Sample viewer

vx.netlux.org/Virus.DOS.VCL.Erin.407

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:12:36.469327823Z 26 PC: 12bb7 | Set disk transfer address
2018-12-17T23:12:36.471301354Z 78 PC: 12bc2 | Find first file
2018-12-17T23:12:36.477469912Z 61 PC: 12bd0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:12:36.486006239Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:36.49117462Z 66 PC: 12bfc | Move file pointer
2018-12-17T23:12:36.492886565Z 64 PC: 12c07 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:36.494983004Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:12:36.496216983Z 64 PC: 12c1b | Write file or device (Write 407 bytes on handle 5)
2018-12-17T23:12:36.508918431Z 62 PC: 12c1f | Close file
2018-12-17T23:12:36.518957952Z 79 PC: 12bc2 | Find next file
2018-12-17T23:12:36.522641067Z 61 PC: 12bd0 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:12:36.531572997Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:36.540404918Z 66 PC: 12bfc | Move file pointer
2018-12-17T23:12:36.54283398Z 64 PC: 12c07 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:36.546327626Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:12:36.559769959Z 64 PC: 12c1b | Write file or device (Write 407 bytes on handle 5)
2018-12-17T23:12:36.564105764Z 62 PC: 12c1f | Close file
2018-12-17T23:12:36.573567648Z 79 PC: 12bc2 | Find next file
2018-12-17T23:12:36.576987991Z 61 PC: 12bd0 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:12:36.585757697Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:36.593269739Z 66 PC: 12bfc | Move file pointer
2018-12-17T23:12:36.595199901Z 64 PC: 12c07 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:36.599994908Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:12:36.602075987Z 64 PC: 12c1b | Write file or device (Write 407 bytes on handle 5)
2018-12-17T23:12:36.605445435Z 62 PC: 12c1f | Close file
2018-12-17T23:12:36.615739521Z 79 PC: 12bc2 | Find next file
2018-12-17T23:12:36.619410097Z 61 PC: 12bd0 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:12:36.627073975Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:36.636354984Z 66 PC: 12bfc | Move file pointer
2018-12-17T23:12:36.638071645Z 64 PC: 12c07 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:36.643777206Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:12:36.645904886Z 64 PC: 12c1b | Write file or device (Write 407 bytes on handle 5)
2018-12-17T23:12:36.650094083Z 62 PC: 12c1f | Close file
2018-12-17T23:12:36.65879364Z 79 PC: 12bc2 | Find next file
2018-12-17T23:12:36.661821285Z 61 PC: 12bd0 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:12:36.670008643Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:36.686028393Z 66 PC: 12bfc | Move file pointer
2018-12-17T23:12:36.688984965Z 64 PC: 12c07 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:36.693526573Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:12:36.695232928Z 64 PC: 12c1b | Write file or device (Write 407 bytes on handle 5)
2018-12-17T23:12:36.699209914Z 62 PC: 12c1f | Close file
2018-12-17T23:12:36.709316195Z 79 PC: 12bc2 | Find next file
2018-12-17T23:12:36.712998807Z 61 PC: 12bd0 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:12:36.720716915Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:36.72903188Z 66 PC: 12bfc | Move file pointer
2018-12-17T23:12:36.730882397Z 64 PC: 12c07 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:36.733748088Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:12:36.735335529Z 64 PC: 12c1b | Write file or device (Write 407 bytes on handle 5)
2018-12-17T23:12:36.744403567Z 62 PC: 12c1f | Close file
2018-12-17T23:12:36.753365467Z 79 PC: 12bc2 | Find next file
2018-12-17T23:12:36.756154006Z 61 PC: 12bd0 | Open file (Filename = 'PAH.COM')
2018-12-17T23:12:36.764132607Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:36.771149899Z 66 PC: 12bfc | Move file pointer
2018-12-17T23:12:36.772510768Z 64 PC: 12c07 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:36.776831583Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:12:36.778249637Z 64 PC: 12c1b | Write file or device (Write 407 bytes on handle 5)
2018-12-17T23:12:36.781039442Z 62 PC: 12c1f | Close file
2018-12-17T23:12:36.790351424Z 79 PC: 12bc2 | Find next file
2018-12-17T23:12:36.79311037Z 61 PC: 12bd0 | Open file (Filename = 'TEST.COM')
2018-12-17T23:12:36.800186949Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:36.803465833Z 62 PC: 12c1f | Close file
2018-12-17T23:12:36.805401668Z 79 PC: 12bc2 | Find next file
2018-12-17T23:12:36.808009984Z 9 PC: 12c2b | Display string (String= '[Erin-X] (c) 1998 ')
2018-12-17T23:12:36.813259917Z 59 PC: 12c33 | Change current directory
2018-12-17T23:12:36.815327071Z 42 PC: 12c3a | Get date 0x12c3a: cmp dl, 0x1e
0x12c3d: jne 0x12c51
0x12c3f: mov ah, 9
0x12c41: lea dx, word ptr [bp + 0x22c]
0x12c45: int 0x21
0x12c47: mov ah, 0x39
0x12c49: lea dx, word ptr [bp + 0x282]
0x12c4d: int 0x21
0x12c4f: jmp 0x12c51
0x12c51: mov dx, 0x80
0x12c54: mov ah, 0x1a
0x12c56: int 0x21
0x12c58: ret
0x12c59: sub ch, byte ptr [0x6f63]
0x12c5d: insw word ptr es:[di], dx
0x12c5e: add cl, ch
0x12c60: dec dx
0x12c61: add cx, bp
0x12c63: sbb al, byte ptr [bx + si]
0x12c65: add word ptr [bx], di
2018-12-17T23:12:36.817827368Z 26 PC: 12c58 | Set disk transfer address
2018-12-17T23:12:36.820063735Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:12:36.826870767Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17572,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:05.396932343Z 26 PC: 12bb7 | Set disk transfer address
2018-12-25T12:56:05.398439511Z 78 PC: 12bc2 | Find first file
2018-12-25T12:56:05.40500596Z 61 PC: 12bd0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:05.411202891Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:56:05.417569156Z 66 PC: 12bfc | Move file pointer
2018-12-25T12:56:05.418874376Z 64 PC: 12c07 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:56:05.422260805Z 66 PC: 12c10 | Move file pointer
2018-12-25T12:56:05.42373691Z 64 PC: 12c1b | Write file or device (Write 407 bytes on handle 5)
2018-12-25T12:56:06.919108903Z 62 PC: 12c1f | Close file
2018-12-25T12:56:07.073160111Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.076207103Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.082992996Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.08911507Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.09034498Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.093329792Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.094574118Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.09701185Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.276550997Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.279069641Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.285306797Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.292127337Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.293514078Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.296114366Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.297996515Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.300479813Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.325984853Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.328646025Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.333547074Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.33777829Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.339244203Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.34114224Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.342298593Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.344695098Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.363586506Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.365332719Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.37000226Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.37446233Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.375342412Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.37742386Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.378540307Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.380407224Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.403946589Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.405750927Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.410033431Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.414294165Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.415485532Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.417257181Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.418642252Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.435198322Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.460127436Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.463173217Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.469353488Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.475366153Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.47691474Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.479382204Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.480626234Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.483451972Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.524922478Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.5273013Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.53377023Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.536115629Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.53762865Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.541102203Z 9 PC: 12c2b | Display string (String= '[Erin-X] (c) 1998 ')
2018-12-25T12:56:07.544845697Z 59 PC: 12c33 | Change current directory
2018-12-25T12:56:07.546455157Z 42 PC: 12c3a | Get date 0x12c3a: cmp dl, 0x1e
0x12c3d: jne 0x12c51
0x12c3f: mov ah, 9
0x12c41: lea dx, word ptr [bp + 0x22c]
0x12c45: int 0x21
0x12c47: mov ah, 0x39
0x12c49: lea dx, word ptr [bp + 0x282]
0x12c4d: int 0x21
0x12c4f: jmp 0x12c51
0x12c51: mov dx, 0x80
0x12c54: mov ah, 0x1a
0x12c56: int 0x21
0x12c58: ret
0x12c59: sub ch, byte ptr [0x6f63]
0x12c5d: insw word ptr es:[di], dx
0x12c5e: add cl, ch
0x12c60: dec dx
0x12c61: add cx, bp
0x12c63: sbb al, byte ptr [bx + si]
0x12c65: add word ptr [bx], di
2018-12-25T12:56:07.548818695Z 26 PC: 12c58 | Set disk transfer address
2018-12-25T12:56:07.549816974Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:07.554980274Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":30,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17572,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:05.580143288Z 26 PC: 12bb7 | Set disk transfer address
2018-12-25T12:56:05.582841117Z 78 PC: 12bc2 | Find first file
2018-12-25T12:56:05.590431138Z 61 PC: 12bd0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:05.598147055Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:56:05.60563567Z 66 PC: 12bfc | Move file pointer
2018-12-25T12:56:05.610794682Z 64 PC: 12c07 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:56:05.614175393Z 66 PC: 12c10 | Move file pointer
2018-12-25T12:56:05.616159103Z 64 PC: 12c1b | Write file or device (Write 407 bytes on handle 5)
2018-12-25T12:56:05.632925672Z 62 PC: 12c1f | Close file
2018-12-25T12:56:05.642365645Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.645857838Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.659913116Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.667629873Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.669172072Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.672208139Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.674577085Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.677500866Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.685923922Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.689344986Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.696707763Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.704271208Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.706486682Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.709443456Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.711185038Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.727910724Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.737174238Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.740408733Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.750132987Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.757858506Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.759481079Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.762802808Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.773624652Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.777356397Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.791823914Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.795203782Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.803060419Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.810456814Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.813447428Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.817163769Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.819212335Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.823441281Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.832359427Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.835415073Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.843559759Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.850746756Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.853127681Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.856688668Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.863175745Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.872466735Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.881747584Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.886598609Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.894183895Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.901613252Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.903979583Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.907188844Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.909088329Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.913361068Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.920261058Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.922534407Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.928347539Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.931191481Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.932668445Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.935042017Z 9 PC: 12c2b | Display string (String= '[Erin-X] (c) 1998 ')
2018-12-25T12:56:05.937708392Z 59 PC: 12c33 | Change current directory
2018-12-25T12:56:05.939575535Z 42 PC: 12c3a | Get date 0x12c3a: cmp dl, 0x1e
0x12c3d: jne 0x12c51
0x12c3f: mov ah, 9
0x12c41: lea dx, word ptr [bp + 0x22c]
0x12c45: int 0x21
0x12c47: mov ah, 0x39
0x12c49: lea dx, word ptr [bp + 0x282]
0x12c4d: int 0x21
0x12c4f: jmp 0x12c51
0x12c51: mov dx, 0x80
0x12c54: mov ah, 0x1a
0x12c56: int 0x21
0x12c58: ret
0x12c59: sub ch, byte ptr [0x6f63]
0x12c5d: insw word ptr es:[di], dx
0x12c5e: add cl, ch
0x12c60: dec dx
0x12c61: add cx, bp
0x12c63: sbb al, byte ptr [bx + si]
0x12c65: add word ptr [bx], di
2018-12-25T12:56:05.94128067Z 9 PC: 12c47 | Display string (String= 'YOUR PC HAS BEEN INFECTED WITH THE ERIN-X VIRUS FOR AWHILE ')
2018-12-25T12:56:05.94530831Z 57 PC: 12c4f | Create subdirectory
2018-12-25T12:56:05.953208869Z 26 PC: 12c58 | Set disk transfer address
2018-12-25T12:56:05.954163326Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:05.959280931Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17572,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:05.616928176Z 26 PC: 12bb7 | Set disk transfer address
2018-12-25T12:56:05.619594779Z 78 PC: 12bc2 | Find first file
2018-12-25T12:56:05.626560533Z 61 PC: 12bd0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:05.63511631Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:56:05.642458367Z 66 PC: 12bfc | Move file pointer
2018-12-25T12:56:05.645248261Z 64 PC: 12c07 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:56:05.648655888Z 66 PC: 12c10 | Move file pointer
2018-12-25T12:56:05.650597197Z 64 PC: 12c1b | Write file or device (Write 407 bytes on handle 5)
2018-12-25T12:56:05.666857559Z 62 PC: 12c1f | Close file
2018-12-25T12:56:05.676060609Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.67919626Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.687404747Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.695369462Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.69694516Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.705088996Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.707042512Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.710197714Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.717276105Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.719351717Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.724208905Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.729486227Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.731351798Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.734023743Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.735924796Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.740458234Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.749025529Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.752520935Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.761090973Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.769316453Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.771570358Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.776327962Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.778247449Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.782743204Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.792358672Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.796770543Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.804671062Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.812218365Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.814977391Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.818444505Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.820487165Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.824198633Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.832944392Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.835976228Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.844156508Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.852280699Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.854393095Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.858350298Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.861486036Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.870871339Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.880852563Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.884126128Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.891918422Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.899762727Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:05.902385959Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:05.90579689Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:05.90780631Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:05.91171209Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.921143962Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.924076509Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:05.932803401Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:05.936093539Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:05.938469219Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:05.942431383Z 9 PC: 12c2b | Display string (String= '[Erin-X] (c) 1998 ')
2018-12-25T12:56:05.947631476Z 59 PC: 12c33 | Change current directory
2018-12-25T12:56:05.949986037Z 42 PC: 12c3a | Get date 0x12c3a: cmp dl, 0x1e
0x12c3d: jne 0x12c51
0x12c3f: mov ah, 9
0x12c41: lea dx, word ptr [bp + 0x22c]
0x12c45: int 0x21
0x12c47: mov ah, 0x39
0x12c49: lea dx, word ptr [bp + 0x282]
0x12c4d: int 0x21
0x12c4f: jmp 0x12c51
0x12c51: mov dx, 0x80
0x12c54: mov ah, 0x1a
0x12c56: int 0x21
0x12c58: ret
0x12c59: sub ch, byte ptr [0x6f63]
0x12c5d: insw word ptr es:[di], dx
0x12c5e: add cl, ch
0x12c60: dec dx
0x12c61: add cx, bp
0x12c63: sbb al, byte ptr [bx + si]
0x12c65: add word ptr [bx], di
2018-12-25T12:56:05.953554514Z 26 PC: 12c58 | Set disk transfer address
2018-12-25T12:56:05.955430047Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:05.961817719Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":30,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17572,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:07.363808743Z 26 PC: 12bb7 | Set disk transfer address
2018-12-25T12:56:07.365630703Z 78 PC: 12bc2 | Find first file
2018-12-25T12:56:07.372472496Z 61 PC: 12bd0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:56:07.379954719Z 63 PC: 12bdc | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:56:07.38696459Z 66 PC: 12bfc | Move file pointer
2018-12-25T12:56:07.389571796Z 64 PC: 12c07 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:56:07.393679454Z 66 PC: 12c10 | Move file pointer
2018-12-25T12:56:07.395572983Z 64 PC: 12c1b | Write file or device (Write 407 bytes on handle 5)
2018-12-25T12:56:07.410818491Z 62 PC: 12c1f | Close file
2018-12-25T12:56:07.420290559Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.423701968Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.433362554Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.440679226Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.442520538Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.446831817Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.44848288Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.451467471Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.460334535Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.463620482Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.471859687Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.479190492Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.481123975Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.4845159Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.485938622Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.489898122Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.498654736Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.501531249Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.510084938Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.517187656Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.518754815Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.522357105Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.5239227Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.526783231Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.536262201Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.5392301Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.546748389Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.554721238Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.559449313Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.562943997Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.565181425Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.56923428Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.577823761Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.580154029Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.584933716Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.592733442Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.593759266Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.596331764Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.59770725Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.607021497Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.616403776Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.62072517Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.628413134Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.636320566Z 66 PC: 12bfc | Move file pointer (See above)
2018-12-25T12:56:07.637904228Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:56:07.640822339Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:56:07.643044106Z 64 PC: 12c1b | Write file or device (See above)
2018-12-25T12:56:07.64619494Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.654663777Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.657266347Z 61 PC: 12bd0 | Open file (See above)
2018-12-25T12:56:07.665214003Z 63 PC: 12bdc | Read file or device (See above)
2018-12-25T12:56:07.667924832Z 62 PC: 12c1f | Close file (See above)
2018-12-25T12:56:07.669722222Z 79 PC: 12bc2 | Find next file (See above)
2018-12-25T12:56:07.672593966Z 9 PC: 12c2b | Display string (String= '[Erin-X] (c) 1998 ')
2018-12-25T12:56:07.677067391Z 59 PC: 12c33 | Change current directory
2018-12-25T12:56:07.679096874Z 42 PC: 12c3a | Get date 0x12c3a: cmp dl, 0x1e
0x12c3d: jne 0x12c51
0x12c3f: mov ah, 9
0x12c41: lea dx, word ptr [bp + 0x22c]
0x12c45: int 0x21
0x12c47: mov ah, 0x39
0x12c49: lea dx, word ptr [bp + 0x282]
0x12c4d: int 0x21
0x12c4f: jmp 0x12c51
0x12c51: mov dx, 0x80
0x12c54: mov ah, 0x1a
0x12c56: int 0x21
0x12c58: ret
0x12c59: sub ch, byte ptr [0x6f63]
0x12c5d: insw word ptr es:[di], dx
0x12c5e: add cl, ch
0x12c60: dec dx
0x12c61: add cx, bp
0x12c63: sbb al, byte ptr [bx + si]
0x12c65: add word ptr [bx], di
2018-12-25T12:56:07.681931787Z 9 PC: 12c47 | Display string (String= 'YOUR PC HAS BEEN INFECTED WITH THE ERIN-X VIRUS FOR AWHILE ')
2018-12-25T12:56:07.688344621Z 57 PC: 12c4f | Create subdirectory
2018-12-25T12:56:07.699430796Z 26 PC: 12c58 | Set disk transfer address
2018-12-25T12:56:07.701191011Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:56:07.707143575Z 76 PC: 12a86 | Terminate with return code (Return code = '36')