Sample viewer

vx.netlux.org/Virus.DOS.Trivial.Elben.300

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:01.760835226Z	78	PC: 12a73 \| Find first file
2018-12-17T23:05:01.76781887Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-17T23:05:01.771479304Z	61	PC: 12a53 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:05:01.778985069Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-17T23:05:01.786504931Z	62	PC: 12a66 \| Close file
2018-12-17T23:05:01.804262716Z	79	PC: 12a81 \| Find next file
2018-12-17T23:05:01.807660355Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-17T23:05:01.811402763Z	61	PC: 12a53 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:05:01.822548363Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-17T23:05:01.832053558Z	62	PC: 12a66 \| Close file
2018-12-17T23:05:01.840918209Z	79	PC: 12a81 \| Find next file
2018-12-17T23:05:01.844837159Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-17T23:05:01.847868059Z	61	PC: 12a53 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:05:01.855631729Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-17T23:05:01.864258613Z	62	PC: 12a66 \| Close file
2018-12-17T23:05:01.883901232Z	79	PC: 12a81 \| Find next file
2018-12-17T23:05:01.887569771Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-17T23:05:01.891028806Z	61	PC: 12a53 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:05:01.903231354Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-17T23:05:01.910828551Z	62	PC: 12a66 \| Close file
2018-12-17T23:05:01.919674276Z	79	PC: 12a81 \| Find next file
2018-12-17T23:05:01.923357793Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-17T23:05:01.926331676Z	61	PC: 12a53 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:05:01.933649066Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-17T23:05:01.942434298Z	62	PC: 12a66 \| Close file
2018-12-17T23:05:01.951055551Z	79	PC: 12a81 \| Find next file
2018-12-17T23:05:01.954186619Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-17T23:05:01.957891366Z	61	PC: 12a53 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:05:01.965843771Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-17T23:05:01.973214853Z	62	PC: 12a66 \| Close file
2018-12-17T23:05:01.983020894Z	79	PC: 12a81 \| Find next file
2018-12-17T23:05:01.988653157Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-17T23:05:01.993143521Z	61	PC: 12a53 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:05:02.004872468Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-17T23:05:02.012841675Z	62	PC: 12a66 \| Close file
2018-12-17T23:05:02.021511248Z	79	PC: 12a81 \| Find next file
2018-12-17T23:05:02.025028002Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-17T23:05:02.028280007Z	61	PC: 12a53 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:05:02.036622165Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-17T23:05:02.04005957Z	62	PC: 12a66 \| Close file
2018-12-17T23:05:02.050118897Z	79	PC: 12a81 \| Find next file
2018-12-17T23:05:02.052607417Z	42	PC: 12a8b \| Get date 0x12a8b: cmp dh, 8 0x12a8e: jne 0x12a9c 0x12a90: cmp dl, 0x1f 0x12a93: jne 0x12a9c 0x12a95: mov ah, 9 0x12a97: mov dx, 0x15e 0x12a9a: int 0x21 0x12a9c: int 0x20 0x12a9e: or ax, 0x460a 0x12aa1: sub ax, 0x5250 0x12aa4: dec di 0x12aa5: push sp 0x12aa6: and byte ptr [bp + di + 0x55], dl 0x12aa9: pop ax 0x12aaa: pop ax 0x12aab: pop ax 0x12aac: pop ax 0x12aad: pop ax 0x12aae: pop ax 0x12aaf: pop ax

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15073,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:33.261705769Z	78	PC: 12a73 \| Find first file
2018-12-25T12:42:33.268184937Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-25T12:42:33.270574387Z	61	PC: 12a53 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:33.276894466Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-25T12:42:33.284310723Z	62	PC: 12a66 \| Close file
2018-12-25T12:42:34.176650802Z	79	PC: 12a81 \| Find next file
2018-12-25T12:42:34.179187801Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.182181748Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.188552054Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.198143013Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.257690611Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.261481402Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.264011441Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.270759768Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.277948061Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.367101581Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.370087774Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.374386757Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.386762787Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.397772942Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.42935241Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.432319739Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.43498118Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.441355507Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.448092347Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.493231443Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.496800734Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.499367873Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.506004912Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.512932703Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.520811599Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.523654564Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.526845867Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.53359531Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.540260443Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.549129113Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.552087528Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.554445337Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.561735703Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.56492472Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.572576728Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.574978583Z	42	PC: 12a8b \| Get date 0x12a8b: cmp dh, 8 0x12a8e: jne 0x12a9c 0x12a90: cmp dl, 0x1f 0x12a93: jne 0x12a9c 0x12a95: mov ah, 9 0x12a97: mov dx, 0x15e 0x12a9a: int 0x21 0x12a9c: int 0x20 0x12a9e: or ax, 0x460a 0x12aa1: sub ax, 0x5250 0x12aa4: dec di 0x12aa5: push sp 0x12aa6: and byte ptr [bp + di + 0x55], dl 0x12aa9: pop ax 0x12aaa: pop ax 0x12aab: pop ax 0x12aac: pop ax 0x12aad: pop ax 0x12aae: pop ax 0x12aaf: pop ax

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15073,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:33.307233924Z	78	PC: 12a73 \| Find first file
2018-12-25T12:42:33.314044931Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-25T12:42:33.316240961Z	61	PC: 12a53 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:33.323058568Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-25T12:42:33.330744429Z	62	PC: 12a66 \| Close file
2018-12-25T12:42:34.176021732Z	79	PC: 12a81 \| Find next file
2018-12-25T12:42:34.17909277Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.182176512Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.189380161Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.201453796Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.258686544Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.262051348Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.265378789Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.272118453Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.280384052Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.366831789Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.369782747Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.373864407Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.380587078Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.38745757Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.43123953Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.434153519Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.4364246Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.448983337Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.45880639Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.493135071Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.498650989Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.501477578Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.508612532Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.516277383Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.524442631Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.543024889Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.545668364Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.553019677Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.55964013Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.567460093Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.570692717Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.573238544Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.579897608Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.583924358Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.591887663Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.594333184Z	42	PC: 12a8b \| Get date 0x12a8b: cmp dh, 8 0x12a8e: jne 0x12a9c 0x12a90: cmp dl, 0x1f 0x12a93: jne 0x12a9c 0x12a95: mov ah, 9 0x12a97: mov dx, 0x15e 0x12a9a: int 0x21 0x12a9c: int 0x20 0x12a9e: or ax, 0x460a 0x12aa1: sub ax, 0x5250 0x12aa4: dec di 0x12aa5: push sp 0x12aa6: and byte ptr [bp + di + 0x55], dl 0x12aa9: pop ax 0x12aaa: pop ax 0x12aab: pop ax 0x12aac: pop ax 0x12aad: pop ax 0x12aae: pop ax 0x12aaf: pop ax

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15073,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:33.396569591Z	78	PC: 12a73 \| Find first file
2018-12-25T12:42:33.404734017Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-25T12:42:33.407151064Z	61	PC: 12a53 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:33.413355029Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-25T12:42:33.420646276Z	62	PC: 12a66 \| Close file
2018-12-25T12:42:34.177225481Z	79	PC: 12a81 \| Find next file
2018-12-25T12:42:34.187192956Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.190453158Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.198505466Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.20771694Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.257388517Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.260703991Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.263419302Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.269954578Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.276792274Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.366593469Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.369954439Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.373311068Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.391132921Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.397996218Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.463662765Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.466582434Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.468993542Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.475944253Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.483165267Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.497556072Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.503240349Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.505726707Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.512371847Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.519473349Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.528377159Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.531301985Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.534811609Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.541824091Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.549049684Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.55711092Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.561292316Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.56397616Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.570811504Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.574616163Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.58246806Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.584388443Z	42	PC: 12a8b \| Get date 0x12a8b: cmp dh, 8 0x12a8e: jne 0x12a9c 0x12a90: cmp dl, 0x1f 0x12a93: jne 0x12a9c 0x12a95: mov ah, 9 0x12a97: mov dx, 0x15e 0x12a9a: int 0x21 0x12a9c: int 0x20 0x12a9e: or ax, 0x460a 0x12aa1: sub ax, 0x5250 0x12aa4: dec di 0x12aa5: push sp 0x12aa6: and byte ptr [bp + di + 0x55], dl 0x12aa9: pop ax 0x12aaa: pop ax 0x12aab: pop ax 0x12aac: pop ax 0x12aad: pop ax 0x12aae: pop ax 0x12aaf: pop ax

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15073,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:33.39990276Z	78	PC: 12a73 \| Find first file
2018-12-25T12:42:33.404949043Z	44	PC: 12b0c \| Get time 0x12b0c: cmp dh, 0 0x12b0f: je 0x12b08 0x12b11: mov byte ptr [0x1ae], dh 0x12b15: ret 0x12b16: pop bx 0x12b17: inc bp 0x12b18: insb byte ptr es:[di], dx 0x12b19: and byte ptr [bp + si + 0x65], ah 0x12b1c: outsb dx, byte ptr [si] 0x12b1d: popaw 0x12b1f: outsw dx, word ptr fs:[si] 0x12b21: jb 0x12b43 0x12b23: jne 0x12b99 0x12b26: je 0x12b91 0x12b28: arpl word ptr [bx + di + 0x65], bp 0x12b2b: jb 0x12b9c 0x12b2d: and byte ptr [bx + di + 0x20], bh 0x12b30: jae 0x12ba7 0x12b32: and byte ptr [bx + si + 0x61], dh 0x12b35: jae 0x12bab
2018-12-25T12:42:33.407337345Z	61	PC: 12a53 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:33.411419548Z	64	PC: 12a62 \| Write file or device (Write 300 bytes on handle 5)
2018-12-25T12:42:33.416445967Z	62	PC: 12a66 \| Close file
2018-12-25T12:42:34.176304092Z	79	PC: 12a81 \| Find next file
2018-12-25T12:42:34.179410528Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.182593042Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.188967164Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.19567138Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.257703578Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.262835118Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.265797125Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.273523538Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.281829704Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.366836834Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.371061805Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.37523145Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.383016993Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.39132526Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.429627339Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.433433371Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.436416787Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.444597733Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.451823551Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.49332414Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.49820626Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.502021361Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.509037483Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.516192384Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.524874312Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.52776506Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.530347937Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.547128445Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.554437375Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.562928724Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.566111017Z	44	PC: 12b0c \| Get time (See above)
2018-12-25T12:42:34.568592139Z	61	PC: 12a53 \| Open file (See above)
2018-12-25T12:42:34.576044216Z	64	PC: 12a62 \| Write file or device (See above)
2018-12-25T12:42:34.580619592Z	62	PC: 12a66 \| Close file (See above)
2018-12-25T12:42:34.59153814Z	79	PC: 12a81 \| Find next file (See above)
2018-12-25T12:42:34.594835776Z	42	PC: 12a8b \| Get date 0x12a8b: cmp dh, 8 0x12a8e: jne 0x12a9c 0x12a90: cmp dl, 0x1f 0x12a93: jne 0x12a9c 0x12a95: mov ah, 9 0x12a97: mov dx, 0x15e 0x12a9a: int 0x21 0x12a9c: int 0x20 0x12a9e: or ax, 0x460a 0x12aa1: sub ax, 0x5250 0x12aa4: dec di 0x12aa5: push sp 0x12aa6: and byte ptr [bp + di + 0x55], dl 0x12aa9: pop ax 0x12aaa: pop ax 0x12aab: pop ax 0x12aac: pop ax 0x12aad: pop ax 0x12aae: pop ax 0x12aaf: pop ax