Sample viewer

vx.netlux.org/Virus.DOS.V.2435

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:47.820398253Z 71 PC: 13596 | Get current directory
2018-12-17T23:07:47.823540349Z 59 PC: 135a0 | Change current directory
2018-12-17T23:07:47.827248678Z 26 PC: 136a1 | Set disk transfer address
2018-12-17T23:07:47.828167577Z 78 PC: 136b2 | Find first file
2018-12-17T23:07:47.838926959Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.840025267Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.840977935Z 79 PC: 136c5 | Find next file
2018-12-17T23:07:47.843724125Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.844762697Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.845710985Z 79 PC: 136c5 | Find next file
2018-12-17T23:07:47.848946361Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.850658183Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.852264214Z 79 PC: 136c5 | Find next file
2018-12-17T23:07:47.854725329Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.86051939Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.861492746Z 79 PC: 136c5 | Find next file
2018-12-17T23:07:47.863765744Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.870572825Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.871755667Z 79 PC: 136c5 | Find next file
2018-12-17T23:07:47.874119636Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.88374903Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.884836969Z 79 PC: 136c5 | Find next file
2018-12-17T23:07:47.88717893Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.889261044Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.890726071Z 79 PC: 136c5 | Find next file
2018-12-17T23:07:47.893650167Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.895926134Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.897160938Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:47.898338129Z 61 PC: 138b9 | Open file (Filename = 'TEST.COM')
2018-12-17T23:07:47.906274691Z 63 PC: 1370e | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:07:47.913145216Z 60 PC: 137f2 | Create or truncate file
2018-12-17T23:07:48.043303226Z 64 PC: 13721 | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:07:48.052453785Z 63 PC: 1370e | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:07:48.060277765Z 64 PC: 1373b | Write file or device (Write 2048 bytes on handle 6)
2018-12-17T23:07:48.068470983Z 63 PC: 1370e | Read file or device (Read 2048 bytes on handle 5)
2018-12-17T23:07:48.076140177Z 64 PC: 1373b | Write file or device (Write 1171 bytes on handle 6)
2018-12-17T23:07:48.085478688Z 64 PC: 1497c | Write file or device (Write 2435 bytes on handle 6)
2018-12-17T23:07:48.094073934Z 87 PC: 138e5 | Get or set file date and time
2018-12-17T23:07:48.095575421Z 87 PC: 1391d | Get or set file date and time
2018-12-17T23:07:48.098427874Z 62 PC: 137ff | Close file
2018-12-17T23:07:48.100141804Z 62 PC: 13807 | Close file
2018-12-17T23:07:48.107589925Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:48.110194942Z 65 PC: 13813 | Delete file (Filename = 'TEST.COM')
2018-12-17T23:07:48.122016943Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:48.123446467Z 86 PC: 13825 | Rename file
2018-12-17T23:07:48.135976909Z 79 PC: 136c5 | Find next file
2018-12-17T23:07:48.139266628Z 47 PC: 13696 | Get disk transfer address
2018-12-17T23:07:48.140718939Z 79 PC: 136c5 | Find next file
2018-12-17T23:07:48.144046597Z 26 PC: 13691 | Set disk transfer address
2018-12-17T23:07:48.14533408Z 78 PC: 135e8 | Find first file
2018-12-17T23:07:48.151367446Z 59 PC: 13656 | Change current directory
2018-12-17T23:07:48.157090911Z 42 PC: 1365a | Get date 0x1365a: cmp dl, 1
0x1365d: jne 0x13666
0x1365f: mov ah, 0x2b
0x13661: mov dx, 0xc18
0x13664: int 0x21
0x13666: cmp bp, 0
0x13669: je 0x13670
0x1366b: mov ax, 0x100
0x1366e: jmp ax
0x13670: mov ah, 0x4c
0x13672: int 0x21
0x13674: ret
0x13675: mov si, 0x130c
0x13678: call 0x235a9
0x1367b: mov al, byte ptr [bp + 0xa84]
0x1367f: cmp al, 0
0x13681: je 0x1368b
0x13683: add si, 0x80
0x13687: dec al
0x13689: jmp 0x1367f
2018-12-17T23:07:48.159335289Z 9 PC: 12a52 | Display string (String= ' ______ ___________ __________ ___________ ____________ ___________')
2018-12-17T23:07:48.163322027Z 9 PC: 12a59 | Display string (String= ' ')
2018-12-17T23:07:48.168010106Z 9 PC: 12b14 | Display string (String= ' _/ | _/ | | | | |')
2018-12-17T23:07:48.171871131Z 9 PC: 12b1b | Display string (String= ' ')
2018-12-17T23:07:48.175847533Z 9 PC: 12b22 | Display string (String= ' | | | _______| _______| ____�__| _____ |______ |')
2018-12-17T23:07:48.179892308Z 9 PC: 12b29 | Display string (String= ' ')
2018-12-17T23:07:48.18445131Z 9 PC: 12b30 | Display string (String= ' | | | |__ | | _____ |__ | | | |___ | |')
2018-12-17T23:07:48.188495132Z 9 PC: 12b37 | Display string (String= ' ')
2018-12-17T23:07:48.192401908Z 9 PC: 12b3e | Display string (String= ' | | ___|__ |___|__ |___| | |____|_ | ___| | | _| |')
2018-12-17T23:07:48.198546952Z 9 PC: 12b45 | Display string (String= ' ')
2018-12-17T23:07:48.202818316Z 9 PC: 12b4c | Display string (String= '��| |/ | | | | || | || |Ŀ')
2018-12-17T23:07:48.207178414Z 9 PC: 12b53 | Display string (String= ' ')
2018-12-17T23:07:48.212881045Z 9 PC: 12b5a | Display string (String= '� | | | | | | || | || | �')
2018-12-17T23:07:48.217143614Z 9 PC: 12b61 | Display string (String= ' ')
2018-12-17T23:07:48.221302503Z 9 PC: 12b68 | Display string (String= '� | | | | | || | || | �')
2018-12-17T23:07:48.226297082Z 9 PC: 12b6f | Display string (String= ' ')
2018-12-17T23:07:48.231464827Z 9 PC: 12b76 | Display string (String= '� | | | | | || | | �')
2018-12-17T23:07:48.235964075Z 9 PC: 12b7d | Display string (String= ' ')
2018-12-17T23:07:48.240700921Z 9 PC: 12b84 | Display string (String= '� |______________/_________/__________/___________/___/ |______/___________/ �')
2018-12-17T23:07:48.244746563Z 9 PC: 12b8b | Display string (String= ' ')
2018-12-17T23:07:48.248320711Z 9 PC: 12b92 | Display string (String= '� _.,oO LEGEND DESIGN Oo,._ �')
2018-12-17T23:07:48.253016108Z 9 PC: 12b99 | Display string (String= ' ')
2018-12-17T23:07:48.256569437Z 9 PC: 12ba0 | Display string (String= '� _____________ _________ __________ _______ ___________ _____________ �')
2018-12-17T23:07:48.260328484Z 9 PC: 12ba7 | Display string (String= ' ')
2018-12-17T23:07:48.264835579Z 9 PC: 12bae | Display string (String= '� _/ | | | | | | �')
2018-12-17T23:07:48.269206064Z 9 PC: 12bb5 | Display string (String= ' ')
2018-12-17T23:07:48.272797563Z 9 PC: 12bbc | Display string (String= '� |_________ | _______| ________|______/ _______| _____ | �')
2018-12-17T23:07:48.277952169Z 9 PC: 12bc3 | Display string (String= ' ')
2018-12-17T23:07:48.282126529Z 9 PC: 12bca | Display string (String= '� � _____ | | |__ |_ |_______ ______|__ | ___|_ | | | � �')
2018-12-17T23:07:48.285836537Z 9 PC: 12bd1 | Display string (String= ' ')
2018-12-17T23:07:48.29043482Z 9 PC: 12bd8 | Display string (String= '� � _/ | _| | |______\_____ | | |___| | | ___| | � �')
2018-12-17T23:07:48.294133135Z 9 PC: 12bdf | Display string (String= ' ')
2018-12-17T23:07:48.297686068Z 9 PC: 12be6 | Display string (String= '�Ĵ | || | | | | | || | ���')
2018-12-17T23:07:48.301818807Z 9 PC: 12bed | Display string (String= ' ')
2018-12-17T23:07:48.305595161Z 9 PC: 12bf4 | Display string (String= ' � | || | | | | | || | �')
2018-12-17T23:07:48.310633119Z 9 PC: 12bfb | Display string (String= ' ')
2018-12-17T23:07:48.315995916Z 9 PC: 12c02 | Display string (String= ' � | || | | | | | || | �')
2018-12-17T23:07:48.327187918Z 9 PC: 12c09 | Display string (String= ' ')
2018-12-17T23:07:48.331173659Z 9 PC: 12c10 | Display string (String= ' | | | | | | || |sam�')
2018-12-17T23:07:48.336390833Z 9 PC: 12c17 | Display string (String= ' ')
2018-12-17T23:07:48.341080722Z 9 PC: 12c1e | Display string (String= ' |_____________/_________/__________/_________/_________/___/ |_______/[IMP]')
2018-12-17T23:07:48.345074574Z 9 PC: 12c25 | Display string (String= ' ')
2018-12-17T23:07:48.3497301Z 9 PC: 12c2c | Display string (String= ' ')
2018-12-17T23:07:48.352487407Z 9 PC: 12c33 | Display string (String= ' ')
2018-12-17T23:07:48.356408285Z 9 PC: 12c3a | Display string (String= ' -= Reach our HQ at +1-502-619-4141 =-')
2018-12-17T23:07:48.360491573Z 9 PC: 12c41 | Display string (String= ' ')
2018-12-17T23:07:48.365432306Z 76 PC: 12a4a | Terminate with return code (Return code = '190')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15979,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:57.382781035Z 71 PC: 13596 | Get current directory
2018-12-25T12:44:57.386345667Z 59 PC: 135a0 | Change current directory
2018-12-25T12:44:57.390747034Z 26 PC: 136a1 | Set disk transfer address
2018-12-25T12:44:57.391959558Z 78 PC: 136b2 | Find first file
2018-12-25T12:44:57.398187505Z 47 PC: 13696 | Get disk transfer address
2018-12-25T12:44:57.400237893Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.401598144Z 79 PC: 136c5 | Find next file
2018-12-25T12:44:57.404362309Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.406246913Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.407631496Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.416853032Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.418754656Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.419939547Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.422487679Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.424702378Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.426469432Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.429033713Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.431129758Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.432418201Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.43590671Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.437439216Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.439452494Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.442011937Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.44324507Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.445558333Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.449080231Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.450950673Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.453490749Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.455634464Z 61 PC: 138b9 | Open file (Filename = 'TEST.COM')
2018-12-25T12:44:57.462581225Z 63 PC: 1370e | Read file or device (Read 2048 bytes on handle 5)
2018-12-25T12:44:57.472107648Z 60 PC: 137f2 | Create or truncate file
2018-12-25T12:44:57.490928974Z 64 PC: 13721 | Write file or device (Write 2048 bytes on handle 6)
2018-12-25T12:44:57.499210205Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:57.506401495Z 64 PC: 1373b | Write file or device (Write 2048 bytes on handle 6)
2018-12-25T12:44:57.514391682Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:57.521313889Z 64 PC: 1373b | Write file or device (See above)
2018-12-25T12:44:57.530772702Z 64 PC: 1497c | Write file or device (Write 2435 bytes on handle 6)
2018-12-25T12:44:57.539464777Z 87 PC: 138e5 | Get or set file date and time
2018-12-25T12:44:57.540917432Z 87 PC: 1391d | Get or set file date and time
2018-12-25T12:44:57.543092811Z 62 PC: 137ff | Close file
2018-12-25T12:44:57.545337727Z 62 PC: 13807 | Close file
2018-12-25T12:44:57.552928529Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.5543786Z 65 PC: 13813 | Delete file (Filename = 'TEST.COM')
2018-12-25T12:44:57.566932054Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.568209326Z 86 PC: 13825 | Rename file
2018-12-25T12:44:57.579236845Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.583505222Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.584657276Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.585871652Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.588176371Z 61 PC: 138b9 | Open file (See above)
2018-12-25T12:44:57.595010531Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:57.602037659Z 60 PC: 137f2 | Create or truncate file (See above)
2018-12-25T12:44:57.614592829Z 64 PC: 13721 | Write file or device (See above)
2018-12-25T12:44:57.62222285Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:57.628757726Z 64 PC: 1373b | Write file or device (See above)
2018-12-25T12:44:57.637272116Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:57.644361129Z 64 PC: 1373b | Write file or device (See above)
2018-12-25T12:44:57.65239745Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:57.660274175Z 64 PC: 1373b | Write file or device (See above)
2018-12-25T12:44:57.669595618Z 64 PC: 1497c | Write file or device (See above)
2018-12-25T12:44:57.678990513Z 87 PC: 138e5 | Get or set file date and time (See above)
2018-12-25T12:44:57.681555501Z 87 PC: 1391d | Get or set file date and time (See above)
2018-12-25T12:44:57.683697604Z 62 PC: 137ff | Close file (See above)
2018-12-25T12:44:57.685734919Z 62 PC: 13807 | Close file (See above)
2018-12-25T12:44:57.694207278Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.695912363Z 65 PC: 13813 | Delete file (See above)
2018-12-25T12:44:57.706907427Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.709011566Z 86 PC: 13825 | Rename file (See above)
2018-12-25T12:44:57.72094056Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.723676114Z 26 PC: 13691 | Set disk transfer address
2018-12-25T12:44:57.725226088Z 78 PC: 135e8 | Find first file
2018-12-25T12:44:57.732023326Z 59 PC: 13656 | Change current directory
2018-12-25T12:44:57.736178812Z 42 PC: 1365a | Get date 0x1365a: cmp dl, 1
0x1365d: jne 0x13666
0x1365f: mov ah, 0x2b
0x13661: mov dx, 0xc18
0x13664: int 0x21
0x13666: cmp bp, 0
0x13669: je 0x13670
0x1366b: mov ax, 0x100
0x1366e: jmp ax
0x13670: mov ah, 0x4c
0x13672: int 0x21
0x13674: ret
0x13675: mov si, 0x130c
0x13678: call 0x235a9
0x1367b: mov al, byte ptr [bp + 0xa84]
0x1367f: cmp al, 0
0x13681: je 0x1368b
0x13683: add si, 0x80
0x13687: dec al
0x13689: jmp 0x1367f
2018-12-25T12:44:57.73855721Z 43 PC: 13666 | Set date
2018-12-25T12:44:57.742828915Z 9 PC: 12a52 | Display string (String= ' ______ ___________ __________ ___________ ____________ ___________')
2018-12-25T12:44:57.747188611Z 9 PC: 12a59 | Display string (String= ' ')
2018-12-25T12:44:57.751162073Z 9 PC: 12b14 | Display string (String= ' _/ | _/ | | | | |')
2018-12-25T12:44:57.755912105Z 9 PC: 12b1b | Display string (String= ' ')
2018-12-25T12:44:57.759936082Z 9 PC: 12b22 | Display string (String= ' | | | _______| _______| ____�__| _____ |______ |')
2018-12-25T12:44:57.763967088Z 9 PC: 12b29 | Display string (String= ' ')
2018-12-25T12:44:57.768899288Z 9 PC: 12b30 | Display string (String= ' | | | |__ | | _____ |__ | | | |___ | |')
2018-12-25T12:44:57.772946144Z 9 PC: 12b37 | Display string (String= ' ')
2018-12-25T12:44:57.776855179Z 9 PC: 12b3e | Display string (String= ' | | ___|__ |___|__ |___| | |____|_ | ___| | | _| |')
2018-12-25T12:44:57.781828762Z 9 PC: 12b45 | Display string (String= ' ')
2018-12-25T12:44:57.789122651Z 9 PC: 12b4c | Display string (String= '��| |/ | | | | || | || |Ŀ')
2018-12-25T12:44:57.792776568Z 9 PC: 12b53 | Display string (String= ' ')
2018-12-25T12:44:57.797311839Z 9 PC: 12b5a | Display string (String= '� | | | | | | || | || | �')
2018-12-25T12:44:57.801498211Z 9 PC: 12b61 | Display string (String= ' ')
2018-12-25T12:44:57.805249729Z 9 PC: 12b68 | Display string (String= '� | | | | | || | || | �')
2018-12-25T12:44:57.809814723Z 9 PC: 12b6f | Display string (String= ' ')
2018-12-25T12:44:57.813835783Z 9 PC: 12b76 | Display string (String= '� | | | | | || | | �')
2018-12-25T12:44:57.817728817Z 9 PC: 12b7d | Display string (String= ' ')
2018-12-25T12:44:57.822257661Z 9 PC: 12b84 | Display string (String= '� |______________/_________/__________/___________/___/ |______/___________/ �')
2018-12-25T12:44:57.826211355Z 9 PC: 12b8b | Display string (String= ' ')
2018-12-25T12:44:57.831017214Z 9 PC: 12b92 | Display string (String= '� _.,oO LEGEND DESIGN Oo,._ �')
2018-12-25T12:44:57.835634927Z 9 PC: 12b99 | Display string (String= ' ')
2018-12-25T12:44:57.839323803Z 9 PC: 12ba0 | Display string (String= '� _____________ _________ __________ _______ ___________ _____________ �')
2018-12-25T12:44:57.843030226Z 9 PC: 12ba7 | Display string (String= ' ')
2018-12-25T12:44:57.847291083Z 9 PC: 12bae | Display string (String= '� _/ | | | | | | �')
2018-12-25T12:44:57.852367009Z 9 PC: 12bb5 | Display string (String= ' ')
2018-12-25T12:44:57.856234949Z 9 PC: 12bbc | Display string (String= '� |_________ | _______| ________|______/ _______| _____ | �')
2018-12-25T12:44:57.860376306Z 9 PC: 12bc3 | Display string (String= ' ')
2018-12-25T12:44:57.865013041Z 9 PC: 12bca | Display string (String= '� � _____ | | |__ |_ |_______ ______|__ | ___|_ | | | � �')
2018-12-25T12:44:57.869008954Z 9 PC: 12bd1 | Display string (String= ' ')
2018-12-25T12:44:57.873636307Z 9 PC: 12bd8 | Display string (String= '� � _/ | _| | |______\_____ | | |___| | | ___| | � �')
2018-12-25T12:44:57.881857697Z 9 PC: 12bdf | Display string (String= ' ')
2018-12-25T12:44:57.885492435Z 9 PC: 12be6 | Display string (String= '�Ĵ | || | | | | | || | ���')
2018-12-25T12:44:57.889142891Z 9 PC: 12bed | Display string (String= ' ')
2018-12-25T12:44:57.894449267Z 9 PC: 12bf4 | Display string (String= ' � | || | | | | | || | �')
2018-12-25T12:44:57.89806579Z 9 PC: 12bfb | Display string (String= ' ')
2018-12-25T12:44:57.902888144Z 9 PC: 12c02 | Display string (String= ' � | || | | | | | || | �')
2018-12-25T12:44:57.908002326Z 9 PC: 12c09 | Display string (String= ' ')
2018-12-25T12:44:57.911728324Z 9 PC: 12c10 | Display string (String= ' | | | | | | || |sam�')
2018-12-25T12:44:57.915477044Z 9 PC: 12c17 | Display string (String= ' ')
2018-12-25T12:44:57.930034195Z 9 PC: 12c1e | Display string (String= ' |_____________/_________/__________/_________/_________/___/ |_______/[IMP]')
2018-12-25T12:44:57.934045567Z 9 PC: 12c25 | Display string (String= ' ')
2018-12-25T12:44:57.937940359Z 9 PC: 12c2c | Display string (String= ' ')
2018-12-25T12:44:57.941277041Z 9 PC: 12c33 | Display string (String= ' ')
2018-12-25T12:44:57.945368495Z 9 PC: 12c3a | Display string (String= ' -= Reach our HQ at +1-502-619-4141 =-')
2018-12-25T12:44:57.952321376Z 9 PC: 12c41 | Display string (String= ' ')
2018-12-25T12:44:57.957522558Z 76 PC: 12a4a | Terminate with return code (Return code = '220')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15979,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:57.900808875Z 71 PC: 13596 | Get current directory
2018-12-25T12:44:57.908431068Z 59 PC: 135a0 | Change current directory
2018-12-25T12:44:57.913633851Z 26 PC: 136a1 | Set disk transfer address
2018-12-25T12:44:57.915341094Z 78 PC: 136b2 | Find first file
2018-12-25T12:44:57.922353359Z 47 PC: 13696 | Get disk transfer address
2018-12-25T12:44:57.924642205Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.925955382Z 79 PC: 136c5 | Find next file
2018-12-25T12:44:57.928841521Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.931186396Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.932839876Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.936069087Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.938135876Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.940095862Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.942830626Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.944787702Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.946182224Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.948982369Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.95019351Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.951873305Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.955069695Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.95677386Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.95892846Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.961834698Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.963249748Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.965575307Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:57.968749114Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.970403895Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.973154719Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:57.975195241Z 61 PC: 138b9 | Open file (Filename = 'TEST.COM')
2018-12-25T12:44:57.983011374Z 63 PC: 1370e | Read file or device (Read 2048 bytes on handle 5)
2018-12-25T12:44:57.991599479Z 60 PC: 137f2 | Create or truncate file
2018-12-25T12:44:58.015840018Z 64 PC: 13721 | Write file or device (Write 2048 bytes on handle 6)
2018-12-25T12:44:58.02504284Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:58.033166868Z 64 PC: 1373b | Write file or device (Write 2048 bytes on handle 6)
2018-12-25T12:44:58.041934177Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:58.049679816Z 64 PC: 1373b | Write file or device (See above)
2018-12-25T12:44:58.060357031Z 64 PC: 1497c | Write file or device (Write 2435 bytes on handle 6)
2018-12-25T12:44:58.071184565Z 87 PC: 138e5 | Get or set file date and time
2018-12-25T12:44:58.073185374Z 87 PC: 1391d | Get or set file date and time
2018-12-25T12:44:58.074994378Z 62 PC: 137ff | Close file
2018-12-25T12:44:58.077595759Z 62 PC: 13807 | Close file
2018-12-25T12:44:58.086386452Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:58.088033988Z 65 PC: 13813 | Delete file (Filename = 'TEST.COM')
2018-12-25T12:44:58.102783544Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:58.104198752Z 86 PC: 13825 | Rename file
2018-12-25T12:44:58.117625085Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:58.121492473Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:58.123155142Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:58.1248284Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:58.127324252Z 61 PC: 138b9 | Open file (See above)
2018-12-25T12:44:58.135287472Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:58.143281081Z 60 PC: 137f2 | Create or truncate file (See above)
2018-12-25T12:44:58.157578142Z 64 PC: 13721 | Write file or device (See above)
2018-12-25T12:44:58.166256622Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:58.173643848Z 64 PC: 1373b | Write file or device (See above)
2018-12-25T12:44:58.183145661Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:58.190662217Z 64 PC: 1373b | Write file or device (See above)
2018-12-25T12:44:58.199220923Z 63 PC: 1370e | Read file or device (See above)
2018-12-25T12:44:58.20715346Z 64 PC: 1373b | Write file or device (See above)
2018-12-25T12:44:58.216913466Z 64 PC: 1497c | Write file or device (See above)
2018-12-25T12:44:58.226826837Z 87 PC: 138e5 | Get or set file date and time (See above)
2018-12-25T12:44:58.228619104Z 87 PC: 1391d | Get or set file date and time (See above)
2018-12-25T12:44:58.230540422Z 62 PC: 137ff | Close file (See above)
2018-12-25T12:44:58.232345884Z 62 PC: 13807 | Close file (See above)
2018-12-25T12:44:58.240298775Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:58.241961672Z 65 PC: 13813 | Delete file (See above)
2018-12-25T12:44:58.253944451Z 47 PC: 13696 | Get disk transfer address (See above)
2018-12-25T12:44:58.255092758Z 86 PC: 13825 | Rename file (See above)
2018-12-25T12:44:58.267228021Z 79 PC: 136c5 | Find next file (See above)
2018-12-25T12:44:58.269789254Z 26 PC: 13691 | Set disk transfer address
2018-12-25T12:44:58.270837251Z 78 PC: 135e8 | Find first file
2018-12-25T12:44:58.277603262Z 59 PC: 13656 | Change current directory
2018-12-25T12:44:58.281740425Z 42 PC: 1365a | Get date 0x1365a: cmp dl, 1
0x1365d: jne 0x13666
0x1365f: mov ah, 0x2b
0x13661: mov dx, 0xc18
0x13664: int 0x21
0x13666: cmp bp, 0
0x13669: je 0x13670
0x1366b: mov ax, 0x100
0x1366e: jmp ax
0x13670: mov ah, 0x4c
0x13672: int 0x21
0x13674: ret
0x13675: mov si, 0x130c
0x13678: call 0x235a9
0x1367b: mov al, byte ptr [bp + 0xa84]
0x1367f: cmp al, 0
0x13681: je 0x1368b
0x13683: add si, 0x80
0x13687: dec al
0x13689: jmp 0x1367f
2018-12-25T12:44:58.283905206Z 9 PC: 12a52 | Display string (String= ' ______ ___________ __________ ___________ ____________ ___________')
2018-12-25T12:44:58.289020661Z 9 PC: 12a59 | Display string (String= ' ')
2018-12-25T12:44:58.293182439Z 9 PC: 12b14 | Display string (String= ' _/ | _/ | | | | |')
2018-12-25T12:44:58.297307226Z 9 PC: 12b1b | Display string (String= ' ')
2018-12-25T12:44:58.30214278Z 9 PC: 12b22 | Display string (String= ' | | | _______| _______| ____�__| _____ |______ |')
2018-12-25T12:44:58.307653412Z 9 PC: 12b29 | Display string (String= ' ')
2018-12-25T12:44:58.311789421Z 9 PC: 12b30 | Display string (String= ' | | | |__ | | _____ |__ | | | |___ | |')
2018-12-25T12:44:58.316400957Z 9 PC: 12b37 | Display string (String= ' ')
2018-12-25T12:44:58.320613011Z 9 PC: 12b3e | Display string (String= ' | | ___|__ |___|__ |___| | |____|_ | ___| | | _| |')
2018-12-25T12:44:58.324795165Z 9 PC: 12b45 | Display string (String= ' ')
2018-12-25T12:44:58.329172735Z 9 PC: 12b4c | Display string (String= '��| |/ | | | | || | || |Ŀ')
2018-12-25T12:44:58.334121644Z 9 PC: 12b53 | Display string (String= ' ')
2018-12-25T12:44:58.33823799Z 9 PC: 12b5a | Display string (String= '� | | | | | | || | || | �')
2018-12-25T12:44:58.342355242Z 9 PC: 12b61 | Display string (String= ' ')
2018-12-25T12:44:58.347740912Z 9 PC: 12b68 | Display string (String= '� | | | | | || | || | �')
2018-12-25T12:44:58.356172929Z 9 PC: 12b6f | Display string (String= ' ')
2018-12-25T12:44:58.360746538Z 9 PC: 12b76 | Display string (String= '� | | | | | || | | �')
2018-12-25T12:44:58.365939132Z 9 PC: 12b7d | Display string (String= ' ')
2018-12-25T12:44:58.370576833Z 9 PC: 12b84 | Display string (String= '� |______________/_________/__________/___________/___/ |______/___________/ �')
2018-12-25T12:44:58.37596722Z 9 PC: 12b8b | Display string (String= ' ')
2018-12-25T12:44:58.384260474Z 9 PC: 12b92 | Display string (String= '� _.,oO LEGEND DESIGN Oo,._ �')
2018-12-25T12:44:58.388619934Z 9 PC: 12b99 | Display string (String= ' ')
2018-12-25T12:44:58.39279832Z 9 PC: 12ba0 | Display string (String= '� _____________ _________ __________ _______ ___________ _____________ �')
2018-12-25T12:44:58.397820161Z 9 PC: 12ba7 | Display string (String= ' ')
2018-12-25T12:44:58.401905926Z 9 PC: 12bae | Display string (String= '� _/ | | | | | | �')
2018-12-25T12:44:58.40598823Z 9 PC: 12bb5 | Display string (String= ' ')
2018-12-25T12:44:58.41420258Z 9 PC: 12bbc | Display string (String= '� |_________ | _______| ________|______/ _______| _____ | �')
2018-12-25T12:44:58.418407737Z 9 PC: 12bc3 | Display string (String= ' ')
2018-12-25T12:44:58.422188263Z 9 PC: 12bca | Display string (String= '� � _____ | | |__ |_ |_______ ______|__ | ___|_ | | | � �')
2018-12-25T12:44:58.426286317Z 9 PC: 12bd1 | Display string (String= ' ')
2018-12-25T12:44:58.429656585Z 9 PC: 12bd8 | Display string (String= '� � _/ | _| | |______\_____ | | |___| | | ___| | � �')
2018-12-25T12:44:58.433949004Z 9 PC: 12bdf | Display string (String= ' ')
2018-12-25T12:44:58.44256329Z 9 PC: 12be6 | Display string (String= '�Ĵ | || | | | | | || | ���')
2018-12-25T12:44:58.447175315Z 9 PC: 12bed | Display string (String= ' ')
2018-12-25T12:44:58.451198518Z 9 PC: 12bf4 | Display string (String= ' � | || | | | | | || | �')
2018-12-25T12:44:58.455169265Z 9 PC: 12bfb | Display string (String= ' ')
2018-12-25T12:44:58.460929784Z 9 PC: 12c02 | Display string (String= ' � | || | | | | | || | �')
2018-12-25T12:44:58.464841833Z 9 PC: 12c09 | Display string (String= ' ')
2018-12-25T12:44:58.472335874Z 9 PC: 12c10 | Display string (String= ' | | | | | | || |sam�')
2018-12-25T12:44:58.477045479Z 9 PC: 12c17 | Display string (String= ' ')
2018-12-25T12:44:58.479573642Z 9 PC: 12c1e | Display string (String= ' |_____________/_________/__________/_________/_________/___/ |_______/[IMP]')
2018-12-25T12:44:58.482271671Z 9 PC: 12c25 | Display string (String= ' ')
2018-12-25T12:44:58.485318433Z 9 PC: 12c2c | Display string (String= ' ')
2018-12-25T12:44:58.486978859Z 9 PC: 12c33 | Display string (String= ' ')
2018-12-25T12:44:58.489511983Z 9 PC: 12c3a | Display string (String= ' -= Reach our HQ at +1-502-619-4141 =-')
2018-12-25T12:44:58.493061371Z 9 PC: 12c41 | Display string (String= ' ')
2018-12-25T12:44:58.49560919Z 76 PC: 12a4a | Terminate with return code (Return code = '220')