Sample viewer

vx.netlux.org/Virus.DOS.Lokjaw.874

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:19.935098355Z 74 PC: 12a4e | Reallocate memory
2018-12-17T23:07:19.937765421Z 75 PC: 12a6c | Execute program
2018-12-17T23:07:19.940920206Z 26 PC: 12a81 | Set disk transfer address
2018-12-17T23:07:19.942863892Z 78 PC: 12ac1 | Find first file
2018-12-17T23:07:19.950521931Z 86 PC: 12aec | Rename file
2018-12-17T23:07:19.970072549Z 60 PC: 12af5 | Create or truncate file
2018-12-17T23:07:19.982805297Z 64 PC: 12b01 | Write file or device (Write 874 bytes on handle 5)
2018-12-17T23:07:19.993027503Z 62 PC: 12b05 | Close file
2018-12-17T23:07:20.004019165Z 79 PC: 12ac1 | Find next file
2018-12-17T23:07:20.007585314Z 86 PC: 12aec | Rename file
2018-12-17T23:07:20.021558592Z 60 PC: 12af5 | Create or truncate file
2018-12-17T23:07:20.035229315Z 64 PC: 12b01 | Write file or device (Write 874 bytes on handle 5)
2018-12-17T23:07:20.045285873Z 62 PC: 12b05 | Close file
2018-12-17T23:07:20.059181948Z 79 PC: 12ac1 | Find next file
2018-12-17T23:07:20.063193494Z 86 PC: 12aec | Rename file
2018-12-17T23:07:20.076337017Z 60 PC: 12af5 | Create or truncate file
2018-12-17T23:07:20.08862836Z 64 PC: 12b01 | Write file or device (Write 874 bytes on handle 5)
2018-12-17T23:07:20.098410988Z 62 PC: 12b05 | Close file
2018-12-17T23:07:20.108881468Z 79 PC: 12ac1 | Find next file
2018-12-17T23:07:20.112416997Z 86 PC: 12aec | Rename file
2018-12-17T23:07:20.136710959Z 60 PC: 12af5 | Create or truncate file
2018-12-17T23:07:20.150925276Z 64 PC: 12b01 | Write file or device (Write 874 bytes on handle 5)
2018-12-17T23:07:20.160481087Z 62 PC: 12b05 | Close file
2018-12-17T23:07:20.169709455Z 79 PC: 12ac1 | Find next file
2018-12-17T23:07:20.173916678Z 86 PC: 12aec | Rename file
2018-12-17T23:07:20.191009087Z 60 PC: 12af5 | Create or truncate file
2018-12-17T23:07:20.203414974Z 64 PC: 12b01 | Write file or device (Write 874 bytes on handle 5)
2018-12-17T23:07:20.21395424Z 62 PC: 12b05 | Close file
2018-12-17T23:07:20.223482194Z 79 PC: 12ac1 | Find next file
2018-12-17T23:07:20.226939044Z 86 PC: 12aec | Rename file
2018-12-17T23:07:20.240354113Z 60 PC: 12af5 | Create or truncate file
2018-12-17T23:07:20.254147428Z 64 PC: 12b01 | Write file or device (Write 874 bytes on handle 5)
2018-12-17T23:07:20.26372084Z 62 PC: 12b05 | Close file
2018-12-17T23:07:20.274023573Z 79 PC: 12ac1 | Find next file
2018-12-17T23:07:20.277673024Z 86 PC: 12aec | Rename file
2018-12-17T23:07:20.290644348Z 60 PC: 12af5 | Create or truncate file
2018-12-17T23:07:20.303433146Z 64 PC: 12b01 | Write file or device (Write 874 bytes on handle 5)
2018-12-17T23:07:20.31345132Z 62 PC: 12b05 | Close file
2018-12-17T23:07:20.322799354Z 79 PC: 12ac1 | Find next file
2018-12-17T23:07:20.326280942Z 42 PC: 12b32 | Get date 0x12b32: cmp dl, 0x18
0x12b35: jne 0x12b39
0x12b37: je 0x12b47
0x12b39: mov ah, 0x2c
0x12b3b: int 0x21
0x12b3d: cmp ch, 0xd
0x12b40: jne 0x12b4a
0x12b42: cmp cl, 0x1e
0x12b45: je 0x12b47
0x12b47: call 0x12b4b
0x12b4a: ret
0x12b4b: push cs
0x12b4c: pop ds
0x12b4d: mov ah, 3
0x12b4f: int 0x10
0x12b51: mov byte ptr [0x3d7], bh
0x12b55: mov byte ptr [0x3d8], dh
0x12b59: mov byte ptr [0x3d9], dl
0x12b5d: mov byte ptr [0x3da], ch
0x12b61: mov byte ptr [0x3db], cl
2018-12-17T23:07:20.335692805Z 44 PC: 12b3d | Get time 0x12b3d: cmp ch, 0xd
0x12b40: jne 0x12b4a
0x12b42: cmp cl, 0x1e
0x12b45: je 0x12b47
0x12b47: call 0x12b4b
0x12b4a: ret
0x12b4b: push cs
0x12b4c: pop ds
0x12b4d: mov ah, 3
0x12b4f: int 0x10
0x12b51: mov byte ptr [0x3d7], bh
0x12b55: mov byte ptr [0x3d8], dh
0x12b59: mov byte ptr [0x3d9], dl
0x12b5d: mov byte ptr [0x3da], ch
0x12b61: mov byte ptr [0x3db], cl
0x12b65: mov ah, 1
0x12b67: mov cl, 0
0x12b69: mov ch, 0x40
0x12b6b: int 0x10
0x12b6d: mov cl, 0
2018-12-17T23:07:20.338485891Z 60 PC: 12d33 | Create or truncate file
2018-12-17T23:07:21.013012797Z 60 PC: 12d3a | Create or truncate file
2018-12-17T23:07:21.035893088Z 60 PC: 12d41 | Create or truncate file
2018-12-17T23:07:21.048626653Z 65 PC: 12d48 | Delete file (Filename = 'C:\dos\vsafe.com')
2018-12-17T23:07:21.059551071Z 65 PC: 12d4f | Delete file (Filename = 'C:\dos\mwav.exe')
2018-12-17T23:07:21.071132614Z 65 PC: 12d56 | Delete file (Filename = 'C:\dos\msav.exe')
2018-12-17T23:07:21.07898897Z 64 PC: 12ac1 | Write file or device (Write 0 bytes on handle 1381)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15826,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:40.543737723Z 74 PC: 12a4e | Reallocate memory
2018-12-25T12:44:40.545688255Z 75 PC: 12a6c | Execute program
2018-12-25T12:44:40.548535004Z 26 PC: 12a81 | Set disk transfer address
2018-12-25T12:44:40.549566548Z 78 PC: 12ac1 | Find first file
2018-12-25T12:44:40.55655885Z 86 PC: 12aec | Rename file
2018-12-25T12:44:40.577223043Z 60 PC: 12af5 | Create or truncate file
2018-12-25T12:44:40.590803558Z 64 PC: 12b01 | Write file or device (Write 874 bytes on handle 5)
2018-12-25T12:44:40.603685357Z 62 PC: 12b05 | Close file
2018-12-25T12:44:40.611736198Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.614366331Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.626247325Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:40.637432868Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:40.645488337Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:40.653696227Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.657124807Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.668236306Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:40.679143463Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:40.688208997Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:40.696510287Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.699570246Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.714538308Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:40.725979027Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:40.734250714Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:40.742787257Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.745838302Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.757600774Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:40.7694272Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:40.77782636Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:40.785588573Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.7885785Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.799529067Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:40.810404784Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:40.819104611Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:40.827840016Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.830623521Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.844410665Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:40.856853706Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:40.864622644Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:40.871808825Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.875655683Z 42 PC: 12b32 | Get date 0x12b32: cmp dl, 0x18
0x12b35: jne 0x12b39
0x12b37: je 0x12b47
0x12b39: mov ah, 0x2c
0x12b3b: int 0x21
0x12b3d: cmp ch, 0xd
0x12b40: jne 0x12b4a
0x12b42: cmp cl, 0x1e
0x12b45: je 0x12b47
0x12b47: call 0x12b4b
0x12b4a: ret
0x12b4b: push cs
0x12b4c: pop ds
0x12b4d: mov ah, 3
0x12b4f: int 0x10
0x12b51: mov byte ptr [0x3d7], bh
0x12b55: mov byte ptr [0x3d8], dh
0x12b59: mov byte ptr [0x3d9], dl
0x12b5d: mov byte ptr [0x3da], ch
0x12b61: mov byte ptr [0x3db], cl
2018-12-25T12:44:40.877731281Z 44 PC: 12b3d | Get time 0x12b3d: cmp ch, 0xd
0x12b40: jne 0x12b4a
0x12b42: cmp cl, 0x1e
0x12b45: je 0x12b47
0x12b47: call 0x12b4b
0x12b4a: ret
0x12b4b: push cs
0x12b4c: pop ds
0x12b4d: mov ah, 3
0x12b4f: int 0x10
0x12b51: mov byte ptr [0x3d7], bh
0x12b55: mov byte ptr [0x3d8], dh
0x12b59: mov byte ptr [0x3d9], dl
0x12b5d: mov byte ptr [0x3da], ch
0x12b61: mov byte ptr [0x3db], cl
0x12b65: mov ah, 1
0x12b67: mov cl, 0
0x12b69: mov ch, 0x40
0x12b6b: int 0x10
0x12b6d: mov cl, 0
2018-12-25T12:44:40.879795262Z 60 PC: 12d33 | Create or truncate file
2018-12-25T12:44:41.220842203Z 60 PC: 12d3a | Create or truncate file
2018-12-25T12:44:41.232949683Z 60 PC: 12d41 | Create or truncate file
2018-12-25T12:44:41.244856329Z 65 PC: 12d48 | Delete file (Filename = 'C:\dos\vsafe.com')
2018-12-25T12:44:41.256041911Z 65 PC: 12d4f | Delete file (Filename = 'C:\dos\mwav.exe')
2018-12-25T12:44:41.266433278Z 65 PC: 12d56 | Delete file (Filename = 'C:\dos\msav.exe')
2018-12-25T12:44:41.50474335Z 64 PC: 12ac1 | Write file or device (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15826,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:40.621836579Z 74 PC: 12a4e | Reallocate memory
2018-12-25T12:44:40.624049937Z 75 PC: 12a6c | Execute program
2018-12-25T12:44:40.627411809Z 26 PC: 12a81 | Set disk transfer address
2018-12-25T12:44:40.628686019Z 78 PC: 12ac1 | Find first file
2018-12-25T12:44:40.636335432Z 86 PC: 12aec | Rename file
2018-12-25T12:44:40.653243428Z 60 PC: 12af5 | Create or truncate file
2018-12-25T12:44:40.664352014Z 64 PC: 12b01 | Write file or device (Write 874 bytes on handle 5)
2018-12-25T12:44:40.672697109Z 62 PC: 12b05 | Close file
2018-12-25T12:44:40.681545837Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.684698526Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.69658288Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:40.711035962Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:40.719384579Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:40.727385891Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.730839251Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.742709726Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:40.753862499Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:40.766385704Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:40.772018547Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.773825464Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.781537144Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:40.791878479Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:40.802432949Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:40.808267755Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.810093304Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.818725811Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:40.827367736Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:40.832959636Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:40.838148231Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.840243129Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.857791174Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:40.868714433Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:40.876984866Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:40.886602099Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.8892143Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.21930069Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.228556372Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.237661285Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.246162898Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.250594747Z 42 PC: 12b32 | Get date 0x12b32: cmp dl, 0x18
0x12b35: jne 0x12b39
0x12b37: je 0x12b47
0x12b39: mov ah, 0x2c
0x12b3b: int 0x21
0x12b3d: cmp ch, 0xd
0x12b40: jne 0x12b4a
0x12b42: cmp cl, 0x1e
0x12b45: je 0x12b47
0x12b47: call 0x12b4b
0x12b4a: ret
0x12b4b: push cs
0x12b4c: pop ds
0x12b4d: mov ah, 3
0x12b4f: int 0x10
0x12b51: mov byte ptr [0x3d7], bh
0x12b55: mov byte ptr [0x3d8], dh
0x12b59: mov byte ptr [0x3d9], dl
0x12b5d: mov byte ptr [0x3da], ch
0x12b61: mov byte ptr [0x3db], cl
2018-12-25T12:44:41.252813925Z 44 PC: 12b3d | Get time 0x12b3d: cmp ch, 0xd
0x12b40: jne 0x12b4a
0x12b42: cmp cl, 0x1e
0x12b45: je 0x12b47
0x12b47: call 0x12b4b
0x12b4a: ret
0x12b4b: push cs
0x12b4c: pop ds
0x12b4d: mov ah, 3
0x12b4f: int 0x10
0x12b51: mov byte ptr [0x3d7], bh
0x12b55: mov byte ptr [0x3d8], dh
0x12b59: mov byte ptr [0x3d9], dl
0x12b5d: mov byte ptr [0x3da], ch
0x12b61: mov byte ptr [0x3db], cl
0x12b65: mov ah, 1
0x12b67: mov cl, 0
0x12b69: mov ch, 0x40
0x12b6b: int 0x10
0x12b6d: mov cl, 0
2018-12-25T12:44:41.254912569Z 60 PC: 12d33 | Create or truncate file
2018-12-25T12:44:41.613955759Z 60 PC: 12d3a | Create or truncate file
2018-12-25T12:44:41.621859778Z 60 PC: 12d41 | Create or truncate file
2018-12-25T12:44:41.629390607Z 65 PC: 12d48 | Delete file (Filename = 'C:\dos\vsafe.com')
2018-12-25T12:44:41.637526752Z 65 PC: 12d4f | Delete file (Filename = 'C:\dos\mwav.exe')
2018-12-25T12:44:41.644446512Z 65 PC: 12d56 | Delete file (Filename = 'C:\dos\msav.exe')
2018-12-25T12:44:41.651190838Z 64 PC: 12ac1 | Write file or device (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15826,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:40.910051512Z 74 PC: 12a4e | Reallocate memory
2018-12-25T12:44:40.911975155Z 75 PC: 12a6c | Execute program
2018-12-25T12:44:40.915552138Z 26 PC: 12a81 | Set disk transfer address
2018-12-25T12:44:40.917427416Z 78 PC: 12ac1 | Find first file
2018-12-25T12:44:40.923928374Z 86 PC: 12aec | Rename file
2018-12-25T12:44:40.948676957Z 60 PC: 12af5 | Create or truncate file
2018-12-25T12:44:40.960627486Z 64 PC: 12b01 | Write file or device (Write 874 bytes on handle 5)
2018-12-25T12:44:40.970217024Z 62 PC: 12b05 | Close file
2018-12-25T12:44:40.980329262Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:40.984251264Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:40.997715572Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.01102854Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.020728961Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.030182409Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.03452984Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.046652564Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.058343984Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.067916735Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.077554606Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.08056506Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.092787514Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.104935027Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.113370488Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.122761337Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.127122954Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.140258101Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.152500842Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.162534527Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.171568501Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.174731451Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.187736277Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.200617864Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.209603793Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.230017334Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.23314386Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.246153639Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.260103181Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.269781875Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.279262838Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.28300847Z 42 PC: 12b32 | Get date 0x12b32: cmp dl, 0x18
0x12b35: jne 0x12b39
0x12b37: je 0x12b47
0x12b39: mov ah, 0x2c
0x12b3b: int 0x21
0x12b3d: cmp ch, 0xd
0x12b40: jne 0x12b4a
0x12b42: cmp cl, 0x1e
0x12b45: je 0x12b47
0x12b47: call 0x12b4b
0x12b4a: ret
0x12b4b: push cs
0x12b4c: pop ds
0x12b4d: mov ah, 3
0x12b4f: int 0x10
0x12b51: mov byte ptr [0x3d7], bh
0x12b55: mov byte ptr [0x3d8], dh
0x12b59: mov byte ptr [0x3d9], dl
0x12b5d: mov byte ptr [0x3da], ch
0x12b61: mov byte ptr [0x3db], cl
2018-12-25T12:44:41.28604693Z 44 PC: 12b3d | Get time 0x12b3d: cmp ch, 0xd
0x12b40: jne 0x12b4a
0x12b42: cmp cl, 0x1e
0x12b45: je 0x12b47
0x12b47: call 0x12b4b
0x12b4a: ret
0x12b4b: push cs
0x12b4c: pop ds
0x12b4d: mov ah, 3
0x12b4f: int 0x10
0x12b51: mov byte ptr [0x3d7], bh
0x12b55: mov byte ptr [0x3d8], dh
0x12b59: mov byte ptr [0x3d9], dl
0x12b5d: mov byte ptr [0x3da], ch
0x12b61: mov byte ptr [0x3db], cl
0x12b65: mov ah, 1
0x12b67: mov cl, 0
0x12b69: mov ch, 0x40
0x12b6b: int 0x10
0x12b6d: mov cl, 0
2018-12-25T12:44:41.289755131Z 9 PC: 12b94 | Display string (String= '(o) (o)')
2018-12-25T12:44:41.410192265Z 60 PC: 12d33 | Create or truncate file
2018-12-25T12:44:41.757066558Z 60 PC: 12d3a | Create or truncate file
2018-12-25T12:44:41.769578013Z 60 PC: 12d41 | Create or truncate file
2018-12-25T12:44:41.777975233Z 65 PC: 12d48 | Delete file (Filename = 'C:\dos\vsafe.com')
2018-12-25T12:44:41.789966678Z 65 PC: 12d4f | Delete file (Filename = 'C:\dos\mwav.exe')
2018-12-25T12:44:41.801070481Z 65 PC: 12d56 | Delete file (Filename = 'C:\dos\msav.exe')
2018-12-25T12:44:41.81264821Z 64 PC: 12ac1 | Write file or device (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15826,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:41.449268254Z 74 PC: 12a4e | Reallocate memory
2018-12-25T12:44:41.451170122Z 75 PC: 12a6c | Execute program
2018-12-25T12:44:41.453686353Z 26 PC: 12a81 | Set disk transfer address
2018-12-25T12:44:41.455029617Z 78 PC: 12ac1 | Find first file
2018-12-25T12:44:41.462038786Z 86 PC: 12aec | Rename file
2018-12-25T12:44:41.614021406Z 60 PC: 12af5 | Create or truncate file
2018-12-25T12:44:41.63220422Z 64 PC: 12b01 | Write file or device (Write 874 bytes on handle 5)
2018-12-25T12:44:41.640773486Z 62 PC: 12b05 | Close file
2018-12-25T12:44:41.649861322Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.652571615Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.664688686Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.676246369Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.684376452Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.692173037Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.69531271Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.706217448Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.714562623Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.720028271Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.725690786Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.728225781Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.739789708Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.746617647Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.75170326Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.757497057Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.759301428Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.771943925Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.785151536Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.793536059Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.801372096Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.804046359Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.815368869Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.825898508Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.834074694Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.843122706Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.845677113Z 86 PC: 12aec | Rename file (See above)
2018-12-25T12:44:41.859587003Z 60 PC: 12af5 | Create or truncate file (See above)
2018-12-25T12:44:41.87076239Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:44:41.878978557Z 62 PC: 12b05 | Close file (See above)
2018-12-25T12:44:41.887702522Z 79 PC: 12ac1 | Find next file (See above)
2018-12-25T12:44:41.891260972Z 42 PC: 12b32 | Get date 0x12b32: cmp dl, 0x18
0x12b35: jne 0x12b39
0x12b37: je 0x12b47
0x12b39: mov ah, 0x2c
0x12b3b: int 0x21
0x12b3d: cmp ch, 0xd
0x12b40: jne 0x12b4a
0x12b42: cmp cl, 0x1e
0x12b45: je 0x12b47
0x12b47: call 0x12b4b
0x12b4a: ret
0x12b4b: push cs
0x12b4c: pop ds
0x12b4d: mov ah, 3
0x12b4f: int 0x10
0x12b51: mov byte ptr [0x3d7], bh
0x12b55: mov byte ptr [0x3d8], dh
0x12b59: mov byte ptr [0x3d9], dl
0x12b5d: mov byte ptr [0x3da], ch
0x12b61: mov byte ptr [0x3db], cl
2018-12-25T12:44:41.893577656Z 44 PC: 12b3d | Get time 0x12b3d: cmp ch, 0xd
0x12b40: jne 0x12b4a
0x12b42: cmp cl, 0x1e
0x12b45: je 0x12b47
0x12b47: call 0x12b4b
0x12b4a: ret
0x12b4b: push cs
0x12b4c: pop ds
0x12b4d: mov ah, 3
0x12b4f: int 0x10
0x12b51: mov byte ptr [0x3d7], bh
0x12b55: mov byte ptr [0x3d8], dh
0x12b59: mov byte ptr [0x3d9], dl
0x12b5d: mov byte ptr [0x3da], ch
0x12b61: mov byte ptr [0x3db], cl
0x12b65: mov ah, 1
0x12b67: mov cl, 0
0x12b69: mov ch, 0x40
0x12b6b: int 0x10
0x12b6d: mov cl, 0
2018-12-25T12:44:41.896863251Z 9 PC: 12b94 | Display string (String= '(o) (o)')
2018-12-25T12:44:41.985680772Z 60 PC: 12d33 | Create or truncate file
2018-12-25T12:44:42.317859223Z 60 PC: 12d3a | Create or truncate file
2018-12-25T12:44:42.329244513Z 60 PC: 12d41 | Create or truncate file
2018-12-25T12:44:42.34087243Z 65 PC: 12d48 | Delete file (Filename = 'C:\dos\vsafe.com')
2018-12-25T12:44:42.351276781Z 65 PC: 12d4f | Delete file (Filename = 'C:\dos\mwav.exe')
2018-12-25T12:44:42.361061979Z 65 PC: 12d56 | Delete file (Filename = 'C:\dos\msav.exe')
2018-12-25T12:44:42.372141239Z 64 PC: 12ac1 | Write file or device (See above)