Sample viewer

vx.netlux.org/Virus.DOS.Byworm.1600

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:57.519210248Z 53 PC: 1731f | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:35:57.520813548Z 53 PC: 1732b | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:35:57.521920861Z 37 PC: 17334 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:35:57.522963921Z 26 PC: 17379 | Set disk transfer address
2018-12-17T22:35:57.52468774Z 71 PC: 17383 | Get current directory
2018-12-17T22:35:57.527619013Z 53 PC: 17389 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:57.528848501Z 37 PC: 1739a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:57.530605666Z 78 PC: 17547 | Find first file
2018-12-17T22:35:57.536571401Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:57.551735949Z 61 PC: 17581 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:57.559219147Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:57.566131795Z 44 PC: 176b7 | Get time 0x176b7: mov word ptr [bp + 0x73c], dx
0x176bb: mov si, dx
0x176bd: mov ax, word ptr [si]
0x176bf: mov word ptr [bp + 0x73e], ax
0x176c3: ret
0x176c4: xor cx, cx
0x176c6: cdq
0x176c7: int 0x21
0x176c9: ret
0x176ca: mov word ptr [bp + 0x742], 0
0x176d0: call 0x177ab
0x176d3: mov ax, word ptr [bp + 0x73e]
0x176d7: mov cx, 1
0x176da: mov si, 0x742
0x176dd: call 0x17776
0x176e0: cmp word ptr [bp + 0x742], 0
0x176e5: je 0x176d0
0x176e7: mov cx, 0x640
0x176ea: lea si, word ptr [bp + 0x100]
0x176ee: lea di, word ptr [bp + 0x7d5]
2018-12-17T22:35:57.568511881Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.570360442Z 44 PC: 177d6 | Get time 0x177d6: push bx
0x177d7: xchg dx, bx
0x177d9: xor ah, ah
0x177db: mov cx, 5
0x177de: call 0x17859
0x177e1: mov dl, 0x20
0x177e3: div dl
0x177e5: mov dl, 3
0x177e7: mul dl
0x177e9: push ax
0x177ea: lea si, word ptr [bp + 0x71e]
0x177ee: add si, ax
0x177f0: call 0x17859
0x177f3: mov dl, 0x10
0x177f5: div dl
0x177f7: mov dl, 3
0x177f9: mul dl
0x177fb: push ax
0x177fc: lea di, word ptr [bp + 0x5f2]
0x17800: add di, ax
2018-12-17T22:35:57.583768208Z 64 PC: 1775a | Write file or device (Write 1600 bytes on handle 5)
2018-12-17T22:35:57.592471378Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.593946143Z 64 PC: 1762a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.605820914Z 87 PC: 17775 | Get or set file date and time
2018-12-17T22:35:57.607533152Z 62 PC: 175ea | Close file
2018-12-17T22:35:57.615667585Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:57.621548715Z 79 PC: 17550 | Find next file
2018-12-17T22:35:57.624182134Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:57.634140992Z 61 PC: 17581 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:35:57.641039329Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:57.645703889Z 62 PC: 175ea | Close file
2018-12-17T22:35:57.647087078Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:57.65110774Z 79 PC: 17550 | Find next file
2018-12-17T22:35:57.653091818Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:57.660843668Z 61 PC: 17581 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:35:57.666558527Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:57.671231468Z 44 PC: 176b7 | Get time 0x176b7: mov word ptr [bp + 0x73c], dx
0x176bb: mov si, dx
0x176bd: mov ax, word ptr [si]
0x176bf: mov word ptr [bp + 0x73e], ax
0x176c3: ret
0x176c4: xor cx, cx
0x176c6: cdq
0x176c7: int 0x21
0x176c9: ret
0x176ca: mov word ptr [bp + 0x742], 0
0x176d0: call 0x177ab
0x176d3: mov ax, word ptr [bp + 0x73e]
0x176d7: mov cx, 1
0x176da: mov si, 0x742
0x176dd: call 0x17776
0x176e0: cmp word ptr [bp + 0x742], 0
0x176e5: je 0x176d0
0x176e7: mov cx, 0x640
0x176ea: lea si, word ptr [bp + 0x100]
0x176ee: lea di, word ptr [bp + 0x7d5]
2018-12-17T22:35:57.673065934Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.6757679Z 44 PC: 177d6 | Get time 0x177d6: push bx
0x177d7: xchg dx, bx
0x177d9: xor ah, ah
0x177db: mov cx, 5
0x177de: call 0x17859
0x177e1: mov dl, 0x20
0x177e3: div dl
0x177e5: mov dl, 3
0x177e7: mul dl
0x177e9: push ax
0x177ea: lea si, word ptr [bp + 0x71e]
0x177ee: add si, ax
0x177f0: call 0x17859
0x177f3: mov dl, 0x10
0x177f5: div dl
0x177f7: mov dl, 3
0x177f9: mul dl
0x177fb: push ax
0x177fc: lea di, word ptr [bp + 0x5f2]
0x17800: add di, ax
2018-12-17T22:35:57.682251533Z 64 PC: 1775a | Write file or device (Write 1600 bytes on handle 5)
2018-12-17T22:35:57.68848327Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.690253068Z 64 PC: 1762a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.695068596Z 87 PC: 17775 | Get or set file date and time
2018-12-17T22:35:57.696336181Z 62 PC: 175ea | Close file
2018-12-17T22:35:57.70436742Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:57.70932293Z 79 PC: 17550 | Find next file
2018-12-17T22:35:57.711914181Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:57.721970995Z 61 PC: 17581 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:35:57.728374639Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:57.734702288Z 44 PC: 176b7 | Get time 0x176b7: mov word ptr [bp + 0x73c], dx
0x176bb: mov si, dx
0x176bd: mov ax, word ptr [si]
0x176bf: mov word ptr [bp + 0x73e], ax
0x176c3: ret
0x176c4: xor cx, cx
0x176c6: cdq
0x176c7: int 0x21
0x176c9: ret
0x176ca: mov word ptr [bp + 0x742], 0
0x176d0: call 0x177ab
0x176d3: mov ax, word ptr [bp + 0x73e]
0x176d7: mov cx, 1
0x176da: mov si, 0x742
0x176dd: call 0x17776
0x176e0: cmp word ptr [bp + 0x742], 0
0x176e5: je 0x176d0
0x176e7: mov cx, 0x640
0x176ea: lea si, word ptr [bp + 0x100]
0x176ee: lea di, word ptr [bp + 0x7d5]
2018-12-17T22:35:57.740902509Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.742453909Z 44 PC: 177d6 | Get time 0x177d6: push bx
0x177d7: xchg dx, bx
0x177d9: xor ah, ah
0x177db: mov cx, 5
0x177de: call 0x17859
0x177e1: mov dl, 0x20
0x177e3: div dl
0x177e5: mov dl, 3
0x177e7: mul dl
0x177e9: push ax
0x177ea: lea si, word ptr [bp + 0x71e]
0x177ee: add si, ax
0x177f0: call 0x17859
0x177f3: mov dl, 0x10
0x177f5: div dl
0x177f7: mov dl, 3
0x177f9: mul dl
0x177fb: push ax
0x177fc: lea di, word ptr [bp + 0x5f2]
0x17800: add di, ax
2018-12-17T22:35:57.754424214Z 64 PC: 1775a | Write file or device (Write 1600 bytes on handle 5)
2018-12-17T22:35:57.764291734Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.766274523Z 64 PC: 1762a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.772983683Z 87 PC: 17775 | Get or set file date and time
2018-12-17T22:35:57.77485138Z 62 PC: 175ea | Close file
2018-12-17T22:35:57.78261255Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:57.787540998Z 79 PC: 17550 | Find next file
2018-12-17T22:35:57.79057782Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:57.806157032Z 61 PC: 17581 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:35:57.813349539Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:57.820335168Z 44 PC: 176b7 | Get time 0x176b7: mov word ptr [bp + 0x73c], dx
0x176bb: mov si, dx
0x176bd: mov ax, word ptr [si]
0x176bf: mov word ptr [bp + 0x73e], ax
0x176c3: ret
0x176c4: xor cx, cx
0x176c6: cdq
0x176c7: int 0x21
0x176c9: ret
0x176ca: mov word ptr [bp + 0x742], 0
0x176d0: call 0x177ab
0x176d3: mov ax, word ptr [bp + 0x73e]
0x176d7: mov cx, 1
0x176da: mov si, 0x742
0x176dd: call 0x17776
0x176e0: cmp word ptr [bp + 0x742], 0
0x176e5: je 0x176d0
0x176e7: mov cx, 0x640
0x176ea: lea si, word ptr [bp + 0x100]
0x176ee: lea di, word ptr [bp + 0x7d5]
2018-12-17T22:35:57.822386191Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.823721662Z 44 PC: 177d6 | Get time 0x177d6: push bx
0x177d7: xchg dx, bx
0x177d9: xor ah, ah
0x177db: mov cx, 5
0x177de: call 0x17859
0x177e1: mov dl, 0x20
0x177e3: div dl
0x177e5: mov dl, 3
0x177e7: mul dl
0x177e9: push ax
0x177ea: lea si, word ptr [bp + 0x71e]
0x177ee: add si, ax
0x177f0: call 0x17859
0x177f3: mov dl, 0x10
0x177f5: div dl
0x177f7: mov dl, 3
0x177f9: mul dl
0x177fb: push ax
0x177fc: lea di, word ptr [bp + 0x5f2]
0x17800: add di, ax
2018-12-17T22:35:57.836980447Z 64 PC: 1775a | Write file or device (Write 1600 bytes on handle 5)
2018-12-17T22:35:57.842837185Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.843805272Z 64 PC: 1762a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.849136558Z 87 PC: 17775 | Get or set file date and time
2018-12-17T22:35:57.850626532Z 62 PC: 175ea | Close file
2018-12-17T22:35:57.858302053Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:57.871259775Z 79 PC: 17550 | Find next file
2018-12-17T22:35:57.873727358Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:57.882898697Z 61 PC: 17581 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:35:57.890017464Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:57.896021914Z 44 PC: 176b7 | Get time 0x176b7: mov word ptr [bp + 0x73c], dx
0x176bb: mov si, dx
0x176bd: mov ax, word ptr [si]
0x176bf: mov word ptr [bp + 0x73e], ax
0x176c3: ret
0x176c4: xor cx, cx
0x176c6: cdq
0x176c7: int 0x21
0x176c9: ret
0x176ca: mov word ptr [bp + 0x742], 0
0x176d0: call 0x177ab
0x176d3: mov ax, word ptr [bp + 0x73e]
0x176d7: mov cx, 1
0x176da: mov si, 0x742
0x176dd: call 0x17776
0x176e0: cmp word ptr [bp + 0x742], 0
0x176e5: je 0x176d0
0x176e7: mov cx, 0x640
0x176ea: lea si, word ptr [bp + 0x100]
0x176ee: lea di, word ptr [bp + 0x7d5]
2018-12-17T22:35:57.898001149Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.900308782Z 44 PC: 177d6 | Get time 0x177d6: push bx
0x177d7: xchg dx, bx
0x177d9: xor ah, ah
0x177db: mov cx, 5
0x177de: call 0x17859
0x177e1: mov dl, 0x20
0x177e3: div dl
0x177e5: mov dl, 3
0x177e7: mul dl
0x177e9: push ax
0x177ea: lea si, word ptr [bp + 0x71e]
0x177ee: add si, ax
0x177f0: call 0x17859
0x177f3: mov dl, 0x10
0x177f5: div dl
0x177f7: mov dl, 3
0x177f9: mul dl
0x177fb: push ax
0x177fc: lea di, word ptr [bp + 0x5f2]
0x17800: add di, ax
2018-12-17T22:35:57.912981855Z 64 PC: 1775a | Write file or device (Write 1600 bytes on handle 5)
2018-12-17T22:35:57.921096748Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.922836009Z 64 PC: 1762a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.929216607Z 87 PC: 17775 | Get or set file date and time
2018-12-17T22:35:57.930573058Z 62 PC: 175ea | Close file
2018-12-17T22:35:57.938281097Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:57.942854489Z 79 PC: 17550 | Find next file
2018-12-17T22:35:57.945358089Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:57.955191443Z 61 PC: 17581 | Open file (Filename = 'PAH.COM')
2018-12-17T22:35:57.961436044Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:57.967519714Z 44 PC: 176b7 | Get time 0x176b7: mov word ptr [bp + 0x73c], dx
0x176bb: mov si, dx
0x176bd: mov ax, word ptr [si]
0x176bf: mov word ptr [bp + 0x73e], ax
0x176c3: ret
0x176c4: xor cx, cx
0x176c6: cdq
0x176c7: int 0x21
0x176c9: ret
0x176ca: mov word ptr [bp + 0x742], 0
0x176d0: call 0x177ab
0x176d3: mov ax, word ptr [bp + 0x73e]
0x176d7: mov cx, 1
0x176da: mov si, 0x742
0x176dd: call 0x17776
0x176e0: cmp word ptr [bp + 0x742], 0
0x176e5: je 0x176d0
0x176e7: mov cx, 0x640
0x176ea: lea si, word ptr [bp + 0x100]
0x176ee: lea di, word ptr [bp + 0x7d5]
2018-12-17T22:35:57.970326919Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.971622083Z 44 PC: 177d6 | Get time 0x177d6: push bx
0x177d7: xchg dx, bx
0x177d9: xor ah, ah
0x177db: mov cx, 5
0x177de: call 0x17859
0x177e1: mov dl, 0x20
0x177e3: div dl
0x177e5: mov dl, 3
0x177e7: mul dl
0x177e9: push ax
0x177ea: lea si, word ptr [bp + 0x71e]
0x177ee: add si, ax
0x177f0: call 0x17859
0x177f3: mov dl, 0x10
0x177f5: div dl
0x177f7: mov dl, 3
0x177f9: mul dl
0x177fb: push ax
0x177fc: lea di, word ptr [bp + 0x5f2]
0x17800: add di, ax
2018-12-17T22:35:57.984140384Z 64 PC: 1775a | Write file or device (Write 1600 bytes on handle 5)
2018-12-17T22:35:57.989930948Z 66 PC: 176c9 | Move file pointer
2018-12-17T22:35:57.991820071Z 64 PC: 1762a | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:35:57.998273796Z 87 PC: 17775 | Get or set file date and time
2018-12-17T22:35:57.999975132Z 62 PC: 175ea | Close file
2018-12-17T22:35:58.00791341Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:58.012505474Z 79 PC: 17550 | Find next file
2018-12-17T22:35:58.015225263Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:58.021894498Z 61 PC: 17581 | Open file (Filename = 'TEST.COM')
2018-12-17T22:35:58.025885229Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:58.028778062Z 62 PC: 175ea | Close file
2018-12-17T22:35:58.030123751Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:58.036231791Z 79 PC: 17550 | Find next file
2018-12-17T22:35:58.042716661Z 78 PC: 17547 | Find first file
2018-12-17T22:35:58.048483208Z 59 PC: 1753f | Change current directory
2018-12-17T22:35:58.052403811Z 78 PC: 17547 | Find first file
2018-12-17T22:35:58.05691748Z 44 PC: 173a2 | Get time 0x173a2: push dx
0x173a3: xchg dl, al
0x173a5: add si, ax
0x173a7: mov al, byte ptr [si]
0x173a9: cmp al, 0x5a
0x173ab: jbe 0x173b1
0x173ad: sub al, 0x20
0x173af: jmp 0x173a9
0x173b1: cmp al, 0x40
0x173b3: jg 0x173bb
0x173b5: pop dx
0x173b6: push dx
0x173b7: add al, dh
0x173b9: jmp 0x173b1
0x173bb: mov byte ptr [bp + 0x6ec], al
0x173bf: cmp byte ptr [bp + 0x6ec], 0x5a
0x173c4: jg 0x17403
0x173c6: mov ah, 0x4e
0x173c8: mov cx, 0x10
0x173cb: lea dx, word ptr [bp + 0x6ec]
2018-12-17T22:35:58.059332975Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.065324431Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.076754692Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.087297826Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.098136928Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.10569166Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.112459495Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.118466448Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.125730525Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.136992836Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.147386069Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.159447577Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.171495078Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.177047293Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.18270186Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.188357059Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.193991045Z 78 PC: 173d1 | Find first file
2018-12-17T22:35:58.2048788Z 59 PC: 17461 | Change current directory
2018-12-17T22:35:58.211712483Z 78 PC: 17547 | Find first file
2018-12-17T22:35:58.222753308Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:58.232208873Z 61 PC: 17581 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:58.239496774Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:58.245932025Z 62 PC: 175ea | Close file
2018-12-17T22:35:58.247573682Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:58.252999513Z 79 PC: 17550 | Find next file
2018-12-17T22:35:58.256037767Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:58.266127239Z 61 PC: 17581 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:35:58.272919379Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:58.279935483Z 62 PC: 175ea | Close file
2018-12-17T22:35:58.282571417Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:58.288133191Z 79 PC: 17550 | Find next file
2018-12-17T22:35:58.290805467Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:58.303386654Z 61 PC: 17581 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:35:58.311440588Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:58.318064279Z 62 PC: 175ea | Close file
2018-12-17T22:35:58.320184507Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:58.325241843Z 79 PC: 17550 | Find next file
2018-12-17T22:35:58.328131486Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:58.338912443Z 61 PC: 17581 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:35:58.346165732Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:58.353264494Z 62 PC: 175ea | Close file
2018-12-17T22:35:58.355937337Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:58.361817579Z 79 PC: 17550 | Find next file
2018-12-17T22:35:58.364747354Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:58.374941715Z 61 PC: 17581 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:35:58.382641976Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:58.389285741Z 62 PC: 175ea | Close file
2018-12-17T22:35:58.390990719Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:58.395960667Z 79 PC: 17550 | Find next file
2018-12-17T22:35:58.398602548Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:58.412354748Z 61 PC: 17581 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:35:58.419680029Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:58.426034475Z 62 PC: 175ea | Close file
2018-12-17T22:35:58.428388107Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:58.433189923Z 79 PC: 17550 | Find next file
2018-12-17T22:35:58.436105239Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:58.446425764Z 61 PC: 17581 | Open file (Filename = 'PAH.COM')
2018-12-17T22:35:58.453067828Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:58.459437971Z 62 PC: 175ea | Close file
2018-12-17T22:35:58.461864133Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:58.467118127Z 79 PC: 17550 | Find next file
2018-12-17T22:35:58.470025964Z 67 PC: 17578 | Get or set file attributes
2018-12-17T22:35:58.483406817Z 61 PC: 17581 | Open file (Filename = 'TEST.COM')
2018-12-17T22:35:58.490276356Z 63 PC: 1758f | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:35:58.496553409Z 62 PC: 175ea | Close file
2018-12-17T22:35:58.498874872Z 67 PC: 175f7 | Get or set file attributes
2018-12-17T22:35:58.503437012Z 79 PC: 17550 | Find next file
2018-12-17T22:35:58.505757903Z 78 PC: 17547 | Find first file
2018-12-17T22:35:58.511786458Z 59 PC: 1753f | Change current directory
2018-12-17T22:35:58.514472651Z 78 PC: 17547 | Find first file
2018-12-17T22:35:58.520813581Z 59 PC: 17480 | Change current directory
2018-12-17T22:35:58.529735215Z 26 PC: 17487 | Set disk transfer address
2018-12-17T22:35:58.530893379Z 44 PC: 1748b | Get time 0x1748b: cmp dl, 5
0x1748e: jae 0x17498
0x17490: mov ah, 9
0x17492: lea dx, word ptr [bp + 0x388]
0x17496: int 0x21
0x17498: push ds
0x17499: mov ax, 0x2524
0x1749c: mov dx, word ptr [bp + 0x74a]
0x174a0: mov ds, word ptr [bp + 0x748]
0x174a4: int 0x21
0x174a6: pop ds
0x174a7: push ds
0x174a8: mov ax, 0x2503
0x174ab: mov dx, word ptr [bp + 0x746]
0x174af: mov ds, word ptr [bp + 0x744]
0x174b3: int 0x21
0x174b5: pop ds
0x174b6: in al, 0x21
0x174b8: and al, 0xfd
0x174ba: out 0x21, al
2018-12-17T22:35:58.532863563Z 37 PC: 174a6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:58.534458062Z 37 PC: 174b5 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:35:58.535459814Z 9 PC: 12a4a | Display string (String= 'this is a generated bait**WARNING**INFECTED**made on (12.12.2001) File: PKVX003.COM - 18.500 (4844h) bytes long... WARNING - WARNING - WARNING This is an infected sample sacrifical goat by pkvx ')