Sample viewer

vx.netlux.org/Virus.DOS.Wit.503

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:55:59.353404187Z 26 PC: 12a71 | Set disk transfer address
2018-12-17T21:55:59.354643522Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 0
0x12a7f: jne 0x12a94
0x12a81: mov word ptr [0x148], 0
0x12a87: mov cx, 1
0x12a8a: jcxz 0x12a8e
0x12a8c: jmp 0x12a94
0x12a8e: mov dx, 0x2bf
0x12a91: call 0x12abc
0x12a94: cmp dh, 4
0x12a97: jne 0x12aad
0x12a99: cmp dl, 0xf
0x12a9c: jne 0x12aad
0x12a9e: mov ax, 0x1010
0x12aa1: out 0x70, ax
0x12aa3: mov dx, 0x2a1
0x12aa6: call 0x12abc
0x12aa9: mov al, 0xfe
0x12aab: out 0x64, al
0x12aad: mov ah, byte ptr [bp + 5]
0x12ab0: mov cl, 7
2018-12-17T21:55:59.356796109Z 78 PC: 12ab7 | Find first file
2018-12-17T21:55:59.362452493Z 67 PC: 12ad0 | Get or set file attributes
2018-12-17T21:55:59.367982952Z 67 PC: 12ade | Get or set file attributes
2018-12-17T21:55:59.578199261Z 61 PC: 12ae6 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:55:59.584836291Z 87 PC: 12af3 | Get or set file date and time
2018-12-17T21:55:59.58650042Z 63 PC: 12b0d | Read file or device (Read 551 bytes on handle 5)
2018-12-17T21:55:59.593925721Z 66 PC: 12b2a | Move file pointer
2018-12-17T21:55:59.595245684Z 66 PC: 12b46 | Move file pointer
2018-12-17T21:55:59.596505394Z 64 PC: 12b51 | Write file or device (Write 551 bytes on handle 5)
2018-12-17T21:55:59.605679478Z 66 PC: 12b5c | Move file pointer
2018-12-17T21:55:59.607267907Z 64 PC: 12b76 | Write file or device (Write 407 bytes on handle 5)
2018-12-17T21:55:59.609852844Z 87 PC: 12b85 | Get or set file date and time
2018-12-17T21:55:59.612370691Z 62 PC: 12b8a | Close file
2018-12-17T21:55:59.619602405Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T21:55:59.629246105Z 79 PC: 12ab7 | Find next file
2018-12-17T21:55:59.632349165Z 67 PC: 12ad0 | Get or set file attributes
2018-12-17T21:55:59.637766041Z 67 PC: 12ade | Get or set file attributes
2018-12-17T21:55:59.647398086Z 61 PC: 12ae6 | Open file (Filename = 'PRINT.COM')
2018-12-17T21:55:59.659452532Z 87 PC: 12af3 | Get or set file date and time
2018-12-17T21:55:59.660613417Z 63 PC: 12b0d | Read file or device (Read 551 bytes on handle 5)
2018-12-17T21:55:59.667183585Z 66 PC: 12b2a | Move file pointer
2018-12-17T21:55:59.668706028Z 66 PC: 12b46 | Move file pointer
2018-12-17T21:55:59.670310132Z 64 PC: 12b51 | Write file or device (Write 551 bytes on handle 5)
2018-12-17T21:55:59.678274265Z 66 PC: 12b5c | Move file pointer
2018-12-17T21:55:59.679700032Z 64 PC: 12b76 | Write file or device (Write 27 bytes on handle 5)
2018-12-17T21:55:59.682547186Z 87 PC: 12b85 | Get or set file date and time
2018-12-17T21:55:59.683930682Z 62 PC: 12b8a | Close file
2018-12-17T21:55:59.691376562Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T21:55:59.701616082Z 79 PC: 12ab7 | Find next file
2018-12-17T21:55:59.70431892Z 67 PC: 12ad0 | Get or set file attributes
2018-12-17T21:55:59.710366064Z 67 PC: 12ade | Get or set file attributes
2018-12-17T21:55:59.726352843Z 61 PC: 12ae6 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:55:59.738258762Z 87 PC: 12af3 | Get or set file date and time
2018-12-17T21:55:59.739835103Z 63 PC: 12b0d | Read file or device (Read 551 bytes on handle 5)
2018-12-17T21:55:59.746830409Z 66 PC: 12b2a | Move file pointer
2018-12-17T21:55:59.748521593Z 66 PC: 12b46 | Move file pointer
2018-12-17T21:55:59.75022424Z 64 PC: 12b51 | Write file or device (Write 551 bytes on handle 5)
2018-12-17T21:55:59.759497257Z 66 PC: 12b5c | Move file pointer
2018-12-17T21:55:59.761356844Z 64 PC: 12b76 | Write file or device (Write 92 bytes on handle 5)
2018-12-17T21:55:59.764298431Z 87 PC: 12b85 | Get or set file date and time
2018-12-17T21:55:59.769911951Z 62 PC: 12b8a | Close file
2018-12-17T21:55:59.777543043Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T21:55:59.787453199Z 79 PC: 12ab7 | Find next file
2018-12-17T21:55:59.791041693Z 67 PC: 12ad0 | Get or set file attributes
2018-12-17T21:55:59.796624065Z 67 PC: 12ade | Get or set file attributes
2018-12-17T21:55:59.80606522Z 61 PC: 12ae6 | Open file (Filename = 'PHANG.COM')
2018-12-17T21:55:59.813271695Z 87 PC: 12af3 | Get or set file date and time
2018-12-17T21:55:59.814765173Z 63 PC: 12b0d | Read file or device (Read 551 bytes on handle 5)
2018-12-17T21:55:59.82087695Z 66 PC: 12b2a | Move file pointer
2018-12-17T21:55:59.822325023Z 66 PC: 12b46 | Move file pointer
2018-12-17T21:55:59.823777814Z 64 PC: 12b51 | Write file or device (Write 551 bytes on handle 5)
2018-12-17T21:55:59.831397981Z 66 PC: 12b5c | Move file pointer
2018-12-17T21:55:59.832861327Z 64 PC: 12b76 | Write file or device (Write 29 bytes on handle 5)
2018-12-17T21:55:59.835397144Z 87 PC: 12b85 | Get or set file date and time
2018-12-17T21:55:59.836768907Z 62 PC: 12b8a | Close file
2018-12-17T21:55:59.844222259Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T21:55:59.853980126Z 79 PC: 12ab7 | Find next file
2018-12-17T21:55:59.8563823Z 67 PC: 12ad0 | Get or set file attributes
2018-12-17T21:55:59.861759866Z 67 PC: 12ade | Get or set file attributes
2018-12-17T21:55:59.871232293Z 61 PC: 12ae6 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:55:59.878151906Z 87 PC: 12af3 | Get or set file date and time
2018-12-17T21:55:59.879440514Z 63 PC: 12b0d | Read file or device (Read 551 bytes on handle 5)
2018-12-17T21:55:59.886508253Z 66 PC: 12b2a | Move file pointer
2018-12-17T21:55:59.88814534Z 66 PC: 12b46 | Move file pointer
2018-12-17T21:55:59.889579964Z 64 PC: 12b51 | Write file or device (Write 551 bytes on handle 5)
2018-12-17T21:55:59.897992358Z 66 PC: 12b5c | Move file pointer
2018-12-17T21:55:59.899438183Z 64 PC: 12b76 | Write file or device (Write 29 bytes on handle 5)
2018-12-17T21:55:59.90216089Z 87 PC: 12b85 | Get or set file date and time
2018-12-17T21:55:59.904681301Z 62 PC: 12b8a | Close file
2018-12-17T21:55:59.912157841Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T21:55:59.921624797Z 79 PC: 12ab7 | Find next file
2018-12-17T21:55:59.924869587Z 67 PC: 12ad0 | Get or set file attributes
2018-12-17T21:55:59.930158349Z 67 PC: 12ade | Get or set file attributes
2018-12-17T21:55:59.940053937Z 61 PC: 12ae6 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:55:59.947069457Z 87 PC: 12af3 | Get or set file date and time
2018-12-17T21:55:59.948475591Z 63 PC: 12b0d | Read file or device (Read 551 bytes on handle 5)
2018-12-17T21:55:59.9545072Z 66 PC: 12b2a | Move file pointer
2018-12-17T21:55:59.956586955Z 66 PC: 12b46 | Move file pointer
2018-12-17T21:55:59.958558841Z 64 PC: 12b51 | Write file or device (Write 551 bytes on handle 5)
2018-12-17T21:55:59.966763574Z 66 PC: 12b5c | Move file pointer
2018-12-17T21:55:59.969655754Z 64 PC: 12b76 | Write file or device (Write 501 bytes on handle 5)
2018-12-17T21:55:59.977696882Z 87 PC: 12b85 | Get or set file date and time
2018-12-17T21:55:59.979290847Z 62 PC: 12b8a | Close file
2018-12-17T21:55:59.98777729Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T21:55:59.997208955Z 79 PC: 12ab7 | Find next file
2018-12-17T21:55:59.999717139Z 67 PC: 12ad0 | Get or set file attributes
2018-12-17T21:56:00.006801767Z 67 PC: 12ade | Get or set file attributes
2018-12-17T21:56:00.017228588Z 61 PC: 12ae6 | Open file (Filename = 'PAH.COM')
2018-12-17T21:56:00.024127891Z 87 PC: 12af3 | Get or set file date and time
2018-12-17T21:56:00.025997398Z 63 PC: 12b0d | Read file or device (Read 551 bytes on handle 5)
2018-12-17T21:56:00.033480109Z 66 PC: 12b2a | Move file pointer
2018-12-17T21:56:00.034918023Z 66 PC: 12b46 | Move file pointer
2018-12-17T21:56:00.036286474Z 64 PC: 12b51 | Write file or device (Write 551 bytes on handle 5)
2018-12-17T21:56:00.046962489Z 66 PC: 12b5c | Move file pointer
2018-12-17T21:56:00.048629272Z 64 PC: 12b76 | Write file or device (Write 29 bytes on handle 5)
2018-12-17T21:56:00.051801784Z 87 PC: 12b85 | Get or set file date and time
2018-12-17T21:56:00.054228548Z 62 PC: 12b8a | Close file
2018-12-17T21:56:00.061779774Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T21:56:00.071253035Z 79 PC: 12ab7 | Find next file
2018-12-17T21:56:00.074510967Z 67 PC: 12ad0 | Get or set file attributes
2018-12-17T21:56:00.080684439Z 67 PC: 12ade | Get or set file attributes
2018-12-17T21:56:00.090913625Z 61 PC: 12ae6 | Open file (Filename = 'TEST.COM')
2018-12-17T21:56:00.097739083Z 87 PC: 12af3 | Get or set file date and time
2018-12-17T21:56:00.099005567Z 63 PC: 12b0d | Read file or device (Read 551 bytes on handle 5)
2018-12-17T21:56:00.106503788Z 87 PC: 12b85 | Get or set file date and time
2018-12-17T21:56:00.110592074Z 62 PC: 12b8a | Close file
2018-12-17T21:56:00.117926842Z 67 PC: 12b99 | Get or set file attributes
2018-12-17T21:56:00.127566773Z 79 PC: 12ab7 | Find next file
2018-12-17T21:56:00.130572082Z 26 PC: 12bc4 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":654,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:24.58358261Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:41:24.585206982Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 0
0x12a7f: jne 0x12a94
0x12a81: mov word ptr [0x148], 0
0x12a87: mov cx, 1
0x12a8a: jcxz 0x12a8e
0x12a8c: jmp 0x12a94
0x12a8e: mov dx, 0x2bf
0x12a91: call 0x12abc
0x12a94: cmp dh, 4
0x12a97: jne 0x12aad
0x12a99: cmp dl, 0xf
0x12a9c: jne 0x12aad
0x12a9e: mov ax, 0x1010
0x12aa1: out 0x70, ax
0x12aa3: mov dx, 0x2a1
0x12aa6: call 0x12abc
0x12aa9: mov al, 0xfe
0x12aab: out 0x64, al
0x12aad: mov ah, byte ptr [bp + 5]
0x12ab0: mov cl, 7
2018-12-25T11:41:24.588391903Z 78 PC: 12ab7 | Find first file
2018-12-25T11:41:24.595097183Z 67 PC: 12ad0 | Get or set file attributes
2018-12-25T11:41:24.601671971Z 67 PC: 12ade | Get or set file attributes
2018-12-25T11:41:24.624773756Z 61 PC: 12ae6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:24.632829477Z 87 PC: 12af3 | Get or set file date and time
2018-12-25T11:41:24.634936095Z 63 PC: 12b0d | Read file or device (Read 551 bytes on handle 5)
2018-12-25T11:41:24.643505612Z 66 PC: 12b2a | Move file pointer
2018-12-25T11:41:24.645229398Z 66 PC: 12b46 | Move file pointer
2018-12-25T11:41:24.646849408Z 64 PC: 12b51 | Write file or device (Write 551 bytes on handle 5)
2018-12-25T11:41:24.659130527Z 66 PC: 12b5c | Move file pointer
2018-12-25T11:41:24.671652295Z 64 PC: 12b76 | Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:41:24.674547935Z 87 PC: 12b85 | Get or set file date and time
2018-12-25T11:41:24.676285236Z 62 PC: 12b8a | Close file
2018-12-25T11:41:24.684996121Z 67 PC: 12b99 | Get or set file attributes
2018-12-25T11:41:24.696144999Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:24.69931447Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:24.706515036Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:24.718161842Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:24.731327988Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:24.733666115Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:24.741122141Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:24.74255953Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:24.744474531Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:24.754453788Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:24.756612913Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:24.761583347Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:24.763752004Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:24.772998762Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:24.785021095Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:24.788352944Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:24.795493305Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:24.806473859Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:24.814809941Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:24.817040719Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:24.824465827Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:24.82671578Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:24.828320073Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:24.837611035Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:24.843092031Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:24.846236424Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:24.848370801Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:24.858245137Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:24.870553554Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:24.873942158Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:24.880731594Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:24.892504473Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:24.900133842Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:24.902100307Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:24.910511022Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:24.912286331Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:24.913837855Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:24.925382378Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:24.927030425Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:24.929917338Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:24.932236901Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:24.940737907Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:24.956791178Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:24.960588335Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:24.96723418Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:24.978161202Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:24.985705885Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:24.987441369Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:24.994905732Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:24.996506702Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:24.998521647Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:25.007438656Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:25.009725565Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:25.01359659Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:25.015427946Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:25.024270877Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:25.036022657Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:25.039146288Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:25.045489323Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:25.057510122Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:25.065984612Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:25.06793124Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:25.076175468Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:25.078021917Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:25.080034434Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:25.089607451Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:25.092692771Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:25.102104551Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:25.103778611Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:25.113971969Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:25.126157832Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:25.129579674Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:25.137516282Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:25.149910567Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:25.158140436Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:25.161406926Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:25.172193205Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:25.174704078Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:25.177575084Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:25.191238373Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:25.193116505Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:25.197566094Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:25.200365037Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:25.218278817Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:25.22965174Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:25.238415648Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:25.247473037Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:25.25956478Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:25.268695026Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:25.270298527Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:25.283693536Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:25.286364605Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:25.294479028Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:25.305851512Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:25.309720154Z 26 PC: 12bc4 | Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":654,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:24.715168055Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:41:24.71666684Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 0
0x12a7f: jne 0x12a94
0x12a81: mov word ptr [0x148], 0
0x12a87: mov cx, 1
0x12a8a: jcxz 0x12a8e
0x12a8c: jmp 0x12a94
0x12a8e: mov dx, 0x2bf
0x12a91: call 0x12abc
0x12a94: cmp dh, 4
0x12a97: jne 0x12aad
0x12a99: cmp dl, 0xf
0x12a9c: jne 0x12aad
0x12a9e: mov ax, 0x1010
0x12aa1: out 0x70, ax
0x12aa3: mov dx, 0x2a1
0x12aa6: call 0x12abc
0x12aa9: mov al, 0xfe
0x12aab: out 0x64, al
0x12aad: mov ah, byte ptr [bp + 5]
0x12ab0: mov cl, 7
2018-12-25T11:41:24.718804908Z 9 PC: 12ac0 | Display string (String= '����� ��ᥫ��� �� 98% - 㡨��� ���� ������. ')
2018-12-25T11:41:24.723914089Z 8 PC: 12ac4 | Console input without echo

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":654,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:24.817213766Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:41:24.818258077Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 0
0x12a7f: jne 0x12a94
0x12a81: mov word ptr [0x148], 0
0x12a87: mov cx, 1
0x12a8a: jcxz 0x12a8e
0x12a8c: jmp 0x12a94
0x12a8e: mov dx, 0x2bf
0x12a91: call 0x12abc
0x12a94: cmp dh, 4
0x12a97: jne 0x12aad
0x12a99: cmp dl, 0xf
0x12a9c: jne 0x12aad
0x12a9e: mov ax, 0x1010
0x12aa1: out 0x70, ax
0x12aa3: mov dx, 0x2a1
0x12aa6: call 0x12abc
0x12aa9: mov al, 0xfe
0x12aab: out 0x64, al
0x12aad: mov ah, byte ptr [bp + 5]
0x12ab0: mov cl, 7
2018-12-25T11:41:24.821153903Z 78 PC: 12ab7 | Find first file
2018-12-25T11:41:24.827631796Z 67 PC: 12ad0 | Get or set file attributes
2018-12-25T11:41:24.833635683Z 67 PC: 12ade | Get or set file attributes
2018-12-25T11:41:24.854225672Z 61 PC: 12ae6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:24.858938824Z 87 PC: 12af3 | Get or set file date and time
2018-12-25T11:41:24.860178891Z 63 PC: 12b0d | Read file or device (Read 551 bytes on handle 5)
2018-12-25T11:41:24.86507627Z 66 PC: 12b2a | Move file pointer
2018-12-25T11:41:24.866177461Z 66 PC: 12b46 | Move file pointer
2018-12-25T11:41:24.867087647Z 64 PC: 12b51 | Write file or device (Write 551 bytes on handle 5)
2018-12-25T11:41:24.872725279Z 66 PC: 12b5c | Move file pointer
2018-12-25T11:41:24.880823371Z 64 PC: 12b76 | Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:41:24.882745245Z 87 PC: 12b85 | Get or set file date and time
2018-12-25T11:41:24.883780249Z 62 PC: 12b8a | Close file
2018-12-25T11:41:24.890557806Z 67 PC: 12b99 | Get or set file attributes
2018-12-25T11:41:24.901477243Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:24.904982356Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:24.91257119Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:24.926737545Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:24.934167062Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:24.946525732Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:24.953748482Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:24.955615282Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:24.95758128Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:24.968247385Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:24.970082938Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:24.973200213Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:24.975810095Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:24.984258791Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:24.995482485Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:24.999870089Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:25.006100318Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:25.016910113Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:25.025457444Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:25.02722248Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:25.03508995Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:25.038944003Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:25.041062552Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:25.050598773Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:25.053880419Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:25.057330053Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:25.059361295Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:25.068580208Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:25.081238452Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:25.083227287Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:25.087065501Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:25.100647094Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:25.109652083Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:25.111233886Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:25.119191029Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:25.121811189Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:25.123808436Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:25.13515372Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:25.138078838Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:25.141578886Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:25.144442444Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:25.154402128Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:25.165734716Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:25.169337278Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:25.176466663Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:25.187785909Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:25.196099437Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:25.199644078Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:25.207676039Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:25.20941943Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:25.212854734Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:25.230003983Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:25.231763814Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:25.235808807Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:25.238256921Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:25.246901798Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:25.258431744Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:25.262012765Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:25.269231441Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:25.279962639Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:25.288499513Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:25.290391359Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:25.297778937Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:25.300581547Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:25.302152036Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:25.311880341Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:25.314600307Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:25.325166947Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:25.328072029Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:25.338294987Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:25.349824666Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:25.353143169Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:25.360407254Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:25.37603572Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:25.392569017Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:25.394434383Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:25.40244611Z 66 PC: 12b2a | Move file pointer (See above)
2018-12-25T11:41:25.404424543Z 66 PC: 12b46 | Move file pointer (See above)
2018-12-25T11:41:25.406344935Z 64 PC: 12b51 | Write file or device (See above)
2018-12-25T11:41:25.41628685Z 66 PC: 12b5c | Move file pointer (See above)
2018-12-25T11:41:25.417912921Z 64 PC: 12b76 | Write file or device (See above)
2018-12-25T11:41:25.421234243Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:25.424228574Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:25.437242665Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:25.444555396Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:25.447306993Z 67 PC: 12ad0 | Get or set file attributes (See above)
2018-12-25T11:41:25.453655077Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T11:41:25.473530496Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T11:41:25.48207928Z 87 PC: 12af3 | Get or set file date and time (See above)
2018-12-25T11:41:25.484427547Z 63 PC: 12b0d | Read file or device (See above)
2018-12-25T11:41:25.492845506Z 87 PC: 12b85 | Get or set file date and time (See above)
2018-12-25T11:41:25.495097695Z 62 PC: 12b8a | Close file (See above)
2018-12-25T11:41:25.508752659Z 67 PC: 12b99 | Get or set file attributes (See above)
2018-12-25T11:41:25.519817811Z 79 PC: 12ab7 | Find next file (See above)
2018-12-25T11:41:25.522823276Z 26 PC: 12bc4 | Set disk transfer address

{"DateBased":true,"Day":15,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":654,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:25.013565525Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T11:41:25.015141501Z 42 PC: 12a7d | Get date 0x12a7d: cmp al, 0
0x12a7f: jne 0x12a94
0x12a81: mov word ptr [0x148], 0
0x12a87: mov cx, 1
0x12a8a: jcxz 0x12a8e
0x12a8c: jmp 0x12a94
0x12a8e: mov dx, 0x2bf
0x12a91: call 0x12abc
0x12a94: cmp dh, 4
0x12a97: jne 0x12aad
0x12a99: cmp dl, 0xf
0x12a9c: jne 0x12aad
0x12a9e: mov ax, 0x1010
0x12aa1: out 0x70, ax
0x12aa3: mov dx, 0x2a1
0x12aa6: call 0x12abc
0x12aa9: mov al, 0xfe
0x12aab: out 0x64, al
0x12aad: mov ah, byte ptr [bp + 5]
0x12ab0: mov cl, 7
2018-12-25T11:41:25.017158859Z 9 PC: 12ac0 | Display string (String= '��ࠡ���� - rulez forever ! ')
2018-12-25T11:41:25.020894484Z 8 PC: 12ac4 | Console input without echo