x21
0x12b27: jb 0x12b4f
0x12b29: xchg ax, bx
0x12b2a: mov ah, 0x42
0x12b2c: xor cx, cx
0x12b2e: xor dx, dx
0x12b30: mov al, 2
0x12b32: int 0x21
0x12b34: mov ah, 0x40
0x12b36: mov cx, 0x61
0x12b39: lea dx, word ptr [bp + 0x210]
0x12b3d: int 0x21
0x12b3f: mov ah, 0x3e
0x12b41: int 0x21
0x12b43: mov ah, 9
2018-12-25T12:27:43.403317835Z 61 PC: 12b27 | Open file (Filename = 'c:\autoexec.bat')
2018-12-25T12:27:43.411199878Z 66 PC: 12b34 | Move file pointer
2018-12-25T12:27:43.413349023Z 64 PC: 12b3f | Write file or device (Write 97 bytes on handle 5)
2018-12-25T12:27:43.417966216Z 62 PC: 12b43 | Close file
2018-12-25T12:27:43.762342772Z 9 PC: 12b4b | Display string (String= 'Eddie has returned on tour (1993) - VMAG version press a key... ')
2018-12-25T12:27:43.771277192Z 7 PC: 12b4f | Direct console input without echo