Sample viewer

vx.netlux.org/Virus.DOS.AAV.8224

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:53:05.803092613Z 48 PC: 176c1 | Get DOS version
2018-12-17T21:53:05.805834257Z 42 PC: 176e9 | Get date 0x176e9: cmp cx, 0x7ca
0x176ed: jg 0x17717
0x176ef: mov byte ptr cs:[0x112], 0xff
0x176f5: call 0x17a08
0x176f8: cmp byte ptr cs:[0x110], 0
0x176fe: je 0x17717
0x17700: cmp byte ptr cs:[0x112], 0
0x17706: je 0x17717
0x17708: mov byte ptr cs:[0x114], 0
0x1770e: mov byte ptr cs:[0x115], 0xff
0x17714: call 0x1777c
0x17717: call 0x18880
0x1771a: jmp 0x1771e
0x1771c: nop
0x1771d: inc sp
0x1771e: cmp byte ptr cs:[0x10f], 0x4d
0x17724: jne 0x17753
0x17726: pop ds
0x17727: pop es
0x17728: mov sp, word ptr cs:[0x117]
2018-12-17T21:53:05.808197231Z 42 PC: 18887 | Get date 0x18887: cmp cx, 0x7ca
0x1888b: jb 0x188b8
0x1888d: cmp cx, 0x7ca
0x18891: jne 0x1889c
0x18893: mov ah, 0x2a
0x18895: int 0x21
0x18897: cmp dh, 5
0x1889a: jl 0x188b8
0x1889c: call 0x188b9
0x1889f: cmp byte ptr cs:[0x25d], 0
0x188a5: je 0x188b8
0x188a7: mov ah, 0x2c
0x188a9: int 0x21
0x188ab: cmp dh, 0x2d
0x188ae: jl 0x188b8
0x188b0: cmp cl, 0x1e
0x188b3: jl 0x188b8
0x188b5: call 0x1891f
0x188b8: ret
0x188b9: mov byte ptr cs:[0x25d], 0xff
2018-12-17T21:53:05.810447631Z 61 PC: 188c7 | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T21:53:05.818501068Z 66 PC: 188d6 | Move file pointer
2018-12-17T21:53:05.820796451Z 62 PC: 18900 | Close file
2018-12-17T21:53:05.823463965Z 44 PC: 188ab | Get time 0x188ab: cmp dh, 0x2d
0x188ae: jl 0x188b8
0x188b0: cmp cl, 0x1e
0x188b3: jl 0x188b8
0x188b5: call 0x1891f
0x188b8: ret
0x188b9: mov byte ptr cs:[0x25d], 0xff
0x188bf: mov dx, 0x13b
0x188c2: mov ax, 0x3d00
0x188c5: int 0x21
0x188c7: mov bx, ax
0x188c9: mov word ptr cs:[0x10d], ax
0x188cd: mov ax, 0x4202
0x188d0: xor cx, cx
0x188d2: mov dx, cx
0x188d4: int 0x21
0x188d6: add ax, 0x10
0x188d9: adc dx, 0
0x188dc: and ax, 0xfff0
0x188df: sub ax, word ptr cs:[0x241]
2018-12-17T21:53:05.827239992Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-17T21:53:05.828840278Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-17T21:53:05.830550188Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-17T21:53:05.833919837Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-17T21:53:05.835696733Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T21:53:05.837672968Z 48 PC: 13763 | Get DOS version
2018-12-17T21:53:05.841298563Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-17T21:53:05.85008938Z 64 PC: 139e5 | Write file or device (Write 9 bytes on handle 1)
2018-12-17T21:53:05.855021011Z 64 PC: 139e5 | Write file or device (Write 17 bytes on handle 1)
2018-12-17T21:53:05.863021198Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":45,"TimeBased":true,"OriginalID":323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:31.097266764Z 48 PC: 176c1 | Get DOS version
2018-12-25T11:40:31.098788893Z 42 PC: 176e9 | Get date 0x176e9: cmp cx, 0x7ca
0x176ed: jg 0x17717
0x176ef: mov byte ptr cs:[0x112], 0xff
0x176f5: call 0x17a08
0x176f8: cmp byte ptr cs:[0x110], 0
0x176fe: je 0x17717
0x17700: cmp byte ptr cs:[0x112], 0
0x17706: je 0x17717
0x17708: mov byte ptr cs:[0x114], 0
0x1770e: mov byte ptr cs:[0x115], 0xff
0x17714: call 0x1777c
0x17717: call 0x18880
0x1771a: jmp 0x1771e
0x1771c: nop
0x1771d: inc sp
0x1771e: cmp byte ptr cs:[0x10f], 0x4d
0x17724: jne 0x17753
0x17726: pop ds
0x17727: pop es
0x17728: mov sp, word ptr cs:[0x117]
2018-12-25T11:40:31.10086239Z 26 PC: 17a4c | Set disk transfer address
2018-12-25T11:40:31.102098822Z 78 PC: 17a5c | Find first file
2018-12-25T11:40:31.110148766Z 61 PC: 17ae4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:40:31.115749759Z 13 PC: 17aee | Disk reset
2018-12-25T11:40:31.117310411Z 63 PC: 17af8 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T11:40:31.922167854Z 87 PC: 17be4 | Get or set file date and time
2018-12-25T11:40:31.923595954Z 62 PC: 17bed | Close file
2018-12-25T11:40:32.181970669Z 42 PC: 18887 | Get date 0x18887: cmp cx, 0x7ca
0x1888b: jb 0x188b8
0x1888d: cmp cx, 0x7ca
0x18891: jne 0x1889c
0x18893: mov ah, 0x2a
0x18895: int 0x21
0x18897: cmp dh, 5
0x1889a: jl 0x188b8
0x1889c: call 0x188b9
0x1889f: cmp byte ptr cs:[0x25d], 0
0x188a5: je 0x188b8
0x188a7: mov ah, 0x2c
0x188a9: int 0x21
0x188ab: cmp dh, 0x2d
0x188ae: jl 0x188b8
0x188b0: cmp cl, 0x1e
0x188b3: jl 0x188b8
0x188b5: call 0x1891f
0x188b8: ret
0x188b9: mov byte ptr cs:[0x25d], 0xff
2018-12-25T11:40:32.184866608Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T11:40:32.186170621Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.189088267Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T11:40:32.190738564Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.191974491Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:40:32.1940511Z 48 PC: 13763 | Get DOS version
2018-12-25T11:40:32.196114972Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T11:40:32.202968079Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.20759641Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.212248583Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":45,"TimeBased":true,"OriginalID":323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:31.286306909Z 48 PC: 176c1 | Get DOS version
2018-12-25T11:40:31.288072686Z 42 PC: 176e9 | Get date 0x176e9: cmp cx, 0x7ca
0x176ed: jg 0x17717
0x176ef: mov byte ptr cs:[0x112], 0xff
0x176f5: call 0x17a08
0x176f8: cmp byte ptr cs:[0x110], 0
0x176fe: je 0x17717
0x17700: cmp byte ptr cs:[0x112], 0
0x17706: je 0x17717
0x17708: mov byte ptr cs:[0x114], 0
0x1770e: mov byte ptr cs:[0x115], 0xff
0x17714: call 0x1777c
0x17717: call 0x18880
0x1771a: jmp 0x1771e
0x1771c: nop
0x1771d: inc sp
0x1771e: cmp byte ptr cs:[0x10f], 0x4d
0x17724: jne 0x17753
0x17726: pop ds
0x17727: pop es
0x17728: mov sp, word ptr cs:[0x117]
2018-12-25T11:40:31.290101569Z 26 PC: 17a4c | Set disk transfer address
2018-12-25T11:40:31.292511475Z 78 PC: 17a5c | Find first file
2018-12-25T11:40:31.300824891Z 61 PC: 17ae4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:40:31.306598Z 13 PC: 17aee | Disk reset
2018-12-25T11:40:31.308105669Z 63 PC: 17af8 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T11:40:31.922984277Z 87 PC: 17be4 | Get or set file date and time
2018-12-25T11:40:31.924681547Z 62 PC: 17bed | Close file
2018-12-25T11:40:32.219406637Z 42 PC: 18887 | Get date 0x18887: cmp cx, 0x7ca
0x1888b: jb 0x188b8
0x1888d: cmp cx, 0x7ca
0x18891: jne 0x1889c
0x18893: mov ah, 0x2a
0x18895: int 0x21
0x18897: cmp dh, 5
0x1889a: jl 0x188b8
0x1889c: call 0x188b9
0x1889f: cmp byte ptr cs:[0x25d], 0
0x188a5: je 0x188b8
0x188a7: mov ah, 0x2c
0x188a9: int 0x21
0x188ab: cmp dh, 0x2d
0x188ae: jl 0x188b8
0x188b0: cmp cl, 0x1e
0x188b3: jl 0x188b8
0x188b5: call 0x1891f
0x188b8: ret
0x188b9: mov byte ptr cs:[0x25d], 0xff
2018-12-25T11:40:32.222115802Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T11:40:32.223251135Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.224376806Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T11:40:32.226190502Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.227544577Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:40:32.228760007Z 48 PC: 13763 | Get DOS version
2018-12-25T11:40:32.230890746Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T11:40:32.238261544Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.241025533Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.245746614Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":45,"TimeBased":true,"OriginalID":323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:31.516758454Z 48 PC: 176c1 | Get DOS version
2018-12-25T11:40:31.51822718Z 42 PC: 176e9 | Get date 0x176e9: cmp cx, 0x7ca
0x176ed: jg 0x17717
0x176ef: mov byte ptr cs:[0x112], 0xff
0x176f5: call 0x17a08
0x176f8: cmp byte ptr cs:[0x110], 0
0x176fe: je 0x17717
0x17700: cmp byte ptr cs:[0x112], 0
0x17706: je 0x17717
0x17708: mov byte ptr cs:[0x114], 0
0x1770e: mov byte ptr cs:[0x115], 0xff
0x17714: call 0x1777c
0x17717: call 0x18880
0x1771a: jmp 0x1771e
0x1771c: nop
0x1771d: inc sp
0x1771e: cmp byte ptr cs:[0x10f], 0x4d
0x17724: jne 0x17753
0x17726: pop ds
0x17727: pop es
0x17728: mov sp, word ptr cs:[0x117]
2018-12-25T11:40:31.520325615Z 26 PC: 17a4c | Set disk transfer address
2018-12-25T11:40:31.52144986Z 78 PC: 17a5c | Find first file
2018-12-25T11:40:31.529712922Z 61 PC: 17ae4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:40:31.53539573Z 13 PC: 17aee | Disk reset
2018-12-25T11:40:31.537071105Z 63 PC: 17af8 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T11:40:32.395308192Z 87 PC: 17be4 | Get or set file date and time
2018-12-25T11:40:32.396619542Z 62 PC: 17bed | Close file
2018-12-25T11:40:32.401835528Z 42 PC: 18887 | Get date 0x18887: cmp cx, 0x7ca
0x1888b: jb 0x188b8
0x1888d: cmp cx, 0x7ca
0x18891: jne 0x1889c
0x18893: mov ah, 0x2a
0x18895: int 0x21
0x18897: cmp dh, 5
0x1889a: jl 0x188b8
0x1889c: call 0x188b9
0x1889f: cmp byte ptr cs:[0x25d], 0
0x188a5: je 0x188b8
0x188a7: mov ah, 0x2c
0x188a9: int 0x21
0x188ab: cmp dh, 0x2d
0x188ae: jl 0x188b8
0x188b0: cmp cl, 0x1e
0x188b3: jl 0x188b8
0x188b5: call 0x1891f
0x188b8: ret
0x188b9: mov byte ptr cs:[0x25d], 0xff
2018-12-25T11:40:32.403880142Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T11:40:32.404765632Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.406209352Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T11:40:32.407578053Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.408433344Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:40:32.409483572Z 48 PC: 13763 | Get DOS version
2018-12-25T11:40:32.411245557Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T11:40:32.41789394Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.420773066Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.425345544Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":30,"Second":45,"TimeBased":true,"OriginalID":323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:31.694810373Z 48 PC: 176c1 | Get DOS version
2018-12-25T11:40:31.699385194Z 42 PC: 176e9 | Get date 0x176e9: cmp cx, 0x7ca
0x176ed: jg 0x17717
0x176ef: mov byte ptr cs:[0x112], 0xff
0x176f5: call 0x17a08
0x176f8: cmp byte ptr cs:[0x110], 0
0x176fe: je 0x17717
0x17700: cmp byte ptr cs:[0x112], 0
0x17706: je 0x17717
0x17708: mov byte ptr cs:[0x114], 0
0x1770e: mov byte ptr cs:[0x115], 0xff
0x17714: call 0x1777c
0x17717: call 0x18880
0x1771a: jmp 0x1771e
0x1771c: nop
0x1771d: inc sp
0x1771e: cmp byte ptr cs:[0x10f], 0x4d
0x17724: jne 0x17753
0x17726: pop ds
0x17727: pop es
0x17728: mov sp, word ptr cs:[0x117]
2018-12-25T11:40:31.701421586Z 26 PC: 17a4c | Set disk transfer address
2018-12-25T11:40:31.702273735Z 78 PC: 17a5c | Find first file
2018-12-25T11:40:31.710754243Z 61 PC: 17ae4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:40:31.71667028Z 13 PC: 17aee | Disk reset
2018-12-25T11:40:31.717985384Z 63 PC: 17af8 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T11:40:32.39576819Z 87 PC: 17be4 | Get or set file date and time
2018-12-25T11:40:32.397289056Z 62 PC: 17bed | Close file
2018-12-25T11:40:32.403778281Z 42 PC: 18887 | Get date 0x18887: cmp cx, 0x7ca
0x1888b: jb 0x188b8
0x1888d: cmp cx, 0x7ca
0x18891: jne 0x1889c
0x18893: mov ah, 0x2a
0x18895: int 0x21
0x18897: cmp dh, 5
0x1889a: jl 0x188b8
0x1889c: call 0x188b9
0x1889f: cmp byte ptr cs:[0x25d], 0
0x188a5: je 0x188b8
0x188a7: mov ah, 0x2c
0x188a9: int 0x21
0x188ab: cmp dh, 0x2d
0x188ae: jl 0x188b8
0x188b0: cmp cl, 0x1e
0x188b3: jl 0x188b8
0x188b5: call 0x1891f
0x188b8: ret
0x188b9: mov byte ptr cs:[0x25d], 0xff
2018-12-25T11:40:32.41011422Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T11:40:32.411374165Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.412494829Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T11:40:32.414131956Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.415292502Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:40:32.416649291Z 48 PC: 13763 | Get DOS version
2018-12-25T11:40:32.418501557Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T11:40:32.423015636Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.424871323Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.427906908Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":30,"Second":45,"TimeBased":true,"OriginalID":323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:31.713167135Z 48 PC: 176c1 | Get DOS version
2018-12-25T11:40:31.715625243Z 42 PC: 176e9 | Get date 0x176e9: cmp cx, 0x7ca
0x176ed: jg 0x17717
0x176ef: mov byte ptr cs:[0x112], 0xff
0x176f5: call 0x17a08
0x176f8: cmp byte ptr cs:[0x110], 0
0x176fe: je 0x17717
0x17700: cmp byte ptr cs:[0x112], 0
0x17706: je 0x17717
0x17708: mov byte ptr cs:[0x114], 0
0x1770e: mov byte ptr cs:[0x115], 0xff
0x17714: call 0x1777c
0x17717: call 0x18880
0x1771a: jmp 0x1771e
0x1771c: nop
0x1771d: inc sp
0x1771e: cmp byte ptr cs:[0x10f], 0x4d
0x17724: jne 0x17753
0x17726: pop ds
0x17727: pop es
0x17728: mov sp, word ptr cs:[0x117]
2018-12-25T11:40:31.718630949Z 26 PC: 17a4c | Set disk transfer address
2018-12-25T11:40:31.720295673Z 78 PC: 17a5c | Find first file
2018-12-25T11:40:31.73087203Z 61 PC: 17ae4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:40:31.738126937Z 13 PC: 17aee | Disk reset
2018-12-25T11:40:31.74025757Z 63 PC: 17af8 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T11:40:32.421301552Z 87 PC: 17be4 | Get or set file date and time
2018-12-25T11:40:32.424133347Z 62 PC: 17bed | Close file
2018-12-25T11:40:32.436943766Z 42 PC: 18887 | Get date 0x18887: cmp cx, 0x7ca
0x1888b: jb 0x188b8
0x1888d: cmp cx, 0x7ca
0x18891: jne 0x1889c
0x18893: mov ah, 0x2a
0x18895: int 0x21
0x18897: cmp dh, 5
0x1889a: jl 0x188b8
0x1889c: call 0x188b9
0x1889f: cmp byte ptr cs:[0x25d], 0
0x188a5: je 0x188b8
0x188a7: mov ah, 0x2c
0x188a9: int 0x21
0x188ab: cmp dh, 0x2d
0x188ae: jl 0x188b8
0x188b0: cmp cl, 0x1e
0x188b3: jl 0x188b8
0x188b5: call 0x1891f
0x188b8: ret
0x188b9: mov byte ptr cs:[0x25d], 0xff
2018-12-25T11:40:32.440482474Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T11:40:32.443244056Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.444766884Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T11:40:32.446563997Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.452582931Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:40:32.454744401Z 48 PC: 13763 | Get DOS version
2018-12-25T11:40:32.456655035Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T11:40:32.465638478Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.469042559Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.474269546Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":30,"Second":45,"TimeBased":true,"OriginalID":323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:31.944571669Z 48 PC: 176c1 | Get DOS version
2018-12-25T11:40:31.960687713Z 42 PC: 176e9 | Get date 0x176e9: cmp cx, 0x7ca
0x176ed: jg 0x17717
0x176ef: mov byte ptr cs:[0x112], 0xff
0x176f5: call 0x17a08
0x176f8: cmp byte ptr cs:[0x110], 0
0x176fe: je 0x17717
0x17700: cmp byte ptr cs:[0x112], 0
0x17706: je 0x17717
0x17708: mov byte ptr cs:[0x114], 0
0x1770e: mov byte ptr cs:[0x115], 0xff
0x17714: call 0x1777c
0x17717: call 0x18880
0x1771a: jmp 0x1771e
0x1771c: nop
0x1771d: inc sp
0x1771e: cmp byte ptr cs:[0x10f], 0x4d
0x17724: jne 0x17753
0x17726: pop ds
0x17727: pop es
0x17728: mov sp, word ptr cs:[0x117]
2018-12-25T11:40:31.963150684Z 26 PC: 17a4c | Set disk transfer address
2018-12-25T11:40:31.964274194Z 78 PC: 17a5c | Find first file
2018-12-25T11:40:31.974145289Z 61 PC: 17ae4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:40:31.980736227Z 13 PC: 17aee | Disk reset
2018-12-25T11:40:31.982250433Z 63 PC: 17af8 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T11:40:32.421203059Z 87 PC: 17be4 | Get or set file date and time
2018-12-25T11:40:32.423455218Z 62 PC: 17bed | Close file
2018-12-25T11:40:32.432173537Z 42 PC: 18887 | Get date 0x18887: cmp cx, 0x7ca
0x1888b: jb 0x188b8
0x1888d: cmp cx, 0x7ca
0x18891: jne 0x1889c
0x18893: mov ah, 0x2a
0x18895: int 0x21
0x18897: cmp dh, 5
0x1889a: jl 0x188b8
0x1889c: call 0x188b9
0x1889f: cmp byte ptr cs:[0x25d], 0
0x188a5: je 0x188b8
0x188a7: mov ah, 0x2c
0x188a9: int 0x21
0x188ab: cmp dh, 0x2d
0x188ae: jl 0x188b8
0x188b0: cmp cl, 0x1e
0x188b3: jl 0x188b8
0x188b5: call 0x1891f
0x188b8: ret
0x188b9: mov byte ptr cs:[0x25d], 0xff
2018-12-25T11:40:32.435815042Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T11:40:32.437788498Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.439719191Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T11:40:32.441911543Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T11:40:32.443846141Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:40:32.445396339Z 48 PC: 13763 | Get DOS version
2018-12-25T11:40:32.447054007Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T11:40:32.454385529Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.456628176Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:32.459869727Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:37.256624671Z 48 PC: 176c1 | Get DOS version
2018-12-25T11:40:37.258536611Z 42 PC: 176e9 | Get date 0x176e9: cmp cx, 0x7ca
0x176ed: jg 0x17717
0x176ef: mov byte ptr cs:[0x112], 0xff
0x176f5: call 0x17a08
0x176f8: cmp byte ptr cs:[0x110], 0
0x176fe: je 0x17717
0x17700: cmp byte ptr cs:[0x112], 0
0x17706: je 0x17717
0x17708: mov byte ptr cs:[0x114], 0
0x1770e: mov byte ptr cs:[0x115], 0xff
0x17714: call 0x1777c
0x17717: call 0x18880
0x1771a: jmp 0x1771e
0x1771c: nop
0x1771d: inc sp
0x1771e: cmp byte ptr cs:[0x10f], 0x4d
0x17724: jne 0x17753
0x17726: pop ds
0x17727: pop es
0x17728: mov sp, word ptr cs:[0x117]
2018-12-25T11:40:37.26056135Z 26 PC: 17a4c | Set disk transfer address
2018-12-25T11:40:37.261527087Z 78 PC: 17a5c | Find first file
2018-12-25T11:40:37.270132363Z 61 PC: 17ae4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:40:37.276315571Z 13 PC: 17aee | Disk reset
2018-12-25T11:40:37.27779177Z 63 PC: 17af8 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T11:40:37.626610299Z 87 PC: 17be4 | Get or set file date and time
2018-12-25T11:40:37.627765314Z 62 PC: 17bed | Close file
2018-12-25T11:40:37.633086754Z 42 PC: 18887 | Get date 0x18887: cmp cx, 0x7ca
0x1888b: jb 0x188b8
0x1888d: cmp cx, 0x7ca
0x18891: jne 0x1889c
0x18893: mov ah, 0x2a
0x18895: int 0x21
0x18897: cmp dh, 5
0x1889a: jl 0x188b8
0x1889c: call 0x188b9
0x1889f: cmp byte ptr cs:[0x25d], 0
0x188a5: je 0x188b8
0x188a7: mov ah, 0x2c
0x188a9: int 0x21
0x188ab: cmp dh, 0x2d
0x188ae: jl 0x188b8
0x188b0: cmp cl, 0x1e
0x188b3: jl 0x188b8
0x188b5: call 0x1891f
0x188b8: ret
0x188b9: mov byte ptr cs:[0x25d], 0xff
2018-12-25T11:40:37.636458882Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T11:40:37.637506084Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T11:40:37.650930784Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T11:40:37.653184283Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T11:40:37.654495021Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:40:37.655905532Z 48 PC: 13763 | Get DOS version
2018-12-25T11:40:37.657931455Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T11:40:37.664713623Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:37.667601358Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:37.672831562Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:40.686764342Z 48 PC: 176c1 | Get DOS version
2018-12-25T11:40:40.688653317Z 42 PC: 176e9 | Get date 0x176e9: cmp cx, 0x7ca
0x176ed: jg 0x17717
0x176ef: mov byte ptr cs:[0x112], 0xff
0x176f5: call 0x17a08
0x176f8: cmp byte ptr cs:[0x110], 0
0x176fe: je 0x17717
0x17700: cmp byte ptr cs:[0x112], 0
0x17706: je 0x17717
0x17708: mov byte ptr cs:[0x114], 0
0x1770e: mov byte ptr cs:[0x115], 0xff
0x17714: call 0x1777c
0x17717: call 0x18880
0x1771a: jmp 0x1771e
0x1771c: nop
0x1771d: inc sp
0x1771e: cmp byte ptr cs:[0x10f], 0x4d
0x17724: jne 0x17753
0x17726: pop ds
0x17727: pop es
0x17728: mov sp, word ptr cs:[0x117]
2018-12-25T11:40:40.690730815Z 26 PC: 17a4c | Set disk transfer address
2018-12-25T11:40:40.691645917Z 78 PC: 17a5c | Find first file
2018-12-25T11:40:40.70041564Z 61 PC: 17ae4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:40:40.706116148Z 13 PC: 17aee | Disk reset
2018-12-25T11:40:40.707475822Z 63 PC: 17af8 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T11:40:41.353132176Z 87 PC: 17be4 | Get or set file date and time
2018-12-25T11:40:41.362929255Z 62 PC: 17bed | Close file
2018-12-25T11:40:41.368824814Z 42 PC: 18887 | Get date 0x18887: cmp cx, 0x7ca
0x1888b: jb 0x188b8
0x1888d: cmp cx, 0x7ca
0x18891: jne 0x1889c
0x18893: mov ah, 0x2a
0x18895: int 0x21
0x18897: cmp dh, 5
0x1889a: jl 0x188b8
0x1889c: call 0x188b9
0x1889f: cmp byte ptr cs:[0x25d], 0
0x188a5: je 0x188b8
0x188a7: mov ah, 0x2c
0x188a9: int 0x21
0x188ab: cmp dh, 0x2d
0x188ae: jl 0x188b8
0x188b0: cmp cl, 0x1e
0x188b3: jl 0x188b8
0x188b5: call 0x1891f
0x188b8: ret
0x188b9: mov byte ptr cs:[0x25d], 0xff
2018-12-25T11:40:41.371630175Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T11:40:41.372680971Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T11:40:41.37390679Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T11:40:41.375744451Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T11:40:41.376938251Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:40:41.37833767Z 48 PC: 13763 | Get DOS version
2018-12-25T11:40:41.380169688Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T11:40:41.386877014Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:41.389742216Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:41.394630624Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":323,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:40.713347532Z 48 PC: 176c1 | Get DOS version
2018-12-25T11:40:40.715373197Z 42 PC: 176e9 | Get date 0x176e9: cmp cx, 0x7ca
0x176ed: jg 0x17717
0x176ef: mov byte ptr cs:[0x112], 0xff
0x176f5: call 0x17a08
0x176f8: cmp byte ptr cs:[0x110], 0
0x176fe: je 0x17717
0x17700: cmp byte ptr cs:[0x112], 0
0x17706: je 0x17717
0x17708: mov byte ptr cs:[0x114], 0
0x1770e: mov byte ptr cs:[0x115], 0xff
0x17714: call 0x1777c
0x17717: call 0x18880
0x1771a: jmp 0x1771e
0x1771c: nop
0x1771d: inc sp
0x1771e: cmp byte ptr cs:[0x10f], 0x4d
0x17724: jne 0x17753
0x17726: pop ds
0x17727: pop es
0x17728: mov sp, word ptr cs:[0x117]
2018-12-25T11:40:40.717483632Z 26 PC: 17a4c | Set disk transfer address
2018-12-25T11:40:40.718903356Z 78 PC: 17a5c | Find first file
2018-12-25T11:40:40.727091115Z 61 PC: 17ae4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:40:40.732782793Z 13 PC: 17aee | Disk reset
2018-12-25T11:40:40.734468893Z 63 PC: 17af8 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T11:40:41.352254031Z 87 PC: 17be4 | Get or set file date and time
2018-12-25T11:40:41.353676012Z 62 PC: 17bed | Close file
2018-12-25T11:40:41.361494874Z 42 PC: 18887 | Get date 0x18887: cmp cx, 0x7ca
0x1888b: jb 0x188b8
0x1888d: cmp cx, 0x7ca
0x18891: jne 0x1889c
0x18893: mov ah, 0x2a
0x18895: int 0x21
0x18897: cmp dh, 5
0x1889a: jl 0x188b8
0x1889c: call 0x188b9
0x1889f: cmp byte ptr cs:[0x25d], 0
0x188a5: je 0x188b8
0x188a7: mov ah, 0x2c
0x188a9: int 0x21
0x188ab: cmp dh, 0x2d
0x188ae: jl 0x188b8
0x188b0: cmp cl, 0x1e
0x188b3: jl 0x188b8
0x188b5: call 0x1891f
0x188b8: ret
0x188b9: mov byte ptr cs:[0x25d], 0xff
2018-12-25T11:40:41.364231312Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T11:40:41.365391009Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T11:40:41.367343846Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T11:40:41.369355839Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T11:40:41.370559511Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:40:41.372214346Z 48 PC: 13763 | Get DOS version
2018-12-25T11:40:41.37425405Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T11:40:41.381614442Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:41.384511518Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T11:40:41.389078256Z 76 PC: 147f8 | Terminate with return code (Return code = '4')