Sample viewer

vx.netlux.org/Virus.DOS.Andromeda.1140

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:25.604603541Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.608065146Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.621172733Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.62412765Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.627084312Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.630777585Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.633379954Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.636796937Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.64065912Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.643839393Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.646140944Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: test ch, al 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.648847344Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: test ch, al 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: test byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-17T23:10:25.6511263Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: test ch, al 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: test byte ptr [si + 0x4a0], al 0x12a93: add ax, bp
2018-12-17T23:10:25.653515668Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: test ch, al 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: test byte ptr [si + 0x4a0], al 0x12a93: add ax, bp
2018-12-17T23:10:25.664050855Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: test ch, al 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: test byte ptr [si + 0x4a0], al 0x12a93: add ax, bp
2018-12-17T23:10:25.667255898Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: test ch, al 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: test byte ptr [si + 0x4a0], al 0x12a93: add ax, bp
2018-12-17T23:10:25.669985793Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: test ch, al 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: test byte ptr [si + 0x4a0], al 0x12a93: add ax, bp
2018-12-17T23:10:25.673098088Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: test ch, al 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: test byte ptr [si + 0x4a0], al 0x12a93: add ax, bp
2018-12-17T23:10:25.676086441Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: test ch, al 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: test byte ptr [si + 0x4a0], al 0x12a93: add ax, bp
2018-12-17T23:10:25.678628118Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: test ch, al 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: test byte ptr [si + 0x4a0], al 0x12a93: add ax, bp
2018-12-17T23:10:25.681044885Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: test ch, al 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: test byte ptr [si + 0x4a0], al 0x12a93: add ax, bp
2018-12-17T23:10:25.684122922Z	74	PC: 12d18 \| Reallocate memory
2018-12-17T23:10:25.685802328Z	72	PC: 12cec \| Allocate memory
2018-12-17T23:10:25.687511749Z	72	PC: 12cec \| Allocate memory
2018-12-17T23:10:25.690430971Z	72	PC: 12cec \| Allocate memory
2018-12-17T23:10:25.692074147Z	61	PC: 12cda \| Open file (Filename = 'SCAN.EXE')
2018-12-17T23:10:25.699054383Z	61	PC: 12cda \| Open file (Filename = 'CLEAN.EXE')
2018-12-17T23:10:25.706480303Z	61	PC: 12cda \| Open file (Filename = 'NAV.EXE')
2018-12-17T23:10:25.713740286Z	61	PC: 12cda \| Open file (Filename = 'NAV_._NO')
2018-12-17T23:10:25.721370987Z	44	PC: 12d55 \| Get time 0x12d55: cmp ch, 0xd 0x12d58: jne 0x12d5d 0x12d5a: call 0x22c41 0x12d5d: call 0x12e48 0x12d60: mov ax, word ptr [0x2f8] 0x12d63: call 0x22cf2 0x12d66: mov ax, word ptr [0x2fa] 0x12d69: call 0x22cf2 0x12d6c: push cs 0x12d6d: pop ds 0x12d6e: push cs 0x12d6f: pop es 0x12d70: call 0x12ea2 0x12d73: jmp 0x12e6c 0x12d76: mov si, 0x100 0x12d79: mov ax, word ptr [0x2fa] 0x12d7c: mov es, ax 0x12d7e: xor di, di 0x12d80: mov cx, word ptr [0x231] 0x12d84: lodsb al, byte ptr [si]
2018-12-17T23:10:25.723903877Z	78	PC: 12e53 \| Find first file
2018-12-17T23:10:25.731451597Z	61	PC: 12da4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:25.739084057Z	63	PC: 12dd6 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:10:25.761667019Z	62	PC: 12db0 \| Close file
2018-12-17T23:10:25.764902627Z	61	PC: 12da4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:25.773439153Z	63	PC: 12dfb \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T23:10:25.776690063Z	62	PC: 12db0 \| Close file
2018-12-17T23:10:25.779322506Z	61	PC: 12da4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:25.787244689Z	44	PC: 12d8c \| Get time 0x12d8c: ror dl, 1 0x12d8e: mov cx, word ptr [0x106] 0x12d92: lodsb al, byte ptr [si] 0x12d93: xor al, dl 0x12d95: stosb byte ptr es:[di], al 0x12d96: loop 0x12d92 0x12d98: push cs 0x12d99: pop es 0x12d9a: ret 0x12d9b: mov dx, 0x9e 0x12d9e: mov al, 2 0x12da0: mov ah, 0x3d 0x12da2: int 0x21 0x12da4: mov word ptr [0x235], ax 0x12da7: ret 0x12da8: mov bx, word ptr [0x235] 0x12dac: mov ah, 0x3e 0x12dae: int 0x21 0x12db0: ret 0x12db1: push cs
2018-12-17T23:10:25.789738123Z	64	PC: 12e1b \| Write file or device (Write 1140 bytes on handle 5)
2018-12-17T23:10:25.804080985Z	64	PC: 12e2e \| Write file or device (Write 407 bytes on handle 5)
2018-12-17T23:10:25.814032817Z	87	PC: 12e43 \| Get or set file date and time
2018-12-17T23:10:25.816219373Z	62	PC: 12db0 \| Close file
2018-12-17T23:10:25.826146334Z	79	PC: 12e5c \| Find next file
2018-12-17T23:10:25.830259144Z	61	PC: 12da4 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:25.837987771Z	63	PC: 12dd6 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:10:25.845720619Z	62	PC: 12db0 \| Close file
2018-12-17T23:10:25.849011361Z	61	PC: 12da4 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:25.856645383Z	63	PC: 12dfb \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T23:10:25.859761263Z	62	PC: 12db0 \| Close file
2018-12-17T23:10:25.865201903Z	61	PC: 12da4 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:25.87298482Z	44	PC: 12d8c \| Get time 0x12d8c: ror dl, 1 0x12d8e: mov cx, word ptr [0x106] 0x12d92: lodsb al, byte ptr [si] 0x12d93: xor al, dl 0x12d95: stosb byte ptr es:[di], al 0x12d96: loop 0x12d92 0x12d98: push cs 0x12d99: pop es 0x12d9a: ret 0x12d9b: mov dx, 0x9e 0x12d9e: mov al, 2 0x12da0: mov ah, 0x3d 0x12da2: int 0x21 0x12da4: mov word ptr [0x235], ax 0x12da7: ret 0x12da8: mov bx, word ptr [0x235] 0x12dac: mov ah, 0x3e 0x12dae: int 0x21 0x12db0: ret 0x12db1: push cs
2018-12-17T23:10:25.875648109Z	64	PC: 12e1b \| Write file or device (Write 1140 bytes on handle 5)
2018-12-17T23:10:25.886527494Z	64	PC: 12e2e \| Write file or device (Write 27 bytes on handle 5)
2018-12-17T23:10:25.88962091Z	87	PC: 12e43 \| Get or set file date and time
2018-12-17T23:10:25.891302864Z	62	PC: 12db0 \| Close file
2018-12-17T23:10:25.90176728Z	73	PC: 12cf9 \| Release memory
2018-12-17T23:10:25.903262841Z	73	PC: 12cf9 \| Release memory

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16851,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:05.931750275Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-25T12:54:05.93556158Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.938684703Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.941509855Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.944353559Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.94840533Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.95067898Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.953031904Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.956221003Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.958755506Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.961191976Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.964136069Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.966534609Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.968974888Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.972482449Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.974941892Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.977486956Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.980937449Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.98427136Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.986730366Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.989172647Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.992556265Z	74	PC: 12d18 \| Reallocate memory
2018-12-25T12:54:05.993993289Z	72	PC: 12cec \| Allocate memory
2018-12-25T12:54:05.995704793Z	72	PC: 12cec \| Allocate memory (See above)
2018-12-25T12:54:06.001735357Z	72	PC: 12cec \| Allocate memory (See above)
2018-12-25T12:54:06.00367092Z	61	PC: 12cda \| Open file (Filename = 'SCAN.EXE')
2018-12-25T12:54:06.010759291Z	61	PC: 12cda \| Open file (See above)
2018-12-25T12:54:06.018887031Z	61	PC: 12cda \| Open file (See above)
2018-12-25T12:54:06.02575804Z	61	PC: 12cda \| Open file (See above)
2018-12-25T12:54:06.032501092Z	44	PC: 12d55 \| Get time 0x12d55: cmp ch, 0xd 0x12d58: jne 0x12d5d 0x12d5a: call 0x22c41 0x12d5d: call 0x12e48 0x12d60: mov ax, word ptr [0x2f8] 0x12d63: call 0x22cf2 0x12d66: mov ax, word ptr [0x2fa] 0x12d69: call 0x22cf2 0x12d6c: push cs 0x12d6d: pop ds 0x12d6e: push cs 0x12d6f: pop es 0x12d70: call 0x12ea2 0x12d73: jmp 0x12e6c 0x12d76: mov si, 0x100 0x12d79: mov ax, word ptr [0x2fa] 0x12d7c: mov es, ax 0x12d7e: xor di, di 0x12d80: mov cx, word ptr [0x231] 0x12d84: lodsb al, byte ptr [si]
2018-12-25T12:54:06.035301707Z	78	PC: 12e53 \| Find first file
2018-12-25T12:54:06.041692014Z	61	PC: 12da4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:06.048970244Z	63	PC: 12dd6 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:54:06.056333021Z	62	PC: 12db0 \| Close file
2018-12-25T12:54:06.064558145Z	61	PC: 12da4 \| Open file (See above)
2018-12-25T12:54:06.073118166Z	63	PC: 12dfb \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:54:06.076665861Z	62	PC: 12db0 \| Close file (See above)
2018-12-25T12:54:06.078642373Z	61	PC: 12da4 \| Open file (See above)
2018-12-25T12:54:06.087145851Z	44	PC: 12d8c \| Get time 0x12d8c: ror dl, 1 0x12d8e: mov cx, word ptr [0x106] 0x12d92: lodsb al, byte ptr [si] 0x12d93: xor al, dl 0x12d95: stosb byte ptr es:[di], al 0x12d96: loop 0x12d92 0x12d98: push cs 0x12d99: pop es 0x12d9a: ret 0x12d9b: mov dx, 0x9e 0x12d9e: mov al, 2 0x12da0: mov ah, 0x3d 0x12da2: int 0x21 0x12da4: mov word ptr [0x235], ax 0x12da7: ret 0x12da8: mov bx, word ptr [0x235] 0x12dac: mov ah, 0x3e 0x12dae: int 0x21 0x12db0: ret 0x12db1: push cs
2018-12-25T12:54:06.089940892Z	64	PC: 12e1b \| Write file or device (Write 1140 bytes on handle 5)
2018-12-25T12:54:06.423331057Z	64	PC: 12e2e \| Write file or device (Write 407 bytes on handle 5)
2018-12-25T12:54:06.432962425Z	87	PC: 12e43 \| Get or set file date and time
2018-12-25T12:54:06.435522164Z	62	PC: 12db0 \| Close file (See above)
2018-12-25T12:54:06.447619235Z	79	PC: 12e5c \| Find next file
2018-12-25T12:54:06.451080381Z	61	PC: 12da4 \| Open file (See above)
2018-12-25T12:54:06.464976034Z	63	PC: 12dd6 \| Read file or device (See above)
2018-12-25T12:54:06.473341533Z	62	PC: 12db0 \| Close file (See above)
2018-12-25T12:54:06.475784808Z	61	PC: 12da4 \| Open file (See above)
2018-12-25T12:54:06.483672886Z	63	PC: 12dfb \| Read file or device (See above)
2018-12-25T12:54:06.48794554Z	62	PC: 12db0 \| Close file (See above)
2018-12-25T12:54:06.490848955Z	61	PC: 12da4 \| Open file (See above)
2018-12-25T12:54:06.498749135Z	44	PC: 12d8c \| Get time (See above)
2018-12-25T12:54:06.503121623Z	64	PC: 12e1b \| Write file or device (See above)
2018-12-25T12:54:06.513035407Z	64	PC: 12e2e \| Write file or device (See above)
2018-12-25T12:54:06.51604037Z	87	PC: 12e43 \| Get or set file date and time (See above)
2018-12-25T12:54:06.517649764Z	62	PC: 12db0 \| Close file (See above)
2018-12-25T12:54:06.525799556Z	73	PC: 12cf9 \| Release memory
2018-12-25T12:54:06.527297914Z	73	PC: 12cf9 \| Release memory (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16851,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:05.969116242Z	44	PC: 12a85 \| Get time 0x12a85: ret 0x12a86: add al, ch 0x12a88: idiv di 0x12a8a: shl dl, 1 0x12a8c: mov al, dl 0x12a8e: ret 0x12a8f: add byte ptr [bx + si], al 0x12a91: mov al, byte ptr [0x104] 0x12a94: call 0x22a87 0x12a97: mov byte ptr [0x104], al 0x12a9a: jmp 0x12a9d 0x12a9c: add byte ptr [bx + si + 0x108], ah 0x12aa0: call 0x22a87 0x12aa3: mov byte ptr [0x108], al 0x12aa6: mov al, byte ptr [0x10e] 0x12aa9: call 0x22a87 0x12aac: mov byte ptr [0x10e], al 0x12aaf: jmp 0x12ab2 0x12ab1: add byte ptr [bx + si + 0x117], ah 0x12ab5: call 0x22a87
2018-12-25T12:54:05.972079344Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.975094456Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.977542664Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.980633763Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.984053013Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.986568368Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.989070356Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.99268323Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.995464615Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:05.997284413Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:06.001468823Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:06.00474813Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:06.007086137Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:06.010044094Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:06.011641097Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:06.013151943Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:06.01621328Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:06.017743027Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:06.019546009Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:06.021620055Z	44	PC: 12a85 \| Get time (See above)
2018-12-25T12:54:06.023819885Z	74	PC: 12d18 \| Reallocate memory
2018-12-25T12:54:06.024970174Z	72	PC: 12cec \| Allocate memory
2018-12-25T12:54:06.026402711Z	72	PC: 12cec \| Allocate memory (See above)
2018-12-25T12:54:06.027798301Z	72	PC: 12cec \| Allocate memory (See above)
2018-12-25T12:54:06.028935959Z	61	PC: 12cda \| Open file (Filename = 'SCAN.EXE')
2018-12-25T12:54:06.033185719Z	61	PC: 12cda \| Open file (See above)
2018-12-25T12:54:06.038293267Z	61	PC: 12cda \| Open file (See above)
2018-12-25T12:54:06.042274105Z	61	PC: 12cda \| Open file (See above)
2018-12-25T12:54:06.046145714Z	44	PC: 12d55 \| Get time 0x12d55: cmp ch, 0xd 0x12d58: jne 0x12d5d 0x12d5a: call 0x22c41 0x12d5d: call 0x12e48 0x12d60: mov ax, word ptr [0x2f8] 0x12d63: call 0x22cf2 0x12d66: mov ax, word ptr [0x2fa] 0x12d69: call 0x22cf2 0x12d6c: push cs 0x12d6d: pop ds 0x12d6e: push cs 0x12d6f: pop es 0x12d70: call 0x12ea2 0x12d73: jmp 0x12e6c 0x12d76: mov si, 0x100 0x12d79: mov ax, word ptr [0x2fa] 0x12d7c: mov es, ax 0x12d7e: xor di, di 0x12d80: mov cx, word ptr [0x231] 0x12d84: lodsb al, byte ptr [si]
2018-12-25T12:54:06.048294234Z	54	PC: 12c47 \| Get free disk space
2018-12-25T12:54:06.054474697Z	25	PC: 12c59 \| Get default drive
2018-12-25T12:54:06.060355163Z	78	PC: 12e53 \| Find first file
2018-12-25T12:54:06.072471615Z	61	PC: 12da4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:06.084122321Z	63	PC: 12dd6 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:54:06.088968666Z	62	PC: 12db0 \| Close file
2018-12-25T12:54:06.091151197Z	61	PC: 12da4 \| Open file (See above)
2018-12-25T12:54:06.096066014Z	63	PC: 12dfb \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:54:06.098103434Z	62	PC: 12db0 \| Close file (See above)
2018-12-25T12:54:06.099748858Z	61	PC: 12da4 \| Open file (See above)
2018-12-25T12:54:06.10475321Z	44	PC: 12d8c \| Get time 0x12d8c: ror dl, 1 0x12d8e: mov cx, word ptr [0x106] 0x12d92: lodsb al, byte ptr [si] 0x12d93: xor al, dl 0x12d95: stosb byte ptr es:[di], al 0x12d96: loop 0x12d92 0x12d98: push cs 0x12d99: pop es 0x12d9a: ret 0x12d9b: mov dx, 0x9e 0x12d9e: mov al, 2 0x12da0: mov ah, 0x3d 0x12da2: int 0x21 0x12da4: mov word ptr [0x235], ax 0x12da7: ret 0x12da8: mov bx, word ptr [0x235] 0x12dac: mov ah, 0x3e 0x12dae: int 0x21 0x12db0: ret 0x12db1: push cs
2018-12-25T12:54:06.106780136Z	64	PC: 12e1b \| Write file or device (Write 1140 bytes on handle 5)
2018-12-25T12:54:06.423316602Z	64	PC: 12e2e \| Write file or device (Write 407 bytes on handle 5)
2018-12-25T12:54:06.435154977Z	87	PC: 12e43 \| Get or set file date and time
2018-12-25T12:54:06.43823527Z	62	PC: 12db0 \| Close file (See above)
2018-12-25T12:54:06.456617198Z	79	PC: 12e5c \| Find next file
2018-12-25T12:54:06.464813726Z	61	PC: 12da4 \| Open file (See above)
2018-12-25T12:54:06.474284635Z	63	PC: 12dd6 \| Read file or device (See above)
2018-12-25T12:54:06.483902824Z	62	PC: 12db0 \| Close file (See above)
2018-12-25T12:54:06.487869445Z	61	PC: 12da4 \| Open file (See above)
2018-12-25T12:54:06.497389552Z	63	PC: 12dfb \| Read file or device (See above)
2018-12-25T12:54:06.501172522Z	62	PC: 12db0 \| Close file (See above)
2018-12-25T12:54:06.504652633Z	61	PC: 12da4 \| Open file (See above)
2018-12-25T12:54:06.513476866Z	44	PC: 12d8c \| Get time (See above)
2018-12-25T12:54:06.516462132Z	64	PC: 12e1b \| Write file or device (See above)
2018-12-25T12:54:06.526985361Z	64	PC: 12e2e \| Write file or device (See above)
2018-12-25T12:54:06.531476675Z	87	PC: 12e43 \| Get or set file date and time (See above)
2018-12-25T12:54:06.533256818Z	62	PC: 12db0 \| Close file (See above)
2018-12-25T12:54:06.541119552Z	73	PC: 12cf9 \| Release memory
2018-12-25T12:54:06.543475983Z	73	PC: 12cf9 \| Release memory (See above)