Sample viewer

vx.netlux.org/Virus.DOS.Dark.1023

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:52.780116474Z 42 PC: 12bc1 | Get date 0x12bc1: cmp al, 1
0x12bc3: jne 0x12bed
0x12bc5: cmp dl, 0x10
0x12bc8: jne 0x12bed
0x12bca: mov ah, 0x19
0x12bcc: int 0x21
0x12bce: lea bx, word ptr [bp + 0x2be]
0x12bd2: mov cx, 1
0x12bd5: xor dx, dx
0x12bd7: int 0x26
0x12bd9: jb 0x12bdc
0x12bdb: popf
0x12bdc: lea dx, word ptr [bp + 0x2ee]
0x12be0: mov ah, 9
0x12be2: int 0x21
0x12be4: int 5
0x12be6: xor ah, ah
0x12be8: int 0x16
0x12bea: jmp 0x12e4b
0x12bed: lea si, word ptr [bp + 0x46f]
2018-12-17T22:55:52.782950939Z 71 PC: 12bf7 | Get current directory
2018-12-17T22:55:52.786220102Z 71 PC: 12c01 | Get current directory
2018-12-17T22:55:52.790052151Z 47 PC: 12c70 | Get disk transfer address
2018-12-17T22:55:52.791988518Z 26 PC: 12c82 | Set disk transfer address
2018-12-17T22:55:52.793322062Z 79 PC: 12c98 | Find next file
2018-12-17T22:55:52.795097182Z 78 PC: 12da1 | Find first file
2018-12-17T22:55:52.801947578Z 67 PC: 12dba | Get or set file attributes
2018-12-17T22:55:52.81980853Z 61 PC: 12dd1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:52.82574702Z 63 PC: 12dde | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:55:52.831565045Z 66 PC: 12d95 | Move file pointer
2018-12-17T22:55:52.834159797Z 63 PC: 12e01 | Read file or device (Read 15 bytes on handle 5)
2018-12-17T22:55:52.836910685Z 66 PC: 12e0a | Move file pointer
2018-12-17T22:55:52.838470518Z 64 PC: 12e21 | Write file or device (Write 1023 bytes on handle 5)
2018-12-17T22:55:52.849263458Z 66 PC: 12d95 | Move file pointer
2018-12-17T22:55:52.851192957Z 64 PC: 12e30 | Write file or device (Write 15 bytes on handle 5)
2018-12-17T22:55:52.858863287Z 62 PC: 12e35 | Close file
2018-12-17T22:55:52.869333568Z 67 PC: 12d8b | Get or set file attributes
2018-12-17T22:55:52.87837816Z 79 PC: 12daa | Find next file
2018-12-17T22:55:52.881720727Z 67 PC: 12dba | Get or set file attributes
2018-12-17T22:55:52.892681985Z 61 PC: 12dd1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:55:52.901010472Z 63 PC: 12dde | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:55:52.908149012Z 66 PC: 12d95 | Move file pointer
2018-12-17T22:55:52.909897447Z 63 PC: 12e01 | Read file or device (Read 15 bytes on handle 5)
2018-12-17T22:55:52.913262445Z 66 PC: 12e0a | Move file pointer
2018-12-17T22:55:52.9146975Z 64 PC: 12e21 | Write file or device (Write 1023 bytes on handle 5)
2018-12-17T22:55:52.92313992Z 66 PC: 12d95 | Move file pointer
2018-12-17T22:55:52.925622439Z 64 PC: 12e30 | Write file or device (Write 15 bytes on handle 5)
2018-12-17T22:55:52.933629241Z 62 PC: 12e35 | Close file
2018-12-17T22:55:52.943369271Z 67 PC: 12d8b | Get or set file attributes
2018-12-17T22:55:52.949878562Z 79 PC: 12daa | Find next file
2018-12-17T22:55:52.952863597Z 67 PC: 12dba | Get or set file attributes
2018-12-17T22:55:52.963877363Z 61 PC: 12dd1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:55:52.972611803Z 63 PC: 12dde | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:55:52.980680746Z 66 PC: 12d95 | Move file pointer
2018-12-17T22:55:52.982404661Z 63 PC: 12e01 | Read file or device (Read 15 bytes on handle 5)
2018-12-17T22:55:52.986311816Z 66 PC: 12e0a | Move file pointer
2018-12-17T22:55:52.988081453Z 64 PC: 12e21 | Write file or device (Write 1023 bytes on handle 5)
2018-12-17T22:55:52.998053523Z 66 PC: 12d95 | Move file pointer
2018-12-17T22:55:53.000379132Z 64 PC: 12e30 | Write file or device (Write 15 bytes on handle 5)
2018-12-17T22:55:53.008794854Z 62 PC: 12e35 | Close file
2018-12-17T22:55:53.019299572Z 67 PC: 12d8b | Get or set file attributes
2018-12-17T22:55:53.025073762Z 26 PC: 12e48 | Set disk transfer address
2018-12-17T22:55:53.028284668Z 59 PC: 12c1f | Change current directory
2018-12-17T22:55:53.033326334Z 59 PC: 12c2b | Change current directory
2018-12-17T22:55:53.035798252Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:55:53.041534856Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12042,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:53.042687878Z 42 PC: 12bc1 | Get date 0x12bc1: cmp al, 1
0x12bc3: jne 0x12bed
0x12bc5: cmp dl, 0x10
0x12bc8: jne 0x12bed
0x12bca: mov ah, 0x19
0x12bcc: int 0x21
0x12bce: lea bx, word ptr [bp + 0x2be]
0x12bd2: mov cx, 1
0x12bd5: xor dx, dx
0x12bd7: int 0x26
0x12bd9: jb 0x12bdc
0x12bdb: popf
0x12bdc: lea dx, word ptr [bp + 0x2ee]
0x12be0: mov ah, 9
0x12be2: int 0x21
0x12be4: int 5
0x12be6: xor ah, ah
0x12be8: int 0x16
0x12bea: jmp 0x12e4b
0x12bed: lea si, word ptr [bp + 0x46f]
2018-12-25T12:31:53.04602031Z 71 PC: 12bf7 | Get current directory
2018-12-25T12:31:53.048853429Z 71 PC: 12c01 | Get current directory
2018-12-25T12:31:53.051791755Z 47 PC: 12c70 | Get disk transfer address
2018-12-25T12:31:53.0607564Z 26 PC: 12c82 | Set disk transfer address
2018-12-25T12:31:53.062618081Z 79 PC: 12c98 | Find next file
2018-12-25T12:31:53.064965264Z 78 PC: 12da1 | Find first file
2018-12-25T12:31:53.071225889Z 67 PC: 12dba | Get or set file attributes
2018-12-25T12:31:53.090205466Z 61 PC: 12dd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:53.101249554Z 63 PC: 12dde | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:31:53.107789512Z 66 PC: 12d95 | Move file pointer
2018-12-25T12:31:53.123012132Z 63 PC: 12e01 | Read file or device (Read 15 bytes on handle 5)
2018-12-25T12:31:53.125386951Z 66 PC: 12e0a | Move file pointer
2018-12-25T12:31:53.126694025Z 64 PC: 12e21 | Write file or device (Write 1023 bytes on handle 5)
2018-12-25T12:31:53.135352979Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:53.137134917Z 64 PC: 12e30 | Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:31:53.144179014Z 62 PC: 12e35 | Close file
2018-12-25T12:31:53.153035939Z 67 PC: 12d8b | Get or set file attributes
2018-12-25T12:31:53.157847945Z 79 PC: 12daa | Find next file
2018-12-25T12:31:53.160369174Z 67 PC: 12dba | Get or set file attributes (See above)
2018-12-25T12:31:53.17049664Z 61 PC: 12dd1 | Open file (See above)
2018-12-25T12:31:53.176777697Z 63 PC: 12dde | Read file or device (See above)
2018-12-25T12:31:53.183497637Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:53.185197906Z 63 PC: 12e01 | Read file or device (See above)
2018-12-25T12:31:53.187903869Z 66 PC: 12e0a | Move file pointer (See above)
2018-12-25T12:31:53.18918914Z 64 PC: 12e21 | Write file or device (See above)
2018-12-25T12:31:53.197984369Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:53.199221159Z 64 PC: 12e30 | Write file or device (See above)
2018-12-25T12:31:53.205441699Z 62 PC: 12e35 | Close file (See above)
2018-12-25T12:31:53.213445591Z 67 PC: 12d8b | Get or set file attributes (See above)
2018-12-25T12:31:53.218039169Z 79 PC: 12daa | Find next file (See above)
2018-12-25T12:31:53.220535203Z 67 PC: 12dba | Get or set file attributes (See above)
2018-12-25T12:31:53.23011364Z 61 PC: 12dd1 | Open file (See above)
2018-12-25T12:31:53.237380033Z 63 PC: 12dde | Read file or device (See above)
2018-12-25T12:31:53.243469632Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:53.244764999Z 63 PC: 12e01 | Read file or device (See above)
2018-12-25T12:31:53.247954546Z 66 PC: 12e0a | Move file pointer (See above)
2018-12-25T12:31:53.249050308Z 64 PC: 12e21 | Write file or device (See above)
2018-12-25T12:31:53.257106934Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:53.258783719Z 64 PC: 12e30 | Write file or device (See above)
2018-12-25T12:31:53.264966183Z 62 PC: 12e35 | Close file (See above)
2018-12-25T12:31:53.272784685Z 67 PC: 12d8b | Get or set file attributes (See above)
2018-12-25T12:31:53.277301335Z 26 PC: 12e48 | Set disk transfer address
2018-12-25T12:31:53.278094276Z 59 PC: 12c1f | Change current directory
2018-12-25T12:31:53.28179562Z 59 PC: 12c2b | Change current directory
2018-12-25T12:31:53.283706813Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:31:53.288682592Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12042,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:54.219849266Z 42 PC: 12bc1 | Get date 0x12bc1: cmp al, 1
0x12bc3: jne 0x12bed
0x12bc5: cmp dl, 0x10
0x12bc8: jne 0x12bed
0x12bca: mov ah, 0x19
0x12bcc: int 0x21
0x12bce: lea bx, word ptr [bp + 0x2be]
0x12bd2: mov cx, 1
0x12bd5: xor dx, dx
0x12bd7: int 0x26
0x12bd9: jb 0x12bdc
0x12bdb: popf
0x12bdc: lea dx, word ptr [bp + 0x2ee]
0x12be0: mov ah, 9
0x12be2: int 0x21
0x12be4: int 5
0x12be6: xor ah, ah
0x12be8: int 0x16
0x12bea: jmp 0x12e4b
0x12bed: lea si, word ptr [bp + 0x46f]
2018-12-25T12:31:54.227163755Z 71 PC: 12bf7 | Get current directory
2018-12-25T12:31:54.229903072Z 71 PC: 12c01 | Get current directory
2018-12-25T12:31:54.232645352Z 47 PC: 12c70 | Get disk transfer address
2018-12-25T12:31:54.23435155Z 26 PC: 12c82 | Set disk transfer address
2018-12-25T12:31:54.235378859Z 79 PC: 12c98 | Find next file
2018-12-25T12:31:54.236915634Z 78 PC: 12da1 | Find first file
2018-12-25T12:31:54.251239802Z 67 PC: 12dba | Get or set file attributes
2018-12-25T12:31:54.270117011Z 61 PC: 12dd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:54.284221344Z 63 PC: 12dde | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:31:54.291656067Z 66 PC: 12d95 | Move file pointer
2018-12-25T12:31:54.293297514Z 63 PC: 12e01 | Read file or device (Read 15 bytes on handle 5)
2018-12-25T12:31:54.295553956Z 66 PC: 12e0a | Move file pointer
2018-12-25T12:31:54.296756006Z 64 PC: 12e21 | Write file or device (Write 1023 bytes on handle 5)
2018-12-25T12:31:54.305316053Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:54.306611762Z 64 PC: 12e30 | Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:31:54.312934715Z 62 PC: 12e35 | Close file
2018-12-25T12:31:54.334678933Z 67 PC: 12d8b | Get or set file attributes
2018-12-25T12:31:54.339859052Z 79 PC: 12daa | Find next file
2018-12-25T12:31:54.342760677Z 67 PC: 12dba | Get or set file attributes (See above)
2018-12-25T12:31:54.353110835Z 61 PC: 12dd1 | Open file (See above)
2018-12-25T12:31:54.359560798Z 63 PC: 12dde | Read file or device (See above)
2018-12-25T12:31:54.366069052Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:54.37049875Z 63 PC: 12e01 | Read file or device (See above)
2018-12-25T12:31:54.373027824Z 66 PC: 12e0a | Move file pointer (See above)
2018-12-25T12:31:54.374365783Z 64 PC: 12e21 | Write file or device (See above)
2018-12-25T12:31:54.38309947Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:54.384428646Z 64 PC: 12e30 | Write file or device (See above)
2018-12-25T12:31:54.390758928Z 62 PC: 12e35 | Close file (See above)
2018-12-25T12:31:54.399046979Z 67 PC: 12d8b | Get or set file attributes (See above)
2018-12-25T12:31:54.411795759Z 79 PC: 12daa | Find next file (See above)
2018-12-25T12:31:54.414327653Z 67 PC: 12dba | Get or set file attributes (See above)
2018-12-25T12:31:54.432931558Z 61 PC: 12dd1 | Open file (See above)
2018-12-25T12:31:54.439369054Z 63 PC: 12dde | Read file or device (See above)
2018-12-25T12:31:54.445833348Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:54.447627604Z 63 PC: 12e01 | Read file or device (See above)
2018-12-25T12:31:54.449882136Z 66 PC: 12e0a | Move file pointer (See above)
2018-12-25T12:31:54.45112017Z 64 PC: 12e21 | Write file or device (See above)
2018-12-25T12:31:54.459601111Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:54.460832402Z 64 PC: 12e30 | Write file or device (See above)
2018-12-25T12:31:54.466898376Z 62 PC: 12e35 | Close file (See above)
2018-12-25T12:31:54.474983031Z 67 PC: 12d8b | Get or set file attributes (See above)
2018-12-25T12:31:54.479426407Z 26 PC: 12e48 | Set disk transfer address
2018-12-25T12:31:54.480372676Z 59 PC: 12c1f | Change current directory
2018-12-25T12:31:54.484606683Z 59 PC: 12c2b | Change current directory
2018-12-25T12:31:54.486191307Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:31:54.491250195Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":16,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12042,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:54.521122121Z 42 PC: 12bc1 | Get date 0x12bc1: cmp al, 1
0x12bc3: jne 0x12bed
0x12bc5: cmp dl, 0x10
0x12bc8: jne 0x12bed
0x12bca: mov ah, 0x19
0x12bcc: int 0x21
0x12bce: lea bx, word ptr [bp + 0x2be]
0x12bd2: mov cx, 1
0x12bd5: xor dx, dx
0x12bd7: int 0x26
0x12bd9: jb 0x12bdc
0x12bdb: popf
0x12bdc: lea dx, word ptr [bp + 0x2ee]
0x12be0: mov ah, 9
0x12be2: int 0x21
0x12be4: int 5
0x12be6: xor ah, ah
0x12be8: int 0x16
0x12bea: jmp 0x12e4b
0x12bed: lea si, word ptr [bp + 0x46f]
2018-12-25T12:31:54.523156909Z 25 PC: 12bce | Get default drive
2018-12-25T12:31:54.536485558Z 9 PC: 12be4 | Display string (String= ' Welcome to the Dark Apocalypse... Your computer will never escape... You might as well read this and weep! The Dark Apocalypse v1.00 by Crypt Keeper [RoT] ���Reign of Terror��� [DARK APOCALYPSE] Press any key to continue...')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12042,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:54.791846358Z 42 PC: 12bc1 | Get date 0x12bc1: cmp al, 1
0x12bc3: jne 0x12bed
0x12bc5: cmp dl, 0x10
0x12bc8: jne 0x12bed
0x12bca: mov ah, 0x19
0x12bcc: int 0x21
0x12bce: lea bx, word ptr [bp + 0x2be]
0x12bd2: mov cx, 1
0x12bd5: xor dx, dx
0x12bd7: int 0x26
0x12bd9: jb 0x12bdc
0x12bdb: popf
0x12bdc: lea dx, word ptr [bp + 0x2ee]
0x12be0: mov ah, 9
0x12be2: int 0x21
0x12be4: int 5
0x12be6: xor ah, ah
0x12be8: int 0x16
0x12bea: jmp 0x12e4b
0x12bed: lea si, word ptr [bp + 0x46f]
2018-12-25T12:31:54.795173557Z 71 PC: 12bf7 | Get current directory
2018-12-25T12:31:54.798370406Z 71 PC: 12c01 | Get current directory
2018-12-25T12:31:54.801419387Z 47 PC: 12c70 | Get disk transfer address
2018-12-25T12:31:54.802491073Z 26 PC: 12c82 | Set disk transfer address
2018-12-25T12:31:54.803935575Z 79 PC: 12c98 | Find next file
2018-12-25T12:31:54.805690154Z 78 PC: 12da1 | Find first file
2018-12-25T12:31:54.812336568Z 67 PC: 12dba | Get or set file attributes
2018-12-25T12:31:54.829465566Z 61 PC: 12dd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:54.842063815Z 63 PC: 12dde | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:31:54.849535517Z 66 PC: 12d95 | Move file pointer
2018-12-25T12:31:54.851651959Z 63 PC: 12e01 | Read file or device (Read 15 bytes on handle 5)
2018-12-25T12:31:54.854302611Z 66 PC: 12e0a | Move file pointer
2018-12-25T12:31:54.855706331Z 64 PC: 12e21 | Write file or device (Write 1023 bytes on handle 5)
2018-12-25T12:31:54.865676332Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:54.867157442Z 64 PC: 12e30 | Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:31:54.874424222Z 62 PC: 12e35 | Close file
2018-12-25T12:31:54.885455391Z 67 PC: 12d8b | Get or set file attributes
2018-12-25T12:31:54.890778227Z 79 PC: 12daa | Find next file
2018-12-25T12:31:54.893769533Z 67 PC: 12dba | Get or set file attributes (See above)
2018-12-25T12:31:54.905205742Z 61 PC: 12dd1 | Open file (See above)
2018-12-25T12:31:54.913806229Z 63 PC: 12dde | Read file or device (See above)
2018-12-25T12:31:54.921815673Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:54.92371079Z 63 PC: 12e01 | Read file or device (See above)
2018-12-25T12:31:54.928043875Z 66 PC: 12e0a | Move file pointer (See above)
2018-12-25T12:31:54.92956935Z 64 PC: 12e21 | Write file or device (See above)
2018-12-25T12:31:54.942611922Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:54.945266941Z 64 PC: 12e30 | Write file or device (See above)
2018-12-25T12:31:54.952339379Z 62 PC: 12e35 | Close file (See above)
2018-12-25T12:31:54.961564212Z 67 PC: 12d8b | Get or set file attributes (See above)
2018-12-25T12:31:54.968398144Z 79 PC: 12daa | Find next file (See above)
2018-12-25T12:31:54.971201582Z 67 PC: 12dba | Get or set file attributes (See above)
2018-12-25T12:31:54.981849318Z 61 PC: 12dd1 | Open file (See above)
2018-12-25T12:31:54.990915495Z 63 PC: 12dde | Read file or device (See above)
2018-12-25T12:31:54.998798405Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:55.00077526Z 63 PC: 12e01 | Read file or device (See above)
2018-12-25T12:31:55.004410784Z 66 PC: 12e0a | Move file pointer (See above)
2018-12-25T12:31:55.006130796Z 64 PC: 12e21 | Write file or device (See above)
2018-12-25T12:31:55.015912428Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:55.018332069Z 64 PC: 12e30 | Write file or device (See above)
2018-12-25T12:31:55.025343841Z 62 PC: 12e35 | Close file (See above)
2018-12-25T12:31:55.034243809Z 67 PC: 12d8b | Get or set file attributes (See above)
2018-12-25T12:31:55.040148934Z 26 PC: 12e48 | Set disk transfer address
2018-12-25T12:31:55.042531591Z 59 PC: 12c1f | Change current directory
2018-12-25T12:31:55.047552561Z 59 PC: 12c2b | Change current directory
2018-12-25T12:31:55.049727491Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:31:55.057831681Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12042,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:54.901525677Z 42 PC: 12bc1 | Get date 0x12bc1: cmp al, 1
0x12bc3: jne 0x12bed
0x12bc5: cmp dl, 0x10
0x12bc8: jne 0x12bed
0x12bca: mov ah, 0x19
0x12bcc: int 0x21
0x12bce: lea bx, word ptr [bp + 0x2be]
0x12bd2: mov cx, 1
0x12bd5: xor dx, dx
0x12bd7: int 0x26
0x12bd9: jb 0x12bdc
0x12bdb: popf
0x12bdc: lea dx, word ptr [bp + 0x2ee]
0x12be0: mov ah, 9
0x12be2: int 0x21
0x12be4: int 5
0x12be6: xor ah, ah
0x12be8: int 0x16
0x12bea: jmp 0x12e4b
0x12bed: lea si, word ptr [bp + 0x46f]
2018-12-25T12:31:54.904320985Z 71 PC: 12bf7 | Get current directory
2018-12-25T12:31:54.908270385Z 71 PC: 12c01 | Get current directory
2018-12-25T12:31:54.911480166Z 47 PC: 12c70 | Get disk transfer address
2018-12-25T12:31:54.912866102Z 26 PC: 12c82 | Set disk transfer address
2018-12-25T12:31:54.915124613Z 79 PC: 12c98 | Find next file
2018-12-25T12:31:54.917338103Z 78 PC: 12da1 | Find first file
2018-12-25T12:31:54.924496401Z 67 PC: 12dba | Get or set file attributes
2018-12-25T12:31:54.945331548Z 61 PC: 12dd1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:54.958222722Z 63 PC: 12dde | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:31:54.965834934Z 66 PC: 12d95 | Move file pointer
2018-12-25T12:31:54.96883984Z 63 PC: 12e01 | Read file or device (Read 15 bytes on handle 5)
2018-12-25T12:31:54.971984917Z 66 PC: 12e0a | Move file pointer
2018-12-25T12:31:54.973586218Z 64 PC: 12e21 | Write file or device (Write 1023 bytes on handle 5)
2018-12-25T12:31:54.98309447Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:54.98876041Z 64 PC: 12e30 | Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:31:54.996161805Z 62 PC: 12e35 | Close file
2018-12-25T12:31:55.005604631Z 67 PC: 12d8b | Get or set file attributes
2018-12-25T12:31:55.011468097Z 79 PC: 12daa | Find next file
2018-12-25T12:31:55.014724664Z 67 PC: 12dba | Get or set file attributes (See above)
2018-12-25T12:31:55.025966241Z 61 PC: 12dd1 | Open file (See above)
2018-12-25T12:31:55.035228779Z 63 PC: 12dde | Read file or device (See above)
2018-12-25T12:31:55.043253123Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:55.045235116Z 63 PC: 12e01 | Read file or device (See above)
2018-12-25T12:31:55.04864928Z 66 PC: 12e0a | Move file pointer (See above)
2018-12-25T12:31:55.05110137Z 64 PC: 12e21 | Write file or device (See above)
2018-12-25T12:31:55.060435087Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:55.061982531Z 64 PC: 12e30 | Write file or device (See above)
2018-12-25T12:31:55.070337323Z 62 PC: 12e35 | Close file (See above)
2018-12-25T12:31:55.082902283Z 67 PC: 12d8b | Get or set file attributes (See above)
2018-12-25T12:31:55.092887827Z 79 PC: 12daa | Find next file (See above)
2018-12-25T12:31:55.098966681Z 67 PC: 12dba | Get or set file attributes (See above)
2018-12-25T12:31:55.113367211Z 61 PC: 12dd1 | Open file (See above)
2018-12-25T12:31:55.122835606Z 63 PC: 12dde | Read file or device (See above)
2018-12-25T12:31:55.130792418Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:55.132981914Z 63 PC: 12e01 | Read file or device (See above)
2018-12-25T12:31:55.151170426Z 66 PC: 12e0a | Move file pointer (See above)
2018-12-25T12:31:55.15407049Z 64 PC: 12e21 | Write file or device (See above)
2018-12-25T12:31:55.165349091Z 66 PC: 12d95 | Move file pointer (See above)
2018-12-25T12:31:55.167328788Z 64 PC: 12e30 | Write file or device (See above)
2018-12-25T12:31:55.176402814Z 62 PC: 12e35 | Close file (See above)
2018-12-25T12:31:55.186345499Z 67 PC: 12d8b | Get or set file attributes (See above)
2018-12-25T12:31:55.192257434Z 26 PC: 12e48 | Set disk transfer address
2018-12-25T12:31:55.193551031Z 59 PC: 12c1f | Change current directory
2018-12-25T12:31:55.201041032Z 59 PC: 12c2b | Change current directory
2018-12-25T12:31:55.202951878Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:31:55.209381889Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":16,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12042,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:54.898840435Z 42 PC: 12bc1 | Get date 0x12bc1: cmp al, 1
0x12bc3: jne 0x12bed
0x12bc5: cmp dl, 0x10
0x12bc8: jne 0x12bed
0x12bca: mov ah, 0x19
0x12bcc: int 0x21
0x12bce: lea bx, word ptr [bp + 0x2be]
0x12bd2: mov cx, 1
0x12bd5: xor dx, dx
0x12bd7: int 0x26
0x12bd9: jb 0x12bdc
0x12bdb: popf
0x12bdc: lea dx, word ptr [bp + 0x2ee]
0x12be0: mov ah, 9
0x12be2: int 0x21
0x12be4: int 5
0x12be6: xor ah, ah
0x12be8: int 0x16
0x12bea: jmp 0x12e4b
0x12bed: lea si, word ptr [bp + 0x46f]
2018-12-25T12:31:54.901958852Z 25 PC: 12bce | Get default drive
2018-12-25T12:31:54.91512247Z 9 PC: 12be4 | Display string (String= ' Welcome to the Dark Apocalypse... Your computer will never escape... You might as well read this and weep! The Dark Apocalypse v1.00 by Crypt Keeper [RoT] ���Reign of Terror��� [DARK APOCALYPSE] Press any key to continue...')