Sample viewer

vx.netlux.org/Virus.DOS.Nadym.1413

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:28:38.313489797Z 26 PC: 15d36 | Set disk transfer address
2018-12-17T22:28:38.316031604Z 71 PC: 15d67 | Get current directory
2018-12-17T22:28:38.319612624Z 59 PC: 15d70 | Change current directory
2018-12-17T22:28:38.323886952Z 47 PC: 15e2b | Get disk transfer address
2018-12-17T22:28:38.326372147Z 26 PC: 15e38 | Set disk transfer address
2018-12-17T22:28:38.327857391Z 78 PC: 15e43 | Find first file
2018-12-17T22:28:38.33400512Z 78 PC: 15e43 | Find first file
2018-12-17T22:28:38.340715704Z 67 PC: 15e9b | Get or set file attributes
2018-12-17T22:28:38.347778519Z 67 PC: 15ead | Get or set file attributes
2018-12-17T22:28:38.37750251Z 61 PC: 15eb9 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:28:38.384415724Z 63 PC: 15ec9 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:28:38.392111118Z 87 PC: 15ece | Get or set file date and time
2018-12-17T22:28:38.393605616Z 66 PC: 1602a | Move file pointer
2018-12-17T22:28:38.395326366Z 64 PC: 15fca | Write file or device (Write 1413 bytes on handle 5)
2018-12-17T22:28:38.406858401Z 66 PC: 15fd3 | Move file pointer
2018-12-17T22:28:38.409545121Z 64 PC: 15fe2 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:28:38.416274285Z 87 PC: 15ffa | Get or set file date and time
2018-12-17T22:28:38.419072032Z 62 PC: 15ffe | Close file
2018-12-17T22:28:38.426890858Z 67 PC: 1600c | Get or set file attributes
2018-12-17T22:28:38.445708344Z 79 PC: 15e43 | Find next file
2018-12-17T22:28:38.460272505Z 67 PC: 15e9b | Get or set file attributes
2018-12-17T22:28:38.46598341Z 67 PC: 15ead | Get or set file attributes
2018-12-17T22:28:38.473690317Z 61 PC: 15eb9 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:28:38.485651902Z 63 PC: 15ec9 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:28:38.492105369Z 87 PC: 15ece | Get or set file date and time
2018-12-17T22:28:38.494298075Z 66 PC: 1602a | Move file pointer
2018-12-17T22:28:38.496357832Z 64 PC: 15fca | Write file or device (Write 1413 bytes on handle 5)
2018-12-17T22:28:38.505306847Z 66 PC: 15fd3 | Move file pointer
2018-12-17T22:28:38.507022559Z 64 PC: 15fe2 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:28:38.514236017Z 87 PC: 15ffa | Get or set file date and time
2018-12-17T22:28:38.515813631Z 62 PC: 15ffe | Close file
2018-12-17T22:28:38.524076429Z 67 PC: 1600c | Get or set file attributes
2018-12-17T22:28:38.534297156Z 79 PC: 15e43 | Find next file
2018-12-17T22:28:38.539777875Z 67 PC: 15e9b | Get or set file attributes
2018-12-17T22:28:38.545684303Z 67 PC: 15ead | Get or set file attributes
2018-12-17T22:28:38.556196603Z 61 PC: 15eb9 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:28:38.568150307Z 63 PC: 15ec9 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:28:38.574778754Z 87 PC: 15ece | Get or set file date and time
2018-12-17T22:28:38.576789481Z 66 PC: 1602a | Move file pointer
2018-12-17T22:28:38.57940187Z 64 PC: 15fca | Write file or device (Write 1413 bytes on handle 5)
2018-12-17T22:28:38.588255292Z 66 PC: 15fd3 | Move file pointer
2018-12-17T22:28:38.5902474Z 64 PC: 15fe2 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:28:38.601486364Z 87 PC: 15ffa | Get or set file date and time
2018-12-17T22:28:38.603415967Z 62 PC: 15ffe | Close file
2018-12-17T22:28:38.611520845Z 67 PC: 1600c | Get or set file attributes
2018-12-17T22:28:38.622578149Z 79 PC: 15e43 | Find next file
2018-12-17T22:28:38.625534026Z 67 PC: 15e9b | Get or set file attributes
2018-12-17T22:28:38.6320964Z 67 PC: 15ead | Get or set file attributes
2018-12-17T22:28:38.642726472Z 61 PC: 15eb9 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:28:38.649355523Z 63 PC: 15ec9 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:28:38.655792613Z 87 PC: 15ece | Get or set file date and time
2018-12-17T22:28:38.658582161Z 66 PC: 1602a | Move file pointer
2018-12-17T22:28:38.660301132Z 64 PC: 15fca | Write file or device (Write 1413 bytes on handle 5)
2018-12-17T22:28:38.669296628Z 66 PC: 15fd3 | Move file pointer
2018-12-17T22:28:38.671943752Z 64 PC: 15fe2 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:28:38.678923161Z 87 PC: 15ffa | Get or set file date and time
2018-12-17T22:28:38.68071481Z 62 PC: 15ffe | Close file
2018-12-17T22:28:38.689832715Z 67 PC: 1600c | Get or set file attributes
2018-12-17T22:28:38.700360876Z 26 PC: 15e5f | Set disk transfer address
2018-12-17T22:28:38.701510299Z 59 PC: 15d7b | Change current directory
2018-12-17T22:28:38.704431581Z 26 PC: 15d84 | Set disk transfer address
2018-12-17T22:28:38.706077617Z 26 PC: 1592c | Set disk transfer address
2018-12-17T22:28:38.707737238Z 42 PC: 1593b | Get date 0x1593b: cmp dl, 0x1d
0x1593e: jne 0x15943
0x15940: jmp 0x15bdf
0x15943: mov ah, 0x47
0x15945: xor dl, dl
0x15947: lea si, word ptr [bp + 0x460]
0x1594b: int 0x21
0x1594d: mov byte ptr ds:[bp + 0x3fa], 0
0x15953: nop
0x15954: mov byte ptr ds:[bp + 0x405], 0
0x1595a: nop
0x1595b: mov ah, 0x4e
0x1595d: lea dx, word ptr [bp + 0x45a]
0x15961: mov cx, 7
0x15964: int 0x21
0x15966: jae 0x1596e
0x15968: nop
0x15969: nop
0x1596a: nop
0x1596b: call 0x15bb1
2018-12-17T22:28:38.710786953Z 71 PC: 1594d | Get current directory
2018-12-17T22:28:38.714150052Z 78 PC: 15966 | Find first file
2018-12-17T22:28:38.720178256Z 61 PC: 1597f | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:28:38.72782198Z 87 PC: 1598d | Get or set file date and time
2018-12-17T22:28:38.729467774Z 63 PC: 159a2 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:28:38.735734509Z 66 PC: 15bb0 | Move file pointer
2018-12-17T22:28:38.738214759Z 63 PC: 159b8 | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:28:38.745594561Z 66 PC: 15bb0 | Move file pointer
2018-12-17T22:28:38.747284132Z 64 PC: 15a77 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:28:38.751116422Z 66 PC: 15bb0 | Move file pointer
2018-12-17T22:28:38.753194877Z 64 PC: 15a96 | Write file or device (Write 50 bytes on handle 5)
2018-12-17T22:28:38.756978222Z 64 PC: 15abd | Write file or device (Write 882 bytes on handle 5)
2018-12-17T22:28:38.76691099Z 64 PC: 15ad3 | Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:28:38.771537258Z 87 PC: 15b31 | Get or set file date and time
2018-12-17T22:28:38.77351158Z 62 PC: 15b35 | Close file
2018-12-17T22:28:38.787916977Z 59 PC: 15b88 | Change current directory
2018-12-17T22:28:38.793047674Z 59 PC: 15b97 | Change current directory
2018-12-17T22:28:38.795142327Z 26 PC: 15b9e | Set disk transfer address
2018-12-17T22:28:38.797615621Z 47 PC: 15580 | Get disk transfer address
2018-12-17T22:28:38.799969233Z 26 PC: 15591 | Set disk transfer address
2018-12-17T22:28:38.801509981Z 78 PC: 1560f | Find first file
2018-12-17T22:28:38.807810748Z 67 PC: 1564c | Get or set file attributes
2018-12-17T22:28:38.814249733Z 67 PC: 1565d | Get or set file attributes
2018-12-17T22:28:38.824071184Z 61 PC: 15668 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:28:38.835700864Z 87 PC: 15674 | Get or set file date and time
2018-12-17T22:28:38.838648336Z 63 PC: 15687 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:28:38.843729103Z 66 PC: 15697 | Move file pointer
2018-12-17T22:28:38.844903885Z 44 PC: 156b7 | Get time 0x156b7: xor dx, cx
0x156b9: mov word ptr [bp - 0x10], dx
0x156bc: call 0x157aa
0x156bf: mov ax, word ptr [bp - 0x10]
0x156c2: and ax, 0xff
0x156c5: add ax, 0x3a7
0x156c8: mov word ptr [bp - 0x18], ax
0x156cb: mov word ptr [si + 7], ax
0x156ce: pop cx
0x156cf: add cx, 0x127
0x156d3: mov word ptr [si + 1], cx
0x156d6: call 0x157aa
0x156d9: mov ax, word ptr [bp - 0x10]
0x156dc: mov word ptr [bp - 0x16], ax
0x156df: mov word ptr [si + 4], ax
0x156e2: mov di, si
0x156e4: sub di, 0x2bf
0x156e8: mov bx, si
0x156ea: add bx, 0x27
0x156ed: mov word ptr [bp - 0x1a], 7
2018-12-17T22:28:38.848541644Z 64 PC: 15a20 | Write file or device (Write 974 bytes on handle 5)
2018-12-17T22:28:38.858827441Z 66 PC: 1575c | Move file pointer
2018-12-17T22:28:38.860910283Z 64 PC: 1576b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:28:38.864860319Z 87 PC: 1577c | Get or set file date and time
2018-12-17T22:28:38.867115623Z 62 PC: 15780 | Close file
2018-12-17T22:28:38.875604188Z 67 PC: 1578e | Get or set file attributes
2018-12-17T22:28:38.887072998Z 26 PC: 15799 | Set disk transfer address
2018-12-17T22:28:38.889536293Z 44 PC: 15229 | Get time 0x15229: mov byte ptr ds:[bp + 0x146], dl
0x1522e: mov ah, 0x2a
0x15230: int 0x21
0x15232: cmp cx, 0x7c8
0x15236: jle 0x15245
0x15238: cmp dh, 0xb
0x1523b: jne 0x15245
0x1523d: cmp dl, 9
0x15240: jne 0x15245
0x15242: call 0x251e4
0x15245: mov byte ptr ds:[bp + 0x516], 0
0x1524b: lea si, word ptr [bp + 0x104]
0x1524f: mov di, 0x100
0x15252: mov cx, 4
0x15255: cld
0x15256: rep movsb byte ptr es:[di], byte ptr [si]
0x15258: mov ah, 0x1a
0x1525a: lea dx, word ptr [bp + 0x4eb]
0x1525e: int 0x21
0x15260: mov ah, 0x4e
2018-12-17T22:28:38.892211478Z 42 PC: 15232 | Get date 0x15232: cmp cx, 0x7c8
0x15236: jle 0x15245
0x15238: cmp dh, 0xb
0x1523b: jne 0x15245
0x1523d: cmp dl, 9
0x15240: jne 0x15245
0x15242: call 0x251e4
0x15245: mov byte ptr ds:[bp + 0x516], 0
0x1524b: lea si, word ptr [bp + 0x104]
0x1524f: mov di, 0x100
0x15252: mov cx, 4
0x15255: cld
0x15256: rep movsb byte ptr es:[di], byte ptr [si]
0x15258: mov ah, 0x1a
0x1525a: lea dx, word ptr [bp + 0x4eb]
0x1525e: int 0x21
0x15260: mov ah, 0x4e
0x15262: lea dx, word ptr [bp + 0x2ec]
0x15266: lea si, word ptr [bp + 0x509]
0x1526a: push dx
2018-12-17T22:28:38.895683048Z 26 PC: 15260 | Set disk transfer address
2018-12-17T22:28:38.898115435Z 78 PC: 1529e | Find first file
2018-12-17T22:28:38.90459143Z 61 PC: 152aa | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:28:38.913755484Z 63 PC: 152b9 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:28:38.916839273Z 66 PC: 152ca | Move file pointer
2018-12-17T22:28:38.91867009Z 64 PC: 152df | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:38.923812828Z 64 PC: 151a1 | Write file or device (Write 995 bytes on handle 5)
2018-12-17T22:28:38.933468168Z 66 PC: 152eb | Move file pointer
2018-12-17T22:28:38.935148214Z 64 PC: 1530d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:38.93818147Z 62 PC: 15292 | Close file
2018-12-17T22:28:38.947391951Z 79 PC: 1529e | Find next file
2018-12-17T22:28:38.950269008Z 61 PC: 152aa | Open file (Filename = 'PRINT.COM')
2018-12-17T22:28:38.956964335Z 63 PC: 152b9 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:28:38.96417854Z 66 PC: 152ca | Move file pointer
2018-12-17T22:28:38.965799969Z 64 PC: 152df | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:38.973339021Z 64 PC: 151a1 | Write file or device (Write 995 bytes on handle 5)
2018-12-17T22:28:38.983459399Z 66 PC: 152eb | Move file pointer
2018-12-17T22:28:38.985226198Z 64 PC: 1530d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:38.98825694Z 62 PC: 15292 | Close file
2018-12-17T22:28:38.997658802Z 79 PC: 1529e | Find next file
2018-12-17T22:28:39.000550034Z 61 PC: 152aa | Open file (Filename = 'HELLO.COM')
2018-12-17T22:28:39.01017299Z 63 PC: 152b9 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:28:39.017751922Z 66 PC: 152ca | Move file pointer
2018-12-17T22:28:39.019480031Z 64 PC: 152df | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.027552426Z 64 PC: 151a1 | Write file or device (Write 995 bytes on handle 5)
2018-12-17T22:28:39.047970677Z 66 PC: 152eb | Move file pointer
2018-12-17T22:28:39.050015538Z 64 PC: 1530d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.053016058Z 62 PC: 15292 | Close file
2018-12-17T22:28:39.062572935Z 79 PC: 1529e | Find next file
2018-12-17T22:28:39.06537049Z 61 PC: 152aa | Open file (Filename = 'PHANG.COM')
2018-12-17T22:28:39.073584338Z 63 PC: 152b9 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:28:39.080615773Z 66 PC: 152ca | Move file pointer
2018-12-17T22:28:39.083301152Z 64 PC: 152df | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.091394413Z 64 PC: 151a1 | Write file or device (Write 995 bytes on handle 5)
2018-12-17T22:28:39.10188923Z 66 PC: 152eb | Move file pointer
2018-12-17T22:28:39.1034941Z 64 PC: 1530d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.106997597Z 62 PC: 15292 | Close file
2018-12-17T22:28:39.116899212Z 79 PC: 1529e | Find next file
2018-12-17T22:28:39.120641374Z 61 PC: 152aa | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:28:39.127518906Z 63 PC: 152b9 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:28:39.140353955Z 66 PC: 152ca | Move file pointer
2018-12-17T22:28:39.142242175Z 64 PC: 152df | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.145776957Z 64 PC: 151a1 | Write file or device (Write 995 bytes on handle 5)
2018-12-17T22:28:39.156081691Z 66 PC: 152eb | Move file pointer
2018-12-17T22:28:39.157873934Z 64 PC: 1530d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.164645229Z 62 PC: 15292 | Close file
2018-12-17T22:28:39.180157599Z 79 PC: 1529e | Find next file
2018-12-17T22:28:39.183144383Z 61 PC: 152aa | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:28:39.19033841Z 63 PC: 152b9 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:28:39.197533952Z 66 PC: 152ca | Move file pointer
2018-12-17T22:28:39.199318158Z 64 PC: 152df | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.206925421Z 64 PC: 151a1 | Write file or device (Write 995 bytes on handle 5)
2018-12-17T22:28:39.216902233Z 66 PC: 152eb | Move file pointer
2018-12-17T22:28:39.219009278Z 64 PC: 1530d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.225702877Z 62 PC: 15292 | Close file
2018-12-17T22:28:39.23830055Z 79 PC: 1529e | Find next file
2018-12-17T22:28:39.242318981Z 61 PC: 152aa | Open file (Filename = 'PAH.COM')
2018-12-17T22:28:39.248943817Z 63 PC: 152b9 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:28:39.256265767Z 66 PC: 152ca | Move file pointer
2018-12-17T22:28:39.258384019Z 64 PC: 152df | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.261629291Z 64 PC: 151a1 | Write file or device (Write 995 bytes on handle 5)
2018-12-17T22:28:39.281659405Z 66 PC: 152eb | Move file pointer
2018-12-17T22:28:39.283486504Z 64 PC: 1530d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.290152161Z 62 PC: 15292 | Close file
2018-12-17T22:28:39.298648933Z 79 PC: 1529e | Find next file
2018-12-17T22:28:39.302167413Z 61 PC: 152aa | Open file (Filename = 'TEST.COM')
2018-12-17T22:28:39.309537551Z 63 PC: 152b9 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:28:39.316287274Z 66 PC: 152ca | Move file pointer
2018-12-17T22:28:39.318841278Z 64 PC: 152df | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.326266438Z 64 PC: 151a1 | Write file or device (Write 995 bytes on handle 5)
2018-12-17T22:28:39.334856233Z 66 PC: 152eb | Move file pointer
2018-12-17T22:28:39.337578954Z 64 PC: 1530d | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:28:39.340600483Z 62 PC: 15292 | Close file
2018-12-17T22:28:39.349221674Z 79 PC: 1529e | Find next file
2018-12-17T22:28:39.352851283Z 26 PC: 15274 | Set disk transfer address
2018-12-17T22:28:39.354267748Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-17T22:28:39.357026455Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5107,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:42.613641803Z 26 PC: 15d36 | Set disk transfer address
2018-12-25T11:53:42.616491685Z 71 PC: 15d67 | Get current directory
2018-12-25T11:53:42.62004874Z 59 PC: 15d70 | Change current directory
2018-12-25T11:53:42.629299022Z 47 PC: 15e2b | Get disk transfer address
2018-12-25T11:53:42.631587754Z 26 PC: 15e38 | Set disk transfer address
2018-12-25T11:53:42.632842122Z 78 PC: 15e43 | Find first file
2018-12-25T11:53:42.64009208Z 78 PC: 15e43 | Find first file (See above)
2018-12-25T11:53:42.648080327Z 67 PC: 15e9b | Get or set file attributes
2018-12-25T11:53:42.65437129Z 67 PC: 15ead | Get or set file attributes
2018-12-25T11:53:42.671762154Z 61 PC: 15eb9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:42.692347225Z 63 PC: 15ec9 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:53:42.700260319Z 87 PC: 15ece | Get or set file date and time
2018-12-25T11:53:42.701953356Z 66 PC: 1602a | Move file pointer
2018-12-25T11:53:42.703712623Z 64 PC: 15fca | Write file or device (Write 1413 bytes on handle 5)
2018-12-25T11:53:42.709709182Z 66 PC: 15fd3 | Move file pointer
2018-12-25T11:53:42.710979634Z 64 PC: 15fe2 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:53:42.715622689Z 87 PC: 15ffa | Get or set file date and time
2018-12-25T11:53:42.718476103Z 62 PC: 15ffe | Close file
2018-12-25T11:53:42.723875426Z 67 PC: 1600c | Get or set file attributes
2018-12-25T11:53:42.73039793Z 79 PC: 15e43 | Find next file (See above)
2018-12-25T11:53:42.733782806Z 67 PC: 15e9b | Get or set file attributes (See above)
2018-12-25T11:53:42.740569004Z 67 PC: 15ead | Get or set file attributes (See above)
2018-12-25T11:53:42.747109996Z 61 PC: 15eb9 | Open file (See above)
2018-12-25T11:53:42.755763455Z 63 PC: 15ec9 | Read file or device (See above)
2018-12-25T11:53:42.764045721Z 87 PC: 15ece | Get or set file date and time (See above)
2018-12-25T11:53:42.765828861Z 66 PC: 1602a | Move file pointer (See above)
2018-12-25T11:53:42.769121041Z 64 PC: 15fca | Write file or device (See above)
2018-12-25T11:53:42.779383132Z 66 PC: 15fd3 | Move file pointer (See above)
2018-12-25T11:53:42.781227446Z 64 PC: 15fe2 | Write file or device (See above)
2018-12-25T11:53:42.789063258Z 87 PC: 15ffa | Get or set file date and time (See above)
2018-12-25T11:53:42.791240227Z 62 PC: 15ffe | Close file (See above)
2018-12-25T11:53:42.796880165Z 67 PC: 1600c | Get or set file attributes (See above)
2018-12-25T11:53:42.804665988Z 79 PC: 15e43 | Find next file (See above)
2018-12-25T11:53:42.812028997Z 67 PC: 15e9b | Get or set file attributes (See above)
2018-12-25T11:53:42.816376905Z 67 PC: 15ead | Get or set file attributes (See above)
2018-12-25T11:53:42.826822641Z 61 PC: 15eb9 | Open file (See above)
2018-12-25T11:53:42.835002172Z 63 PC: 15ec9 | Read file or device (See above)
2018-12-25T11:53:42.841932335Z 87 PC: 15ece | Get or set file date and time (See above)
2018-12-25T11:53:42.843463373Z 66 PC: 1602a | Move file pointer (See above)
2018-12-25T11:53:42.846028186Z 64 PC: 15fca | Write file or device (See above)
2018-12-25T11:53:42.85561995Z 66 PC: 15fd3 | Move file pointer (See above)
2018-12-25T11:53:42.857575699Z 64 PC: 15fe2 | Write file or device (See above)
2018-12-25T11:53:42.864736693Z 87 PC: 15ffa | Get or set file date and time (See above)
2018-12-25T11:53:42.865935609Z 62 PC: 15ffe | Close file (See above)
2018-12-25T11:53:42.871031399Z 67 PC: 1600c | Get or set file attributes (See above)
2018-12-25T11:53:42.879014352Z 79 PC: 15e43 | Find next file (See above)
2018-12-25T11:53:42.880985274Z 67 PC: 15e9b | Get or set file attributes (See above)
2018-12-25T11:53:42.885090269Z 67 PC: 15ead | Get or set file attributes (See above)
2018-12-25T11:53:42.892470241Z 61 PC: 15eb9 | Open file (See above)
2018-12-25T11:53:42.897661719Z 63 PC: 15ec9 | Read file or device (See above)
2018-12-25T11:53:42.901919652Z 87 PC: 15ece | Get or set file date and time (See above)
2018-12-25T11:53:42.90330659Z 66 PC: 1602a | Move file pointer (See above)
2018-12-25T11:53:42.905285262Z 64 PC: 15fca | Write file or device (See above)
2018-12-25T11:53:42.914357589Z 66 PC: 15fd3 | Move file pointer (See above)
2018-12-25T11:53:42.91556167Z 64 PC: 15fe2 | Write file or device (See above)
2018-12-25T11:53:42.922818452Z 87 PC: 15ffa | Get or set file date and time (See above)
2018-12-25T11:53:42.924281432Z 62 PC: 15ffe | Close file (See above)
2018-12-25T11:53:42.932506995Z 67 PC: 1600c | Get or set file attributes (See above)
2018-12-25T11:53:42.944803375Z 26 PC: 15e5f | Set disk transfer address
2018-12-25T11:53:42.946361811Z 59 PC: 15d7b | Change current directory
2018-12-25T11:53:42.948636163Z 26 PC: 15d84 | Set disk transfer address
2018-12-25T11:53:42.95108512Z 26 PC: 1592c | Set disk transfer address
2018-12-25T11:53:42.95301641Z 42 PC: 1593b | Get date 0x1593b: cmp dl, 0x1d
0x1593e: jne 0x15943
0x15940: jmp 0x15bdf
0x15943: mov ah, 0x47
0x15945: xor dl, dl
0x15947: lea si, word ptr [bp + 0x460]
0x1594b: int 0x21
0x1594d: mov byte ptr ds:[bp + 0x3fa], 0
0x15953: nop
0x15954: mov byte ptr ds:[bp + 0x405], 0
0x1595a: nop
0x1595b: mov ah, 0x4e
0x1595d: lea dx, word ptr [bp + 0x45a]
0x15961: mov cx, 7
0x15964: int 0x21
0x15966: jae 0x1596e
0x15968: nop
0x15969: nop
0x1596a: nop
0x1596b: call 0x15bb1
2018-12-25T11:53:42.955635807Z 71 PC: 1594d | Get current directory
2018-12-25T11:53:42.960229045Z 78 PC: 15966 | Find first file
2018-12-25T11:53:42.96654837Z 61 PC: 1597f | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:42.973402425Z 87 PC: 1598d | Get or set file date and time
2018-12-25T11:53:42.975312447Z 63 PC: 159a2 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:42.982203176Z 66 PC: 15bb0 | Move file pointer
2018-12-25T11:53:42.983753611Z 63 PC: 159b8 | Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:53:42.991828232Z 66 PC: 15bb0 | Move file pointer (See above)
2018-12-25T11:53:42.993367398Z 64 PC: 15a77 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:42.996551047Z 66 PC: 15bb0 | Move file pointer (See above)
2018-12-25T11:53:42.998999515Z 64 PC: 15a96 | Write file or device (Write 50 bytes on handle 5)
2018-12-25T11:53:43.003267609Z 64 PC: 15abd | Write file or device (Write 882 bytes on handle 5)
2018-12-25T11:53:43.013094075Z 64 PC: 15ad3 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:53:43.017297798Z 87 PC: 15b31 | Get or set file date and time
2018-12-25T11:53:43.019153995Z 62 PC: 15b35 | Close file
2018-12-25T11:53:43.028984738Z 59 PC: 15b88 | Change current directory
2018-12-25T11:53:43.033801363Z 59 PC: 15b97 | Change current directory
2018-12-25T11:53:43.036518337Z 26 PC: 15b9e | Set disk transfer address
2018-12-25T11:53:43.039061237Z 47 PC: 15580 | Get disk transfer address
2018-12-25T11:53:43.040695227Z 26 PC: 15591 | Set disk transfer address
2018-12-25T11:53:43.042585699Z 78 PC: 1560f | Find first file
2018-12-25T11:53:43.049565246Z 67 PC: 1564c | Get or set file attributes
2018-12-25T11:53:43.056261525Z 67 PC: 1565d | Get or set file attributes
2018-12-25T11:53:43.067821692Z 61 PC: 15668 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:43.080743319Z 87 PC: 15674 | Get or set file date and time
2018-12-25T11:53:43.0828721Z 63 PC: 15687 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:43.104612469Z 66 PC: 15697 | Move file pointer
2018-12-25T11:53:43.106219888Z 44 PC: 156b7 | Get time 0x156b7: xor dx, cx
0x156b9: mov word ptr [bp - 0x10], dx
0x156bc: call 0x157aa
0x156bf: mov ax, word ptr [bp - 0x10]
0x156c2: and ax, 0xff
0x156c5: add ax, 0x3a7
0x156c8: mov word ptr [bp - 0x18], ax
0x156cb: mov word ptr [si + 7], ax
0x156ce: pop cx
0x156cf: add cx, 0x127
0x156d3: mov word ptr [si + 1], cx
0x156d6: call 0x157aa
0x156d9: mov ax, word ptr [bp - 0x10]
0x156dc: mov word ptr [bp - 0x16], ax
0x156df: mov word ptr [si + 4], ax
0x156e2: mov di, si
0x156e4: sub di, 0x2bf
0x156e8: mov bx, si
0x156ea: add bx, 0x27
0x156ed: mov word ptr [bp - 0x1a], 7
2018-12-25T11:53:43.109967017Z 64 PC: 15a20 | Write file or device (Write 974 bytes on handle 5)
2018-12-25T11:53:43.119191584Z 66 PC: 1575c | Move file pointer
2018-12-25T11:53:43.120724058Z 64 PC: 1576b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:43.122725248Z 87 PC: 1577c | Get or set file date and time
2018-12-25T11:53:43.124591961Z 62 PC: 15780 | Close file
2018-12-25T11:53:43.130281134Z 67 PC: 1578e | Get or set file attributes
2018-12-25T11:53:43.139011326Z 26 PC: 15799 | Set disk transfer address
2018-12-25T11:53:43.14097329Z 44 PC: 15229 | Get time 0x15229: mov byte ptr ds:[bp + 0x146], dl
0x1522e: mov ah, 0x2a
0x15230: int 0x21
0x15232: cmp cx, 0x7c8
0x15236: jle 0x15245
0x15238: cmp dh, 0xb
0x1523b: jne 0x15245
0x1523d: cmp dl, 9
0x15240: jne 0x15245
0x15242: call 0x251e4
0x15245: mov byte ptr ds:[bp + 0x516], 0
0x1524b: lea si, word ptr [bp + 0x104]
0x1524f: mov di, 0x100
0x15252: mov cx, 4
0x15255: cld
0x15256: rep movsb byte ptr es:[di], byte ptr [si]
0x15258: mov ah, 0x1a
0x1525a: lea dx, word ptr [bp + 0x4eb]
0x1525e: int 0x21
0x15260: mov ah, 0x4e
2018-12-25T11:53:43.142576262Z 42 PC: 15232 | Get date 0x15232: cmp cx, 0x7c8
0x15236: jle 0x15245
0x15238: cmp dh, 0xb
0x1523b: jne 0x15245
0x1523d: cmp dl, 9
0x15240: jne 0x15245
0x15242: call 0x251e4
0x15245: mov byte ptr ds:[bp + 0x516], 0
0x1524b: lea si, word ptr [bp + 0x104]
0x1524f: mov di, 0x100
0x15252: mov cx, 4
0x15255: cld
0x15256: rep movsb byte ptr es:[di], byte ptr [si]
0x15258: mov ah, 0x1a
0x1525a: lea dx, word ptr [bp + 0x4eb]
0x1525e: int 0x21
0x15260: mov ah, 0x4e
0x15262: lea dx, word ptr [bp + 0x2ec]
0x15266: lea si, word ptr [bp + 0x509]
0x1526a: push dx
2018-12-25T11:53:43.144223138Z 26 PC: 15260 | Set disk transfer address
2018-12-25T11:53:43.146929835Z 78 PC: 1529e | Find first file
2018-12-25T11:53:43.151330426Z 61 PC: 152aa | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:43.156034552Z 63 PC: 152b9 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:53:43.158704596Z 66 PC: 152ca | Move file pointer
2018-12-25T11:53:43.160555103Z 64 PC: 152df | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:53:43.163343958Z 64 PC: 151a1 | Write file or device (Write 995 bytes on handle 5)
2018-12-25T11:53:43.170562963Z 66 PC: 152eb | Move file pointer
2018-12-25T11:53:43.171825142Z 64 PC: 1530d | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:53:43.174215142Z 62 PC: 15292 | Close file
2018-12-25T11:53:43.181523707Z 79 PC: 1529e | Find next file (See above)
2018-12-25T11:53:43.183849301Z 61 PC: 152aa | Open file (See above)
2018-12-25T11:53:43.192874719Z 63 PC: 152b9 | Read file or device (See above)
2018-12-25T11:53:43.201170492Z 66 PC: 152ca | Move file pointer (See above)
2018-12-25T11:53:43.205853586Z 64 PC: 152df | Write file or device (See above)
2018-12-25T11:53:43.214556639Z 64 PC: 151a1 | Write file or device (See above)
2018-12-25T11:53:43.224064304Z 66 PC: 152eb | Move file pointer (See above)
2018-12-25T11:53:43.226852483Z 64 PC: 1530d | Write file or device (See above)
2018-12-25T11:53:43.230266708Z 62 PC: 15292 | Close file (See above)
2018-12-25T11:53:43.23987562Z 79 PC: 1529e | Find next file (See above)
2018-12-25T11:53:43.24381666Z 61 PC: 152aa | Open file (See above)
2018-12-25T11:53:43.248910877Z 63 PC: 152b9 | Read file or device (See above)
2018-12-25T11:53:43.253459545Z 66 PC: 152ca | Move file pointer (See above)
2018-12-25T11:53:43.255676431Z 64 PC: 152df | Write file or device (See above)
2018-12-25T11:53:43.27763595Z 64 PC: 151a1 | Write file or device (See above)
2018-12-25T11:53:43.286077684Z 66 PC: 152eb | Move file pointer (See above)
2018-12-25T11:53:43.287994038Z 64 PC: 1530d | Write file or device (See above)
2018-12-25T11:53:43.290019802Z 62 PC: 15292 | Close file (See above)
2018-12-25T11:53:43.295694807Z 79 PC: 1529e | Find next file (See above)
2018-12-25T11:53:43.29878366Z 61 PC: 152aa | Open file (See above)
2018-12-25T11:53:43.303183745Z 63 PC: 152b9 | Read file or device (See above)
2018-12-25T11:53:43.308062813Z 66 PC: 152ca | Move file pointer (See above)
2018-12-25T11:53:43.309955261Z 64 PC: 152df | Write file or device (See above)
2018-12-25T11:53:43.315023794Z 64 PC: 151a1 | Write file or device (See above)
2018-12-25T11:53:43.322171744Z 66 PC: 152eb | Move file pointer (See above)
2018-12-25T11:53:43.324025472Z 64 PC: 1530d | Write file or device (See above)
2018-12-25T11:53:43.326067391Z 62 PC: 15292 | Close file (See above)
2018-12-25T11:53:43.331647893Z 79 PC: 1529e | Find next file (See above)
2018-12-25T11:53:43.334226247Z 61 PC: 152aa | Open file (See above)
2018-12-25T11:53:43.338828789Z 63 PC: 152b9 | Read file or device (See above)
2018-12-25T11:53:43.34360191Z 66 PC: 152ca | Move file pointer (See above)
2018-12-25T11:53:43.345704438Z 64 PC: 152df | Write file or device (See above)
2018-12-25T11:53:43.348360131Z 64 PC: 151a1 | Write file or device (See above)
2018-12-25T11:53:43.354590164Z 66 PC: 152eb | Move file pointer (See above)
2018-12-25T11:53:43.356362997Z 64 PC: 1530d | Write file or device (See above)
2018-12-25T11:53:43.360756923Z 62 PC: 15292 | Close file (See above)
2018-12-25T11:53:43.368801078Z 79 PC: 1529e | Find next file (See above)
2018-12-25T11:53:43.373162358Z 61 PC: 152aa | Open file (See above)
2018-12-25T11:53:43.381579201Z 63 PC: 152b9 | Read file or device (See above)
2018-12-25T11:53:43.391235041Z 66 PC: 152ca | Move file pointer (See above)
2018-12-25T11:53:43.394314644Z 64 PC: 152df | Write file or device (See above)
2018-12-25T11:53:43.398627729Z 64 PC: 151a1 | Write file or device (See above)
2018-12-25T11:53:43.412950066Z 66 PC: 152eb | Move file pointer (See above)
2018-12-25T11:53:43.415065409Z 64 PC: 1530d | Write file or device (See above)
2018-12-25T11:53:43.422707998Z 62 PC: 15292 | Close file (See above)
2018-12-25T11:53:43.434356274Z 79 PC: 1529e | Find next file (See above)
2018-12-25T11:53:43.440322378Z 61 PC: 152aa | Open file (See above)
2018-12-25T11:53:43.448196477Z 63 PC: 152b9 | Read file or device (See above)
2018-12-25T11:53:43.455748304Z 66 PC: 152ca | Move file pointer (See above)
2018-12-25T11:53:43.458157158Z 64 PC: 152df | Write file or device (See above)
2018-12-25T11:53:43.461783465Z 64 PC: 151a1 | Write file or device (See above)
2018-12-25T11:53:43.471851316Z 66 PC: 152eb | Move file pointer (See above)
2018-12-25T11:53:43.4743595Z 64 PC: 1530d | Write file or device (See above)
2018-12-25T11:53:43.481659781Z 62 PC: 15292 | Close file (See above)
2018-12-25T11:53:43.490773278Z 79 PC: 1529e | Find next file (See above)
2018-12-25T11:53:43.494806135Z 61 PC: 152aa | Open file (See above)
2018-12-25T11:53:43.502917216Z 63 PC: 152b9 | Read file or device (See above)
2018-12-25T11:53:43.510046687Z 66 PC: 152ca | Move file pointer (See above)
2018-12-25T11:53:43.512827347Z 64 PC: 152df | Write file or device (See above)
2018-12-25T11:53:43.521368983Z 64 PC: 151a1 | Write file or device (See above)
2018-12-25T11:53:43.53065351Z 66 PC: 152eb | Move file pointer (See above)
2018-12-25T11:53:43.532901326Z 64 PC: 1530d | Write file or device (See above)
2018-12-25T11:53:43.5364176Z 62 PC: 15292 | Close file (See above)
2018-12-25T11:53:43.545777827Z 79 PC: 1529e | Find next file (See above)
2018-12-25T11:53:43.548755118Z 26 PC: 15274 | Set disk transfer address
2018-12-25T11:53:43.55111522Z 9 PC: 12a51 | Display string (String= 'This is a sample! (10.000 bytes)')
2018-12-25T11:53:43.553823389Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":29,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5107,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:42.684938736Z 26 PC: 15d36 | Set disk transfer address
2018-12-25T11:53:42.686831471Z 71 PC: 15d67 | Get current directory
2018-12-25T11:53:42.689515571Z 59 PC: 15d70 | Change current directory
2018-12-25T11:53:42.693312888Z 47 PC: 15e2b | Get disk transfer address
2018-12-25T11:53:42.696014989Z 26 PC: 15e38 | Set disk transfer address
2018-12-25T11:53:42.697100757Z 78 PC: 15e43 | Find first file
2018-12-25T11:53:42.703035691Z 78 PC: 15e43 | Find first file (See above)
2018-12-25T11:53:42.70972862Z 67 PC: 15e9b | Get or set file attributes
2018-12-25T11:53:42.715629782Z 67 PC: 15ead | Get or set file attributes
2018-12-25T11:53:42.729887254Z 61 PC: 15eb9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:42.736894515Z 63 PC: 15ec9 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:53:42.744801182Z 87 PC: 15ece | Get or set file date and time
2018-12-25T11:53:42.746613925Z 66 PC: 1602a | Move file pointer
2018-12-25T11:53:42.748762944Z 64 PC: 15fca | Write file or device (Write 1413 bytes on handle 5)
2018-12-25T11:53:42.758255525Z 66 PC: 15fd3 | Move file pointer
2018-12-25T11:53:42.76007328Z 64 PC: 15fe2 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:53:42.767043523Z 87 PC: 15ffa | Get or set file date and time
2018-12-25T11:53:42.770122709Z 62 PC: 15ffe | Close file
2018-12-25T11:53:42.778545059Z 67 PC: 1600c | Get or set file attributes
2018-12-25T11:53:42.786684927Z 79 PC: 15e43 | Find next file (See above)
2018-12-25T11:53:42.790563636Z 67 PC: 15e9b | Get or set file attributes (See above)
2018-12-25T11:53:42.796420436Z 67 PC: 15ead | Get or set file attributes (See above)
2018-12-25T11:53:42.820250954Z 61 PC: 15eb9 | Open file (See above)
2018-12-25T11:53:42.827442188Z 63 PC: 15ec9 | Read file or device (See above)
2018-12-25T11:53:42.834702942Z 87 PC: 15ece | Get or set file date and time (See above)
2018-12-25T11:53:42.836541876Z 66 PC: 1602a | Move file pointer (See above)
2018-12-25T11:53:42.838870063Z 64 PC: 15fca | Write file or device (See above)
2018-12-25T11:53:42.848768537Z 66 PC: 15fd3 | Move file pointer (See above)
2018-12-25T11:53:42.850145113Z 64 PC: 15fe2 | Write file or device (See above)
2018-12-25T11:53:42.856747187Z 87 PC: 15ffa | Get or set file date and time (See above)
2018-12-25T11:53:42.85959196Z 62 PC: 15ffe | Close file (See above)
2018-12-25T11:53:42.867692958Z 67 PC: 1600c | Get or set file attributes (See above)
2018-12-25T11:53:42.877614147Z 79 PC: 15e43 | Find next file (See above)
2018-12-25T11:53:42.881113036Z 67 PC: 15e9b | Get or set file attributes (See above)
2018-12-25T11:53:42.886961725Z 67 PC: 15ead | Get or set file attributes (See above)
2018-12-25T11:53:42.898740664Z 61 PC: 15eb9 | Open file (See above)
2018-12-25T11:53:42.909753879Z 63 PC: 15ec9 | Read file or device (See above)
2018-12-25T11:53:42.915750584Z 87 PC: 15ece | Get or set file date and time (See above)
2018-12-25T11:53:42.917004908Z 66 PC: 1602a | Move file pointer (See above)
2018-12-25T11:53:42.92259095Z 64 PC: 15fca | Write file or device (See above)
2018-12-25T11:53:42.930940466Z 66 PC: 15fd3 | Move file pointer (See above)
2018-12-25T11:53:42.932171368Z 64 PC: 15fe2 | Write file or device (See above)
2018-12-25T11:53:42.939115682Z 87 PC: 15ffa | Get or set file date and time (See above)
2018-12-25T11:53:42.940619786Z 62 PC: 15ffe | Close file (See above)
2018-12-25T11:53:42.948041181Z 67 PC: 1600c | Get or set file attributes (See above)
2018-12-25T11:53:42.957714473Z 79 PC: 15e43 | Find next file (See above)
2018-12-25T11:53:42.960322289Z 67 PC: 15e9b | Get or set file attributes (See above)
2018-12-25T11:53:42.965719571Z 67 PC: 15ead | Get or set file attributes (See above)
2018-12-25T11:53:42.976718746Z 61 PC: 15eb9 | Open file (See above)
2018-12-25T11:53:42.984177965Z 63 PC: 15ec9 | Read file or device (See above)
2018-12-25T11:53:42.990583235Z 87 PC: 15ece | Get or set file date and time (See above)
2018-12-25T11:53:42.992618102Z 66 PC: 1602a | Move file pointer (See above)
2018-12-25T11:53:42.994652712Z 64 PC: 15fca | Write file or device (See above)
2018-12-25T11:53:43.00340995Z 66 PC: 15fd3 | Move file pointer (See above)
2018-12-25T11:53:43.006884785Z 64 PC: 15fe2 | Write file or device (See above)
2018-12-25T11:53:43.013730178Z 87 PC: 15ffa | Get or set file date and time (See above)
2018-12-25T11:53:43.01513027Z 62 PC: 15ffe | Close file (See above)
2018-12-25T11:53:43.023414228Z 67 PC: 1600c | Get or set file attributes (See above)
2018-12-25T11:53:43.033487286Z 26 PC: 15e5f | Set disk transfer address
2018-12-25T11:53:43.035980794Z 59 PC: 15d7b | Change current directory
2018-12-25T11:53:43.039252349Z 26 PC: 15d84 | Set disk transfer address
2018-12-25T11:53:43.040924822Z 26 PC: 1592c | Set disk transfer address
2018-12-25T11:53:43.04263819Z 42 PC: 1593b | Get date 0x1593b: cmp dl, 0x1d
0x1593e: jne 0x15943
0x15940: jmp 0x15bdf
0x15943: mov ah, 0x47
0x15945: xor dl, dl
0x15947: lea si, word ptr [bp + 0x460]
0x1594b: int 0x21
0x1594d: mov byte ptr ds:[bp + 0x3fa], 0
0x15953: nop
0x15954: mov byte ptr ds:[bp + 0x405], 0
0x1595a: nop
0x1595b: mov ah, 0x4e
0x1595d: lea dx, word ptr [bp + 0x45a]
0x15961: mov cx, 7
0x15964: int 0x21
0x15966: jae 0x1596e
0x15968: nop
0x15969: nop
0x1596a: nop
0x1596b: call 0x15bb1
2018-12-25T11:53:43.0534492Z 9 PC: 15bec | Display string (String= '--FOO VIRUS-- WE'RE ALL STARS NOW, IN THE DOPESHOW MADE IN THE UK, WE EXIST..')