Sample viewer

vx.netlux.org/Virus.DOS.Vienna.1675

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:31.750675449Z	48	PC: 12b18 \| Get DOS version
2018-12-17T22:52:31.753169758Z	47	PC: 12b24 \| Get disk transfer address
2018-12-17T22:52:31.754948574Z	26	PC: 12b33 \| Set disk transfer address
2018-12-17T22:52:31.756162093Z	25	PC: 12b66 \| Get default drive
2018-12-17T22:52:31.75797874Z	14	PC: 12b6f \| Set default drive (Drive = 'A')
2018-12-17T22:52:31.760406148Z	14	PC: 12b79 \| Set default drive (Drive = 'C')
2018-12-17T22:52:31.762042097Z	78	PC: 12bd0 \| Find first file
2018-12-17T22:52:31.768002381Z	25	PC: 12c05 \| Get default drive
2018-12-17T22:52:31.770046999Z	67	PC: 12c2a \| Get or set file attributes
2018-12-17T22:52:31.77533971Z	67	PC: 12c3a \| Get or set file attributes
2018-12-17T22:52:32.527260435Z	61	PC: 12c44 \| Open file (Filename = 'COMMAND.COM')
2018-12-17T22:52:32.534906165Z	87	PC: 12c50 \| Get or set file date and time
2018-12-17T22:52:32.53692666Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c6 0x12c5e: jb 0x12c83 0x12c60: cmp dh, 6 0x12c63: jb 0x12c83 0x12c65: mov ah, 0x2c 0x12c67: int 0x21 0x12c69: cmp ch, 0xf 0x12c6c: jb 0x12c83 0x12c6e: cmp cl, 0x28 0x12c71: jb 0x12c83 0x12c73: mov ah, 0x40 0x12c75: mov cx, 5 0x12c78: mov dx, si 0x12c7a: add dx, 0x8a 0x12c7e: int 0x21 0x12c80: jmp 0x12d0a 0x12c83: mov ah, 0x3f 0x12c85: mov cx, 3 0x12c88: mov dx, 0xa 0x12c8b: add dx, si
2018-12-17T22:52:32.539666988Z	44	PC: 12c69 \| Get time 0x12c69: cmp ch, 0xf 0x12c6c: jb 0x12c83 0x12c6e: cmp cl, 0x28 0x12c71: jb 0x12c83 0x12c73: mov ah, 0x40 0x12c75: mov cx, 5 0x12c78: mov dx, si 0x12c7a: add dx, 0x8a 0x12c7e: int 0x21 0x12c80: jmp 0x12d0a 0x12c83: mov ah, 0x3f 0x12c85: mov cx, 3 0x12c88: mov dx, 0xa 0x12c8b: add dx, si 0x12c8d: int 0x21 0x12c8f: jb 0x12d0a 0x12c91: cmp ax, 3 0x12c94: jne 0x12d0a 0x12c96: mov ax, 0x4202 0x12c99: mov cx, 0
2018-12-17T22:52:32.544114368Z	63	PC: 12c8f \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:32.548045249Z	66	PC: 12ca1 \| Move file pointer
2018-12-17T22:52:32.549855631Z	64	PC: 12cde \| Write file or device (Write 1675 bytes on handle 5)
2018-12-17T22:52:32.560327535Z	66	PC: 12cfc \| Move file pointer
2018-12-17T22:52:32.561655924Z	64	PC: 12d0a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:32.564314691Z	87	PC: 12d1b \| Get or set file date and time
2018-12-17T22:52:32.56623193Z	62	PC: 12d1f \| Close file
2018-12-17T22:52:32.57335987Z	67	PC: 12d2c \| Get or set file attributes
2018-12-17T22:52:32.582075883Z	26	PC: 12d36 \| Set disk transfer address
2018-12-17T22:52:32.583746437Z	14	PC: 12d3d \| Set default drive (Drive = 'A')
2018-12-17T22:52:32.585379229Z	9	PC: 12a47 \| Display string (String= ' == [1675] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-17T22:52:32.598179403Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10910,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:33.301922197Z	48	PC: 12b18 \| Get DOS version
2018-12-25T12:29:33.304213653Z	47	PC: 12b24 \| Get disk transfer address
2018-12-25T12:29:33.305305383Z	26	PC: 12b33 \| Set disk transfer address
2018-12-25T12:29:33.306385806Z	25	PC: 12b66 \| Get default drive
2018-12-25T12:29:33.308024416Z	14	PC: 12b6f \| Set default drive (Drive = 'A')
2018-12-25T12:29:33.309484866Z	14	PC: 12b79 \| Set default drive (Drive = 'C')
2018-12-25T12:29:33.311745467Z	78	PC: 12bd0 \| Find first file
2018-12-25T12:29:33.315882962Z	25	PC: 12c05 \| Get default drive
2018-12-25T12:29:33.317244419Z	67	PC: 12c2a \| Get or set file attributes
2018-12-25T12:29:33.320456104Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:29:35.019442316Z	61	PC: 12c44 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:29:35.026200172Z	87	PC: 12c50 \| Get or set file date and time
2018-12-25T12:29:35.027556075Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c6 0x12c5e: jb 0x12c83 0x12c60: cmp dh, 6 0x12c63: jb 0x12c83 0x12c65: mov ah, 0x2c 0x12c67: int 0x21 0x12c69: cmp ch, 0xf 0x12c6c: jb 0x12c83 0x12c6e: cmp cl, 0x28 0x12c71: jb 0x12c83 0x12c73: mov ah, 0x40 0x12c75: mov cx, 5 0x12c78: mov dx, si 0x12c7a: add dx, 0x8a 0x12c7e: int 0x21 0x12c80: jmp 0x12d0a 0x12c83: mov ah, 0x3f 0x12c85: mov cx, 3 0x12c88: mov dx, 0xa 0x12c8b: add dx, si
2018-12-25T12:29:35.030068049Z	63	PC: 12c8f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:35.033814656Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:29:35.035563207Z	64	PC: 12cde \| Write file or device (Write 1675 bytes on handle 5)
2018-12-25T12:29:35.251332305Z	66	PC: 12cfc \| Move file pointer
2018-12-25T12:29:35.25839522Z	64	PC: 12d0a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:35.261504779Z	87	PC: 12d1b \| Get or set file date and time
2018-12-25T12:29:35.263309174Z	62	PC: 12d1f \| Close file
2018-12-25T12:29:35.271414288Z	67	PC: 12d2c \| Get or set file attributes
2018-12-25T12:29:35.280666294Z	26	PC: 12d36 \| Set disk transfer address
2018-12-25T12:29:35.281716329Z	14	PC: 12d3d \| Set default drive (Drive = 'A')
2018-12-25T12:29:35.284169201Z	9	PC: 12a47 \| Display string (String= ' == [1675] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T12:29:35.2974253Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10910,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:33.297114697Z	48	PC: 12b18 \| Get DOS version
2018-12-25T12:29:33.310308867Z	47	PC: 12b24 \| Get disk transfer address
2018-12-25T12:29:33.311680686Z	26	PC: 12b33 \| Set disk transfer address
2018-12-25T12:29:33.313767475Z	25	PC: 12b66 \| Get default drive
2018-12-25T12:29:33.31701389Z	14	PC: 12b6f \| Set default drive (Drive = 'A')
2018-12-25T12:29:33.318948974Z	14	PC: 12b79 \| Set default drive (Drive = 'C')
2018-12-25T12:29:33.320492986Z	78	PC: 12bd0 \| Find first file
2018-12-25T12:29:33.326401545Z	25	PC: 12c05 \| Get default drive
2018-12-25T12:29:33.331705716Z	67	PC: 12c2a \| Get or set file attributes
2018-12-25T12:29:33.337918168Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:29:35.019201847Z	61	PC: 12c44 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:29:35.02590337Z	87	PC: 12c50 \| Get or set file date and time
2018-12-25T12:29:35.027735662Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c6 0x12c5e: jb 0x12c83 0x12c60: cmp dh, 6 0x12c63: jb 0x12c83 0x12c65: mov ah, 0x2c 0x12c67: int 0x21 0x12c69: cmp ch, 0xf 0x12c6c: jb 0x12c83 0x12c6e: cmp cl, 0x28 0x12c71: jb 0x12c83 0x12c73: mov ah, 0x40 0x12c75: mov cx, 5 0x12c78: mov dx, si 0x12c7a: add dx, 0x8a 0x12c7e: int 0x21 0x12c80: jmp 0x12d0a 0x12c83: mov ah, 0x3f 0x12c85: mov cx, 3 0x12c88: mov dx, 0xa 0x12c8b: add dx, si
2018-12-25T12:29:35.030049637Z	63	PC: 12c8f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:35.03311619Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:29:35.034829494Z	64	PC: 12cde \| Write file or device (Write 1675 bytes on handle 5)
2018-12-25T12:29:35.25112317Z	66	PC: 12cfc \| Move file pointer
2018-12-25T12:29:35.258274412Z	64	PC: 12d0a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:35.261164586Z	87	PC: 12d1b \| Get or set file date and time
2018-12-25T12:29:35.26266949Z	62	PC: 12d1f \| Close file
2018-12-25T12:29:35.270223178Z	67	PC: 12d2c \| Get or set file attributes
2018-12-25T12:29:35.278896066Z	26	PC: 12d36 \| Set disk transfer address
2018-12-25T12:29:35.279904874Z	14	PC: 12d3d \| Set default drive (Drive = 'A')
2018-12-25T12:29:35.282310525Z	9	PC: 12a47 \| Display string (String= ' == [1675] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T12:29:35.296155768Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10910,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:33.354302854Z	48	PC: 12b18 \| Get DOS version
2018-12-25T12:29:33.355990668Z	47	PC: 12b24 \| Get disk transfer address
2018-12-25T12:29:33.357051693Z	26	PC: 12b33 \| Set disk transfer address
2018-12-25T12:29:33.358113209Z	25	PC: 12b66 \| Get default drive
2018-12-25T12:29:33.359529457Z	14	PC: 12b6f \| Set default drive (Drive = 'A')
2018-12-25T12:29:33.360686496Z	14	PC: 12b79 \| Set default drive (Drive = 'C')
2018-12-25T12:29:33.361875912Z	78	PC: 12bd0 \| Find first file
2018-12-25T12:29:33.367391976Z	25	PC: 12c05 \| Get default drive
2018-12-25T12:29:33.368439Z	67	PC: 12c2a \| Get or set file attributes
2018-12-25T12:29:33.371532267Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:29:35.019421123Z	61	PC: 12c44 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:29:35.025506925Z	87	PC: 12c50 \| Get or set file date and time
2018-12-25T12:29:35.026853544Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c6 0x12c5e: jb 0x12c83 0x12c60: cmp dh, 6 0x12c63: jb 0x12c83 0x12c65: mov ah, 0x2c 0x12c67: int 0x21 0x12c69: cmp ch, 0xf 0x12c6c: jb 0x12c83 0x12c6e: cmp cl, 0x28 0x12c71: jb 0x12c83 0x12c73: mov ah, 0x40 0x12c75: mov cx, 5 0x12c78: mov dx, si 0x12c7a: add dx, 0x8a 0x12c7e: int 0x21 0x12c80: jmp 0x12d0a 0x12c83: mov ah, 0x3f 0x12c85: mov cx, 3 0x12c88: mov dx, 0xa 0x12c8b: add dx, si
2018-12-25T12:29:35.028886798Z	63	PC: 12c8f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:35.032401555Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:29:35.033816152Z	64	PC: 12cde \| Write file or device (Write 1675 bytes on handle 5)
2018-12-25T12:29:35.251120286Z	66	PC: 12cfc \| Move file pointer
2018-12-25T12:29:35.252985118Z	64	PC: 12d0a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:35.255593792Z	87	PC: 12d1b \| Get or set file date and time
2018-12-25T12:29:35.256909747Z	62	PC: 12d1f \| Close file
2018-12-25T12:29:35.264184537Z	67	PC: 12d2c \| Get or set file attributes
2018-12-25T12:29:35.27426995Z	26	PC: 12d36 \| Set disk transfer address
2018-12-25T12:29:35.275426248Z	14	PC: 12d3d \| Set default drive (Drive = 'A')
2018-12-25T12:29:35.278088537Z	9	PC: 12a47 \| Display string (String= ' == [1675] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T12:29:35.290950697Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":15,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10910,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:33.424408022Z	48	PC: 12b18 \| Get DOS version
2018-12-25T12:29:33.426451054Z	47	PC: 12b24 \| Get disk transfer address
2018-12-25T12:29:33.430751823Z	26	PC: 12b33 \| Set disk transfer address
2018-12-25T12:29:33.432613801Z	25	PC: 12b66 \| Get default drive
2018-12-25T12:29:33.434288669Z	14	PC: 12b6f \| Set default drive (Drive = 'A')
2018-12-25T12:29:33.43721211Z	14	PC: 12b79 \| Set default drive (Drive = 'C')
2018-12-25T12:29:33.438761134Z	78	PC: 12bd0 \| Find first file
2018-12-25T12:29:33.444731788Z	25	PC: 12c05 \| Get default drive
2018-12-25T12:29:33.446621238Z	67	PC: 12c2a \| Get or set file attributes
2018-12-25T12:29:33.452099368Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:29:33.796787097Z	61	PC: 12c44 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:29:33.804534804Z	87	PC: 12c50 \| Get or set file date and time
2018-12-25T12:29:33.806092818Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c6 0x12c5e: jb 0x12c83 0x12c60: cmp dh, 6 0x12c63: jb 0x12c83 0x12c65: mov ah, 0x2c 0x12c67: int 0x21 0x12c69: cmp ch, 0xf 0x12c6c: jb 0x12c83 0x12c6e: cmp cl, 0x28 0x12c71: jb 0x12c83 0x12c73: mov ah, 0x40 0x12c75: mov cx, 5 0x12c78: mov dx, si 0x12c7a: add dx, 0x8a 0x12c7e: int 0x21 0x12c80: jmp 0x12d0a 0x12c83: mov ah, 0x3f 0x12c85: mov cx, 3 0x12c88: mov dx, 0xa 0x12c8b: add dx, si
2018-12-25T12:29:33.808603906Z	63	PC: 12c8f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:33.812034878Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:29:33.814682282Z	64	PC: 12cde \| Write file or device (Write 1675 bytes on handle 5)
2018-12-25T12:29:33.825212148Z	66	PC: 12cfc \| Move file pointer
2018-12-25T12:29:33.827240944Z	64	PC: 12d0a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:33.831823753Z	87	PC: 12d1b \| Get or set file date and time
2018-12-25T12:29:33.833259609Z	62	PC: 12d1f \| Close file
2018-12-25T12:29:33.841610635Z	67	PC: 12d2c \| Get or set file attributes
2018-12-25T12:29:33.856526654Z	26	PC: 12d36 \| Set disk transfer address
2018-12-25T12:29:33.858605111Z	14	PC: 12d3d \| Set default drive (Drive = 'A')
2018-12-25T12:29:33.860415676Z	9	PC: 12a47 \| Display string (String= ' == [1675] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T12:29:33.876162878Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":15,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10910,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:33.756219171Z	48	PC: 12b18 \| Get DOS version
2018-12-25T12:29:33.757771528Z	47	PC: 12b24 \| Get disk transfer address
2018-12-25T12:29:33.758981232Z	26	PC: 12b33 \| Set disk transfer address
2018-12-25T12:29:33.760136623Z	25	PC: 12b66 \| Get default drive
2018-12-25T12:29:33.761739254Z	14	PC: 12b6f \| Set default drive (Drive = 'A')
2018-12-25T12:29:33.762999837Z	14	PC: 12b79 \| Set default drive (Drive = 'C')
2018-12-25T12:29:33.764211686Z	78	PC: 12bd0 \| Find first file
2018-12-25T12:29:33.770850164Z	25	PC: 12c05 \| Get default drive
2018-12-25T12:29:33.772469417Z	67	PC: 12c2a \| Get or set file attributes
2018-12-25T12:29:33.777630888Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:29:35.251687298Z	61	PC: 12c44 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:29:35.25779737Z	87	PC: 12c50 \| Get or set file date and time
2018-12-25T12:29:35.259162064Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c6 0x12c5e: jb 0x12c83 0x12c60: cmp dh, 6 0x12c63: jb 0x12c83 0x12c65: mov ah, 0x2c 0x12c67: int 0x21 0x12c69: cmp ch, 0xf 0x12c6c: jb 0x12c83 0x12c6e: cmp cl, 0x28 0x12c71: jb 0x12c83 0x12c73: mov ah, 0x40 0x12c75: mov cx, 5 0x12c78: mov dx, si 0x12c7a: add dx, 0x8a 0x12c7e: int 0x21 0x12c80: jmp 0x12d0a 0x12c83: mov ah, 0x3f 0x12c85: mov cx, 3 0x12c88: mov dx, 0xa 0x12c8b: add dx, si
2018-12-25T12:29:35.261234741Z	63	PC: 12c8f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:35.264118882Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:29:35.265425902Z	64	PC: 12cde \| Write file or device (Write 1675 bytes on handle 5)
2018-12-25T12:29:35.274467681Z	66	PC: 12cfc \| Move file pointer
2018-12-25T12:29:35.277026242Z	64	PC: 12d0a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:35.279907221Z	87	PC: 12d1b \| Get or set file date and time
2018-12-25T12:29:35.281508737Z	62	PC: 12d1f \| Close file
2018-12-25T12:29:35.289543045Z	67	PC: 12d2c \| Get or set file attributes
2018-12-25T12:29:35.298280614Z	26	PC: 12d36 \| Set disk transfer address
2018-12-25T12:29:35.299647145Z	14	PC: 12d3d \| Set default drive (Drive = 'A')
2018-12-25T12:29:35.301677763Z	9	PC: 12a47 \| Display string (String= ' == [1675] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T12:29:35.315258951Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":15,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10910,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:33.997444916Z	48	PC: 12b18 \| Get DOS version
2018-12-25T12:29:33.999250214Z	47	PC: 12b24 \| Get disk transfer address
2018-12-25T12:29:34.000456836Z	26	PC: 12b33 \| Set disk transfer address
2018-12-25T12:29:34.001541318Z	25	PC: 12b66 \| Get default drive
2018-12-25T12:29:34.003083274Z	14	PC: 12b6f \| Set default drive (Drive = 'A')
2018-12-25T12:29:34.004262997Z	14	PC: 12b79 \| Set default drive (Drive = 'C')
2018-12-25T12:29:34.005434251Z	78	PC: 12bd0 \| Find first file
2018-12-25T12:29:34.011647356Z	25	PC: 12c05 \| Get default drive
2018-12-25T12:29:34.01306317Z	67	PC: 12c2a \| Get or set file attributes
2018-12-25T12:29:34.017924606Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:29:35.251296684Z	61	PC: 12c44 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:29:35.257666104Z	87	PC: 12c50 \| Get or set file date and time
2018-12-25T12:29:35.259435137Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c6 0x12c5e: jb 0x12c83 0x12c60: cmp dh, 6 0x12c63: jb 0x12c83 0x12c65: mov ah, 0x2c 0x12c67: int 0x21 0x12c69: cmp ch, 0xf 0x12c6c: jb 0x12c83 0x12c6e: cmp cl, 0x28 0x12c71: jb 0x12c83 0x12c73: mov ah, 0x40 0x12c75: mov cx, 5 0x12c78: mov dx, si 0x12c7a: add dx, 0x8a 0x12c7e: int 0x21 0x12c80: jmp 0x12d0a 0x12c83: mov ah, 0x3f 0x12c85: mov cx, 3 0x12c88: mov dx, 0xa 0x12c8b: add dx, si
2018-12-25T12:29:35.262180553Z	63	PC: 12c8f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:35.265906056Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:29:35.267618036Z	64	PC: 12cde \| Write file or device (Write 1675 bytes on handle 5)
2018-12-25T12:29:35.289618468Z	66	PC: 12cfc \| Move file pointer
2018-12-25T12:29:35.291724441Z	64	PC: 12d0a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:35.294385455Z	87	PC: 12d1b \| Get or set file date and time
2018-12-25T12:29:35.295735105Z	62	PC: 12d1f \| Close file
2018-12-25T12:29:35.303266365Z	67	PC: 12d2c \| Get or set file attributes
2018-12-25T12:29:35.311930195Z	26	PC: 12d36 \| Set disk transfer address
2018-12-25T12:29:35.313022554Z	14	PC: 12d3d \| Set default drive (Drive = 'A')
2018-12-25T12:29:35.314720913Z	9	PC: 12a47 \| Display string (String= ' == [1675] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T12:29:35.329014431Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":15,"Min":40,"Second":0,"TimeBased":true,"OriginalID":10910,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:34.286785833Z	48	PC: 12b18 \| Get DOS version
2018-12-25T12:29:34.288411642Z	47	PC: 12b24 \| Get disk transfer address
2018-12-25T12:29:34.289443594Z	26	PC: 12b33 \| Set disk transfer address
2018-12-25T12:29:34.290502052Z	25	PC: 12b66 \| Get default drive
2018-12-25T12:29:34.292146695Z	14	PC: 12b6f \| Set default drive (Drive = 'A')
2018-12-25T12:29:34.293597944Z	14	PC: 12b79 \| Set default drive (Drive = 'C')
2018-12-25T12:29:34.294820831Z	78	PC: 12bd0 \| Find first file
2018-12-25T12:29:34.300345598Z	25	PC: 12c05 \| Get default drive
2018-12-25T12:29:34.308347445Z	67	PC: 12c2a \| Get or set file attributes
2018-12-25T12:29:34.313351691Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:29:35.251086575Z	61	PC: 12c44 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:29:35.25825976Z	87	PC: 12c50 \| Get or set file date and time
2018-12-25T12:29:35.259750951Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c6 0x12c5e: jb 0x12c83 0x12c60: cmp dh, 6 0x12c63: jb 0x12c83 0x12c65: mov ah, 0x2c 0x12c67: int 0x21 0x12c69: cmp ch, 0xf 0x12c6c: jb 0x12c83 0x12c6e: cmp cl, 0x28 0x12c71: jb 0x12c83 0x12c73: mov ah, 0x40 0x12c75: mov cx, 5 0x12c78: mov dx, si 0x12c7a: add dx, 0x8a 0x12c7e: int 0x21 0x12c80: jmp 0x12d0a 0x12c83: mov ah, 0x3f 0x12c85: mov cx, 3 0x12c88: mov dx, 0xa 0x12c8b: add dx, si
2018-12-25T12:29:35.262123244Z	63	PC: 12c8f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:35.267946184Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:29:35.27288809Z	64	PC: 12cde \| Write file or device (Write 1675 bytes on handle 5)
2018-12-25T12:29:35.282970757Z	66	PC: 12cfc \| Move file pointer
2018-12-25T12:29:35.28544754Z	64	PC: 12d0a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:35.288653543Z	87	PC: 12d1b \| Get or set file date and time
2018-12-25T12:29:35.289988642Z	62	PC: 12d1f \| Close file
2018-12-25T12:29:35.297650038Z	67	PC: 12d2c \| Get or set file attributes
2018-12-25T12:29:35.306557843Z	26	PC: 12d36 \| Set disk transfer address
2018-12-25T12:29:35.307786351Z	14	PC: 12d3d \| Set default drive (Drive = 'A')
2018-12-25T12:29:35.310435167Z	9	PC: 12a47 \| Display string (String= ' == [1675] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T12:29:35.323944859Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":15,"Min":40,"Second":0,"TimeBased":true,"OriginalID":10910,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:35.97585637Z	48	PC: 12b18 \| Get DOS version
2018-12-25T12:29:35.985239516Z	47	PC: 12b24 \| Get disk transfer address
2018-12-25T12:29:35.986222649Z	26	PC: 12b33 \| Set disk transfer address
2018-12-25T12:29:35.987192373Z	25	PC: 12b66 \| Get default drive
2018-12-25T12:29:35.98824033Z	14	PC: 12b6f \| Set default drive (Drive = 'A')
2018-12-25T12:29:35.989530045Z	14	PC: 12b79 \| Set default drive (Drive = 'C')
2018-12-25T12:29:35.990681736Z	78	PC: 12bd0 \| Find first file
2018-12-25T12:29:35.995944337Z	25	PC: 12c05 \| Get default drive
2018-12-25T12:29:35.997735587Z	67	PC: 12c2a \| Get or set file attributes
2018-12-25T12:29:36.002865677Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:29:37.241950556Z	61	PC: 12c44 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:29:37.249747532Z	87	PC: 12c50 \| Get or set file date and time
2018-12-25T12:29:37.251429467Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c6 0x12c5e: jb 0x12c83 0x12c60: cmp dh, 6 0x12c63: jb 0x12c83 0x12c65: mov ah, 0x2c 0x12c67: int 0x21 0x12c69: cmp ch, 0xf 0x12c6c: jb 0x12c83 0x12c6e: cmp cl, 0x28 0x12c71: jb 0x12c83 0x12c73: mov ah, 0x40 0x12c75: mov cx, 5 0x12c78: mov dx, si 0x12c7a: add dx, 0x8a 0x12c7e: int 0x21 0x12c80: jmp 0x12d0a 0x12c83: mov ah, 0x3f 0x12c85: mov cx, 3 0x12c88: mov dx, 0xa 0x12c8b: add dx, si
2018-12-25T12:29:37.253909054Z	63	PC: 12c8f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:37.25799039Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:29:37.260441059Z	64	PC: 12cde \| Write file or device (Write 1675 bytes on handle 5)
2018-12-25T12:29:37.412132512Z	66	PC: 12cfc \| Move file pointer
2018-12-25T12:29:37.416285476Z	64	PC: 12d0a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:37.418472463Z	87	PC: 12d1b \| Get or set file date and time
2018-12-25T12:29:37.423875566Z	62	PC: 12d1f \| Close file
2018-12-25T12:29:37.431635922Z	67	PC: 12d2c \| Get or set file attributes
2018-12-25T12:29:37.440173738Z	26	PC: 12d36 \| Set disk transfer address
2018-12-25T12:29:37.442035254Z	14	PC: 12d3d \| Set default drive (Drive = 'A')
2018-12-25T12:29:37.444107331Z	9	PC: 12a47 \| Display string (String= ' == [1675] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T12:29:37.453895279Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":15,"Min":40,"Second":0,"TimeBased":true,"OriginalID":10910,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:36.971979471Z	48	PC: 12b18 \| Get DOS version
2018-12-25T12:29:36.973795658Z	47	PC: 12b24 \| Get disk transfer address
2018-12-25T12:29:36.975250941Z	26	PC: 12b33 \| Set disk transfer address
2018-12-25T12:29:36.976765281Z	25	PC: 12b66 \| Get default drive
2018-12-25T12:29:36.978151006Z	14	PC: 12b6f \| Set default drive (Drive = 'A')
2018-12-25T12:29:36.979879788Z	14	PC: 12b79 \| Set default drive (Drive = 'C')
2018-12-25T12:29:36.981680593Z	78	PC: 12bd0 \| Find first file
2018-12-25T12:29:36.989770029Z	25	PC: 12c05 \| Get default drive
2018-12-25T12:29:36.991808072Z	67	PC: 12c2a \| Get or set file attributes
2018-12-25T12:29:36.997978302Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:29:37.352485092Z	61	PC: 12c44 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:29:37.360768827Z	87	PC: 12c50 \| Get or set file date and time
2018-12-25T12:29:37.36278028Z	42	PC: 12c5a \| Get date 0x12c5a: cmp cx, 0x7c6 0x12c5e: jb 0x12c83 0x12c60: cmp dh, 6 0x12c63: jb 0x12c83 0x12c65: mov ah, 0x2c 0x12c67: int 0x21 0x12c69: cmp ch, 0xf 0x12c6c: jb 0x12c83 0x12c6e: cmp cl, 0x28 0x12c71: jb 0x12c83 0x12c73: mov ah, 0x40 0x12c75: mov cx, 5 0x12c78: mov dx, si 0x12c7a: add dx, 0x8a 0x12c7e: int 0x21 0x12c80: jmp 0x12d0a 0x12c83: mov ah, 0x3f 0x12c85: mov cx, 3 0x12c88: mov dx, 0xa 0x12c8b: add dx, si
2018-12-25T12:29:37.365289747Z	63	PC: 12c8f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:37.369943113Z	66	PC: 12ca1 \| Move file pointer
2018-12-25T12:29:37.371975421Z	64	PC: 12cde \| Write file or device (Write 1675 bytes on handle 5)
2018-12-25T12:29:37.382731229Z	66	PC: 12cfc \| Move file pointer
2018-12-25T12:29:37.384983716Z	64	PC: 12d0a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:37.38830762Z	87	PC: 12d1b \| Get or set file date and time
2018-12-25T12:29:37.390128253Z	62	PC: 12d1f \| Close file
2018-12-25T12:29:37.398507829Z	67	PC: 12d2c \| Get or set file attributes
2018-12-25T12:29:37.410889819Z	26	PC: 12d36 \| Set disk transfer address
2018-12-25T12:29:37.412132009Z	14	PC: 12d3d \| Set default drive (Drive = 'A')
2018-12-25T12:29:37.413446195Z	9	PC: 12a47 \| Display string (String= ' == [1675] Virus == 1) Infect : .com 2) Type : dir == Taiwan Power Virus Organization. == ')
2018-12-25T12:29:37.430538713Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')