Sample viewer

vx.netlux.org/Virus.DOS.Vein.1006.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:20:00.62073626Z 42 PC: 12e4a | Get date 0x12e4a: cmp dh, 8
0x12e4d: je 0x12e6c
0x12e4f: cmp dh, 2
0x12e52: je 0x12e64
0x12e54: cmp dh, 0xc
0x12e57: je 0x12e5c
0x12e59: jmp 0x12f63
0x12e5c: cmp dl, 0x19
0x12e5f: je 0x12e74
0x12e61: jmp 0x12f63
0x12e64: cmp dl, 3
0x12e67: je 0x12e78
0x12e69: jmp 0x12f63
0x12e6c: cmp dl, 0x12
0x12e6f: je 0x12e7c
0x12e71: jmp 0x12f63
0x12e74: push cs
0x12e75: call 0x12e80
0x12e78: push cs
0x12e79: call 0x12f34
2018-12-17T22:20:00.623292782Z 26 PC: 12f78 | Set disk transfer address
2018-12-17T22:20:00.624766301Z 78 PC: 12f83 | Find first file
2018-12-17T22:20:00.630563931Z 61 PC: 12f91 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:20:00.636705786Z 87 PC: 12f97 | Get or set file date and time
2018-12-17T22:20:00.638157167Z 87 PC: 13008 | Get or set file date and time
2018-12-17T22:20:00.639505649Z 62 PC: 1300c | Close file
2018-12-17T22:20:00.653586179Z 79 PC: 12f83 | Find next file
2018-12-17T22:20:00.656874525Z 61 PC: 12f91 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:20:00.663081737Z 87 PC: 12f97 | Get or set file date and time
2018-12-17T22:20:00.664379319Z 87 PC: 13008 | Get or set file date and time
2018-12-17T22:20:00.666335586Z 62 PC: 1300c | Close file
2018-12-17T22:20:00.675889059Z 79 PC: 12f83 | Find next file
2018-12-17T22:20:00.678396989Z 61 PC: 12f91 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:20:00.69022928Z 87 PC: 12f97 | Get or set file date and time
2018-12-17T22:20:00.691594738Z 87 PC: 13008 | Get or set file date and time
2018-12-17T22:20:00.69295753Z 62 PC: 1300c | Close file
2018-12-17T22:20:00.699929294Z 79 PC: 12f83 | Find next file
2018-12-17T22:20:00.702375699Z 61 PC: 12f91 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:20:00.708373543Z 87 PC: 12f97 | Get or set file date and time
2018-12-17T22:20:00.710002079Z 87 PC: 13008 | Get or set file date and time
2018-12-17T22:20:00.711663651Z 62 PC: 1300c | Close file
2018-12-17T22:20:00.718403205Z 79 PC: 12f83 | Find next file
2018-12-17T22:20:00.720952143Z 61 PC: 12f91 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:20:00.727536515Z 87 PC: 12f97 | Get or set file date and time
2018-12-17T22:20:00.728829986Z 87 PC: 13008 | Get or set file date and time
2018-12-17T22:20:00.730208124Z 62 PC: 1300c | Close file
2018-12-17T22:20:00.739302138Z 79 PC: 12f83 | Find next file
2018-12-17T22:20:00.741766947Z 61 PC: 12f91 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:20:00.753683045Z 87 PC: 12f97 | Get or set file date and time
2018-12-17T22:20:00.755947906Z 87 PC: 13008 | Get or set file date and time
2018-12-17T22:20:00.757349238Z 62 PC: 1300c | Close file
2018-12-17T22:20:00.763890531Z 79 PC: 12f83 | Find next file
2018-12-17T22:20:00.771542091Z 61 PC: 12f91 | Open file (Filename = 'PAH.COM')
2018-12-17T22:20:00.777983856Z 87 PC: 12f97 | Get or set file date and time
2018-12-17T22:20:00.779601156Z 87 PC: 13008 | Get or set file date and time
2018-12-17T22:20:00.782178588Z 62 PC: 1300c | Close file
2018-12-17T22:20:00.789167187Z 79 PC: 12f83 | Find next file
2018-12-17T22:20:00.79222994Z 61 PC: 12f91 | Open file (Filename = 'TEST.COM')
2018-12-17T22:20:00.799295433Z 87 PC: 12f97 | Get or set file date and time
2018-12-17T22:20:00.800963649Z 63 PC: 12fb7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:00.807317988Z 66 PC: 12fda | Move file pointer
2018-12-17T22:20:00.809780825Z 64 PC: 12fe5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:20:00.812465851Z 66 PC: 12fee | Move file pointer
2018-12-17T22:20:00.813930404Z 64 PC: 12ff9 | Write file or device (Write 1006 bytes on handle 5)
2018-12-17T22:20:00.823754067Z 87 PC: 13008 | Get or set file date and time
2018-12-17T22:20:00.827663357Z 62 PC: 1300c | Close file
2018-12-17T22:20:00.837785083Z 79 PC: 12f83 | Find next file
2018-12-17T22:20:00.840330765Z 26 PC: 13018 | Set disk transfer address
2018-12-17T22:20:00.841725941Z 26 PC: 13018 | Set disk transfer address
2018-12-17T22:20:00.842652285Z 26 PC: 13018 | Set disk transfer address
2018-12-17T22:20:00.843668143Z 26 PC: 13018 | Set disk transfer address
2018-12-17T22:20:00.844852882Z 26 PC: 13018 | Set disk transfer address
2018-12-17T22:20:00.845730624Z 26 PC: 13018 | Set disk transfer address
2018-12-17T22:20:00.846700313Z 26 PC: 13018 | Set disk transfer address
2018-12-17T22:20:00.848032186Z 26 PC: 13018 | Set disk transfer address
2018-12-17T22:20:00.84936372Z 26 PC: 13018 | Set disk transfer address
2018-12-17T22:20:00.850520231Z 9 PC: 12a47 | Display string (String= 'Bait File!  (C) 2001 Moutain Virus Research Labs M�llen AntiVirusGps!QbopjY ')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3462,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:14.550477693Z 42 PC: 12e4a | Get date 0x12e4a: cmp dh, 8
0x12e4d: je 0x12e6c
0x12e4f: cmp dh, 2
0x12e52: je 0x12e64
0x12e54: cmp dh, 0xc
0x12e57: je 0x12e5c
0x12e59: jmp 0x12f63
0x12e5c: cmp dl, 0x19
0x12e5f: je 0x12e74
0x12e61: jmp 0x12f63
0x12e64: cmp dl, 3
0x12e67: je 0x12e78
0x12e69: jmp 0x12f63
0x12e6c: cmp dl, 0x12
0x12e6f: je 0x12e7c
0x12e71: jmp 0x12f63
0x12e74: push cs
0x12e75: call 0x12e80
0x12e78: push cs
0x12e79: call 0x12f34
2018-12-25T11:49:14.556497942Z 26 PC: 12f78 | Set disk transfer address
2018-12-25T11:49:14.557844501Z 78 PC: 12f83 | Find first file
2018-12-25T11:49:14.564846964Z 61 PC: 12f91 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:14.573154439Z 87 PC: 12f97 | Get or set file date and time
2018-12-25T11:49:14.575258181Z 87 PC: 13008 | Get or set file date and time
2018-12-25T11:49:14.576967419Z 62 PC: 1300c | Close file
2018-12-25T11:49:14.590905132Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:14.595507197Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:14.604018569Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:14.605795637Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:14.609596206Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:14.617587511Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:14.62068294Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:14.629039605Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:14.648738658Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:14.650888201Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:14.672360446Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:14.675427637Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:14.683190215Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:14.685698961Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:14.687830634Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:14.69545919Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:14.698629855Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:14.70908617Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:14.711018209Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:14.712962856Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:14.721326189Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:14.724226231Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:14.73771269Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:14.740890333Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:14.742871762Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:14.751035201Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:14.754832676Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:14.764515116Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:14.766378486Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:14.769017065Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:14.776792462Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:14.779777889Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:14.788069963Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:14.789500335Z 63 PC: 12fb7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:14.797046234Z 66 PC: 12fda | Move file pointer
2018-12-25T11:49:14.799445032Z 64 PC: 12fe5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:14.802805824Z 66 PC: 12fee | Move file pointer
2018-12-25T11:49:14.805458161Z 64 PC: 12ff9 | Write file or device (Write 1006 bytes on handle 5)
2018-12-25T11:49:14.816062194Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:14.818414678Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:14.827384696Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:14.830769317Z 26 PC: 13018 | Set disk transfer address
2018-12-25T11:49:14.833038023Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:14.834553118Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:14.8360058Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:14.83856934Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:14.839920895Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:14.84115587Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:14.843309957Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:14.844656695Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:14.846181351Z 9 PC: 12a47 | Display string (String= 'Bait File!  (C) 2001 Moutain Virus Research Labs M�llen AntiVirusGps!QbopjY ')

{"DateBased":true,"Day":18,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3462,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:14.620349155Z 42 PC: 12e4a | Get date 0x12e4a: cmp dh, 8
0x12e4d: je 0x12e6c
0x12e4f: cmp dh, 2
0x12e52: je 0x12e64
0x12e54: cmp dh, 0xc
0x12e57: je 0x12e5c
0x12e59: jmp 0x12f63
0x12e5c: cmp dl, 0x19
0x12e5f: je 0x12e74
0x12e61: jmp 0x12f63
0x12e64: cmp dl, 3
0x12e67: je 0x12e78
0x12e69: jmp 0x12f63
0x12e6c: cmp dl, 0x12
0x12e6f: je 0x12e7c
0x12e71: jmp 0x12f63
0x12e74: push cs
0x12e75: call 0x12e80
0x12e78: push cs
0x12e79: call 0x12f34
2018-12-25T11:49:14.625171138Z 9 PC: 12f56 | Display string (Could not find end pointer)
2018-12-25T11:49:14.631771124Z 76 PC: 12f63 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3462,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:15.52121105Z 42 PC: 12e4a | Get date 0x12e4a: cmp dh, 8
0x12e4d: je 0x12e6c
0x12e4f: cmp dh, 2
0x12e52: je 0x12e64
0x12e54: cmp dh, 0xc
0x12e57: je 0x12e5c
0x12e59: jmp 0x12f63
0x12e5c: cmp dl, 0x19
0x12e5f: je 0x12e74
0x12e61: jmp 0x12f63
0x12e64: cmp dl, 3
0x12e67: je 0x12e78
0x12e69: jmp 0x12f63
0x12e6c: cmp dl, 0x12
0x12e6f: je 0x12e7c
0x12e71: jmp 0x12f63
0x12e74: push cs
0x12e75: call 0x12e80
0x12e78: push cs
0x12e79: call 0x12f34
2018-12-25T11:49:15.52382493Z 26 PC: 12f78 | Set disk transfer address
2018-12-25T11:49:15.53941803Z 78 PC: 12f83 | Find first file
2018-12-25T11:49:15.55388571Z 61 PC: 12f91 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:15.575477587Z 87 PC: 12f97 | Get or set file date and time
2018-12-25T11:49:15.578123072Z 87 PC: 13008 | Get or set file date and time
2018-12-25T11:49:15.579938576Z 62 PC: 1300c | Close file
2018-12-25T11:49:15.596128685Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.600137063Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.608566608Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.610646771Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.617716484Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.644792013Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.651375973Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.662592628Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.66535781Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.668459609Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.679780654Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.684377465Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.69163974Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.69320966Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.696221647Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.70449424Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.707593405Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.716459359Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.720011028Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.723112982Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.74009111Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.749313329Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.75687476Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.759089412Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.764556356Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.772663714Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.776138378Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.792026967Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.793786107Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.795696277Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.804349384Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.808977713Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.816738265Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.819697306Z 63 PC: 12fb7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:15.823424568Z 66 PC: 12fda | Move file pointer
2018-12-25T11:49:15.825412373Z 64 PC: 12fe5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:15.829034841Z 66 PC: 12fee | Move file pointer
2018-12-25T11:49:15.831985953Z 64 PC: 12ff9 | Write file or device (Write 1006 bytes on handle 5)
2018-12-25T11:49:15.842087405Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.84426921Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.854447216Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.857621494Z 26 PC: 13018 | Set disk transfer address
2018-12-25T11:49:15.859318599Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.861980362Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.864747493Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.866452892Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.868909834Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.870558117Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.872840449Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.875327083Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.877387916Z 9 PC: 12a47 | Display string (String= 'Bait File!  (C) 2001 Moutain Virus Research Labs M�llen AntiVirusGps!QbopjY ')

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3462,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:15.595669121Z 42 PC: 12e4a | Get date 0x12e4a: cmp dh, 8
0x12e4d: je 0x12e6c
0x12e4f: cmp dh, 2
0x12e52: je 0x12e64
0x12e54: cmp dh, 0xc
0x12e57: je 0x12e5c
0x12e59: jmp 0x12f63
0x12e5c: cmp dl, 0x19
0x12e5f: je 0x12e74
0x12e61: jmp 0x12f63
0x12e64: cmp dl, 3
0x12e67: je 0x12e78
0x12e69: jmp 0x12f63
0x12e6c: cmp dl, 0x12
0x12e6f: je 0x12e7c
0x12e71: jmp 0x12f63
0x12e74: push cs
0x12e75: call 0x12e80
0x12e78: push cs
0x12e79: call 0x12f34
2018-12-25T11:49:15.598570573Z 9 PC: 12e88 | Display string (String= 'Disinfecting file... ')
2018-12-25T11:49:15.606271115Z 26 PC: 12e8f | Set disk transfer address
2018-12-25T11:49:15.607473064Z 67 PC: 12ebf | Get or set file attributes
2018-12-25T11:49:15.612991655Z 67 PC: 12ecc | Get or set file attributes
2018-12-25T11:49:15.628667231Z 61 PC: 12ed1 | Open file (Filename = 'A:\TEST.COM')
2018-12-25T11:49:15.642610846Z 87 PC: 12ed7 | Get or set file date and time
2018-12-25T11:49:15.644374011Z 62 PC: 12ee5 | Close file
2018-12-25T11:49:15.647144832Z 60 PC: 12eee | Create or truncate file
2018-12-25T11:49:15.663008303Z 64 PC: 12ef9 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:15.66683521Z 64 PC: 12f02 | Write file or device (Write 1019 bytes on handle 5)
2018-12-25T11:49:15.675389431Z 87 PC: 12f11 | Get or set file date and time
2018-12-25T11:49:15.678180502Z 62 PC: 12f15 | Close file
2018-12-25T11:49:15.685431542Z 67 PC: 12f1e | Get or set file attributes
2018-12-25T11:49:15.696452645Z 9 PC: 12f28 | Display string (String= ' File disinfected! Merry Christmas Nowhere virus v1.1 VEiN - 1995 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3462,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:15.629011427Z 42 PC: 12e4a | Get date 0x12e4a: cmp dh, 8
0x12e4d: je 0x12e6c
0x12e4f: cmp dh, 2
0x12e52: je 0x12e64
0x12e54: cmp dh, 0xc
0x12e57: je 0x12e5c
0x12e59: jmp 0x12f63
0x12e5c: cmp dl, 0x19
0x12e5f: je 0x12e74
0x12e61: jmp 0x12f63
0x12e64: cmp dl, 3
0x12e67: je 0x12e78
0x12e69: jmp 0x12f63
0x12e6c: cmp dl, 0x12
0x12e6f: je 0x12e7c
0x12e71: jmp 0x12f63
0x12e74: push cs
0x12e75: call 0x12e80
0x12e78: push cs
0x12e79: call 0x12f34
2018-12-25T11:49:15.63351754Z 26 PC: 12f78 | Set disk transfer address
2018-12-25T11:49:15.635155916Z 78 PC: 12f83 | Find first file
2018-12-25T11:49:15.645553149Z 61 PC: 12f91 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:15.653220539Z 87 PC: 12f97 | Get or set file date and time
2018-12-25T11:49:15.655403909Z 87 PC: 13008 | Get or set file date and time
2018-12-25T11:49:15.657422771Z 62 PC: 1300c | Close file
2018-12-25T11:49:15.671079164Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.675270981Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.682915575Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.685105684Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.68880501Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.697570019Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.711679478Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.719226968Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.722869119Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.725458889Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.733496461Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.73939629Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.746821694Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.748304563Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.750896216Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.758843617Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.762229493Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.777137732Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.782458296Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.786265793Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.807141598Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.810235829Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.816963891Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.834371422Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.83844979Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.847023411Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.851659355Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.892512221Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.894220002Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.89649899Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.90615078Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.914890761Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:15.932109949Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:15.934404078Z 63 PC: 12fb7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:15.937224743Z 66 PC: 12fda | Move file pointer
2018-12-25T11:49:15.939133583Z 64 PC: 12fe5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:15.952662171Z 66 PC: 12fee | Move file pointer
2018-12-25T11:49:15.954409383Z 64 PC: 12ff9 | Write file or device (Write 1006 bytes on handle 5)
2018-12-25T11:49:15.964611305Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:15.967355092Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:15.979243354Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:15.990357041Z 26 PC: 13018 | Set disk transfer address
2018-12-25T11:49:15.992825512Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.994626074Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.99613816Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.997693459Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:15.998769912Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:16.000447567Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:16.002112434Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:16.004439542Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:16.005701362Z 9 PC: 12a47 | Display string (String= 'Bait File!  (C) 2001 Moutain Virus Research Labs M�llen AntiVirusGps!QbopjY ')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3462,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:15.815232502Z 42 PC: 12e4a | Get date 0x12e4a: cmp dh, 8
0x12e4d: je 0x12e6c
0x12e4f: cmp dh, 2
0x12e52: je 0x12e64
0x12e54: cmp dh, 0xc
0x12e57: je 0x12e5c
0x12e59: jmp 0x12f63
0x12e5c: cmp dl, 0x19
0x12e5f: je 0x12e74
0x12e61: jmp 0x12f63
0x12e64: cmp dl, 3
0x12e67: je 0x12e78
0x12e69: jmp 0x12f63
0x12e6c: cmp dl, 0x12
0x12e6f: je 0x12e7c
0x12e71: jmp 0x12f63
0x12e74: push cs
0x12e75: call 0x12e80
0x12e78: push cs
0x12e79: call 0x12f34
2018-12-25T11:49:15.817351377Z 26 PC: 12f78 | Set disk transfer address
2018-12-25T11:49:15.818259128Z 78 PC: 12f83 | Find first file
2018-12-25T11:49:15.822033769Z 61 PC: 12f91 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:15.830397064Z 87 PC: 12f97 | Get or set file date and time
2018-12-25T11:49:15.831807836Z 87 PC: 13008 | Get or set file date and time
2018-12-25T11:49:15.833220175Z 62 PC: 1300c | Close file
2018-12-25T11:49:16.84013396Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:16.843080364Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:16.850007313Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:16.851548888Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:16.853245768Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:16.91172371Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:16.914192669Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:16.920904637Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:16.922138751Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:16.923466584Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:16.957459271Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:16.960729042Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:16.967531306Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:16.969271353Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:16.970706276Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:17.037546542Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:17.04057516Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:17.047008692Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:17.04878276Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:17.050602158Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:17.08598941Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:17.087678449Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:17.092260352Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:17.093484141Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:17.094785965Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:17.148917159Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:17.151526965Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:17.162999813Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:17.164816457Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:17.166355506Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:17.290214315Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:17.29369447Z 61 PC: 12f91 | Open file (See above)
2018-12-25T11:49:17.300033101Z 87 PC: 12f97 | Get or set file date and time (See above)
2018-12-25T11:49:17.301375288Z 63 PC: 12fb7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:17.308201354Z 66 PC: 12fda | Move file pointer
2018-12-25T11:49:17.309670327Z 64 PC: 12fe5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:49:17.312300673Z 66 PC: 12fee | Move file pointer
2018-12-25T11:49:17.314436533Z 64 PC: 12ff9 | Write file or device (Write 1006 bytes on handle 5)
2018-12-25T11:49:17.459029892Z 87 PC: 13008 | Get or set file date and time (See above)
2018-12-25T11:49:17.460923889Z 62 PC: 1300c | Close file (See above)
2018-12-25T11:49:17.546621538Z 79 PC: 12f83 | Find next file (See above)
2018-12-25T11:49:17.550122026Z 26 PC: 13018 | Set disk transfer address
2018-12-25T11:49:17.551919739Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:17.554445927Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:17.556271879Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:17.558347406Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:17.560464247Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:17.562687788Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:17.564786069Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:17.565995922Z 26 PC: 13018 | Set disk transfer address (See above)
2018-12-25T11:49:17.567416171Z 9 PC: 12a47 | Display string (String= 'Bait File!  (C) 2001 Moutain Virus Research Labs M�llen AntiVirusGps!QbopjY ')

{"DateBased":true,"Day":3,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3462,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:15.852436663Z 42 PC: 12e4a | Get date 0x12e4a: cmp dh, 8
0x12e4d: je 0x12e6c
0x12e4f: cmp dh, 2
0x12e52: je 0x12e64
0x12e54: cmp dh, 0xc
0x12e57: je 0x12e5c
0x12e59: jmp 0x12f63
0x12e5c: cmp dl, 0x19
0x12e5f: je 0x12e74
0x12e61: jmp 0x12f63
0x12e64: cmp dl, 3
0x12e67: je 0x12e78
0x12e69: jmp 0x12f63
0x12e6c: cmp dl, 0x12
0x12e6f: je 0x12e7c
0x12e71: jmp 0x12f63
0x12e74: push cs
0x12e75: call 0x12e80
0x12e78: push cs
0x12e79: call 0x12f34
2018-12-25T11:49:15.859076385Z 9 PC: 12f56 | Display string (Could not find end pointer)
2018-12-25T11:49:15.864018165Z 76 PC: 12f63 | Terminate with return code (Return code = '0')