Sample viewer

vx.netlux.org/Virus.DOS.Gever.3500

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:43:23.067978125Z 48 PC: 12b57 | Get DOS version
2018-12-17T22:43:23.069659754Z 75 PC: 12c2e | Execute program
2018-12-17T22:43:23.072691267Z 82 PC: 12c39 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:43:23.074588881Z 74 PC: 12cd5 | Reallocate memory
2018-12-17T22:43:23.076248979Z 72 PC: 12cdb | Allocate memory
2018-12-17T22:43:23.079275023Z 98 PC: 12d15 | Get current PSP
2018-12-17T22:43:23.081378303Z 42 PC: 9d625 | Get date 0x9d625: mov word ptr cs:[0xe01], dx
0x9d62a: mov word ptr cs:[0xe03], cx
0x9d62f: pop ds
0x9d630: pop dx
0x9d631: mov ax, 0x3d00
0x9d634: call 0x9de32
0x9d637: jb 0x9d684
0x9d639: push cs
0x9d63a: pop ds
0x9d63b: xchg ax, bx
0x9d63c: call 0x9d858
0x9d63f: jb 0x9d681
0x9d641: mov dx, 0xddf
0x9d644: mov si, dx
0x9d646: mov ah, 0x3f
0x9d648: mov cx, 0x20
0x9d64b: int 0
0x9d64d: cmp word ptr [si], 0x5a4d
0x9d651: je 0x9d687
0x9d653: push cs
2018-12-17T22:43:23.086992878Z 61 PC: 9de38 | Open file (Filename = '')
2018-12-17T22:43:23.095000879Z 63 PC: 9d64d | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:43:23.098781579Z 66 PC: 9d857 | Move file pointer
2018-12-17T22:43:23.11481862Z 44 PC: 9d7d7 | Get time 0x9d7d7: mov bx, dx
0x9d7d9: xor ah, dl
0x9d7db: int3
0x9d7dc: mov byte ptr cs:[0x15e], ah
0x9d7e1: mov byte ptr cs:[0x160], al
0x9d7e5: mov word ptr cs:[0x162], bx
0x9d7ea: mov byte ptr cs:[0x114], 0x4c
0x9d7f0: push cs
0x9d7f1: push cs
0x9d7f2: pop ds
0x9d7f3: pop es
0x9d7f4: mov cx, word ptr cs:[0x102]
0x9d7f9: add cx, bp
0x9d7fb: mov word ptr cs:[0x102], cx
0x9d800: mov si, 0x100
0x9d803: lea di, word ptr [bp + 0xe1f]
0x9d807: mov cx, 0xd01
0x9d80a: rep movsb byte ptr es:[di], byte ptr [si]
0x9d80c: mov cx, 0xc24
0x9d80f: lea di, word ptr [bp + 0x1b20]
2018-12-17T22:43:23.122968837Z 66 PC: 9d857 | Move file pointer
2018-12-17T22:43:23.125213924Z 64 PC: 9d703 | Write file or device (Write 3500 bytes on handle 5)
2018-12-17T22:43:23.466653174Z 66 PC: 9d857 | Move file pointer
2018-12-17T22:43:23.468713304Z 64 PC: 9d737 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:23.472972423Z 62 PC: 9d75d | Close file
2018-12-17T22:43:23.480526431Z 65 PC: 9d76f | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-17T22:43:23.486296057Z 65 PC: 9d76f | Delete file (Filename = 'CHKLIST.MS')
2018-12-17T22:43:23.492989148Z 65 PC: 9d76f | Delete file (Filename = 'CHKLIST.CPS')
2018-12-17T22:43:23.498606709Z 65 PC: 9d76f | Delete file (Filename = 'ZZ##.IM')
2018-12-17T22:43:23.504209241Z 65 PC: 9d76f | Delete file (Filename = '�COMSPEC=19963�3۾��J�.�')
2018-12-17T22:43:23.509670107Z 42 PC: 12d4d | Get date 0x12d4d: cmp dh, 0xc
0x12d50: jne 0x12dc9
0x12d52: push cs
0x12d53: pop ds
0x12d54: in al, 0x21
0x12d56: or al, 2
0x12d58: out 0x21, al
0x12d5a: mov ax, 0xa000
0x12d5d: mov es, ax
0x12d5f: mov ax, 0x13
0x12d62: int 0x10
0x12d64: call 0x12e11
0x12d67: mov di, 0x58c
0x12d6a: mov al, 6
0x12d6c: mov cx, 0xc4
0x12d6f: push cx
0x12d70: mov cl, 0x14
0x12d72: rep stosb byte ptr es:[di], al
0x12d74: add di, 0x12c
0x12d78: pop cx
2018-12-17T22:43:23.518154823Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.530657836Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.544157471Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.555409293Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.567630507Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.580127358Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.593324645Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.607827855Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.619383858Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.633028977Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.646347511Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.657939673Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.671884814Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.694176832Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.716696608Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.734505347Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.746552743Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.759438766Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.770751092Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.78107399Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.797743829Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.813214405Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.825012124Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.836084379Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.846940388Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.858929296Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.868858123Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.880817345Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.894207764Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.904628787Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.917529196Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.930796644Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.944026983Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.956334649Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.968010508Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.981540911Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:23.994436441Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.006381385Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.016453864Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.030696023Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.046516156Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.070420933Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.085505564Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.108784226Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.132536636Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.149365815Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.164294393Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.178488361Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.194431706Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.208534112Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.223490734Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.239971177Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.254057333Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.269241872Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.284398399Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.297969818Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.310062319Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.323445736Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.338844507Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.35329603Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.377717478Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.395771636Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.410483648Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.428493152Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.444031406Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.457208986Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.471636062Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.487093244Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.501765691Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.517734253Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.531892955Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.548403605Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.561524178Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.577839711Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.592824805Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.607348734Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.622095831Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.638289205Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.651976011Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.668235309Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.682718892Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.698596823Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.715274787Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.730121913Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.742541579Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.75609821Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.771779453Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.787887536Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.801410194Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.817607466Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.830778002Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.846791037Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.861962893Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.876252921Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.891800062Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.906555054Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.920227243Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.935372869Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.949257657Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.965614017Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.980061973Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:24.993780969Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.009790348Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.023644007Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.038057408Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.053991264Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.071027571Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.086506022Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.100669504Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.116377375Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.131498676Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.146013657Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.161394596Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.175583074Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.190562929Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.205983591Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.219019144Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.238114929Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.253446164Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.267329028Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.282400425Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.297200592Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.312439764Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.327563278Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.341357947Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.370775278Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.387453292Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.402965857Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.418862534Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.432033772Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.449196967Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.462578771Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.478632943Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.494330495Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.508120896Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.523104869Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.538809765Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.553851827Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.569172652Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.583651305Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.602794639Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.618170158Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.63474607Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.650801555Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.665235865Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.682082095Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.696887842Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.711812574Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.727455474Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.74224486Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.757027004Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.773340634Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.787150771Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.802716817Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.816475418Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.833606713Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.848397563Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.86247351Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.877597005Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.893773307Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.903915906Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.91490227Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.924985779Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.935502672Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.95165619Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.965405534Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.981132251Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:25.995793237Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.012142865Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.026915711Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.041123766Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.056230339Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.071599564Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.088003714Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.104031647Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.117938296Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.136003927Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.149803355Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.165618788Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.182083141Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.19714504Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.212221436Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.228980141Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.24391384Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.259972701Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.274491439Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.290968757Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.306864181Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.329737551Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.37327423Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.387393178Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.409954232Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.441948161Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.456641769Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.481222045Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.521301891Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:26.5760462Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-17T22:43:27.106510301Z 9 PC: 12e21 | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7855,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:51.559489467Z 48 PC: 12b57 | Get DOS version
2018-12-25T12:02:51.561091402Z 75 PC: 12c2e | Execute program
2018-12-25T12:02:51.562563915Z 82 PC: 12c39 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:02:51.563869584Z 74 PC: 12cd5 | Reallocate memory
2018-12-25T12:02:51.565839163Z 72 PC: 12cdb | Allocate memory
2018-12-25T12:02:51.567405391Z 98 PC: 12d15 | Get current PSP
2018-12-25T12:02:51.568872783Z 42 PC: 9d625 | Get date 0x9d625: mov word ptr cs:[0xe01], dx
0x9d62a: mov word ptr cs:[0xe03], cx
0x9d62f: pop ds
0x9d630: pop dx
0x9d631: mov ax, 0x3d00
0x9d634: call 0x9de32
0x9d637: jb 0x9d684
0x9d639: push cs
0x9d63a: pop ds
0x9d63b: xchg ax, bx
0x9d63c: call 0x9d858
0x9d63f: jb 0x9d681
0x9d641: mov dx, 0xddf
0x9d644: mov si, dx
0x9d646: mov ah, 0x3f
0x9d648: mov cx, 0x20
0x9d64b: int 0
0x9d64d: cmp word ptr [si], 0x5a4d
0x9d651: je 0x9d687
0x9d653: push cs
2018-12-25T12:02:51.57133193Z 61 PC: 9de38 | Open file (Filename = '')
2018-12-25T12:02:51.577539768Z 63 PC: 9d64d | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:02:51.579918647Z 66 PC: 9d857 | Move file pointer
2018-12-25T12:02:51.596675207Z 44 PC: 9d7d7 | Get time 0x9d7d7: mov bx, dx
0x9d7d9: xor ah, dl
0x9d7db: int3
0x9d7dc: mov byte ptr cs:[0x15e], ah
0x9d7e1: mov byte ptr cs:[0x160], al
0x9d7e5: mov word ptr cs:[0x162], bx
0x9d7ea: mov byte ptr cs:[0x114], 0x4c
0x9d7f0: push cs
0x9d7f1: push cs
0x9d7f2: pop ds
0x9d7f3: pop es
0x9d7f4: mov cx, word ptr cs:[0x102]
0x9d7f9: add cx, bp
0x9d7fb: mov word ptr cs:[0x102], cx
0x9d800: mov si, 0x100
0x9d803: lea di, word ptr [bp + 0xe1f]
0x9d807: mov cx, 0xd01
0x9d80a: rep movsb byte ptr es:[di], byte ptr [si]
0x9d80c: mov cx, 0xc24
0x9d80f: lea di, word ptr [bp + 0x1b20]
2018-12-25T12:02:51.604146117Z 66 PC: 9d857 | Move file pointer (See above)
2018-12-25T12:02:51.605261381Z 64 PC: 9d703 | Write file or device (Write 3500 bytes on handle 5)
2018-12-25T12:02:52.271032563Z 66 PC: 9d857 | Move file pointer (See above)
2018-12-25T12:02:52.273600755Z 64 PC: 9d737 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:52.276299942Z 62 PC: 9d75d | Close file
2018-12-25T12:02:52.283994945Z 65 PC: 9d76f | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T12:02:52.290969046Z 65 PC: 9d76f | Delete file (See above)
2018-12-25T12:02:52.302255011Z 65 PC: 9d76f | Delete file (See above)
2018-12-25T12:02:52.30922827Z 65 PC: 9d76f | Delete file (See above)
2018-12-25T12:02:52.315666438Z 65 PC: 9d76f | Delete file (See above)
2018-12-25T12:02:52.320354637Z 42 PC: 12d4d | Get date 0x12d4d: cmp dh, 0xc
0x12d50: jne 0x12dc9
0x12d52: push cs
0x12d53: pop ds
0x12d54: in al, 0x21
0x12d56: or al, 2
0x12d58: out 0x21, al
0x12d5a: mov ax, 0xa000
0x12d5d: mov es, ax
0x12d5f: mov ax, 0x13
0x12d62: int 0x10
0x12d64: call 0x12e11
0x12d67: mov di, 0x58c
0x12d6a: mov al, 6
0x12d6c: mov cx, 0xc4
0x12d6f: push cx
0x12d70: mov cl, 0x14
0x12d72: rep stosb byte ptr es:[di], al
0x12d74: add di, 0x12c
0x12d78: pop cx
2018-12-25T12:02:52.323378778Z 48 PC: 12b57 | Get DOS version (See above)
2018-12-25T12:02:52.324712577Z 42 PC: 12d4d | Get date (See above)

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7855,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:51.7843336Z 48 PC: 12b57 | Get DOS version
2018-12-25T12:02:51.785799533Z 75 PC: 12c2e | Execute program
2018-12-25T12:02:51.787147714Z 82 PC: 12c39 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:02:51.788674989Z 74 PC: 12cd5 | Reallocate memory
2018-12-25T12:02:51.790360178Z 72 PC: 12cdb | Allocate memory
2018-12-25T12:02:51.792340578Z 98 PC: 12d15 | Get current PSP
2018-12-25T12:02:51.793723698Z 42 PC: 9d625 | Get date 0x9d625: mov word ptr cs:[0xe01], dx
0x9d62a: mov word ptr cs:[0xe03], cx
0x9d62f: pop ds
0x9d630: pop dx
0x9d631: mov ax, 0x3d00
0x9d634: call 0x9de32
0x9d637: jb 0x9d684
0x9d639: push cs
0x9d63a: pop ds
0x9d63b: xchg ax, bx
0x9d63c: call 0x9d858
0x9d63f: jb 0x9d681
0x9d641: mov dx, 0xddf
0x9d644: mov si, dx
0x9d646: mov ah, 0x3f
0x9d648: mov cx, 0x20
0x9d64b: int 0
0x9d64d: cmp word ptr [si], 0x5a4d
0x9d651: je 0x9d687
0x9d653: push cs
2018-12-25T12:02:51.796279122Z 61 PC: 9de38 | Open file (Filename = '')
2018-12-25T12:02:51.80310155Z 63 PC: 9d64d | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:02:51.805536341Z 66 PC: 9d857 | Move file pointer
2018-12-25T12:02:51.817975872Z 44 PC: 9d7d7 | Get time 0x9d7d7: mov bx, dx
0x9d7d9: xor ah, dl
0x9d7db: int3
0x9d7dc: mov byte ptr cs:[0x15e], ah
0x9d7e1: mov byte ptr cs:[0x160], al
0x9d7e5: mov word ptr cs:[0x162], bx
0x9d7ea: mov byte ptr cs:[0x114], 0x4c
0x9d7f0: push cs
0x9d7f1: push cs
0x9d7f2: pop ds
0x9d7f3: pop es
0x9d7f4: mov cx, word ptr cs:[0x102]
0x9d7f9: add cx, bp
0x9d7fb: mov word ptr cs:[0x102], cx
0x9d800: mov si, 0x100
0x9d803: lea di, word ptr [bp + 0xe1f]
0x9d807: mov cx, 0xd01
0x9d80a: rep movsb byte ptr es:[di], byte ptr [si]
0x9d80c: mov cx, 0xc24
0x9d80f: lea di, word ptr [bp + 0x1b20]
2018-12-25T12:02:51.826352339Z 66 PC: 9d857 | Move file pointer (See above)
2018-12-25T12:02:51.827578467Z 64 PC: 9d703 | Write file or device (Write 3500 bytes on handle 5)
2018-12-25T12:02:52.269959643Z 66 PC: 9d857 | Move file pointer (See above)
2018-12-25T12:02:52.273040121Z 64 PC: 9d737 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:52.277175044Z 62 PC: 9d75d | Close file
2018-12-25T12:02:52.284202852Z 65 PC: 9d76f | Delete file (Filename = 'ANTI-VIR.DAT')
2018-12-25T12:02:52.29048319Z 65 PC: 9d76f | Delete file (See above)
2018-12-25T12:02:52.296716131Z 65 PC: 9d76f | Delete file (See above)
2018-12-25T12:02:52.302381647Z 65 PC: 9d76f | Delete file (See above)
2018-12-25T12:02:52.309146857Z 65 PC: 9d76f | Delete file (See above)
2018-12-25T12:02:52.313983767Z 42 PC: 12d4d | Get date 0x12d4d: cmp dh, 0xc
0x12d50: jne 0x12dc9
0x12d52: push cs
0x12d53: pop ds
0x12d54: in al, 0x21
0x12d56: or al, 2
0x12d58: out 0x21, al
0x12d5a: mov ax, 0xa000
0x12d5d: mov es, ax
0x12d5f: mov ax, 0x13
0x12d62: int 0x10
0x12d64: call 0x12e11
0x12d67: mov di, 0x58c
0x12d6a: mov al, 6
0x12d6c: mov cx, 0xc4
0x12d6f: push cx
0x12d70: mov cl, 0x14
0x12d72: rep stosb byte ptr es:[di], al
0x12d74: add di, 0x12c
0x12d78: pop cx
2018-12-25T12:02:52.330497452Z 9 PC: 12e21 | Display string (Could not find end pointer)
2018-12-25T12:02:52.349158475Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.360967106Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.37535509Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.388575963Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.401453244Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.414559461Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.426289663Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.439836283Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.451799859Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.465976694Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.479085729Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.494381164Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.508787024Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.520403933Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.532152979Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.544712785Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.557571794Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.569867479Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.582306779Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.588634032Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.595807436Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.615683839Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.628828806Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.640655216Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.654326894Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.666134387Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.677636758Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.690189079Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.702949764Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.714868489Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.724439716Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.740556665Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.75334364Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.766118922Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.774392516Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.782138502Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.790167423Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.805477663Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.816049933Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.857370794Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.878383969Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.923127445Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:52.96204138Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:53.015221579Z 9 PC: 12e21 | Display string (See above)
2018-12-25T12:02:53.031856967Z 9 PC: 12e21 | Display string (See above)