Sample viewer

vx.netlux.org/Virus.DOS.Pixel.Rusa.335

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:51.753692209Z 78 PC: 12a84 | Find first file
2018-12-17T22:59:51.759397617Z 61 PC: 12a95 | Open file (Filename = '')
2018-12-17T22:59:51.764256905Z 66 PC: 12aa7 | Move file pointer
2018-12-17T22:59:51.765487727Z 66 PC: 12ab0 | Move file pointer
2018-12-17T22:59:51.766707386Z 63 PC: 12b0d | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:59:51.771630059Z 66 PC: 12b2b | Move file pointer
2018-12-17T22:59:51.773263077Z 63 PC: 12b3c | Read file or device (Read 407 bytes on handle 5)
2018-12-17T22:59:51.77517955Z 66 PC: 12b4a | Move file pointer
2018-12-17T22:59:51.777209082Z 64 PC: 12b5f | Write file or device (Write 742 bytes on handle 5)
2018-12-17T22:59:51.789208793Z 62 PC: 12ac5 | Close file
2018-12-17T22:59:51.795043343Z 79 PC: 12a8b | Find next file
2018-12-17T22:59:51.809501657Z 61 PC: 12a95 | Open file (Filename = '')
2018-12-17T22:59:51.816481514Z 66 PC: 12aa7 | Move file pointer
2018-12-17T22:59:51.817835942Z 66 PC: 12ab0 | Move file pointer
2018-12-17T22:59:51.820612322Z 63 PC: 12b0d | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:59:51.827903371Z 66 PC: 12b2b | Move file pointer
2018-12-17T22:59:51.829922975Z 63 PC: 12b3c | Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:59:51.833338412Z 66 PC: 12b4a | Move file pointer
2018-12-17T22:59:51.835275639Z 64 PC: 12b5f | Write file or device (Write 362 bytes on handle 5)
2018-12-17T22:59:51.838417294Z 62 PC: 12ac5 | Close file
2018-12-17T22:59:51.847759878Z 79 PC: 12a8b | Find next file
2018-12-17T22:59:51.851134749Z 61 PC: 12a95 | Open file (Filename = '')
2018-12-17T22:59:51.858912677Z 66 PC: 12aa7 | Move file pointer
2018-12-17T22:59:51.860392967Z 66 PC: 12ab0 | Move file pointer
2018-12-17T22:59:51.866942821Z 63 PC: 12b0d | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:59:51.874044999Z 66 PC: 12b2b | Move file pointer
2018-12-17T22:59:51.875538615Z 63 PC: 12b3c | Read file or device (Read 92 bytes on handle 5)
2018-12-17T22:59:51.879368766Z 66 PC: 12b4a | Move file pointer
2018-12-17T22:59:51.881130669Z 64 PC: 12b5f | Write file or device (Write 427 bytes on handle 5)
2018-12-17T22:59:51.884466614Z 62 PC: 12ac5 | Close file
2018-12-17T22:59:51.894517159Z 79 PC: 12a8b | Find next file
2018-12-17T22:59:51.897741819Z 61 PC: 12a95 | Open file (Filename = '')
2018-12-17T22:59:51.905150463Z 66 PC: 12aa7 | Move file pointer
2018-12-17T22:59:51.908180132Z 66 PC: 12ab0 | Move file pointer
2018-12-17T22:59:51.910100043Z 63 PC: 12b0d | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:59:51.917428581Z 66 PC: 12b2b | Move file pointer
2018-12-17T22:59:51.919277857Z 63 PC: 12b3c | Read file or device (Read 29 bytes on handle 5)
2018-12-17T22:59:51.923282347Z 66 PC: 12b4a | Move file pointer
2018-12-17T22:59:51.925301342Z 64 PC: 12b5f | Write file or device (Write 364 bytes on handle 5)
2018-12-17T22:59:51.929001465Z 62 PC: 12ac5 | Close file
2018-12-17T22:59:51.93805151Z 79 PC: 12a8b | Find next file
2018-12-17T22:59:51.941309883Z 61 PC: 12a95 | Open file (Filename = '')
2018-12-17T22:59:51.948943801Z 66 PC: 12aa7 | Move file pointer
2018-12-17T22:59:51.958489559Z 66 PC: 12ab0 | Move file pointer
2018-12-17T22:59:51.960245862Z 63 PC: 12b0d | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:59:51.967454325Z 66 PC: 12b2b | Move file pointer
2018-12-17T22:59:51.97876066Z 63 PC: 12b3c | Read file or device (Read 29 bytes on handle 5)
2018-12-17T22:59:51.982273552Z 66 PC: 12b4a | Move file pointer
2018-12-17T22:59:51.984480899Z 64 PC: 12b5f | Write file or device (Write 364 bytes on handle 5)
2018-12-17T22:59:51.993140886Z 62 PC: 12ac5 | Close file
2018-12-17T22:59:52.001662333Z 79 PC: 12a8b | Find next file
2018-12-17T22:59:52.004637482Z 61 PC: 12a95 | Open file (Filename = '')
2018-12-17T22:59:52.013725254Z 66 PC: 12aa7 | Move file pointer
2018-12-17T22:59:52.015729843Z 66 PC: 12ab0 | Move file pointer
2018-12-17T22:59:52.017711077Z 63 PC: 12b0d | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:59:52.02580908Z 66 PC: 12b2b | Move file pointer
2018-12-17T22:59:52.028203908Z 63 PC: 12b3c | Read file or device (Read 501 bytes on handle 5)
2018-12-17T22:59:52.031267638Z 66 PC: 12b4a | Move file pointer
2018-12-17T22:59:52.033194968Z 64 PC: 12b5f | Write file or device (Write 836 bytes on handle 5)
2018-12-17T22:59:52.043680874Z 62 PC: 12ac5 | Close file
2018-12-17T22:59:52.053042632Z 79 PC: 12a8b | Find next file
2018-12-17T22:59:52.056678483Z 61 PC: 12a95 | Open file (Filename = '')
2018-12-17T22:59:52.073664698Z 66 PC: 12aa7 | Move file pointer
2018-12-17T22:59:52.075391127Z 66 PC: 12ab0 | Move file pointer
2018-12-17T22:59:52.077262719Z 63 PC: 12b0d | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:59:52.085509647Z 66 PC: 12b2b | Move file pointer
2018-12-17T22:59:52.087471372Z 63 PC: 12b3c | Read file or device (Read 29 bytes on handle 5)
2018-12-17T22:59:52.090636203Z 66 PC: 12b4a | Move file pointer
2018-12-17T22:59:52.093811109Z 64 PC: 12b5f | Write file or device (Write 364 bytes on handle 5)
2018-12-17T22:59:52.097618563Z 62 PC: 12ac5 | Close file
2018-12-17T22:59:52.107106589Z 79 PC: 12a8b | Find next file
2018-12-17T22:59:52.111168222Z 61 PC: 12a95 | Open file (Filename = '')
2018-12-17T22:59:52.118621921Z 66 PC: 12aa7 | Move file pointer
2018-12-17T22:59:52.120364795Z 66 PC: 12ab0 | Move file pointer
2018-12-17T22:59:52.122135668Z 63 PC: 12b0d | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:59:52.126506922Z 62 PC: 12ac5 | Close file
2018-12-17T22:59:52.129650601Z 79 PC: 12a8b | Find next file
2018-12-17T22:59:52.133219798Z 42 PC: 12b64 | Get date 0x12b64: cmp dl, 6
0x12b67: jne 0x12b75
0x12b69: cmp dh, 0xb
0x12b6c: jne 0x12b75
0x12b6e: mov dx, 0x10d
0x12b71: mov ah, 9
0x12b73: int 0x21
0x12b75: ret
0x12b76: cld
0x12b77: push es
0x12b78: pop ds
0x12b79: push cs
0x12b7a: pop es
0x12b7b: lea si, word ptr [0]
0x12b7f: lea di, word ptr [0]
0x12b83: mov cx, 0xfb00
0x12b86: rep movsb byte ptr es:[di], byte ptr [si]
0x12b88: push cs
0x12b89: pop ds
0x12b8a: mov ax, 0x100
2018-12-17T22:59:52.138858111Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:59:52.145381794Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13356,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:07.503264375Z 78 PC: 12a84 | Find first file
2018-12-25T12:38:07.510714433Z 61 PC: 12a95 | Open file (Filename = '')
2018-12-25T12:38:07.520531785Z 66 PC: 12aa7 | Move file pointer
2018-12-25T12:38:07.522227776Z 66 PC: 12ab0 | Move file pointer
2018-12-25T12:38:07.528182086Z 63 PC: 12b0d | Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:38:07.53620306Z 66 PC: 12b2b | Move file pointer
2018-12-25T12:38:07.53838158Z 63 PC: 12b3c | Read file or device (Read 407 bytes on handle 5)
2018-12-25T12:38:07.542237832Z 66 PC: 12b4a | Move file pointer
2018-12-25T12:38:07.543835945Z 64 PC: 12b5f | Write file or device (Write 742 bytes on handle 5)
2018-12-25T12:38:07.660881403Z 62 PC: 12ac5 | Close file
2018-12-25T12:38:07.670732283Z 79 PC: 12a8b | Find next file
2018-12-25T12:38:07.674457658Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.682171801Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.684108563Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.687174427Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.695956759Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.698495864Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.703886666Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.705877662Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.709327447Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.719885726Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.723257616Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.730709348Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.733635431Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.735555564Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.743100241Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.745715238Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.749892689Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.751459018Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.754528675Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.764665747Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.768557907Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.776365517Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.779687276Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.78265873Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.790225811Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.793025496Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.796238123Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.798062408Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.804243008Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.818124438Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.821198281Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.828891287Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.83155007Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.833088387Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.840268997Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.843102538Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.846135306Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.847958566Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.852103181Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.861003045Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.863867261Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.871915011Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.873496476Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.875013394Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.882414242Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.886200236Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.889494456Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.891637553Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.901963247Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.911518794Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.914806733Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.924156107Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.925857612Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.928153014Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.936963086Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.939362912Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.942543787Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.944731122Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.9483078Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.957185965Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.960358686Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.96840845Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.970277647Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.972151658Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.975736708Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.977683175Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.980330799Z 42 PC: 12b64 | Get date 0x12b64: cmp dl, 6
0x12b67: jne 0x12b75
0x12b69: cmp dh, 0xb
0x12b6c: jne 0x12b75
0x12b6e: mov dx, 0x10d
0x12b71: mov ah, 9
0x12b73: int 0x21
0x12b75: ret
0x12b76: cld
0x12b77: push es
0x12b78: pop ds
0x12b79: push cs
0x12b7a: pop es
0x12b7b: lea si, word ptr [0]
0x12b7f: lea di, word ptr [0]
0x12b83: mov cx, 0xfb00
0x12b86: rep movsb byte ptr es:[di], byte ptr [si]
0x12b88: push cs
0x12b89: pop ds
0x12b8a: mov ax, 0x100
2018-12-25T12:38:07.984792746Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:38:07.993668625Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13356,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:07.560714225Z 78 PC: 12a84 | Find first file
2018-12-25T12:38:07.567203955Z 61 PC: 12a95 | Open file (Filename = '')
2018-12-25T12:38:07.573472437Z 66 PC: 12aa7 | Move file pointer
2018-12-25T12:38:07.574715569Z 66 PC: 12ab0 | Move file pointer
2018-12-25T12:38:07.576481252Z 63 PC: 12b0d | Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:38:07.582745438Z 66 PC: 12b2b | Move file pointer
2018-12-25T12:38:07.58397278Z 63 PC: 12b3c | Read file or device (Read 407 bytes on handle 5)
2018-12-25T12:38:07.591415229Z 66 PC: 12b4a | Move file pointer
2018-12-25T12:38:07.593138677Z 64 PC: 12b5f | Write file or device (Write 742 bytes on handle 5)
2018-12-25T12:38:07.607382134Z 62 PC: 12ac5 | Close file
2018-12-25T12:38:07.623794059Z 79 PC: 12a8b | Find next file
2018-12-25T12:38:07.627193144Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.634385534Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.636741697Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.639161879Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.645724958Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.647410779Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.650866577Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.652258377Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.654908906Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.663516596Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.666171078Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.67269141Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.675000357Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.676860893Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.683511441Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.686056476Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.688495809Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.689852308Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.693444928Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.701408942Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.710775174Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.717625325Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.71986363Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.721290823Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.727559248Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.729366872Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.731819751Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.733181182Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.736494704Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.74410808Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.746600124Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.754422377Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.755729726Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.757043343Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.764001349Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.765774566Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.768509094Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.771144437Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.773770058Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.781416989Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.784736981Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.791916765Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.793468782Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.795534097Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.801747086Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.803102138Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.805961076Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.807257636Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.815161857Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.824313624Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.82677394Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.833239539Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.83552542Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.836795407Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.843005544Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.84531954Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.847866663Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.849346619Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.853012454Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.860476782Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.862909781Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.870450567Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.872168006Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.873456977Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.876082881Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.878880604Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.881231408Z 42 PC: 12b64 | Get date 0x12b64: cmp dl, 6
0x12b67: jne 0x12b75
0x12b69: cmp dh, 0xb
0x12b6c: jne 0x12b75
0x12b6e: mov dx, 0x10d
0x12b71: mov ah, 9
0x12b73: int 0x21
0x12b75: ret
0x12b76: cld
0x12b77: push es
0x12b78: pop ds
0x12b79: push cs
0x12b7a: pop es
0x12b7b: lea si, word ptr [0]
0x12b7f: lea di, word ptr [0]
0x12b83: mov cx, 0xfb00
0x12b86: rep movsb byte ptr es:[di], byte ptr [si]
0x12b88: push cs
0x12b89: pop ds
0x12b8a: mov ax, 0x100
2018-12-25T12:38:07.88459032Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:38:07.891495051Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":6,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13356,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:07.57483962Z 78 PC: 12a84 | Find first file
2018-12-25T12:38:07.583049856Z 61 PC: 12a95 | Open file (Filename = '')
2018-12-25T12:38:07.591119131Z 66 PC: 12aa7 | Move file pointer
2018-12-25T12:38:07.592699687Z 66 PC: 12ab0 | Move file pointer
2018-12-25T12:38:07.594839428Z 63 PC: 12b0d | Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:38:07.60193639Z 66 PC: 12b2b | Move file pointer
2018-12-25T12:38:07.60351619Z 63 PC: 12b3c | Read file or device (Read 407 bytes on handle 5)
2018-12-25T12:38:07.607071835Z 66 PC: 12b4a | Move file pointer
2018-12-25T12:38:07.62305853Z 64 PC: 12b5f | Write file or device (Write 742 bytes on handle 5)
2018-12-25T12:38:07.660956889Z 62 PC: 12ac5 | Close file
2018-12-25T12:38:07.670459757Z 79 PC: 12a8b | Find next file
2018-12-25T12:38:07.675185927Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.682677848Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.68459504Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.687769705Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.695364396Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.696915293Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.701806927Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.703663658Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.707863718Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.717791609Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.721535725Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.729237903Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.73148116Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.734237035Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.741742159Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.744099534Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.747830395Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.749737393Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.753136935Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.763639018Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.767248218Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.775381968Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.77801381Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.78048035Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.78812369Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.790548774Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.793639309Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.795299283Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.799156958Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.809879947Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.813192183Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.821076187Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.823552909Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.825859871Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.833182573Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.835386509Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.838417244Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.840247507Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.844304962Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.85364311Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.856569509Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.864513828Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.868671464Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.870628171Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.878918443Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.880933979Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.883871929Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.885491811Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.895213916Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.904399399Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.9082159Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.917220888Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.918949378Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.92054205Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.928654232Z 66 PC: 12b2b | Move file pointer (See above)
2018-12-25T12:38:07.930223435Z 63 PC: 12b3c | Read file or device (See above)
2018-12-25T12:38:07.933119499Z 66 PC: 12b4a | Move file pointer (See above)
2018-12-25T12:38:07.935350969Z 64 PC: 12b5f | Write file or device (See above)
2018-12-25T12:38:07.938469806Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.947446746Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.95153768Z 61 PC: 12a95 | Open file (See above)
2018-12-25T12:38:07.959594302Z 66 PC: 12aa7 | Move file pointer (See above)
2018-12-25T12:38:07.961570723Z 66 PC: 12ab0 | Move file pointer (See above)
2018-12-25T12:38:07.963488746Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T12:38:07.967766155Z 62 PC: 12ac5 | Close file (See above)
2018-12-25T12:38:07.970164686Z 79 PC: 12a8b | Find next file (See above)
2018-12-25T12:38:07.972930686Z 42 PC: 12b64 | Get date 0x12b64: cmp dl, 6
0x12b67: jne 0x12b75
0x12b69: cmp dh, 0xb
0x12b6c: jne 0x12b75
0x12b6e: mov dx, 0x10d
0x12b71: mov ah, 9
0x12b73: int 0x21
0x12b75: ret
0x12b76: cld
0x12b77: push es
0x12b78: pop ds
0x12b79: push cs
0x12b7a: pop es
0x12b7b: lea si, word ptr [0]
0x12b7f: lea di, word ptr [0]
0x12b83: mov cx, 0xfb00
0x12b86: rep movsb byte ptr es:[di], byte ptr [si]
0x12b88: push cs
0x12b89: pop ds
0x12b8a: mov ax, 0x100
2018-12-25T12:38:07.976320511Z 9 PC: 12b75 | Display string (String= ', Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:38:07.98308219Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:38:07.989237855Z 0 PC: 12a89 | Program terminate