Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Oscar.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:45.28455068Z	48	PC: 1569b \| Get DOS version
2018-12-17T22:51:45.287095304Z	47	PC: 156a7 \| Get disk transfer address
2018-12-17T22:51:45.288526229Z	26	PC: 156b6 \| Set disk transfer address
2018-12-17T22:51:45.290012585Z	78	PC: 15739 \| Find first file
2018-12-17T22:51:45.296547149Z	67	PC: 15771 \| Get or set file attributes
2018-12-17T22:51:45.308015204Z	67	PC: 15781 \| Get or set file attributes
2018-12-17T22:51:45.463089578Z	61	PC: 1578b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:51:45.469916977Z	87	PC: 15797 \| Get or set file date and time
2018-12-17T22:51:45.472098823Z	44	PC: 157a1 \| Get time 0x157a1: cmp dh, 0xa 0x157a4: jne 0x157cb 0x157a6: mov ah, 0x30 0x157a8: int 0x21 0x157aa: cmp al, 4 0x157ac: jl 0x157b1 0x157ae: jmp 0x1582c 0x157b0: nop 0x157b1: mov al, 2 0x157b3: mov cx, 9 0x157b6: mov dx, 0 0x157b9: mov bx, si 0x157bb: sub bx, 0x10 0x157be: push bp 0x157bf: int 0x26 0x157c1: jb 0x157c7 0x157c3: xor ax, ax 0x157c5: jmp 0x1582c 0x157c7: pop bx 0x157c8: pop bp
2018-12-17T22:51:45.474326063Z	63	PC: 157d7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:51:45.480555628Z	66	PC: 157e9 \| Move file pointer
2018-12-17T22:51:45.483060422Z	64	PC: 1580c \| Write file or device (Write 648 bytes on handle 5)
2018-12-17T22:51:45.491748172Z	66	PC: 1581e \| Move file pointer
2018-12-17T22:51:45.493316663Z	64	PC: 1582c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:51:45.513641707Z	87	PC: 1583d \| Get or set file date and time
2018-12-17T22:51:45.515104226Z	62	PC: 15841 \| Close file
2018-12-17T22:51:45.537713997Z	67	PC: 1584e \| Get or set file attributes
2018-12-17T22:51:45.553404432Z	26	PC: 15858 \| Set disk transfer address
2018-12-17T22:51:45.554993927Z	74	PC: 15428 \| Reallocate memory
2018-12-17T22:51:45.556776158Z	72	PC: 15430 \| Allocate memory
2018-12-17T22:51:45.562524416Z	71	PC: 15450 \| Get current directory
2018-12-17T22:51:45.565743638Z	26	PC: 15463 \| Set disk transfer address
2018-12-17T22:51:45.567226324Z	59	PC: 1546d \| Change current directory
2018-12-17T22:51:45.57274915Z	78	PC: 15486 \| Find first file
2018-12-17T22:51:45.580349999Z	47	PC: 1548f \| Get disk transfer address
2018-12-17T22:51:45.581940348Z	61	PC: 1549b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:51:45.589426273Z	66	PC: 154af \| Move file pointer
2018-12-17T22:51:45.591344368Z	66	PC: 154cb \| Move file pointer
2018-12-17T22:51:45.592747221Z	63	PC: 154d6 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:51:45.595862531Z	87	PC: 15588 \| Get or set file date and time
2018-12-17T22:51:45.597438391Z	66	PC: 155a9 \| Move file pointer
2018-12-17T22:51:45.598932441Z	64	PC: 155b3 \| Write file or device (Write 664 bytes on handle 5)
2018-12-17T22:51:45.608266332Z	66	PC: 155c1 \| Move file pointer
2018-12-17T22:51:45.610848022Z	63	PC: 155cc \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:51:45.613646039Z	66	PC: 155de \| Move file pointer
2018-12-17T22:51:45.615449073Z	64	PC: 155e9 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:51:45.624222514Z	66	PC: 155f7 \| Move file pointer
2018-12-17T22:51:45.62577393Z	64	PC: 1560b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:51:45.641874899Z	66	PC: 15618 \| Move file pointer
2018-12-17T22:51:45.644419599Z	64	PC: 1562d \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:51:45.648546036Z	87	PC: 1563a \| Get or set file date and time
2018-12-17T22:51:45.650410161Z	62	PC: 1563e \| Close file
2018-12-17T22:51:45.664833167Z	59	PC: 15655 \| Change current directory
2018-12-17T22:51:45.669325111Z	59	PC: 15662 \| Change current directory
2018-12-17T22:51:45.671192916Z	73	PC: 1566a \| Release memory
2018-12-17T22:51:45.674139048Z	53	PC: 15183 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:45.675958859Z	37	PC: 15198 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:45.677217134Z	71	PC: 151b6 \| Get current directory
2018-12-17T22:51:45.681051744Z	47	PC: 151ba \| Get disk transfer address
2018-12-17T22:51:45.682216411Z	26	PC: 151cc \| Set disk transfer address
2018-12-17T22:51:45.683291304Z	78	PC: 1520c \| Find first file
2018-12-17T22:51:45.68973373Z	61	PC: 1521a \| Open file (Filename = '')
2018-12-17T22:51:45.709915234Z	63	PC: 15226 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:45.712394022Z	87	PC: 1522b \| Get or set file date and time
2018-12-17T22:51:45.715255306Z	66	PC: 1523e \| Move file pointer
2018-12-17T22:51:45.716766938Z	62	PC: 15243 \| Close file
2018-12-17T22:51:45.718681554Z	67	PC: 1529e \| Get or set file attributes
2018-12-17T22:51:45.726664518Z	67	PC: 152aa \| Get or set file attributes
2018-12-17T22:51:45.737640512Z	61	PC: 152b5 \| Open file (Filename = '')
2018-12-17T22:51:45.744931268Z	66	PC: 152c1 \| Move file pointer
2018-12-17T22:51:45.747644545Z	42	PC: 152d5 \| Get date 0x152d5: mov ah, dh 0x152d7: add ah, dl 0x152d9: add ah, 6 0x152dc: push ax 0x152dd: mov ah, 0x2c 0x152df: int 0x21 0x152e1: pop ax 0x152e2: xor ah, cl 0x152e4: mov byte ptr ds:[bp + 0x113], ah 0x152e9: mov ah, 0x40 0x152eb: lea dx, word ptr [bp + 0x107] 0x152ef: mov cx, 0x2c 0x152f2: int 0x21 0x152f4: push bx 0x152f5: push es 0x152f6: push ds 0x152f7: push si 0x152f8: push di 0x152f9: lea si, word ptr [bp + 0x133] 0x152fd: mov di, 0xf140
2018-12-17T22:51:45.750413777Z	44	PC: 152e1 \| Get time 0x152e1: pop ax 0x152e2: xor ah, cl 0x152e4: mov byte ptr ds:[bp + 0x113], ah 0x152e9: mov ah, 0x40 0x152eb: lea dx, word ptr [bp + 0x107] 0x152ef: mov cx, 0x2c 0x152f2: int 0x21 0x152f4: push bx 0x152f5: push es 0x152f6: push ds 0x152f7: push si 0x152f8: push di 0x152f9: lea si, word ptr [bp + 0x133] 0x152fd: mov di, 0xf140 0x15300: nop 0x15301: mov cx, 0x26e 0x15304: cld 0x15305: rep movsb byte ptr es:[di], byte ptr [si] 0x15307: pop di 0x15308: pop si
2018-12-17T22:51:45.752892362Z	64	PC: 152f4 \| Write file or device (Write 44 bytes on handle 5)
2018-12-17T22:51:45.75770099Z	64	PC: 15334 \| Write file or device (Write 622 bytes on handle 5)
2018-12-17T22:51:45.766102884Z	66	PC: 1533d \| Move file pointer
2018-12-17T22:51:45.767765111Z	64	PC: 15348 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:51:45.77163647Z	87	PC: 15357 \| Get or set file date and time
2018-12-17T22:51:45.773923099Z	62	PC: 1535b \| Close file
2018-12-17T22:51:45.781705568Z	67	PC: 15369 \| Get or set file attributes
2018-12-17T22:51:45.792833652Z	79	PC: 1520c \| Find next file
2018-12-17T22:51:45.795547826Z	61	PC: 1521a \| Open file (Filename = '')
2018-12-17T22:51:45.802107219Z	63	PC: 15226 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:45.809524421Z	87	PC: 1522b \| Get or set file date and time
2018-12-17T22:51:45.810915123Z	66	PC: 1523e \| Move file pointer
2018-12-17T22:51:45.812395519Z	62	PC: 15243 \| Close file
2018-12-17T22:51:45.815062288Z	79	PC: 1520c \| Find next file
2018-12-17T22:51:45.817814315Z	61	PC: 1521a \| Open file (Filename = '')
2018-12-17T22:51:45.824332639Z	63	PC: 15226 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:45.831066019Z	87	PC: 1522b \| Get or set file date and time
2018-12-17T22:51:45.832715936Z	66	PC: 1523e \| Move file pointer
2018-12-17T22:51:45.834332691Z	62	PC: 15243 \| Close file
2018-12-17T22:51:45.836904201Z	79	PC: 1520c \| Find next file
2018-12-17T22:51:45.840417289Z	61	PC: 1521a \| Open file (Filename = '')
2018-12-17T22:51:45.847135165Z	63	PC: 15226 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:45.854823059Z	87	PC: 1522b \| Get or set file date and time
2018-12-17T22:51:45.856362641Z	66	PC: 1523e \| Move file pointer
2018-12-17T22:51:45.857968843Z	62	PC: 15243 \| Close file
2018-12-17T22:51:45.860013831Z	79	PC: 1520c \| Find next file
2018-12-17T22:51:45.863273642Z	61	PC: 1521a \| Open file (Filename = '')
2018-12-17T22:51:45.869911893Z	63	PC: 15226 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:45.876259122Z	87	PC: 1522b \| Get or set file date and time
2018-12-17T22:51:45.877695016Z	66	PC: 1523e \| Move file pointer
2018-12-17T22:51:45.878914435Z	62	PC: 15243 \| Close file
2018-12-17T22:51:45.880561246Z	79	PC: 1520c \| Find next file
2018-12-17T22:51:45.883163312Z	61	PC: 1521a \| Open file (Filename = '')
2018-12-17T22:51:45.889698704Z	63	PC: 15226 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:45.896091013Z	87	PC: 1522b \| Get or set file date and time
2018-12-17T22:51:45.897691324Z	66	PC: 1523e \| Move file pointer
2018-12-17T22:51:45.898997534Z	62	PC: 15243 \| Close file
2018-12-17T22:51:45.900681035Z	79	PC: 1520c \| Find next file
2018-12-17T22:51:45.904201777Z	61	PC: 1521a \| Open file (Filename = '')
2018-12-17T22:51:45.910556093Z	63	PC: 15226 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:45.916657501Z	87	PC: 1522b \| Get or set file date and time
2018-12-17T22:51:45.918431856Z	66	PC: 1523e \| Move file pointer
2018-12-17T22:51:45.919760509Z	62	PC: 15243 \| Close file
2018-12-17T22:51:45.922076549Z	79	PC: 1520c \| Find next file
2018-12-17T22:51:45.924831628Z	78	PC: 1520c \| Find first file
2018-12-17T22:51:45.930462831Z	61	PC: 1521a \| Open file (Filename = '')
2018-12-17T22:51:45.936723609Z	63	PC: 15226 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:51:45.939635247Z	87	PC: 1522b \| Get or set file date and time
2018-12-17T22:51:45.940972334Z	66	PC: 1523e \| Move file pointer
2018-12-17T22:51:45.942399319Z	62	PC: 15243 \| Close file
2018-12-17T22:51:45.944688943Z	79	PC: 1520c \| Find next file
2018-12-17T22:51:45.947211444Z	59	PC: 1528d \| Change current directory
2018-12-17T22:51:45.95118039Z	37	PC: 1537c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:45.952931797Z	26	PC: 1538c \| Set disk transfer address
2018-12-17T22:51:45.953904685Z	59	PC: 15395 \| Change current directory
2018-12-17T22:51:45.955605028Z	9	PC: 1514e \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10668,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:44.847911798Z	48	PC: 1569b \| Get DOS version
2018-12-25T12:28:44.849691676Z	47	PC: 156a7 \| Get disk transfer address
2018-12-25T12:28:44.850989634Z	26	PC: 156b6 \| Set disk transfer address
2018-12-25T12:28:44.853408208Z	78	PC: 15739 \| Find first file
2018-12-25T12:28:44.860990226Z	67	PC: 15771 \| Get or set file attributes
2018-12-25T12:28:44.867102109Z	67	PC: 15781 \| Get or set file attributes
2018-12-25T12:28:44.886485478Z	61	PC: 1578b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:44.894161395Z	87	PC: 15797 \| Get or set file date and time
2018-12-25T12:28:44.896481097Z	44	PC: 157a1 \| Get time 0x157a1: cmp dh, 0xa 0x157a4: jne 0x157cb 0x157a6: mov ah, 0x30 0x157a8: int 0x21 0x157aa: cmp al, 4 0x157ac: jl 0x157b1 0x157ae: jmp 0x1582c 0x157b0: nop 0x157b1: mov al, 2 0x157b3: mov cx, 9 0x157b6: mov dx, 0 0x157b9: mov bx, si 0x157bb: sub bx, 0x10 0x157be: push bp 0x157bf: int 0x26 0x157c1: jb 0x157c7 0x157c3: xor ax, ax 0x157c5: jmp 0x1582c 0x157c7: pop bx 0x157c8: pop bp
2018-12-25T12:28:44.898913308Z	63	PC: 157d7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:44.906283549Z	66	PC: 157e9 \| Move file pointer
2018-12-25T12:28:44.90886092Z	64	PC: 1580c \| Write file or device (Write 648 bytes on handle 5)
2018-12-25T12:28:44.920384365Z	66	PC: 1581e \| Move file pointer
2018-12-25T12:28:44.922280456Z	64	PC: 1582c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:44.931119604Z	87	PC: 1583d \| Get or set file date and time
2018-12-25T12:28:44.933235785Z	62	PC: 15841 \| Close file
2018-12-25T12:28:44.942164053Z	67	PC: 1584e \| Get or set file attributes
2018-12-25T12:28:44.954065814Z	26	PC: 15858 \| Set disk transfer address
2018-12-25T12:28:44.955313863Z	74	PC: 15428 \| Reallocate memory
2018-12-25T12:28:44.956734244Z	72	PC: 15430 \| Allocate memory
2018-12-25T12:28:44.958537129Z	71	PC: 15450 \| Get current directory
2018-12-25T12:28:44.962064875Z	26	PC: 15463 \| Set disk transfer address
2018-12-25T12:28:44.963118005Z	59	PC: 1546d \| Change current directory
2018-12-25T12:28:44.968119226Z	78	PC: 15486 \| Find first file
2018-12-25T12:28:44.980098159Z	47	PC: 1548f \| Get disk transfer address
2018-12-25T12:28:44.981264953Z	61	PC: 1549b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:44.989160084Z	66	PC: 154af \| Move file pointer
2018-12-25T12:28:44.991023505Z	66	PC: 154cb \| Move file pointer
2018-12-25T12:28:44.99290822Z	63	PC: 154d6 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:28:45.000045259Z	87	PC: 15588 \| Get or set file date and time
2018-12-25T12:28:45.00232703Z	66	PC: 155a9 \| Move file pointer
2018-12-25T12:28:45.004223742Z	64	PC: 155b3 \| Write file or device (Write 664 bytes on handle 5)
2018-12-25T12:28:45.014374301Z	66	PC: 155c1 \| Move file pointer
2018-12-25T12:28:45.016937488Z	63	PC: 155cc \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:45.020412443Z	66	PC: 155de \| Move file pointer
2018-12-25T12:28:45.022290787Z	64	PC: 155e9 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:45.030485183Z	66	PC: 155f7 \| Move file pointer
2018-12-25T12:28:45.032278935Z	64	PC: 1560b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:45.035923455Z	66	PC: 15618 \| Move file pointer
2018-12-25T12:28:45.038163723Z	64	PC: 1562d \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:28:45.041654169Z	87	PC: 1563a \| Get or set file date and time
2018-12-25T12:28:45.043427619Z	62	PC: 1563e \| Close file
2018-12-25T12:28:45.054192912Z	59	PC: 15655 \| Change current directory
2018-12-25T12:28:45.059420193Z	59	PC: 15662 \| Change current directory
2018-12-25T12:28:45.061293794Z	73	PC: 1566a \| Release memory
2018-12-25T12:28:45.062840853Z	53	PC: 15183 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:45.064783517Z	37	PC: 15198 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:45.066212331Z	71	PC: 151b6 \| Get current directory
2018-12-25T12:28:45.069405517Z	47	PC: 151ba \| Get disk transfer address
2018-12-25T12:28:45.072286374Z	26	PC: 151cc \| Set disk transfer address
2018-12-25T12:28:45.073511658Z	78	PC: 1520c \| Find first file
2018-12-25T12:28:45.080547685Z	61	PC: 1521a \| Open file (Filename = '')
2018-12-25T12:28:45.088768187Z	63	PC: 15226 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:28:45.091733994Z	87	PC: 1522b \| Get or set file date and time
2018-12-25T12:28:45.093786988Z	66	PC: 1523e \| Move file pointer
2018-12-25T12:28:45.095711025Z	62	PC: 15243 \| Close file
2018-12-25T12:28:45.09822218Z	67	PC: 1529e \| Get or set file attributes
2018-12-25T12:28:45.109853635Z	67	PC: 152aa \| Get or set file attributes
2018-12-25T12:28:45.123688235Z	61	PC: 152b5 \| Open file (Filename = '')
2018-12-25T12:28:45.131602846Z	66	PC: 152c1 \| Move file pointer
2018-12-25T12:28:45.133207992Z	42	PC: 152d5 \| Get date 0x152d5: mov ah, dh 0x152d7: add ah, dl 0x152d9: add ah, 6 0x152dc: push ax 0x152dd: mov ah, 0x2c 0x152df: int 0x21 0x152e1: pop ax 0x152e2: xor ah, cl 0x152e4: mov byte ptr ds:[bp + 0x113], ah 0x152e9: mov ah, 0x40 0x152eb: lea dx, word ptr [bp + 0x107] 0x152ef: mov cx, 0x2c 0x152f2: int 0x21 0x152f4: push bx 0x152f5: push es 0x152f6: push ds 0x152f7: push si 0x152f8: push di 0x152f9: lea si, word ptr [bp + 0x133] 0x152fd: mov di, 0xf140
2018-12-25T12:28:45.1355204Z	44	PC: 152e1 \| Get time 0x152e1: pop ax 0x152e2: xor ah, cl 0x152e4: mov byte ptr ds:[bp + 0x113], ah 0x152e9: mov ah, 0x40 0x152eb: lea dx, word ptr [bp + 0x107] 0x152ef: mov cx, 0x2c 0x152f2: int 0x21 0x152f4: push bx 0x152f5: push es 0x152f6: push ds 0x152f7: push si 0x152f8: push di 0x152f9: lea si, word ptr [bp + 0x133] 0x152fd: mov di, 0xf140 0x15300: nop 0x15301: mov cx, 0x26e 0x15304: cld 0x15305: rep movsb byte ptr es:[di], byte ptr [si] 0x15307: pop di 0x15308: pop si
2018-12-25T12:28:45.13794652Z	64	PC: 152f4 \| Write file or device (Write 44 bytes on handle 5)
2018-12-25T12:28:45.14580923Z	64	PC: 15334 \| Write file or device (Write 622 bytes on handle 5)
2018-12-25T12:28:45.154431608Z	66	PC: 1533d \| Move file pointer
2018-12-25T12:28:45.156394884Z	64	PC: 15348 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:28:45.163530743Z	87	PC: 15357 \| Get or set file date and time
2018-12-25T12:28:45.16501532Z	62	PC: 1535b \| Close file
2018-12-25T12:28:45.174357678Z	67	PC: 15369 \| Get or set file attributes
2018-12-25T12:28:45.185847957Z	79	PC: 1520c \| Find next file (See above)
2018-12-25T12:28:45.188927542Z	61	PC: 1521a \| Open file (See above)
2018-12-25T12:28:45.197463875Z	63	PC: 15226 \| Read file or device (See above)
2018-12-25T12:28:45.204690044Z	87	PC: 1522b \| Get or set file date and time (See above)
2018-12-25T12:28:45.206190403Z	66	PC: 1523e \| Move file pointer (See above)
2018-12-25T12:28:45.208719384Z	62	PC: 15243 \| Close file (See above)
2018-12-25T12:28:45.211616295Z	79	PC: 1520c \| Find next file (See above)
2018-12-25T12:28:45.215117636Z	61	PC: 1521a \| Open file (See above)
2018-12-25T12:28:45.22300058Z	63	PC: 15226 \| Read file or device (See above)
2018-12-25T12:28:45.230310609Z	87	PC: 1522b \| Get or set file date and time (See above)
2018-12-25T12:28:45.232099516Z	66	PC: 1523e \| Move file pointer (See above)
2018-12-25T12:28:45.23380855Z	62	PC: 15243 \| Close file (See above)
2018-12-25T12:28:45.236037418Z	79	PC: 1520c \| Find next file (See above)
2018-12-25T12:28:45.239324905Z	61	PC: 1521a \| Open file (See above)
2018-12-25T12:28:45.246644435Z	63	PC: 15226 \| Read file or device (See above)
2018-12-25T12:28:45.254738302Z	87	PC: 1522b \| Get or set file date and time (See above)
2018-12-25T12:28:45.256292019Z	66	PC: 1523e \| Move file pointer (See above)
2018-12-25T12:28:45.257978245Z	62	PC: 15243 \| Close file (See above)
2018-12-25T12:28:45.260358775Z	79	PC: 1520c \| Find next file (See above)
2018-12-25T12:28:45.263132771Z	61	PC: 1521a \| Open file (See above)
2018-12-25T12:28:45.270674328Z	63	PC: 15226 \| Read file or device (See above)
2018-12-25T12:28:45.278351058Z	87	PC: 1522b \| Get or set file date and time (See above)
2018-12-25T12:28:45.280261202Z	66	PC: 1523e \| Move file pointer (See above)
2018-12-25T12:28:45.282209137Z	62	PC: 15243 \| Close file (See above)
2018-12-25T12:28:45.286470817Z	79	PC: 1520c \| Find next file (See above)
2018-12-25T12:28:45.289395312Z	61	PC: 1521a \| Open file (See above)
2018-12-25T12:28:45.296470318Z	63	PC: 15226 \| Read file or device (See above)
2018-12-25T12:28:45.30385762Z	87	PC: 1522b \| Get or set file date and time (See above)
2018-12-25T12:28:45.305189031Z	66	PC: 1523e \| Move file pointer (See above)
2018-12-25T12:28:45.306329973Z	62	PC: 15243 \| Close file (See above)
2018-12-25T12:28:45.308508155Z	79	PC: 1520c \| Find next file (See above)
2018-12-25T12:28:45.311768909Z	61	PC: 1521a \| Open file (See above)
2018-12-25T12:28:45.319812059Z	63	PC: 15226 \| Read file or device (See above)
2018-12-25T12:28:45.327334939Z	87	PC: 1522b \| Get or set file date and time (See above)
2018-12-25T12:28:45.329060444Z	66	PC: 1523e \| Move file pointer (See above)
2018-12-25T12:28:45.330714271Z	62	PC: 15243 \| Close file (See above)
2018-12-25T12:28:45.333211386Z	79	PC: 1520c \| Find next file (See above)
2018-12-25T12:28:45.336267088Z	78	PC: 1520c \| Find first file (See above)
2018-12-25T12:28:45.343091219Z	61	PC: 1521a \| Open file (See above)
2018-12-25T12:28:45.35068452Z	63	PC: 15226 \| Read file or device (See above)
2018-12-25T12:28:45.358119789Z	87	PC: 1522b \| Get or set file date and time (See above)
2018-12-25T12:28:45.359518732Z	66	PC: 1523e \| Move file pointer (See above)
2018-12-25T12:28:45.361068269Z	62	PC: 15243 \| Close file (See above)
2018-12-25T12:28:45.363382064Z	79	PC: 1520c \| Find next file (See above)
2018-12-25T12:28:45.366099295Z	59	PC: 1528d \| Change current directory
2018-12-25T12:28:45.370671075Z	37	PC: 1537c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:45.371873306Z	26	PC: 1538c \| Set disk transfer address
2018-12-25T12:28:45.372948685Z	59	PC: 15395 \| Change current directory
2018-12-25T12:28:45.375549524Z	9	PC: 1514e \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":10,"TimeBased":true,"OriginalID":10668,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:44.917009817Z	26	PC: 12fe5 \| Set disk transfer address
2018-12-25T12:28:44.919791267Z	71	PC: 12dc0 \| Get current directory
2018-12-25T12:28:44.923157662Z	78	PC: 12e2a \| Find first file
2018-12-25T12:28:44.929753241Z	61	PC: 12fee \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:28:44.94335979Z	63	PC: 12e45 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:28:44.95078068Z	62	PC: 12e49 \| Close file
2018-12-25T12:28:44.952895566Z	79	PC: 12e2a \| Find next file (See above)
2018-12-25T12:28:44.95600434Z	78	PC: 12e2a \| Find first file (See above)
2018-12-25T12:28:44.963248428Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:44.970381187Z	63	PC: 12e45 \| Read file or device (See above)
2018-12-25T12:28:44.977187991Z	62	PC: 12e49 \| Close file (See above)
2018-12-25T12:28:44.97957255Z	67	PC: 12ff9 \| Get or set file attributes
2018-12-25T12:28:44.996026266Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.00416963Z	64	PC: 12f1d \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:28:45.008143479Z	66	PC: 12fe0 \| Move file pointer
2018-12-25T12:28:45.009979201Z	44	PC: 12f28 \| Get time 0x12f28: cmp dh, 0 0x12f2b: je 0x12f24 0x12f2d: mov byte ptr cs:[bp + 0x790], dh 0x12f32: call 0x133b7 0x12f35: inc byte ptr cs:[bp + 0x791] 0x12f3a: mov ax, 0x5701 0x12f3d: mov cx, word ptr cs:[bp + 0x804] 0x12f42: mov dx, word ptr cs:[bp + 0x806] 0x12f47: int 0x21 0x12f49: mov ah, 0x3e 0x12f4b: int 0x21 0x12f4d: xor cx, cx 0x12f4f: mov cl, byte ptr cs:[bp + 0x803] 0x12f54: call 0x12ff0 0x12f57: ret 0x12f58: mov ah, 0x2a 0x12f5a: int 0x21 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9
2018-12-25T12:28:45.013373511Z	64	PC: 13413 \| Write file or device (Write 1676 bytes on handle 5)
2018-12-25T12:28:45.024146144Z	87	PC: 12f49 \| Get or set file date and time
2018-12-25T12:28:45.025951713Z	62	PC: 12f4d \| Close file
2018-12-25T12:28:45.034978024Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.046391582Z	79	PC: 12e2a \| Find next file (See above)
2018-12-25T12:28:45.049295576Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.056611915Z	63	PC: 12e45 \| Read file or device (See above)
2018-12-25T12:28:45.064817251Z	62	PC: 12e49 \| Close file (See above)
2018-12-25T12:28:45.067467494Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.079079218Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.08718765Z	64	PC: 12f1d \| Write file or device (See above)
2018-12-25T12:28:45.090397319Z	66	PC: 12fe0 \| Move file pointer (See above)
2018-12-25T12:28:45.091916603Z	44	PC: 12f28 \| Get time (See above)
2018-12-25T12:28:45.09514025Z	64	PC: 13413 \| Write file or device (See above)
2018-12-25T12:28:45.105735012Z	87	PC: 12f49 \| Get or set file date and time (See above)
2018-12-25T12:28:45.107370854Z	62	PC: 12f4d \| Close file (See above)
2018-12-25T12:28:45.115617463Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.127498445Z	79	PC: 12e2a \| Find next file (See above)
2018-12-25T12:28:45.132848475Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.140684234Z	63	PC: 12e45 \| Read file or device (See above)
2018-12-25T12:28:45.14936946Z	62	PC: 12e49 \| Close file (See above)
2018-12-25T12:28:45.151725504Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.164201198Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.172548191Z	64	PC: 12f1d \| Write file or device (See above)
2018-12-25T12:28:45.175647554Z	66	PC: 12fe0 \| Move file pointer (See above)
2018-12-25T12:28:45.177136852Z	44	PC: 12f28 \| Get time (See above)
2018-12-25T12:28:45.180637339Z	64	PC: 13413 \| Write file or device (See above)
2018-12-25T12:28:45.190919194Z	87	PC: 12f49 \| Get or set file date and time (See above)
2018-12-25T12:28:45.19263452Z	62	PC: 12f4d \| Close file (See above)
2018-12-25T12:28:45.201999764Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.212666108Z	79	PC: 12e2a \| Find next file (See above)
2018-12-25T12:28:45.215714983Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.223307701Z	63	PC: 12e45 \| Read file or device (See above)
2018-12-25T12:28:45.23011088Z	62	PC: 12e49 \| Close file (See above)
2018-12-25T12:28:45.231903647Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.243883174Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.251270433Z	64	PC: 12f1d \| Write file or device (See above)
2018-12-25T12:28:45.254807444Z	66	PC: 12fe0 \| Move file pointer (See above)
2018-12-25T12:28:45.256953661Z	44	PC: 12f28 \| Get time (See above)
2018-12-25T12:28:45.260562123Z	64	PC: 13413 \| Write file or device (See above)
2018-12-25T12:28:45.271331221Z	87	PC: 12f49 \| Get or set file date and time (See above)
2018-12-25T12:28:45.273172453Z	62	PC: 12f4d \| Close file (See above)
2018-12-25T12:28:45.281887137Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.29257146Z	79	PC: 12e2a \| Find next file (See above)
2018-12-25T12:28:45.295331776Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.302779502Z	63	PC: 12e45 \| Read file or device (See above)
2018-12-25T12:28:45.309655527Z	62	PC: 12e49 \| Close file (See above)
2018-12-25T12:28:45.311578036Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.316810218Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.327414699Z	64	PC: 12f1d \| Write file or device (See above)
2018-12-25T12:28:45.33034879Z	66	PC: 12fe0 \| Move file pointer (See above)
2018-12-25T12:28:45.332643338Z	44	PC: 12f28 \| Get time (See above)
2018-12-25T12:28:45.336816401Z	64	PC: 13413 \| Write file or device (See above)
2018-12-25T12:28:45.377529894Z	87	PC: 12f49 \| Get or set file date and time (See above)
2018-12-25T12:28:45.38010901Z	62	PC: 12f4d \| Close file (See above)
2018-12-25T12:28:45.381995847Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.387484704Z	79	PC: 12e2a \| Find next file (See above)
2018-12-25T12:28:45.400034402Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.407329718Z	63	PC: 12e45 \| Read file or device (See above)
2018-12-25T12:28:45.414732558Z	62	PC: 12e49 \| Close file (See above)
2018-12-25T12:28:45.422293103Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.43336188Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.440508715Z	64	PC: 12f1d \| Write file or device (See above)
2018-12-25T12:28:45.444174465Z	66	PC: 12fe0 \| Move file pointer (See above)
2018-12-25T12:28:45.446061993Z	44	PC: 12f28 \| Get time (See above)
2018-12-25T12:28:45.448699844Z	64	PC: 13413 \| Write file or device (See above)
2018-12-25T12:28:45.459594746Z	87	PC: 12f49 \| Get or set file date and time (See above)
2018-12-25T12:28:45.462315106Z	62	PC: 12f4d \| Close file (See above)
2018-12-25T12:28:45.470526709Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.481000945Z	79	PC: 12e2a \| Find next file (See above)
2018-12-25T12:28:45.484429536Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.491647182Z	63	PC: 12e45 \| Read file or device (See above)
2018-12-25T12:28:45.498552977Z	62	PC: 12e49 \| Close file (See above)
2018-12-25T12:28:45.504675043Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.515815942Z	61	PC: 12fee \| Open file (See above)
2018-12-25T12:28:45.520604155Z	64	PC: 12f1d \| Write file or device (See above)
2018-12-25T12:28:45.524585987Z	66	PC: 12fe0 \| Move file pointer (See above)
2018-12-25T12:28:45.526392258Z	44	PC: 12f28 \| Get time (See above)
2018-12-25T12:28:45.529552125Z	64	PC: 13413 \| Write file or device (See above)
2018-12-25T12:28:45.539774945Z	87	PC: 12f49 \| Get or set file date and time (See above)
2018-12-25T12:28:45.541656094Z	62	PC: 12f4d \| Close file (See above)
2018-12-25T12:28:45.563161394Z	67	PC: 12ff9 \| Get or set file attributes (See above)
2018-12-25T12:28:45.574319139Z	79	PC: 12e2a \| Find next file (See above)
2018-12-25T12:28:45.577020621Z	59	PC: 12dd6 \| Change current directory
2018-12-25T12:28:45.58214577Z	42	PC: 12f5c \| Get date 0x12f5c: cmp dh, 4 0x12f5f: jne 0x12fd7 0x12f61: mov ah, 9 0x12f63: lea dx, word ptr [bp + 0x3a0] 0x12f67: int 0x21 0x12f69: mov al, 2 0x12f6b: mov cx, 0xff 0x12f6e: mov dx, 0 0x12f71: int 0x26 0x12f73: mov al, 3 0x12f75: mov cx, 0xff 0x12f78: mov dx, 0 0x12f7b: int 0x26 0x12f7d: mov al, 4 0x12f7f: mov cx, 0xff 0x12f82: mov dx, 0 0x12f85: int 0x26 0x12f87: mov al, 5 0x12f89: mov cx, 0xff 0x12f8c: mov dx, 0
2018-12-25T12:28:45.584818409Z	59	PC: 12de3 \| Change current directory
2018-12-25T12:28:45.586648349Z	26	PC: 12fe5 \| Set disk transfer address (See above)
2018-12-25T12:28:45.589355935Z	9	PC: 12a54 \| Display string (String= ' Virii Production by a MoM Personell Virus: April-Showers Type: Appends .Com .Exe Created: 03-08-1994 Sets off: Every April Effect: Destroys data Size: Enlarges files by 1.6k ')