Sample viewer

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17150,"SideJobID":0}

.

GIF

Syscalls:

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17150,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:03.114747717Z	26	PC: 12f37 | Set disk transfer address
2018-12-25T12:55:03.116581809Z	42	PC: 12f3b | Get date 0x12f3b: cmp dx, 0x801 0x12f3f: jne 0x12f44 0x12f41: call 0x12fe9 0x12f44: mov ah, 0x4e 0x12f46: xor cx, cx 0x12f48: lea dx, word ptr [bp + 0x230] 0x12f4c: int 0x21 0x12f4e: jb 0x12fb9 0x12f50: mov ax, 0x3d02 0x12f53: lea dx, word ptr [bp + 0x2c6] 0x12f57: int 0x21 0x12f59: xchg ax, bx 0x12f5a: call 0x12fdb 0x12f5d: mov ax, word ptr cs:[bp + 0x2c2] 0x12f62: mov cx, word ptr cs:[bp + 0x237] 0x12f67: add cx, 0x1a8 0x12f6b: cmp ax, cx 0x12f6d: je 0x12fb1 0x12f6f: xor al, al 0x12f71: xor dx, dx
2018-12-25T12:55:03.129203697Z	9	PC: 1300b | Display string (String= '** Today Is The Birthday Of The Phantom Programmer! **')
2018-12-25T12:55:03.133816828Z	9	PC: 13021 | Display string (String= ' --- Files Infected by the Destructor Virus ! ---')
2018-12-25T12:55:03.138377392Z	8	PC: 1302c | Console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17150,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:03.649874466Z	26	PC: 12f37 | Set disk transfer address
2018-12-25T12:55:03.651099173Z	42	PC: 12f3b | Get date 0x12f3b: cmp dx, 0x801 0x12f3f: jne 0x12f44 0x12f41: call 0x12fe9 0x12f44: mov ah, 0x4e 0x12f46: xor cx, cx 0x12f48: lea dx, word ptr [bp + 0x230] 0x12f4c: int 0x21 0x12f4e: jb 0x12fb9 0x12f50: mov ax, 0x3d02 0x12f53: lea dx, word ptr [bp + 0x2c6] 0x12f57: int 0x21 0x12f59: xchg ax, bx 0x12f5a: call 0x12fdb 0x12f5d: mov ax, word ptr cs:[bp + 0x2c2] 0x12f62: mov cx, word ptr cs:[bp + 0x237] 0x12f67: add cx, 0x1a8 0x12f6b: cmp ax, cx 0x12f6d: je 0x12fb1 0x12f6f: xor al, al 0x12f71: xor dx, dx
2018-12-25T12:55:03.65452491Z	78	PC: 12f4e | Find first file
2018-12-25T12:55:03.661574712Z	61	PC: 12f59 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:03.669287339Z	63	PC: 12fe8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:03.677085652Z	66	PC: 12fc6 | Move file pointer
2018-12-25T12:55:03.678965813Z	63	PC: 12fe8 | Read file or device (See above)
2018-12-25T12:55:03.682137229Z	66	PC: 12fc6 | Move file pointer (See above)
2018-12-25T12:55:03.684743311Z	64	PC: 12fda | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:55:03.686716587Z	66	PC: 12fc6 | Move file pointer (See above)
2018-12-25T12:55:03.687933336Z	64	PC: 12fa1 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:55:03.690138983Z	66	PC: 12fc6 | Move file pointer (See above)
2018-12-25T12:55:03.691500807Z	64	PC: 13042 | Write file or device (Write 421 bytes on handle 5)
2018-12-25T12:55:03.702584876Z	62	PC: 12fb5 | Close file
2018-12-25T12:55:03.709392959Z	79	PC: 12f4e | Find next file (See above)
2018-12-25T12:55:03.711782212Z	61	PC: 12f59 | Open file (See above)
2018-12-25T12:55:03.71742118Z	63	PC: 12fe8 | Read file or device (See above)
2018-12-25T12:55:03.740400499Z	66	PC: 12fc6 | Move file pointer (See above)
2018-12-25T12:55:03.742703625Z	63	PC: 12fe8 | Read file or device (See above)
2018-12-25T12:55:03.745540351Z	66	PC: 12fc6 | Move file pointer (See above)
2018-12-25T12:55:03.74700152Z	64	PC: 12fda | Write file or device (See above)
2018-12-25T12:55:03.75049377Z	66	PC: 12fc6 | Move file pointer (See above)
2018-12-25T12:55:03.751959276Z	64	PC: 12fa1 | Write file or device (See above)
2018-12-25T12:55:03.755037884Z	66	PC: 12fc6 | Move file pointer (See above)
2018-12-25T12:55:03.760598952Z	64	PC: 13042 | Write file or device (See above)
2018-12-25T12:55:03.763782734Z	62	PC: 12faf | Close file
2018-12-25T12:55:03.772545326Z	26	PC: 12fbf | Set disk transfer address
2018-12-25T12:55:03.775337507Z	9	PC: 12e37 | Display string (String= ' Stoned virus Remover 2.10 (c)1990 David Tinker. Public Domain. ')
2018-12-25T12:55:03.784655298Z	9	PC: 12e2c | Display string (Could not find end pointer)
2018-12-25T12:55:03.791853768Z	9	PC: 12e69 | Display string (String= 'Checking drive A: ')
2018-12-25T12:55:03.79862898Z	9	PC: 12efa | Display string (String= 'Stoned virus not found on disk ')
2018-12-25T12:55:03.803947676Z	9	PC: 12e69 | Display string (See above)
2018-12-25T12:55:03.808795304Z	9	PC: 12e84 | Display string (String= 'Error reading disk ')
2018-12-25T12:55:03.813578393Z	9	PC: 12e69 | Display string (See above)
2018-12-25T12:55:03.828532069Z	9	PC: 12efa | Display string (See above)
2018-12-25T12:55:03.835014467Z	76	PC: 12f16 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17150,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:04.72597194Z	26	PC: 12f37 | Set disk transfer address
2018-12-25T12:55:04.727548262Z	42	PC: 12f3b | Get date 0x12f3b: cmp dx, 0x801 0x12f3f: jne 0x12f44 0x12f41: call 0x12fe9 0x12f44: mov ah, 0x4e 0x12f46: xor cx, cx 0x12f48: lea dx, word ptr [bp + 0x230] 0x12f4c: int 0x21 0x12f4e: jb 0x12fb9 0x12f50: mov ax, 0x3d02 0x12f53: lea dx, word ptr [bp + 0x2c6] 0x12f57: int 0x21 0x12f59: xchg ax, bx 0x12f5a: call 0x12fdb 0x12f5d: mov ax, word ptr cs:[bp + 0x2c2] 0x12f62: mov cx, word ptr cs:[bp + 0x237] 0x12f67: add cx, 0x1a8 0x12f6b: cmp ax, cx 0x12f6d: je 0x12fb1 0x12f6f: xor al, al 0x12f71: xor dx, dx
2018-12-25T12:55:04.731773524Z	9	PC: 1300b | Display string (String= '** Today Is The Birthday Of The Phantom Programmer! **')
2018-12-25T12:55:04.735984305Z	9	PC: 13021 | Display string (String= ' --- Files Infected by the Destructor Virus ! ---')
2018-12-25T12:55:04.740459225Z	8	PC: 1302c | Console input without echo