Sample viewer

vx.netlux.org/Virus.DOS.Vein.1006.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:45.281403777Z 42 PC: 1327b | Get date 0x1327b: cmp dh, 8
0x1327e: je 0x1329d
0x13280: cmp dh, 2
0x13283: je 0x13295
0x13285: cmp dh, 0xc
0x13288: je 0x1328d
0x1328a: jmp 0x13394
0x1328d: cmp dl, 0x19
0x13290: je 0x132a5
0x13292: jmp 0x13394
0x13295: cmp dl, 3
0x13298: je 0x132a9
0x1329a: jmp 0x13394
0x1329d: cmp dl, 0x12
0x132a0: je 0x132ad
0x132a2: jmp 0x13394
0x132a5: push cs
0x132a6: call 0x132b1
0x132a9: push cs
0x132aa: call 0x13365
2018-12-17T23:06:45.284531545Z 26 PC: 133a9 | Set disk transfer address
2018-12-17T23:06:45.310642765Z 78 PC: 133b4 | Find first file
2018-12-17T23:06:45.320400065Z 61 PC: 133c2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:45.328157698Z 87 PC: 133c8 | Get or set file date and time
2018-12-17T23:06:45.331237686Z 87 PC: 13439 | Get or set file date and time
2018-12-17T23:06:45.332896631Z 62 PC: 1343d | Close file
2018-12-17T23:06:45.349340499Z 79 PC: 133b4 | Find next file
2018-12-17T23:06:45.354399705Z 61 PC: 133c2 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:06:45.361769588Z 87 PC: 133c8 | Get or set file date and time
2018-12-17T23:06:45.363441425Z 87 PC: 13439 | Get or set file date and time
2018-12-17T23:06:45.365873791Z 62 PC: 1343d | Close file
2018-12-17T23:06:45.373949027Z 79 PC: 133b4 | Find next file
2018-12-17T23:06:45.377250435Z 61 PC: 133c2 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:06:45.385152824Z 87 PC: 133c8 | Get or set file date and time
2018-12-17T23:06:45.387561026Z 87 PC: 13439 | Get or set file date and time
2018-12-17T23:06:45.389732822Z 62 PC: 1343d | Close file
2018-12-17T23:06:45.406651594Z 79 PC: 133b4 | Find next file
2018-12-17T23:06:45.409823407Z 61 PC: 133c2 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:06:45.415389804Z 87 PC: 133c8 | Get or set file date and time
2018-12-17T23:06:45.427867956Z 87 PC: 13439 | Get or set file date and time
2018-12-17T23:06:45.429864421Z 62 PC: 1343d | Close file
2018-12-17T23:06:45.435163221Z 79 PC: 133b4 | Find next file
2018-12-17T23:06:45.437742043Z 61 PC: 133c2 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:06:45.450050613Z 87 PC: 133c8 | Get or set file date and time
2018-12-17T23:06:45.452127768Z 87 PC: 13439 | Get or set file date and time
2018-12-17T23:06:45.454251511Z 62 PC: 1343d | Close file
2018-12-17T23:06:45.46308868Z 79 PC: 133b4 | Find next file
2018-12-17T23:06:45.466838196Z 61 PC: 133c2 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:06:45.482307831Z 87 PC: 133c8 | Get or set file date and time
2018-12-17T23:06:45.498235722Z 87 PC: 13439 | Get or set file date and time
2018-12-17T23:06:45.500187742Z 62 PC: 1343d | Close file
2018-12-17T23:06:45.508887203Z 79 PC: 133b4 | Find next file
2018-12-17T23:06:45.512921669Z 61 PC: 133c2 | Open file (Filename = 'PAH.COM')
2018-12-17T23:06:45.522102013Z 87 PC: 133c8 | Get or set file date and time
2018-12-17T23:06:45.524143499Z 87 PC: 13439 | Get or set file date and time
2018-12-17T23:06:45.526238235Z 62 PC: 1343d | Close file
2018-12-17T23:06:45.53607291Z 79 PC: 133b4 | Find next file
2018-12-17T23:06:45.539342765Z 61 PC: 133c2 | Open file (Filename = 'TEST.COM')
2018-12-17T23:06:45.546950187Z 87 PC: 133c8 | Get or set file date and time
2018-12-17T23:06:45.550033003Z 63 PC: 133e8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:45.553345094Z 66 PC: 1340b | Move file pointer
2018-12-17T23:06:45.555345579Z 64 PC: 13416 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:06:45.559388084Z 66 PC: 1341f | Move file pointer
2018-12-17T23:06:45.56142285Z 64 PC: 1342a | Write file or device (Write 1006 bytes on handle 5)
2018-12-17T23:06:45.571145979Z 87 PC: 13439 | Get or set file date and time
2018-12-17T23:06:45.57354494Z 62 PC: 1343d | Close file
2018-12-17T23:06:45.582768453Z 79 PC: 133b4 | Find next file
2018-12-17T23:06:45.585736437Z 26 PC: 13449 | Set disk transfer address
2018-12-17T23:06:45.587601014Z 9 PC: 12a47 | Display string (String= 'Bait file!  (C) 2000 Mountain Virus Research Labs M�llen AntiVirusGps!QbopjY ')

{"DateBased":true,"Day":3,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15639,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:04.687554951Z 42 PC: 1327b | Get date 0x1327b: cmp dh, 8
0x1327e: je 0x1329d
0x13280: cmp dh, 2
0x13283: je 0x13295
0x13285: cmp dh, 0xc
0x13288: je 0x1328d
0x1328a: jmp 0x13394
0x1328d: cmp dl, 0x19
0x13290: je 0x132a5
0x13292: jmp 0x13394
0x13295: cmp dl, 3
0x13298: je 0x132a9
0x1329a: jmp 0x13394
0x1329d: cmp dl, 0x12
0x132a0: je 0x132ad
0x132a2: jmp 0x13394
0x132a5: push cs
0x132a6: call 0x132b1
0x132a9: push cs
0x132aa: call 0x13365
2018-12-25T12:44:04.691264599Z 9 PC: 13387 | Display string (Could not find end pointer)
2018-12-25T12:44:04.694722306Z 76 PC: 13394 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15639,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:04.83681625Z 42 PC: 1327b | Get date 0x1327b: cmp dh, 8
0x1327e: je 0x1329d
0x13280: cmp dh, 2
0x13283: je 0x13295
0x13285: cmp dh, 0xc
0x13288: je 0x1328d
0x1328a: jmp 0x13394
0x1328d: cmp dl, 0x19
0x13290: je 0x132a5
0x13292: jmp 0x13394
0x13295: cmp dl, 3
0x13298: je 0x132a9
0x1329a: jmp 0x13394
0x1329d: cmp dl, 0x12
0x132a0: je 0x132ad
0x132a2: jmp 0x13394
0x132a5: push cs
0x132a6: call 0x132b1
0x132a9: push cs
0x132aa: call 0x13365
2018-12-25T12:44:04.840308216Z 26 PC: 133a9 | Set disk transfer address
2018-12-25T12:44:04.841393756Z 78 PC: 133b4 | Find first file
2018-12-25T12:44:04.847163279Z 61 PC: 133c2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:04.857959642Z 87 PC: 133c8 | Get or set file date and time
2018-12-25T12:44:04.85946671Z 87 PC: 13439 | Get or set file date and time
2018-12-25T12:44:04.860952844Z 62 PC: 1343d | Close file
2018-12-25T12:44:04.874282598Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:04.877443117Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:04.883660087Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:04.884918311Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:04.886937839Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:04.895931038Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:04.898361284Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:04.911300015Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:04.913635442Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:04.915011169Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:04.922518942Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:04.925206995Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:04.931614581Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:04.933523673Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:04.935278773Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:04.942339782Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:04.94588151Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:04.952501719Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:04.953847909Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:04.956057815Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:04.963155679Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:04.966059345Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:04.978422621Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:04.979888575Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:04.982446237Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:04.990398856Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:04.993641693Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:05.000516849Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:05.003238023Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:05.005213632Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:05.01272358Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:05.016660206Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:05.023951777Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:05.026066914Z 63 PC: 133e8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:05.034190083Z 66 PC: 1340b | Move file pointer
2018-12-25T12:44:05.0360168Z 64 PC: 13416 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:05.038779926Z 66 PC: 1341f | Move file pointer
2018-12-25T12:44:05.047502078Z 64 PC: 1342a | Write file or device (Write 1006 bytes on handle 5)
2018-12-25T12:44:05.056819507Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:05.05821641Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:05.066524633Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:05.068850391Z 26 PC: 13449 | Set disk transfer address
2018-12-25T12:44:05.069899383Z 9 PC: 12a47 | Display string (String= 'Bait file!  (C) 2000 Mountain Virus Research Labs M�llen AntiVirusGps!QbopjY ')

{"DateBased":true,"Day":18,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15639,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:06.568653933Z 42 PC: 1327b | Get date 0x1327b: cmp dh, 8
0x1327e: je 0x1329d
0x13280: cmp dh, 2
0x13283: je 0x13295
0x13285: cmp dh, 0xc
0x13288: je 0x1328d
0x1328a: jmp 0x13394
0x1328d: cmp dl, 0x19
0x13290: je 0x132a5
0x13292: jmp 0x13394
0x13295: cmp dl, 3
0x13298: je 0x132a9
0x1329a: jmp 0x13394
0x1329d: cmp dl, 0x12
0x132a0: je 0x132ad
0x132a2: jmp 0x13394
0x132a5: push cs
0x132a6: call 0x132b1
0x132a9: push cs
0x132aa: call 0x13365
2018-12-25T12:44:06.573229858Z 9 PC: 13387 | Display string (Could not find end pointer)
2018-12-25T12:44:06.578095326Z 76 PC: 13394 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15639,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:08.193795391Z 42 PC: 1327b | Get date 0x1327b: cmp dh, 8
0x1327e: je 0x1329d
0x13280: cmp dh, 2
0x13283: je 0x13295
0x13285: cmp dh, 0xc
0x13288: je 0x1328d
0x1328a: jmp 0x13394
0x1328d: cmp dl, 0x19
0x13290: je 0x132a5
0x13292: jmp 0x13394
0x13295: cmp dl, 3
0x13298: je 0x132a9
0x1329a: jmp 0x13394
0x1329d: cmp dl, 0x12
0x132a0: je 0x132ad
0x132a2: jmp 0x13394
0x132a5: push cs
0x132a6: call 0x132b1
0x132a9: push cs
0x132aa: call 0x13365
2018-12-25T12:44:08.196649283Z 26 PC: 133a9 | Set disk transfer address
2018-12-25T12:44:08.197753344Z 78 PC: 133b4 | Find first file
2018-12-25T12:44:08.204229938Z 61 PC: 133c2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:08.211115858Z 87 PC: 133c8 | Get or set file date and time
2018-12-25T12:44:08.213150923Z 87 PC: 13439 | Get or set file date and time
2018-12-25T12:44:08.215251503Z 62 PC: 1343d | Close file
2018-12-25T12:44:08.228526735Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.232380249Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.239010542Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.241464549Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.243115859Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.249790331Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.252613575Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.259432365Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.260795891Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.262243912Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.270122185Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.282842755Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.289904225Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.292900135Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.294864731Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.30203937Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.30578585Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.3125912Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.314458856Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.317732287Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.324783652Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.327697734Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.334746614Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.336499059Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.338036812Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.34576664Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.349339919Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.355991557Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.357897375Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.359875653Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.366620699Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.369324923Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.375793238Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.377122839Z 63 PC: 133e8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:08.379702599Z 66 PC: 1340b | Move file pointer
2018-12-25T12:44:08.381837393Z 64 PC: 13416 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:08.384691241Z 66 PC: 1341f | Move file pointer
2018-12-25T12:44:08.386325677Z 64 PC: 1342a | Write file or device (Write 1006 bytes on handle 5)
2018-12-25T12:44:08.395473124Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.397302475Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.405169609Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.408781782Z 26 PC: 13449 | Set disk transfer address
2018-12-25T12:44:08.409929694Z 9 PC: 12a47 | Display string (String= 'Bait file!  (C) 2000 Mountain Virus Research Labs M�llen AntiVirusGps!QbopjY ')

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15639,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:08.226180057Z 42 PC: 1327b | Get date 0x1327b: cmp dh, 8
0x1327e: je 0x1329d
0x13280: cmp dh, 2
0x13283: je 0x13295
0x13285: cmp dh, 0xc
0x13288: je 0x1328d
0x1328a: jmp 0x13394
0x1328d: cmp dl, 0x19
0x13290: je 0x132a5
0x13292: jmp 0x13394
0x13295: cmp dl, 3
0x13298: je 0x132a9
0x1329a: jmp 0x13394
0x1329d: cmp dl, 0x12
0x132a0: je 0x132ad
0x132a2: jmp 0x13394
0x132a5: push cs
0x132a6: call 0x132b1
0x132a9: push cs
0x132aa: call 0x13365
2018-12-25T12:44:08.228943616Z 9 PC: 132b9 | Display string (String= 'Disinfecting file... ')
2018-12-25T12:44:08.234230728Z 26 PC: 132c0 | Set disk transfer address
2018-12-25T12:44:08.235480333Z 67 PC: 132f0 | Get or set file attributes
2018-12-25T12:44:08.242374955Z 67 PC: 132fc | Get or set file attributes
2018-12-25T12:44:08.259537189Z 61 PC: 13301 | Open file (Filename = 'A:\TEST.COM')
2018-12-25T12:44:08.26703474Z 87 PC: 13307 | Get or set file date and time
2018-12-25T12:44:08.269569253Z 62 PC: 13315 | Close file
2018-12-25T12:44:08.271593151Z 60 PC: 1331e | Create or truncate file
2018-12-25T12:44:08.285412608Z 64 PC: 1332a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:08.289605211Z 64 PC: 13333 | Write file or device (Write 2092 bytes on handle 5)
2018-12-25T12:44:08.301163289Z 87 PC: 13342 | Get or set file date and time
2018-12-25T12:44:08.302812538Z 62 PC: 13346 | Close file
2018-12-25T12:44:08.311442846Z 67 PC: 1334f | Get or set file attributes
2018-12-25T12:44:08.323447075Z 9 PC: 13359 | Display string (String= ' File disinfected! Merry Christmas Nowhere virus v1.0 VEiN - 1995 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15639,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:08.464156457Z 42 PC: 1327b | Get date 0x1327b: cmp dh, 8
0x1327e: je 0x1329d
0x13280: cmp dh, 2
0x13283: je 0x13295
0x13285: cmp dh, 0xc
0x13288: je 0x1328d
0x1328a: jmp 0x13394
0x1328d: cmp dl, 0x19
0x13290: je 0x132a5
0x13292: jmp 0x13394
0x13295: cmp dl, 3
0x13298: je 0x132a9
0x1329a: jmp 0x13394
0x1329d: cmp dl, 0x12
0x132a0: je 0x132ad
0x132a2: jmp 0x13394
0x132a5: push cs
0x132a6: call 0x132b1
0x132a9: push cs
0x132aa: call 0x13365
2018-12-25T12:44:08.467062204Z 26 PC: 133a9 | Set disk transfer address
2018-12-25T12:44:08.468675489Z 78 PC: 133b4 | Find first file
2018-12-25T12:44:08.475855107Z 61 PC: 133c2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:08.48441411Z 87 PC: 133c8 | Get or set file date and time
2018-12-25T12:44:08.487003921Z 87 PC: 13439 | Get or set file date and time
2018-12-25T12:44:08.489024827Z 62 PC: 1343d | Close file
2018-12-25T12:44:08.50646513Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.510211669Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.52208494Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.524343428Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.527377047Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.537583433Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.540994336Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.549059968Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.551363538Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.552900061Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.559921129Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.569873488Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.586390116Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.588390551Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.591412485Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.599578263Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.60291061Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.610944945Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.612675533Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.614382779Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.624566523Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.629372952Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.637176961Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.638798515Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.640752877Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.647670016Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.651383307Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.659013892Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.660854477Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.66253108Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.670485176Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.673568917Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.681060124Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.683724609Z 63 PC: 133e8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:08.691210509Z 66 PC: 1340b | Move file pointer
2018-12-25T12:44:08.692821451Z 64 PC: 13416 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:08.697121082Z 66 PC: 1341f | Move file pointer
2018-12-25T12:44:08.699504975Z 64 PC: 1342a | Write file or device (Write 1006 bytes on handle 5)
2018-12-25T12:44:08.716944545Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.719359285Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.728599128Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.731350715Z 26 PC: 13449 | Set disk transfer address
2018-12-25T12:44:08.733189718Z 9 PC: 12a47 | Display string (String= 'Bait file!  (C) 2000 Mountain Virus Research Labs M�llen AntiVirusGps!QbopjY ')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15639,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:08.491151098Z 42 PC: 1327b | Get date 0x1327b: cmp dh, 8
0x1327e: je 0x1329d
0x13280: cmp dh, 2
0x13283: je 0x13295
0x13285: cmp dh, 0xc
0x13288: je 0x1328d
0x1328a: jmp 0x13394
0x1328d: cmp dl, 0x19
0x13290: je 0x132a5
0x13292: jmp 0x13394
0x13295: cmp dl, 3
0x13298: je 0x132a9
0x1329a: jmp 0x13394
0x1329d: cmp dl, 0x12
0x132a0: je 0x132ad
0x132a2: jmp 0x13394
0x132a5: push cs
0x132a6: call 0x132b1
0x132a9: push cs
0x132aa: call 0x13365
2018-12-25T12:44:08.494551093Z 26 PC: 133a9 | Set disk transfer address
2018-12-25T12:44:08.49589934Z 78 PC: 133b4 | Find first file
2018-12-25T12:44:08.502687121Z 61 PC: 133c2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:08.510302075Z 87 PC: 133c8 | Get or set file date and time
2018-12-25T12:44:08.512428832Z 87 PC: 13439 | Get or set file date and time
2018-12-25T12:44:08.514104792Z 62 PC: 1343d | Close file
2018-12-25T12:44:08.531728932Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.536451434Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.543848256Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.545602371Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.548541722Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.564379594Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.568520768Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.577805019Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.579814781Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.581951394Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.594673493Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.597554659Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.605308493Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.606985613Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.608967144Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.616725446Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.620007666Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.634089496Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.635884462Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.637805946Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.650155243Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.653118585Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.658687782Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.66079876Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.662754383Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.670263966Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.673789461Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.681200079Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.682808467Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.685594054Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.696809822Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.699955177Z 61 PC: 133c2 | Open file (See above)
2018-12-25T12:44:08.707754556Z 87 PC: 133c8 | Get or set file date and time (See above)
2018-12-25T12:44:08.709285104Z 63 PC: 133e8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:08.718533861Z 66 PC: 1340b | Move file pointer
2018-12-25T12:44:08.720503583Z 64 PC: 13416 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:08.722554696Z 66 PC: 1341f | Move file pointer
2018-12-25T12:44:08.72354298Z 64 PC: 1342a | Write file or device (Write 1006 bytes on handle 5)
2018-12-25T12:44:08.730449669Z 87 PC: 13439 | Get or set file date and time (See above)
2018-12-25T12:44:08.732536083Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:44:08.741256811Z 79 PC: 133b4 | Find next file (See above)
2018-12-25T12:44:08.744244419Z 26 PC: 13449 | Set disk transfer address
2018-12-25T12:44:08.746225264Z 9 PC: 12a47 | Display string (String= 'Bait file!  (C) 2000 Mountain Virus Research Labs M�llen AntiVirusGps!QbopjY ')