Sample viewer

vx.netlux.org/Virus.DOS.SSR.1945.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:57.109928554Z 78 PC: 13a0b | Find first file
2018-12-17T22:35:57.116625043Z 67 PC: 13a5e | Get or set file attributes
2018-12-17T22:35:57.132021509Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:57.138534714Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.145096671Z 66 PC: 13a97 | Move file pointer
2018-12-17T22:35:57.147546495Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.15588324Z 66 PC: 13b00 | Move file pointer
2018-12-17T22:35:57.157483001Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.163669513Z 62 PC: 13b1a | Close file
2018-12-17T22:35:57.171431631Z 79 PC: 13a13 | Find next file
2018-12-17T22:35:57.17397473Z 67 PC: 13a5e | Get or set file attributes
2018-12-17T22:35:57.183803103Z 61 PC: 13a68 | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.193305905Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.200083215Z 66 PC: 13a97 | Move file pointer
2018-12-17T22:35:57.203726438Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.212021485Z 66 PC: 13b00 | Move file pointer
2018-12-17T22:35:57.213273243Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.219890333Z 62 PC: 13b1a | Close file
2018-12-17T22:35:57.228144733Z 79 PC: 13a13 | Find next file
2018-12-17T22:35:57.230630535Z 67 PC: 13a5e | Get or set file attributes
2018-12-17T22:35:57.240704178Z 61 PC: 13a68 | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.248338446Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.254908638Z 66 PC: 13a97 | Move file pointer
2018-12-17T22:35:57.258313283Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.266552956Z 66 PC: 13b00 | Move file pointer
2018-12-17T22:35:57.268018545Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.275040374Z 62 PC: 13b1a | Close file
2018-12-17T22:35:57.283412445Z 79 PC: 13a13 | Find next file
2018-12-17T22:35:57.28633685Z 67 PC: 13a5e | Get or set file attributes
2018-12-17T22:35:57.296370828Z 61 PC: 13a68 | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.30341024Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.309544956Z 66 PC: 13a97 | Move file pointer
2018-12-17T22:35:57.311985954Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.32084078Z 66 PC: 13b00 | Move file pointer
2018-12-17T22:35:57.322131281Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.328389728Z 62 PC: 13b1a | Close file
2018-12-17T22:35:57.337257419Z 79 PC: 13a13 | Find next file
2018-12-17T22:35:57.339798395Z 67 PC: 13a5e | Get or set file attributes
2018-12-17T22:35:57.349163098Z 61 PC: 13a68 | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.356270647Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.36224899Z 66 PC: 13a97 | Move file pointer
2018-12-17T22:35:57.364649722Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.374137997Z 66 PC: 13b00 | Move file pointer
2018-12-17T22:35:57.375878521Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.382281369Z 62 PC: 13b1a | Close file
2018-12-17T22:35:57.391461015Z 79 PC: 13a13 | Find next file
2018-12-17T22:35:57.39418824Z 67 PC: 13a5e | Get or set file attributes
2018-12-17T22:35:57.403492099Z 61 PC: 13a68 | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.409974346Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.416343702Z 66 PC: 13a97 | Move file pointer
2018-12-17T22:35:57.418762789Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.427100956Z 66 PC: 13b00 | Move file pointer
2018-12-17T22:35:57.4284893Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.434560296Z 62 PC: 13b1a | Close file
2018-12-17T22:35:57.4427149Z 79 PC: 13a13 | Find next file
2018-12-17T22:35:57.44585024Z 67 PC: 13a5e | Get or set file attributes
2018-12-17T22:35:57.455342582Z 61 PC: 13a68 | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.461923344Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.469191806Z 66 PC: 13a97 | Move file pointer
2018-12-17T22:35:57.471776193Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.480377795Z 66 PC: 13b00 | Move file pointer
2018-12-17T22:35:57.482610602Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.488904686Z 62 PC: 13b1a | Close file
2018-12-17T22:35:57.497339015Z 79 PC: 13a13 | Find next file
2018-12-17T22:35:57.500372524Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-17T22:35:57.503385635Z 78 PC: 13272 | Find first file
2018-12-17T22:35:57.509579611Z 67 PC: 132c5 | Get or set file attributes
2018-12-17T22:35:57.519231323Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:57.525437141Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.527820531Z 66 PC: 132fe | Move file pointer
2018-12-17T22:35:57.530650188Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.537780581Z 66 PC: 13367 | Move file pointer
2018-12-17T22:35:57.539216193Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.542778384Z 62 PC: 13381 | Close file
2018-12-17T22:35:57.55178761Z 79 PC: 1327a | Find next file
2018-12-17T22:35:57.554697197Z 67 PC: 132c5 | Get or set file attributes
2018-12-17T22:35:57.563870341Z 61 PC: 132cf | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.571263486Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.573589429Z 66 PC: 132fe | Move file pointer
2018-12-17T22:35:57.575881938Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.587660047Z 66 PC: 13367 | Move file pointer
2018-12-17T22:35:57.589356359Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.592300891Z 62 PC: 13381 | Close file
2018-12-17T22:35:57.600834305Z 79 PC: 1327a | Find next file
2018-12-17T22:35:57.603340616Z 67 PC: 132c5 | Get or set file attributes
2018-12-17T22:35:57.612542313Z 61 PC: 132cf | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.6195097Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.622097062Z 66 PC: 132fe | Move file pointer
2018-12-17T22:35:57.624441449Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.633558027Z 66 PC: 13367 | Move file pointer
2018-12-17T22:35:57.63488182Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.63743606Z 62 PC: 13381 | Close file
2018-12-17T22:35:57.645863515Z 79 PC: 1327a | Find next file
2018-12-17T22:35:57.648368984Z 67 PC: 132c5 | Get or set file attributes
2018-12-17T22:35:57.658100024Z 61 PC: 132cf | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.664814647Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.667245115Z 66 PC: 132fe | Move file pointer
2018-12-17T22:35:57.669650436Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.678626531Z 66 PC: 13367 | Move file pointer
2018-12-17T22:35:57.679874431Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.682377435Z 62 PC: 13381 | Close file
2018-12-17T22:35:57.690798388Z 79 PC: 1327a | Find next file
2018-12-17T22:35:57.693263722Z 67 PC: 132c5 | Get or set file attributes
2018-12-17T22:35:57.702387183Z 61 PC: 132cf | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.709411276Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.711761444Z 66 PC: 132fe | Move file pointer
2018-12-17T22:35:57.714065815Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.722746666Z 66 PC: 13367 | Move file pointer
2018-12-17T22:35:57.724088492Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.726584183Z 62 PC: 13381 | Close file
2018-12-17T22:35:57.734823195Z 79 PC: 1327a | Find next file
2018-12-17T22:35:57.737396711Z 67 PC: 132c5 | Get or set file attributes
2018-12-17T22:35:57.746584773Z 61 PC: 132cf | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.753737828Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.7563832Z 66 PC: 132fe | Move file pointer
2018-12-17T22:35:57.758855847Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.768017048Z 66 PC: 13367 | Move file pointer
2018-12-17T22:35:57.769765457Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.772339575Z 62 PC: 13381 | Close file
2018-12-17T22:35:57.780353675Z 79 PC: 1327a | Find next file
2018-12-17T22:35:57.783039142Z 67 PC: 132c5 | Get or set file attributes
2018-12-17T22:35:57.79232147Z 61 PC: 132cf | Open file (Filename = 'ߙ !ӄ'?� !p㚾 �!c��R��� �"�R�����$ �y'#��R���y'zmT���|'��T��"b��� �S"�#�V� # ��'��~'��'� ���� ���� !�ge�ԙ�'�0!�>!�� !�%�?!�� !%g�ڙ�'�>&?�`�?S#�')
2018-12-17T22:35:57.79883166Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:35:57.801337489Z 66 PC: 132fe | Move file pointer
2018-12-17T22:35:57.803676837Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-17T22:35:57.811880813Z 66 PC: 13367 | Move file pointer
2018-12-17T22:35:57.814504824Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.817103047Z 62 PC: 13381 | Close file
2018-12-17T22:35:57.825035083Z 79 PC: 1327a | Find next file
2018-12-17T22:35:57.827703858Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-17T22:35:57.829951954Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-17T22:35:57.839735293Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:30.358203083Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:30.370712963Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:30.388505744Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:30.395827039Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:30.404275455Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:30.407606138Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:30.41719223Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:30.418568831Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:30.426323255Z 62 PC: 13b1a | Close file
2018-12-25T11:59:30.435460032Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:30.438379264Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.449741271Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.457179166Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.464597728Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.468869695Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.478393628Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.479904465Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.488204258Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.497233822Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.50001288Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.511057575Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.518142072Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.52496774Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.528603135Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.538476026Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.539992397Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.548463466Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.562527947Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.566025439Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.578738215Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.586992023Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.594441103Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.597628823Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.60865517Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.610423877Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.618898684Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.629717058Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.632786054Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.644250698Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.654514688Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.663690124Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.66681753Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.67817407Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.679857895Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.687812221Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.698205744Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.70174493Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.713144956Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.720866541Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.729171187Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.732816422Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.743121947Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.745820264Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.754588421Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.764339796Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.768778325Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.780021179Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.787689928Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.795562284Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.798509523Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.808068353Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.809867905Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.818372075Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.827738196Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.83041823Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:30.833433586Z 78 PC: 13272 | Find first file
2018-12-25T11:59:30.837415561Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:30.844545281Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:30.849486563Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:30.85222426Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:30.855157105Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:30.865152655Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:30.866585313Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:30.86944968Z 62 PC: 13381 | Close file
2018-12-25T11:59:30.87934947Z 79 PC: 1327a | Find next file
2018-12-25T11:59:30.883001292Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:30.893326727Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:30.900588313Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:30.90370497Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:30.906573044Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:30.916051156Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:30.918026913Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:30.920969015Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:30.930161487Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:30.934774708Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:30.945703207Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:30.952658726Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:30.956097783Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:30.959103324Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:30.968407344Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:30.970367025Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:30.973288829Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:30.982029509Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:30.985185892Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:30.995534452Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.002642565Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.005840112Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.009749125Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.019360823Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.020956616Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.024707361Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.033554676Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.036516797Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.047599985Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.054930378Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.058164827Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.062110136Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.071682746Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.074097985Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.078052881Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.086990354Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.08991108Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.101116362Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.108343251Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.111457631Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.115328442Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.12493478Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.126483799Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.130321589Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.150143318Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.153385141Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.164364456Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.17306752Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.176309297Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.17971239Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.190352164Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.192201754Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.195586194Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.209925576Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.212672713Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:31.215725501Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:31.229029794Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:30.426544555Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:30.433093127Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:30.644237346Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:30.65092677Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:30.657678714Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:30.660163442Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:30.668825244Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:30.671385984Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:30.678633064Z 62 PC: 13b1a | Close file
2018-12-25T11:59:30.68654007Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:30.689442766Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.698946206Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.705257157Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.711523769Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.714815098Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.727439015Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.729077518Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.736186764Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.750906959Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.753582341Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.767084811Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.774985973Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.781733529Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.785698973Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.794719334Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.797065109Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.805000612Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.814340565Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.817236219Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.827113342Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.835336863Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.84189738Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.84481811Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.863506109Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.865323807Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.872174928Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.880373721Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.884067746Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.893852232Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.90121647Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.907684002Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.910756837Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.919942589Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.923461451Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.930124966Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.939231919Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.942419959Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.953057436Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.960367142Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.967926148Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.970381856Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.976908473Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.979248521Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.985981027Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.994595948Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.998161768Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:31.007980628Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:31.01516145Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:31.022497411Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:31.03093233Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:31.041044216Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:31.043756852Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:31.051080555Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:31.059640369Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:31.06335503Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:31.06710311Z 78 PC: 13272 | Find first file
2018-12-25T11:59:31.073252546Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:31.083854965Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:31.09163321Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:31.094488763Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:31.097634554Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:31.107296031Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:31.108894163Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:31.111864001Z 62 PC: 13381 | Close file
2018-12-25T11:59:31.120378887Z 79 PC: 1327a | Find next file
2018-12-25T11:59:31.122929802Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.132338546Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.140310458Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.142805468Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.145400484Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.155400863Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.156768875Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.159735273Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.169212931Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.172145255Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.181525917Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.188733899Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.191709726Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.194224935Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.204297226Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.20627461Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.209223614Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.21825916Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.222164755Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.231991673Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.239567482Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.242685073Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.245591616Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.255626111Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.257559921Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.260542113Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.269361693Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.273008731Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.282771572Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.289915871Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.293207455Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.295980547Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.304687009Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.307240379Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.310150615Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.318208291Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.321920453Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.331622451Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.338221599Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.341913824Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.345192653Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.354291233Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.356274255Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.359022041Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.367139779Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.370488613Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.37996207Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.386506218Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.397400829Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.400116489Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.408964403Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.411369439Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.414246731Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.422726893Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.42629139Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:31.43029803Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:31.440904899Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:30.705185728Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:30.712246877Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:30.72828543Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:30.740088289Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:30.753716663Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:30.756504733Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:30.764880814Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:30.766598639Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:30.773595004Z 62 PC: 13b1a | Close file
2018-12-25T11:59:30.781637517Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:30.784661754Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.79652239Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.80388094Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.810404464Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.815126581Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.823682359Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.825408557Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.844665076Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.853695046Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.856218495Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.866560442Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.87317132Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.88004354Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.88327193Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.892827857Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.894515629Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.901047437Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.914459008Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.917456082Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.927122734Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.935451281Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:30.943258712Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:30.946324385Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:30.955621557Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:30.957400703Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:30.964925959Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:30.976224953Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:30.979027519Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:30.988760347Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:30.9965154Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:31.002769397Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:31.005452708Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:31.033316759Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:31.034786056Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:31.041393761Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:31.050244127Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:31.054107344Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:31.065028669Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:31.072914907Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:31.07961027Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:31.082193723Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:31.091872485Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:31.093984177Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:31.100637999Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:31.109275342Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:31.1121758Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:31.121976812Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:31.129564802Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:31.136388302Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:31.139953837Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:31.149132346Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:31.15140839Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:31.158095581Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:31.167547637Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:31.171411182Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:31.174445717Z 78 PC: 13272 | Find first file
2018-12-25T11:59:31.180165043Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:31.190193185Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:31.19666802Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:31.199143625Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:31.202829599Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:31.212010097Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:31.213318253Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:31.2168018Z 62 PC: 13381 | Close file
2018-12-25T11:59:31.224999636Z 79 PC: 1327a | Find next file
2018-12-25T11:59:31.227996439Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.238705657Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.245650191Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.248611978Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.25236604Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.261224472Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.263065691Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.266991164Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.275837231Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.278710887Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.289131102Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.296319848Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.299204769Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.302295954Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.31172241Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.313337319Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.316281272Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.325222376Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.328063074Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.338599153Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.345786411Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.348368585Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.350914856Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.360405795Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.361845681Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.364470657Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.373254287Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.375776395Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.385392068Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.392773548Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.39532607Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.397896573Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.40790507Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.40969012Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.412586868Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.422218428Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.425082341Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.435362564Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.443246284Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.44581297Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.448403882Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.457706384Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.459114338Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.462171102Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.470980552Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.473512223Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:31.483515941Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:31.490648715Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:31.493127697Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:31.495599557Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:31.504822916Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:31.506312616Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:31.508843419Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:31.517296375Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:31.519688764Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:31.521833918Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:31.532323627Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:32.797673455Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:32.812301316Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:32.83078184Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:32.838241317Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:32.845619623Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:32.849696306Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:32.859711431Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:32.861697568Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:32.870434132Z 62 PC: 13b1a | Close file
2018-12-25T11:59:32.879591041Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:32.882637277Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:32.895041074Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:32.902810077Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:32.910291697Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:32.914593084Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:32.924304246Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:32.926242521Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:32.934261584Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:32.943957145Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:32.947090846Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:32.958336663Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:32.965826401Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:32.972865471Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:32.976456636Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:32.986362414Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:32.98799597Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:32.995096585Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.005791962Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.009912321Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.020893601Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.031206844Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.038613478Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.042072659Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.052570487Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.054459547Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.061854003Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.072701079Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.075748407Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.086281916Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.094649902Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.101455668Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.104321613Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.113877874Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.116457076Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.123905182Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.133657814Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.137905259Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.148874158Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.156474139Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.164704461Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.167809748Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.177459103Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.179777794Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.186968606Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.197460543Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.200712279Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.212089494Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.21948162Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.226567962Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.23055101Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.240596859Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.242319153Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.25078777Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.260371782Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.263584911Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:33.268122412Z 78 PC: 13272 | Find first file
2018-12-25T11:59:33.274703354Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:33.285687894Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:33.294935686Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:33.297965846Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:33.301275705Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:33.311726472Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:33.313700805Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:33.31694763Z 62 PC: 13381 | Close file
2018-12-25T11:59:33.326285047Z 79 PC: 1327a | Find next file
2018-12-25T11:59:33.330728536Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.341577559Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.349230094Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.352947309Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.356171069Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.366063639Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.368548689Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.37179466Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.381554334Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.385601002Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.39697549Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.40473632Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.408180381Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.411746837Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.42178575Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.423479234Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.427640751Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.437462632Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.440886916Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.45262395Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.46107738Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.464315494Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.468495537Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.478839773Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.480649904Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.484204113Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.493431226Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.496441433Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.507560171Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.515604409Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.518851032Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.522237543Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.533409453Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.53525955Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.538608648Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.548605Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.55154612Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.563002289Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.571205079Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.574189231Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.577457432Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.588193812Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.591407813Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.594805585Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.604631046Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.608669639Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.618308026Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.622717561Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.625201253Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.627260021Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.634025712Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.636207755Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.639221541Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.648247399Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.651575992Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:33.654091436Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:33.666698709Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:33.161665209Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:33.16815732Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:33.186113675Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:33.192657445Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:33.199503257Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:33.202134559Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:33.210436899Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:33.213091458Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:33.219322259Z 62 PC: 13b1a | Close file
2018-12-25T11:59:33.227363559Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:33.230274695Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.23973024Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.246187457Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.252676582Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.255682975Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.264368291Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.26578374Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.272121276Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.280379425Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.283532234Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.293561025Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.299885464Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.305978387Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.309275899Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.317561442Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.318845218Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.334844554Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.342939881Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.345746443Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.355733257Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.363348642Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.369602805Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.373808682Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.382342574Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.383661481Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.390509741Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.398882194Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.40145505Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.411698558Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.418041098Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.424396712Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.429003723Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.437582832Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.438882672Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.445431803Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.453318192Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.456088008Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.466711183Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.473727035Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.480164268Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.483727387Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.493226311Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.494581042Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.501012284Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.509454384Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.512089023Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.521842049Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.529115347Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.535604365Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.538459675Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.547513806Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.548771961Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.555436916Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.563525757Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.565929908Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:33.568967883Z 78 PC: 13272 | Find first file
2018-12-25T11:59:33.575596004Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:33.585053677Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:33.591470005Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:33.594900208Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:33.597721523Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:33.606408032Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:33.608789748Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:33.612040776Z 62 PC: 13381 | Close file
2018-12-25T11:59:33.620793168Z 79 PC: 1327a | Find next file
2018-12-25T11:59:33.624326194Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.634815531Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.641226218Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.644774471Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.647621767Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.656287202Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.65809746Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.660812538Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.674597918Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.677858198Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.688841875Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.695436056Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.698646829Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.701849514Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.71048382Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.712770793Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.716021953Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.722117397Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.724026484Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.730882499Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.736428912Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.738744153Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.740803464Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.747388815Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.749066812Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.753119606Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.761889878Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.764567414Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.774672968Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.781566556Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.784299987Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.787948658Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.796875282Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.798401852Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.80165169Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.809493665Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.812690841Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.823169112Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.829695866Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.832391717Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.835506439Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.84430318Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.845634956Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.848590353Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.856454963Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.858900595Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:33.868662047Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:33.875716623Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:33.878152953Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:33.880949135Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:33.889399004Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:33.890635997Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:33.893618357Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:33.901374655Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:33.903669436Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:33.906127201Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:33.916988978Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:33.613203803Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:33.619499021Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:33.63495155Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:33.646180388Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:33.653218185Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:33.656655552Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:33.665012265Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:33.667347896Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:33.67371826Z 62 PC: 13b1a | Close file
2018-12-25T11:59:33.681523353Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:33.684369758Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.693926821Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.700361214Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.706853645Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.710630133Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.719718766Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.721157274Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.728152987Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.736207263Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.73925455Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.750620699Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.757601592Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.764043041Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.767199507Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.772669038Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.773760447Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.778276569Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.783738401Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.786175726Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.793043309Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.797346497Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.801255006Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.80324417Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.811902805Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.813143965Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.81990875Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.827753571Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.830189468Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.841290927Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.847815394Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.85421032Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.857411176Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.865702064Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.866980866Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.874001018Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.881940173Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.884371686Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.894506611Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.900919674Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.907174969Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.910306307Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.919529513Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.921159333Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.929363407Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.937493543Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.939960339Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:33.949502154Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:33.956652368Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:33.96307651Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:33.965946228Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:33.975830465Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:33.977289567Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:33.984199659Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:33.993458854Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:33.995959236Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:33.99908234Z 78 PC: 13272 | Find first file
2018-12-25T11:59:34.006073947Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:34.01578819Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:34.022597982Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:34.026470995Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:34.030662257Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:34.039376208Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:34.042077803Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:34.044017128Z 62 PC: 13381 | Close file
2018-12-25T11:59:34.04949756Z 79 PC: 1327a | Find next file
2018-12-25T11:59:34.051982799Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.065317452Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.080968879Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.08479904Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.087943889Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.09679227Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.099246638Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.102619389Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.111407597Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.115097098Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.124962434Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.13216536Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.135281427Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.138075311Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.146860269Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.14889204Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.151588159Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.159536122Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.162835051Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.172378077Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.218875421Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.225543066Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.228663546Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.238072576Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.239675514Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.242854093Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.25055856Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.253215612Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.263120615Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.269423958Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.275590074Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.279563587Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.288684698Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.290316215Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.294314321Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.306966943Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.30975486Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.320434912Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.327097467Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.333373747Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.336458042Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.34536442Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.346997256Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.350417566Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.358528184Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.361305469Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.372053677Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.378703456Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.385061762Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.3887539Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.398037687Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.399502743Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.404098343Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.413156233Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.415836031Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:34.419111452Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:34.433445128Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:34.071630466Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:34.077682306Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:34.092496321Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:34.099223859Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:34.106695746Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:34.109574507Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:34.118383944Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:34.120576607Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:34.12679038Z 62 PC: 13b1a | Close file
2018-12-25T11:59:34.13544992Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:34.138563952Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.162662384Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.169516704Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.176145424Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.17975886Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.188293333Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.189658601Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.197492989Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.205595234Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.208283825Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.218539371Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.225439542Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.231904917Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.235127021Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.244190175Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.24580426Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.253452788Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.262089424Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.264917043Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.275483799Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.282624545Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.289097494Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.29219298Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.306627053Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.307989338Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.330854854Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.338906285Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.340995473Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.349541844Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.354700362Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.360475494Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.362431161Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.368738281Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.370374016Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.378419518Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.387505756Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.38933006Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.395367268Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.400021957Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.406603533Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.409490274Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.419112629Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.420966814Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.427461087Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.436056449Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.438854978Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.448838606Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.455906317Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.462527622Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.465443757Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.474806865Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.476430222Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.482910405Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.495686195Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.497440398Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:34.500784341Z 78 PC: 13272 | Find first file
2018-12-25T11:59:34.508965765Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:34.519666519Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:34.5266353Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:34.529739562Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:34.533751886Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:34.543485225Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:34.545154682Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:34.548223494Z 62 PC: 13381 | Close file
2018-12-25T11:59:34.556359063Z 79 PC: 1327a | Find next file
2018-12-25T11:59:34.558883755Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.568782825Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.575410928Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.578867374Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.582501221Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.590991478Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.592302821Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.595695561Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.603825718Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.606447042Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.617533129Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.625157934Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.62792798Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.631427298Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.640489583Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.641980576Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.646443836Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.655414425Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.658321718Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.670173716Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.676746507Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.679785793Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.683025972Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.691854532Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.693163788Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.696218882Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.70526131Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.708155576Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.718460909Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.725092461Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.72755035Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.730419349Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.739873156Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.741192484Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.744566123Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.753489886Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.756290457Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.766453292Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.774282161Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.777070804Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.780159875Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.789193582Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.790463634Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.793126227Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.799379444Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.801364899Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.809007759Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.814516124Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:34.816335392Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:34.818557399Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:34.824809795Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:34.825894724Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:34.82779056Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:34.834175169Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:34.835903915Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:34.837510876Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:34.844088108Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:34.488326145Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:34.493193171Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:34.505852357Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:34.51026437Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:34.515276103Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:34.517611955Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:34.52352959Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:34.526229662Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:34.531778909Z 62 PC: 13b1a | Close file
2018-12-25T11:59:34.537761355Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:34.539745716Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.547322285Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.552124313Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.5566503Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.559557833Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.565343735Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.566538798Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.574311492Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.584224249Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.587515682Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.59967435Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.607587672Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.615107084Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.618556637Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.629044435Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.630924342Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.639116976Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.649264925Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.652690567Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.663841882Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.672650187Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.680260227Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.683336451Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.698010632Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.699774018Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.708369966Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.718395077Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.721799125Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.732897379Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.741057305Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.748403665Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.751568048Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.761628318Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.76378828Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.772045417Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.781767921Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.785150475Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.795833899Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.803205557Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.811045069Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.814262517Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.82462365Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.827672679Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.836017701Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.845870025Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.849964379Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:34.861099965Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:34.868911611Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:34.877407565Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:34.88043944Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:34.890677652Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:34.892102441Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:34.899889234Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:34.909231844Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:34.91207595Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:34.91631858Z 78 PC: 13272 | Find first file
2018-12-25T11:59:34.923709798Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:34.935108804Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:34.943128878Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:34.946067763Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:34.949123349Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:34.959898283Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:34.961510147Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:34.964658032Z 62 PC: 13381 | Close file
2018-12-25T11:59:34.974742783Z 79 PC: 1327a | Find next file
2018-12-25T11:59:34.977753997Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:34.988766185Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:34.997723642Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:35.001485011Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:35.004935009Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:35.016142088Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:35.017724318Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:35.020926702Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:35.030932613Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:35.034307207Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:35.04523732Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:35.052728426Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:35.056073633Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:35.059232454Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:35.069010709Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:35.071456733Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:35.074883778Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:35.085079455Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:35.088907178Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:35.100252212Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:35.10632051Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:35.108948408Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:35.111237286Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:35.117476284Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:35.11923577Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:35.121488972Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:35.127686797Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:35.12978392Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:35.136804633Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:35.142223495Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:35.145498748Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:35.150624142Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:35.161140021Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:35.1623443Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:35.164944711Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:35.17068268Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:35.173581746Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:35.185958261Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:35.193682467Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:35.197202931Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:35.201499788Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:35.211756511Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:35.213852751Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:35.218384397Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:35.229953114Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:35.233425032Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:35.244623147Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:35.252614188Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:35.256064856Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:35.260478453Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:35.272390428Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:35.274402797Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:35.278425166Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:35.288934481Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:35.292917704Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:35.295914156Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:35.309582272Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:36.310044159Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:36.316518961Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:36.332887567Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:36.339596519Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:36.348087774Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:36.350812187Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:36.359367909Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:36.361096674Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:36.367843044Z 62 PC: 13b1a | Close file
2018-12-25T11:59:36.375714011Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:36.379345978Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.389067865Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.395667723Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.402905946Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.405600588Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.414554672Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.416138823Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.423027209Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.431574315Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.434802059Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.445162228Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.451732689Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.457942039Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.461602817Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.470312938Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.471687262Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.480333959Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.488382131Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.490932895Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.50190879Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.508840772Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.515311717Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.518496049Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.526922389Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.52822497Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.535264605Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.543496891Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.54603585Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.561377647Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.568567548Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.575076511Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.5797306Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.588883713Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.590640013Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.597686548Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.606004057Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.608930938Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.619282565Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.625790774Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.632341928Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.635299507Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.643844849Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.645134698Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.652069253Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.659961105Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.66246018Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.672054934Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.679307851Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.685492781Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.688057159Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.698200221Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.700277592Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.706825916Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.716633296Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.719318148Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:36.722574738Z 78 PC: 13272 | Find first file
2018-12-25T11:59:36.729414929Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:36.739381745Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:36.746331364Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:36.750014327Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:36.752817534Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:36.761877628Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:36.764176376Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:36.766871245Z 62 PC: 13381 | Close file
2018-12-25T11:59:36.77454271Z 79 PC: 1327a | Find next file
2018-12-25T11:59:36.777448724Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:36.786866927Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:36.793224519Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:36.796393438Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:36.798962479Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:36.807349645Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:36.809489619Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:36.81208781Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:36.819841381Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:36.822515228Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:36.832947232Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:36.839247189Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:36.841743474Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:36.845379211Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:36.853638699Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:36.854895459Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:36.858075264Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:36.86594172Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:36.868212852Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:36.87766659Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:36.88385349Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:36.885501868Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:36.888311701Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:36.897378503Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:36.898913643Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:36.902273741Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:36.909932013Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:36.912387688Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:36.92224618Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:36.929000856Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:36.931436677Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:36.934630973Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:36.943398413Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:36.94466545Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:36.948308538Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:36.956232515Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:36.959676216Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:36.969988761Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:36.976178536Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:36.978533574Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:36.981858747Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:36.990152901Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:36.991468918Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:36.9947187Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.002620611Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.004977203Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.014661429Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.021478463Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.023784096Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.026819699Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.035352613Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.036762123Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.040375558Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.048345418Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.050716151Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:37.053429525Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:37.064064425Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:36.349157762Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:36.356566276Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:36.372370426Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:36.376821685Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:36.38288045Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:36.387286004Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:36.392973221Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:36.394651917Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:36.398828833Z 62 PC: 13b1a | Close file
2018-12-25T11:59:36.405065804Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:36.408238217Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.417747067Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.424168364Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.430520911Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.433599278Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.442055713Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.443444253Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.450549238Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.458490082Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.460227462Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.470426553Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.47693111Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.483017268Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.486361833Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.494559366Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.495876057Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.502870902Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.510867387Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.513382287Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.523975795Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.530441083Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.537049175Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.54032143Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.549905651Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.551474057Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.558583804Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.566605884Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.569171261Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.578950726Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.585602114Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.591743177Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.594261709Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.604755081Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.606005014Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.612352388Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.620509054Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.62369105Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.63304008Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.639854605Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.645996979Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.648631414Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.657192883Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.658408923Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.664981606Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.673028195Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.674807813Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.6808984Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.685445972Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.691275162Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.694168179Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.703153116Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.704490633Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.710709576Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.718685529Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.721058886Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:36.724550381Z 78 PC: 13272 | Find first file
2018-12-25T11:59:36.730566433Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:36.740085906Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:36.746473018Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:36.74955605Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:36.752140577Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:36.760655548Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:36.762722804Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:36.765454041Z 62 PC: 13381 | Close file
2018-12-25T11:59:36.77341085Z 79 PC: 1327a | Find next file
2018-12-25T11:59:36.776694374Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:36.786349254Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:36.792634735Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:36.795416462Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:36.797955209Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:36.806403767Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:36.808181963Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:36.810772223Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:36.818639242Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:36.821429201Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:36.830917045Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:36.837285361Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:36.8401747Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:36.842677316Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:36.851525109Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:36.853179812Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:36.855696991Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:36.863486162Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:36.866371101Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:36.875614343Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:36.881927942Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:36.884954173Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:36.887579748Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:36.896194426Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:36.897987367Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:36.900616556Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:36.908863582Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:36.911824663Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:36.922193783Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:36.926205868Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:36.928192077Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:36.929829578Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:36.935288422Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:36.93669938Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:36.938554166Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:36.94369871Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:36.946126241Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:36.955493424Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:36.961806331Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:36.965217848Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:36.967896244Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:36.97656963Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:36.978408152Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:36.980836411Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:36.988766424Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:36.991958181Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.001346769Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.007428846Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.010164128Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.012868914Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.021361262Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.022970836Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.025752902Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.03391731Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.036637385Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:37.03869881Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:37.049524759Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:36.697533601Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:36.704922817Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:36.724037959Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:36.731317471Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:36.739299962Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:36.743169555Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:36.753134492Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:36.755546946Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:36.763433914Z 62 PC: 13b1a | Close file
2018-12-25T11:59:36.772554869Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:36.780331908Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.791355591Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.799380113Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.806405495Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.810902641Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.820560863Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.822514254Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.83135275Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.840379538Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.843640026Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.855276335Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.863481919Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.870793191Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.874873092Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.884945352Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.886790769Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.895695181Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.906064772Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.909624477Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.921180793Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:36.930357792Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:36.938115176Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:36.941848054Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:36.960052976Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:36.965434595Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:36.972800155Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:36.982790502Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:36.986980827Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:36.99810976Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:37.006744882Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:37.013893218Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:37.017000779Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:37.028068827Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:37.030322824Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:37.038086349Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:37.047726869Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:37.051593138Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:37.063190409Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:37.070963252Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:37.078983979Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:37.082355008Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:37.09239036Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:37.095034904Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:37.102661322Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:37.111954364Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:37.11668272Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:37.127623359Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:37.135431008Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:37.143694466Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:37.147137267Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:37.157183862Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:37.159921807Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:37.168958708Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:37.178076051Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:37.181675049Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:37.186669055Z 78 PC: 13272 | Find first file
2018-12-25T11:59:37.190815651Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:37.197383885Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:37.20273577Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:37.204825052Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:37.206869016Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:37.213350474Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:37.214517397Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:37.216540028Z 62 PC: 13381 | Close file
2018-12-25T11:59:37.222672871Z 79 PC: 1327a | Find next file
2018-12-25T11:59:37.224682627Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.231480506Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.236672129Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.238877244Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.241002377Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.247246511Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.248924361Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.251278121Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.257010897Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.259478504Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.266042974Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.273436877Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.2767379Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.279602913Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.289396215Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.292074648Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.311866888Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.320731242Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.324064156Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.334636246Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.341819753Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.345324914Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.348416828Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.358016634Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.360762992Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.364097292Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.373224693Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.377426452Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.38868149Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.396159293Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.39939308Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.403185012Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.488890373Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.490420248Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.494400298Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.597909038Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.601518064Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.794835137Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.8022021Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.804973743Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.80916702Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.824050952Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.825544335Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.829035547Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.851632164Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.853628876Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.868449644Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.873011239Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.874781718Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.877342335Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.893369487Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.894754293Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.898101301Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.924478532Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.926241123Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:37.928619938Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:37.935023335Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6488,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:37.211435919Z 78 PC: 13a0b | Find first file
2018-12-25T11:59:37.218119529Z 67 PC: 13a5e | Get or set file attributes
2018-12-25T11:59:37.234977607Z 61 PC: 13a68 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:37.241764987Z 63 PC: 13a78 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:37.249528764Z 66 PC: 13a97 | Move file pointer
2018-12-25T11:59:37.252320418Z 64 PC: 13af1 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:37.261263523Z 66 PC: 13b00 | Move file pointer
2018-12-25T11:59:37.262817029Z 64 PC: 13b11 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:37.270692989Z 62 PC: 13b1a | Close file
2018-12-25T11:59:37.27948944Z 79 PC: 13a13 | Find next file
2018-12-25T11:59:37.282656246Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:37.293538469Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:37.300152396Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:37.30631534Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:37.313869248Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:37.322196284Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:37.323577349Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:37.330509614Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:37.338348808Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:37.340864405Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:37.351561615Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:37.358180241Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:37.364422075Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:37.368087279Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:37.376598536Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:37.377950283Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:37.38549889Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:37.393531538Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:37.396178635Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:37.405814651Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:37.41324121Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:37.419344715Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:37.422024121Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:37.430895261Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:37.432532085Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:37.439265498Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:37.44769813Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:37.450114931Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:37.460953564Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:37.468179518Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:37.475399618Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:37.478734405Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:37.488432378Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:37.489776156Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:37.496085295Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:37.504517754Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:37.506895038Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:37.516218938Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:37.523126332Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:37.529150906Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:37.531656859Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:37.541063636Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:37.542402598Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:37.548803226Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:37.557188286Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:37.560768767Z 67 PC: 13a5e | Get or set file attributes (See above)
2018-12-25T11:59:37.570458762Z 61 PC: 13a68 | Open file (See above)
2018-12-25T11:59:37.577190796Z 63 PC: 13a78 | Read file or device (See above)
2018-12-25T11:59:37.5840281Z 66 PC: 13a97 | Move file pointer (See above)
2018-12-25T11:59:37.58666603Z 64 PC: 13af1 | Write file or device (See above)
2018-12-25T11:59:37.595426632Z 66 PC: 13b00 | Move file pointer (See above)
2018-12-25T11:59:37.597428341Z 64 PC: 13b11 | Write file or device (See above)
2018-12-25T11:59:37.60364302Z 62 PC: 13b1a | Close file (See above)
2018-12-25T11:59:37.612173554Z 79 PC: 13a13 | Find next file (See above)
2018-12-25T11:59:37.615209235Z 42 PC: 13a21 | Get date 0x13a21: cmp cx, 0x7cb
0x13a25: jne 0x13a3c
0x13a27: cmp dh, 5
0x13a2a: jne 0x13a3c
0x13a2c: cmp dl, 8
0x13a2f: jne 0x13a34
0x13a31: jmp 0x13b1d
0x13a34: cmp dl, 9
0x13a37: jne 0x13a3c
0x13a39: jmp 0x13b1d
0x13a3c: push cs
0x13a3d: pop es
0x13a3e: mov ax, 0xb900
0x13a41: mov ds, ax
0x13a43: mov si, 0
0x13a46: xor di, di
0x13a48: mov cx, 0x100
0x13a4b: rep movsb byte ptr es:[di], byte ptr [si]
0x13a4d: pop es
0x13a4e: pop ds
2018-12-25T11:59:37.618205694Z 78 PC: 13272 | Find first file
2018-12-25T11:59:37.623901698Z 67 PC: 132c5 | Get or set file attributes
2018-12-25T11:59:37.633812198Z 61 PC: 132cf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:37.640220245Z 63 PC: 132df | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:59:37.642637324Z 66 PC: 132fe | Move file pointer
2018-12-25T11:59:37.645902148Z 64 PC: 13358 | Write file or device (Write 1945 bytes on handle 5)
2018-12-25T11:59:37.654705339Z 66 PC: 13367 | Move file pointer
2018-12-25T11:59:37.656321617Z 64 PC: 13378 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:59:37.659763235Z 62 PC: 13381 | Close file
2018-12-25T11:59:37.667784556Z 79 PC: 1327a | Find next file
2018-12-25T11:59:37.671020019Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.680802184Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.687175563Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.68955882Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.692849327Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.701320728Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.702551837Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.705706166Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.713808939Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.716249317Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.726197855Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.733520571Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.736245592Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.740215344Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.748976664Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.750631441Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.754513471Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.763431913Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.765910525Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.776735975Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.783338682Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.785863906Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.789484285Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.798476887Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.800075393Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.804589132Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.812764907Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.81538752Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.825802629Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.832460486Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.834925872Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.837614365Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.846950779Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.848253224Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.851211495Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.859424975Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.861995486Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.872897907Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.879416034Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.881925991Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.884959585Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.894451383Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.896203781Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.899216978Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.908561982Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.911357087Z 67 PC: 132c5 | Get or set file attributes (See above)
2018-12-25T11:59:37.921608199Z 61 PC: 132cf | Open file (See above)
2018-12-25T11:59:37.929193278Z 63 PC: 132df | Read file or device (See above)
2018-12-25T11:59:37.931734525Z 66 PC: 132fe | Move file pointer (See above)
2018-12-25T11:59:37.935042965Z 64 PC: 13358 | Write file or device (See above)
2018-12-25T11:59:37.944379558Z 66 PC: 13367 | Move file pointer (See above)
2018-12-25T11:59:37.945695239Z 64 PC: 13378 | Write file or device (See above)
2018-12-25T11:59:37.94831689Z 62 PC: 13381 | Close file (See above)
2018-12-25T11:59:37.95706785Z 79 PC: 1327a | Find next file (See above)
2018-12-25T11:59:37.959435097Z 42 PC: 13288 | Get date 0x13288: cmp cx, 0x7cb
0x1328c: jne 0x132a3
0x1328e: cmp dh, 5
0x13291: jne 0x132a3
0x13293: cmp dl, 8
0x13296: jne 0x1329b
0x13298: jmp 0x13384
0x1329b: cmp dl, 9
0x1329e: jne 0x132a3
0x132a0: jmp 0x13384
0x132a3: push cs
0x132a4: pop es
0x132a5: mov ax, 0xb900
0x132a8: mov ds, ax
0x132aa: mov si, 0
0x132ad: xor di, di
0x132af: mov cx, 0x100
0x132b2: rep movsb byte ptr es:[di], byte ptr [si]
0x132b4: pop es
0x132b5: pop ds
2018-12-25T11:59:37.96156568Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:59:37.973414736Z 76 PC: 12b3a | Terminate with return code (Return code = '36')