Sample viewer

vx.netlux.org/Virus.DOS.Corea.920

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:32.129554776Z 44 PC: 130c0 | Get time 0x130c0: cmp ch, 0x16
0x130c3: jg 0x1309d
0x130c5: mov ah, 0x1a
0x130c7: lea dx, word ptr [bp + 0x116]
0x130cb: int 0x21
0x130cd: mov ah, 0x47
0x130cf: mov dl, 0
0x130d1: lea si, word ptr [bp + 0x15b]
0x130d5: mov byte ptr ds:[bp + 0x15a], 0x5c
0x130db: int 0x21
0x130dd: nop
0x130de: nop
0x130df: nop
0x130e0: mov ah, 0x3b
0x130e2: lea dx, word ptr [bp + 0x1db]
0x130e6: int 0x21
0x130e8: jmp 0x130ea
0x130ea: mov ah, 0x7e
0x130ec: mov cx, 0
0x130ef: lea dx, word ptr [bp + 0x220]
2018-12-17T23:01:32.132552238Z 26 PC: 130cd | Set disk transfer address
2018-12-17T23:01:32.136862447Z 71 PC: 130dd | Get current directory
2018-12-17T23:01:32.140320575Z 59 PC: 130e8 | Change current directory
2018-12-17T23:01:32.144885122Z 78 PC: 1321b | Find first file
2018-12-17T23:01:32.152555675Z 67 PC: 131a0 | Get or set file attributes
2018-12-17T23:01:32.171881338Z 61 PC: 131a5 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:32.184005179Z 87 PC: 131ab | Get or set file date and time
2018-12-17T23:01:32.186450725Z 63 PC: 131c0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:32.194590981Z 66 PC: 131d3 | Move file pointer
2018-12-17T23:01:32.196445706Z 64 PC: 1321b | Write file or device (Write 920 bytes on handle 5)
2018-12-17T23:01:32.206629622Z 66 PC: 131f1 | Move file pointer
2018-12-17T23:01:32.208442007Z 64 PC: 1321b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:32.215749108Z 87 PC: 1320c | Get or set file date and time
2018-12-17T23:01:32.218715221Z 62 PC: 13210 | Close file
2018-12-17T23:01:32.227970101Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.231262488Z 67 PC: 131a0 | Get or set file attributes
2018-12-17T23:01:32.243984462Z 61 PC: 131a5 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:01:32.251580596Z 87 PC: 131ab | Get or set file date and time
2018-12-17T23:01:32.26796411Z 63 PC: 131c0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:32.275408719Z 66 PC: 131d3 | Move file pointer
2018-12-17T23:01:32.27790521Z 64 PC: 1321b | Write file or device (Write 920 bytes on handle 5)
2018-12-17T23:01:32.286969332Z 66 PC: 131f1 | Move file pointer
2018-12-17T23:01:32.288986251Z 64 PC: 1321b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:32.297298671Z 87 PC: 1320c | Get or set file date and time
2018-12-17T23:01:32.299321942Z 62 PC: 13210 | Close file
2018-12-17T23:01:32.308307236Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.312381872Z 67 PC: 131a0 | Get or set file attributes
2018-12-17T23:01:32.323319304Z 61 PC: 131a5 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:01:32.33172081Z 87 PC: 131ab | Get or set file date and time
2018-12-17T23:01:32.334750082Z 63 PC: 131c0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:32.342835936Z 66 PC: 131d3 | Move file pointer
2018-12-17T23:01:32.345159082Z 64 PC: 1321b | Write file or device (Write 920 bytes on handle 5)
2018-12-17T23:01:32.354924722Z 66 PC: 131f1 | Move file pointer
2018-12-17T23:01:32.357157167Z 64 PC: 1321b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:32.365118546Z 87 PC: 1320c | Get or set file date and time
2018-12-17T23:01:32.36806385Z 62 PC: 13210 | Close file
2018-12-17T23:01:32.377076866Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.380475562Z 67 PC: 131a0 | Get or set file attributes
2018-12-17T23:01:32.391739377Z 61 PC: 131a5 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:01:32.400430247Z 87 PC: 131ab | Get or set file date and time
2018-12-17T23:01:32.402457517Z 63 PC: 131c0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:32.410530987Z 66 PC: 131d3 | Move file pointer
2018-12-17T23:01:32.412759134Z 64 PC: 1321b | Write file or device (Write 920 bytes on handle 5)
2018-12-17T23:01:32.422319958Z 66 PC: 131f1 | Move file pointer
2018-12-17T23:01:32.42418884Z 64 PC: 1321b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:32.432456004Z 87 PC: 1320c | Get or set file date and time
2018-12-17T23:01:32.434514923Z 62 PC: 13210 | Close file
2018-12-17T23:01:32.443878628Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.447633663Z 67 PC: 131a0 | Get or set file attributes
2018-12-17T23:01:32.458591052Z 61 PC: 131a5 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:01:32.466930422Z 87 PC: 131ab | Get or set file date and time
2018-12-17T23:01:32.469683656Z 63 PC: 131c0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:32.477210789Z 66 PC: 131d3 | Move file pointer
2018-12-17T23:01:32.479042972Z 64 PC: 1321b | Write file or device (Write 920 bytes on handle 5)
2018-12-17T23:01:32.48968575Z 66 PC: 131f1 | Move file pointer
2018-12-17T23:01:32.491541717Z 64 PC: 1321b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:32.499055516Z 87 PC: 1320c | Get or set file date and time
2018-12-17T23:01:32.501252535Z 62 PC: 13210 | Close file
2018-12-17T23:01:32.511125707Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.514371396Z 67 PC: 131a0 | Get or set file attributes
2018-12-17T23:01:32.525351708Z 61 PC: 131a5 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:01:32.53448532Z 87 PC: 131ab | Get or set file date and time
2018-12-17T23:01:32.536285703Z 63 PC: 131c0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:32.543581712Z 66 PC: 131d3 | Move file pointer
2018-12-17T23:01:32.546334835Z 64 PC: 1321b | Write file or device (Write 920 bytes on handle 5)
2018-12-17T23:01:32.557045511Z 66 PC: 131f1 | Move file pointer
2018-12-17T23:01:32.558903963Z 64 PC: 1321b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:32.567158724Z 87 PC: 1320c | Get or set file date and time
2018-12-17T23:01:32.569748971Z 62 PC: 13210 | Close file
2018-12-17T23:01:32.578745355Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.582262143Z 67 PC: 131a0 | Get or set file attributes
2018-12-17T23:01:32.593906052Z 61 PC: 131a5 | Open file (Filename = 'PAH.COM')
2018-12-17T23:01:32.602094579Z 87 PC: 131ab | Get or set file date and time
2018-12-17T23:01:32.604058559Z 63 PC: 131c0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:32.612033404Z 66 PC: 131d3 | Move file pointer
2018-12-17T23:01:32.613918857Z 64 PC: 1321b | Write file or device (Write 920 bytes on handle 5)
2018-12-17T23:01:32.630215759Z 66 PC: 131f1 | Move file pointer
2018-12-17T23:01:32.633544985Z 64 PC: 1321b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:32.641125438Z 87 PC: 1320c | Get or set file date and time
2018-12-17T23:01:32.642954205Z 62 PC: 13210 | Close file
2018-12-17T23:01:32.653717479Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.657258013Z 67 PC: 131a0 | Get or set file attributes
2018-12-17T23:01:32.66910325Z 61 PC: 131a5 | Open file (Filename = 'TEST.COM')
2018-12-17T23:01:32.677928082Z 87 PC: 131ab | Get or set file date and time
2018-12-17T23:01:32.680106565Z 63 PC: 131c0 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:32.687200976Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.689884699Z 78 PC: 1321b | Find first file
2018-12-17T23:01:32.697527139Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.701093961Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.704529867Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.708501219Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.712462312Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.715582495Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.719415618Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.722613396Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.725816966Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.729408184Z 59 PC: 1316d | Change current directory
2018-12-17T23:01:32.734592105Z 78 PC: 1321b | Find first file
2018-12-17T23:01:32.741589723Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.74699529Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.749945394Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.752831978Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.756548631Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.759312334Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.762113217Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.765331484Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.76853804Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.771235598Z 59 PC: 1316d | Change current directory
2018-12-17T23:01:32.776239621Z 78 PC: 1321b | Find first file
2018-12-17T23:01:32.783255314Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.786117001Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.78896379Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.792958125Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.796381428Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.799675588Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.802714347Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.80522768Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.80747341Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.810142746Z 59 PC: 1316d | Change current directory
2018-12-17T23:01:32.813796983Z 78 PC: 1321b | Find first file
2018-12-17T23:01:32.819488157Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.823349532Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.826602014Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.829749768Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.832868278Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.837049244Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.840173094Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.843267609Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.847338217Z 79 PC: 1321b | Find next file
2018-12-17T23:01:32.85022939Z 59 PC: 1317b | Change current directory
2018-12-17T23:01:32.85487004Z 26 PC: 13182 | Set disk transfer address
2018-12-17T23:01:32.857417907Z 202 PC: 12ab1 | UNKNOWN!
2018-12-17T23:01:32.859078538Z 42 PC: 12ce3 | Get date 0x12ce3: cmp dl, byte ptr cs:[bp + 0x54b]
0x12ce8: je 0x12cf2
0x12cea: cmp byte ptr cs:[bp + 0x54b], 0x20
0x12cf0: jne 0x12d0a
0x12cf2: cmp dh, byte ptr cs:[bp + 0x54c]
0x12cf7: je 0x12d01
0x12cf9: cmp byte ptr cs:[bp + 0x54c], 0xd
0x12cff: jne 0x12d0a
0x12d01: mov ah, 9
0x12d03: mov dx, 0x3cb
0x12d06: int 0x21
0x12d08: int 0x20
0x12d0a: ret
0x12d0b: or cl, byte ptr [di]
0x12d0d: pop cx
0x12d0e: dec di
0x12d0f: push bp
0x12d10: and byte ptr [bp + di + 0x49], cl
0x12d13: dec sp
0x12d14: dec sp
2018-12-17T23:01:32.861874922Z 9 PC: 12d08 | Display string (String= ' YOU KILL YOU COMPUTER KILL YOU BABO YOU BABO KILL YOU COMPUTER BABO VIRUS NO CHCAK BABO YOU HDD ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13910,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:22.341152277Z 44 PC: 130c0 | Get time 0x130c0: cmp ch, 0x16
0x130c3: jg 0x1309d
0x130c5: mov ah, 0x1a
0x130c7: lea dx, word ptr [bp + 0x116]
0x130cb: int 0x21
0x130cd: mov ah, 0x47
0x130cf: mov dl, 0
0x130d1: lea si, word ptr [bp + 0x15b]
0x130d5: mov byte ptr ds:[bp + 0x15a], 0x5c
0x130db: int 0x21
0x130dd: nop
0x130de: nop
0x130df: nop
0x130e0: mov ah, 0x3b
0x130e2: lea dx, word ptr [bp + 0x1db]
0x130e6: int 0x21
0x130e8: jmp 0x130ea
0x130ea: mov ah, 0x7e
0x130ec: mov cx, 0
0x130ef: lea dx, word ptr [bp + 0x220]
2018-12-25T12:39:22.344579833Z 26 PC: 130cd | Set disk transfer address
2018-12-25T12:39:22.345911155Z 71 PC: 130dd | Get current directory
2018-12-25T12:39:22.348956367Z 59 PC: 130e8 | Change current directory
2018-12-25T12:39:22.362687608Z 78 PC: 1321b | Find first file
2018-12-25T12:39:22.373368375Z 67 PC: 131a0 | Get or set file attributes
2018-12-25T12:39:22.39166146Z 61 PC: 131a5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:22.398521832Z 87 PC: 131ab | Get or set file date and time
2018-12-25T12:39:22.400408774Z 63 PC: 131c0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:39:22.406966565Z 66 PC: 131d3 | Move file pointer
2018-12-25T12:39:22.408895357Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.417267628Z 66 PC: 131f1 | Move file pointer
2018-12-25T12:39:22.418875372Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.426607228Z 87 PC: 1320c | Get or set file date and time
2018-12-25T12:39:22.428279087Z 62 PC: 13210 | Close file
2018-12-25T12:39:22.436346635Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.439402563Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:22.449632964Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:22.456788974Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:22.458175823Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:22.46468776Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:22.466071058Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.474385558Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:22.476377791Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.482998073Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:22.484679686Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:22.493249189Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.496079029Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:22.505839421Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:22.513147353Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:22.514753739Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:22.52162893Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:22.524231118Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.53876178Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:22.540359377Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.547830291Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:22.54942465Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:22.558259865Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.561474875Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:22.574393699Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:22.581687546Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:22.583744308Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:22.590132543Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:22.591811307Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.600294853Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:22.601946508Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.608554625Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:22.610576606Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:22.618627239Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.621206903Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:22.630834778Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:22.645894842Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:22.647755412Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:22.654999393Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:22.656913362Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.664763884Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:22.666139194Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.672667079Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:22.674260393Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:22.681980816Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.685740524Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:22.695334893Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:22.702030831Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:22.704096801Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:22.710829383Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:22.712246954Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.721815694Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:22.723421477Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.730033186Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:22.732645178Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:22.74061298Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.743505009Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:22.753796203Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:22.760308918Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:22.761975365Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:22.769420484Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:22.77155656Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.780144854Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:22.7820484Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:22.78977851Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:22.791599734Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:22.799673991Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.803040327Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:22.816502221Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:22.826865635Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:22.829432083Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:22.835934802Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.8386344Z 78 PC: 1321b | Find first file (See above)
2018-12-25T12:39:22.850680461Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.85349027Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.856319229Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.859598712Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.862254946Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.864950785Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.868698157Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.871461806Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.874211838Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.877523944Z 59 PC: 1316d | Change current directory
2018-12-25T12:39:22.881645556Z 78 PC: 1321b | Find first file (See above)
2018-12-25T12:39:22.886948385Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.890161122Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.893128673Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.895841452Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.89930831Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.902162284Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.904880653Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.908323838Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.911329799Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.91382825Z 59 PC: 1316d | Change current directory (See above)
2018-12-25T12:39:22.91941246Z 78 PC: 1321b | Find first file (See above)
2018-12-25T12:39:22.925653623Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.928359195Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.931270234Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.935205656Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.937919867Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.94063076Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.944237386Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.946911709Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.94958043Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.952993854Z 59 PC: 1316d | Change current directory (See above)
2018-12-25T12:39:22.95728907Z 78 PC: 1321b | Find first file (See above)
2018-12-25T12:39:22.963272706Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.966989016Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.969681791Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.972408902Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.975972259Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.979080168Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.981599627Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.984764248Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.988200794Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:22.992075712Z 59 PC: 1317b | Change current directory
2018-12-25T12:39:22.997201005Z 26 PC: 13182 | Set disk transfer address
2018-12-25T12:39:22.998284121Z 202 PC: 12ab1 | UNKNOWN!
2018-12-25T12:39:22.999098745Z 42 PC: 12ce3 | Get date 0x12ce3: cmp dl, byte ptr cs:[bp + 0x54b]
0x12ce8: je 0x12cf2
0x12cea: cmp byte ptr cs:[bp + 0x54b], 0x20
0x12cf0: jne 0x12d0a
0x12cf2: cmp dh, byte ptr cs:[bp + 0x54c]
0x12cf7: je 0x12d01
0x12cf9: cmp byte ptr cs:[bp + 0x54c], 0xd
0x12cff: jne 0x12d0a
0x12d01: mov ah, 9
0x12d03: mov dx, 0x3cb
0x12d06: int 0x21
0x12d08: int 0x20
0x12d0a: ret
0x12d0b: or cl, byte ptr [di]
0x12d0d: pop cx
0x12d0e: dec di
0x12d0f: push bp
0x12d10: and byte ptr [bp + di + 0x49], cl
0x12d13: dec sp
0x12d14: dec sp
2018-12-25T12:39:23.001954731Z 9 PC: 12d08 | Display string (String= ' YOU KILL YOU COMPUTER KILL YOU BABO YOU BABO KILL YOU COMPUTER BABO VIRUS NO CHCAK BABO YOU HDD ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13910,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:23.822613475Z 44 PC: 130c0 | Get time 0x130c0: cmp ch, 0x16
0x130c3: jg 0x1309d
0x130c5: mov ah, 0x1a
0x130c7: lea dx, word ptr [bp + 0x116]
0x130cb: int 0x21
0x130cd: mov ah, 0x47
0x130cf: mov dl, 0
0x130d1: lea si, word ptr [bp + 0x15b]
0x130d5: mov byte ptr ds:[bp + 0x15a], 0x5c
0x130db: int 0x21
0x130dd: nop
0x130de: nop
0x130df: nop
0x130e0: mov ah, 0x3b
0x130e2: lea dx, word ptr [bp + 0x1db]
0x130e6: int 0x21
0x130e8: jmp 0x130ea
0x130ea: mov ah, 0x7e
0x130ec: mov cx, 0
0x130ef: lea dx, word ptr [bp + 0x220]
2018-12-25T12:39:23.825786892Z 9 PC: 130b4 | Display string (String= 'Good Night? ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13910,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:24.885270624Z 44 PC: 130c0 | Get time 0x130c0: cmp ch, 0x16
0x130c3: jg 0x1309d
0x130c5: mov ah, 0x1a
0x130c7: lea dx, word ptr [bp + 0x116]
0x130cb: int 0x21
0x130cd: mov ah, 0x47
0x130cf: mov dl, 0
0x130d1: lea si, word ptr [bp + 0x15b]
0x130d5: mov byte ptr ds:[bp + 0x15a], 0x5c
0x130db: int 0x21
0x130dd: nop
0x130de: nop
0x130df: nop
0x130e0: mov ah, 0x3b
0x130e2: lea dx, word ptr [bp + 0x1db]
0x130e6: int 0x21
0x130e8: jmp 0x130ea
0x130ea: mov ah, 0x7e
0x130ec: mov cx, 0
0x130ef: lea dx, word ptr [bp + 0x220]
2018-12-25T12:39:24.88745156Z 26 PC: 130cd | Set disk transfer address
2018-12-25T12:39:24.891267028Z 71 PC: 130dd | Get current directory
2018-12-25T12:39:24.893814783Z 59 PC: 130e8 | Change current directory
2018-12-25T12:39:24.900396363Z 78 PC: 1321b | Find first file
2018-12-25T12:39:24.90686123Z 67 PC: 131a0 | Get or set file attributes
2018-12-25T12:39:24.923403221Z 61 PC: 131a5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:24.944172639Z 87 PC: 131ab | Get or set file date and time
2018-12-25T12:39:24.947539161Z 63 PC: 131c0 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:39:24.95415733Z 66 PC: 131d3 | Move file pointer
2018-12-25T12:39:24.955867217Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:24.965300088Z 66 PC: 131f1 | Move file pointer
2018-12-25T12:39:24.966891201Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:24.973430682Z 87 PC: 1320c | Get or set file date and time
2018-12-25T12:39:24.97554682Z 62 PC: 13210 | Close file
2018-12-25T12:39:24.983325316Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:24.985970249Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:24.996250966Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:25.002947417Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:25.004612511Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:25.01195022Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:25.013636033Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.021696581Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:25.023957558Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.030886443Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:25.032760995Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:25.041573469Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.044605872Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:25.055125735Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:25.062636357Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:25.064347554Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:25.071005073Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:25.073514562Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.082367409Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:25.0840082Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.090959334Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:25.092832361Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:25.10046086Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.103197828Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:25.1135859Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:25.120267835Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:25.121852378Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:25.129263938Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:25.131384727Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.139421029Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:25.141950867Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.148934736Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:25.150660759Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:25.159336966Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.162370503Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:25.172058438Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:25.183387471Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:25.185007812Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:25.191379427Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:25.19395913Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.201965851Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:25.203563454Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.211060063Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:25.212754001Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:25.221085379Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.224613689Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:25.234526518Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:25.241191016Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:25.243215655Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:25.249552997Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:25.251158814Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.26026402Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:25.262020979Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.268596757Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:25.270758919Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:25.279307179Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.282068608Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:25.292302351Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:25.298820335Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:25.300122387Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:25.307438784Z 66 PC: 131d3 | Move file pointer (See above)
2018-12-25T12:39:25.309041643Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.317121512Z 66 PC: 131f1 | Move file pointer (See above)
2018-12-25T12:39:25.318892053Z 64 PC: 1321b | Write file or device (See above)
2018-12-25T12:39:25.326248212Z 87 PC: 1320c | Get or set file date and time (See above)
2018-12-25T12:39:25.327945517Z 62 PC: 13210 | Close file (See above)
2018-12-25T12:39:25.335860977Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.34034574Z 67 PC: 131a0 | Get or set file attributes (See above)
2018-12-25T12:39:25.350104041Z 61 PC: 131a5 | Open file (See above)
2018-12-25T12:39:25.356811311Z 87 PC: 131ab | Get or set file date and time (See above)
2018-12-25T12:39:25.359622014Z 63 PC: 131c0 | Read file or device (See above)
2018-12-25T12:39:25.366115007Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.368717297Z 78 PC: 1321b | Find first file (See above)
2018-12-25T12:39:25.37549614Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.378182363Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.380911119Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.388736941Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.391785316Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.394523008Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.398005759Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.401061664Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.403775187Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.406884849Z 59 PC: 1316d | Change current directory
2018-12-25T12:39:25.411139739Z 78 PC: 1321b | Find first file (See above)
2018-12-25T12:39:25.41770549Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.42097792Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.423697053Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.426407913Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.429658613Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.440758484Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.443453267Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.446496939Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.449102142Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.451407779Z 59 PC: 1316d | Change current directory (See above)
2018-12-25T12:39:25.456047316Z 78 PC: 1321b | Find first file (See above)
2018-12-25T12:39:25.4621942Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.464890461Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.468179301Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.470888267Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.473484018Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.47670657Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.480096079Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.482737611Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.486034397Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.488405981Z 59 PC: 1316d | Change current directory (See above)
2018-12-25T12:39:25.492457733Z 78 PC: 1321b | Find first file (See above)
2018-12-25T12:39:25.498411171Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.501696577Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.504221745Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.5069062Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.509542936Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.512183405Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.514844248Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.517944152Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.520599884Z 79 PC: 1321b | Find next file (See above)
2018-12-25T12:39:25.523036881Z 59 PC: 1317b | Change current directory
2018-12-25T12:39:25.527553691Z 26 PC: 13182 | Set disk transfer address
2018-12-25T12:39:25.528608327Z 202 PC: 12ab1 | UNKNOWN!
2018-12-25T12:39:25.530204061Z 42 PC: 12ce3 | Get date 0x12ce3: cmp dl, byte ptr cs:[bp + 0x54b]
0x12ce8: je 0x12cf2
0x12cea: cmp byte ptr cs:[bp + 0x54b], 0x20
0x12cf0: jne 0x12d0a
0x12cf2: cmp dh, byte ptr cs:[bp + 0x54c]
0x12cf7: je 0x12d01
0x12cf9: cmp byte ptr cs:[bp + 0x54c], 0xd
0x12cff: jne 0x12d0a
0x12d01: mov ah, 9
0x12d03: mov dx, 0x3cb
0x12d06: int 0x21
0x12d08: int 0x20
0x12d0a: ret
0x12d0b: or cl, byte ptr [di]
0x12d0d: pop cx
0x12d0e: dec di
0x12d0f: push bp
0x12d10: and byte ptr [bp + di + 0x49], cl
0x12d13: dec sp
0x12d14: dec sp
2018-12-25T12:39:25.533056517Z 9 PC: 12d08 | Display string (String= ' YOU KILL YOU COMPUTER KILL YOU BABO YOU BABO KILL YOU COMPUTER BABO VIRUS NO CHCAK BABO YOU HDD ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13910,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:25.314510074Z 44 PC: 130c0 | Get time 0x130c0: cmp ch, 0x16
0x130c3: jg 0x1309d
0x130c5: mov ah, 0x1a
0x130c7: lea dx, word ptr [bp + 0x116]
0x130cb: int 0x21
0x130cd: mov ah, 0x47
0x130cf: mov dl, 0
0x130d1: lea si, word ptr [bp + 0x15b]
0x130d5: mov byte ptr ds:[bp + 0x15a], 0x5c
0x130db: int 0x21
0x130dd: nop
0x130de: nop
0x130df: nop
0x130e0: mov ah, 0x3b
0x130e2: lea dx, word ptr [bp + 0x1db]
0x130e6: int 0x21
0x130e8: jmp 0x130ea
0x130ea: mov ah, 0x7e
0x130ec: mov cx, 0
0x130ef: lea dx, word ptr [bp + 0x220]
2018-12-25T12:39:25.317718287Z 9 PC: 130b4 | Display string (String= 'Good Night? ')