Sample viewer

vx.netlux.org/Virus.DOS.Christmas.600

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:46:18.928478538Z 44 PC: 13627 | Get time 0x13627: add dx, bp
0x13629: mov byte ptr [bp + 0x400], dh
0x1362d: mov al, 0
0x1362f: and al, al
0x13631: jne 0x13646
0x13633: mov ah, 0x2a
0x13635: int 0x21
0x13637: cmp dh, 8
0x1363a: jne 0x13646
0x1363c: add dh, 0x17
0x1363f: nop
0x13640: cmp dl, dh
0x13642: jne 0x13646
0x13644: jmp 0x13649
0x13646: jmp 0x136cd
0x13649: mov si, 0xcb
0x1364c: add si, di
0x1364e: call 0x1383a
0x13651: mov si, 0xaa
0x13654: add si, di
2018-12-17T22:46:18.931015992Z 42 PC: 13637 | Get date 0x13637: cmp dh, 8
0x1363a: jne 0x13646
0x1363c: add dh, 0x17
0x1363f: nop
0x13640: cmp dl, dh
0x13642: jne 0x13646
0x13644: jmp 0x13649
0x13646: jmp 0x136cd
0x13649: mov si, 0xcb
0x1364c: add si, di
0x1364e: call 0x1383a
0x13651: mov si, 0xaa
0x13654: add si, di
0x13656: mov al, byte ptr [si]
0x13658: xor al, 0xfe
0x1365a: inc al
0x1365c: xor al, 0xfe
0x1365e: mov byte ptr [si], al
0x13660: xor al, 0xfe
0x13662: cmp al, 0x37
2018-12-17T22:46:18.933449077Z 26 PC: 136e2 | Set disk transfer address
2018-12-17T22:46:18.934794746Z 78 PC: 136ee | Find first file
2018-12-17T22:46:18.941319303Z 79 PC: 13706 | Find next file
2018-12-17T22:46:18.944877149Z 79 PC: 13706 | Find next file
2018-12-17T22:46:18.94770154Z 61 PC: 1371d | Open file (Filename = 'HELLO.COM')
2018-12-17T22:46:18.954745582Z 87 PC: 13729 | Get or set file date and time
2018-12-17T22:46:18.957093909Z 63 PC: 1373e | Read file or device (Read 30720 bytes on handle 5)
2018-12-17T22:46:18.963883779Z 62 PC: 13746 | Close file
2018-12-17T22:46:18.966105379Z 60 PC: 137eb | Create or truncate file
2018-12-17T22:46:19.040657492Z 64 PC: 13802 | Write file or device (Write 692 bytes on handle 5)
2018-12-17T22:46:19.050083708Z 87 PC: 13810 | Get or set file date and time
2018-12-17T22:46:19.051845018Z 62 PC: 13814 | Close file
2018-12-17T22:46:19.061289729Z 9 PC: 12aef | Display string (String= 'Copyright (C) 1991 JADE Corporation ')
2018-12-17T22:46:19.066417811Z 61 PC: 12b0d | Open file (Filename = '')
2018-12-17T22:46:19.074086321Z 63 PC: 12b25 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:46:19.078321327Z 62 PC: 12b63 | Close file
2018-12-17T22:46:19.080634036Z 9 PC: 12b69 | Display string (String= 'Warning !!!! Warning !!!! Program was Infected with Virus ')
2018-12-17T22:46:19.089762188Z 76 PC: 12b6d | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":31,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8841,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:03.188159746Z 44 PC: 13627 | Get time 0x13627: add dx, bp
0x13629: mov byte ptr [bp + 0x400], dh
0x1362d: mov al, 0
0x1362f: and al, al
0x13631: jne 0x13646
0x13633: mov ah, 0x2a
0x13635: int 0x21
0x13637: cmp dh, 8
0x1363a: jne 0x13646
0x1363c: add dh, 0x17
0x1363f: nop
0x13640: cmp dl, dh
0x13642: jne 0x13646
0x13644: jmp 0x13649
0x13646: jmp 0x136cd
0x13649: mov si, 0xcb
0x1364c: add si, di
0x1364e: call 0x1383a
0x13651: mov si, 0xaa
0x13654: add si, di
2018-12-25T12:22:03.19143155Z 42 PC: 13637 | Get date 0x13637: cmp dh, 8
0x1363a: jne 0x13646
0x1363c: add dh, 0x17
0x1363f: nop
0x13640: cmp dl, dh
0x13642: jne 0x13646
0x13644: jmp 0x13649
0x13646: jmp 0x136cd
0x13649: mov si, 0xcb
0x1364c: add si, di
0x1364e: call 0x1383a
0x13651: mov si, 0xaa
0x13654: add si, di
0x13656: mov al, byte ptr [si]
0x13658: xor al, 0xfe
0x1365a: inc al
0x1365c: xor al, 0xfe
0x1365e: mov byte ptr [si], al
0x13660: xor al, 0xfe
0x13662: cmp al, 0x37
2018-12-25T12:22:03.193662612Z 6 PC: 13846 | Direct console I/O
2018-12-25T12:22:03.195720201Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.198386393Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.200571788Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.202641885Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.213407107Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.215647678Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.217628489Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.219787888Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.222218913Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.224389481Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.22675799Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.229994801Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.232810456Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.235141194Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.241274427Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.243462428Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.246024561Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.248990042Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.251308608Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.253635639Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.256841716Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.258770758Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.260205817Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.262381224Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.263750006Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.265086082Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.266969395Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.268951012Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.270699117Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.272879178Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.274821644Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.276103034Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.277775313Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.279727551Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.281793122Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.284070367Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.286078237Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.288073293Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.290417605Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.292362294Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.294162341Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.296187823Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.298374304Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.300203288Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.302169794Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.304455035Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.306654392Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.309053543Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.311587705Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.313600022Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.315804033Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.318258834Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.320218043Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.323833575Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.326427429Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.329865993Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.33180465Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.3346731Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.392267678Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.394632853Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.399528719Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.401629515Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.403689839Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.406489655Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.408462248Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.410456368Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.413285858Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.415258595Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.417265735Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.420068997Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.42203997Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.423997122Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.42922574Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.431264685Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.433218134Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.435844716Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.437873123Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.439856791Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.442603198Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.444555559Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.446496758Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.449847145Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.451801188Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.453762368Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.456762769Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.458720485Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.460916191Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.463921071Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.466100274Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.468294435Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.470798726Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.472247869Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.473659561Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.475714814Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.47709943Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.478482127Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.480816043Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.482174573Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.483779821Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.486556138Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.488155103Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.48968037Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.491895723Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.493847548Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.495587316Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.499478648Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.50216543Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.504174014Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.562861348Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.565021001Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.567191501Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.570008888Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.57214298Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.574320845Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.577409184Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.579597641Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.581753069Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.584098481Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.58701987Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.589165673Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.591385322Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.594530258Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.596757761Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.598984222Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.604344768Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.606489075Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.608627359Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.612044236Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.614226967Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.616445945Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.61997545Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.623007842Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.625183483Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.628337264Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.63061685Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.632879798Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.635374714Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.637263332Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.639126073Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.641736036Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.643564026Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.6453649Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.647522934Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.649321094Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.651088178Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.652906742Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.654677816Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.65635127Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.658443434Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.660258942Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.661938116Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.663975135Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.665792246Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.667630234Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.669574743Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.672892489Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.67473795Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.676874679Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.735759135Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.737814998Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.74000872Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.742207326Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.744410221Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.747039853Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.749775836Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.751947659Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.754488661Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.756644606Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.758804083Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.761361574Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.763528054Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.765838715Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.767986627Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.769903615Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.772281015Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.774130791Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.77597692Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.778363069Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.78018845Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.782027408Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.784338367Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.786163259Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.787994138Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.790430206Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.792298716Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.794108702Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.796451101Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.798291164Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.800141764Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.802435789Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.80426173Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.806081298Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.808201851Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.810061088Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.812041997Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.814214481Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.816086669Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.81827614Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.820271272Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.822751027Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.825096876Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.827072917Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.828919508Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.83238803Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.834130695Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.837463217Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.839385571Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.840720196Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.878174963Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.880340622Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.882219456Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.884703758Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.887001663Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.888863449Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.890854041Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.894887929Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.896706112Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.898552452Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.900845057Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.902620482Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.904413558Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.906792744Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.908563721Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.918044911Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.920582972Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.922257157Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.923991105Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.926338033Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.928138144Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.929903074Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.932093379Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.933877474Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.936021745Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.938015747Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.939832927Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.94213855Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.943996457Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.945769476Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.94874029Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.95069663Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.952888781Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.956199053Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.95933747Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.961570181Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.964309931Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.966583755Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.96853059Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.971012501Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.973131678Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.975272727Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.978021942Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.979928161Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.982001395Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.98464352Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.986521404Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.989970211Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.992351663Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:03.994272998Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.04900686Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.051868864Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.053925977Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.056119998Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.065459033Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.06784908Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.070406967Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.073614646Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.075932659Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.078713126Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.081224511Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.083391912Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.086613644Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.088900929Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.091176856Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.094145961Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.096398973Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.098665979Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.101391973Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.104172021Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.106075838Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.108548419Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.110418568Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.112255805Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.11431526Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.116248141Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.118265988Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.120192014Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.122133046Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.124436104Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.12633483Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.128668303Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.131063321Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.132931683Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.134765006Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.13733173Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.139174786Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.141019293Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.143252306Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.145090954Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.147196677Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.149566088Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.16259472Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.165187192Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.167011596Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.179258303Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.181197122Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.185090634Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.186921708Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.18906749Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.244606579Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.246740079Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.248693234Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.250641748Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.253066518Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.254963543Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.271379869Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.273881914Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.275660772Z 6 PC: 13846 | Direct console I/O (See above)
2018-12-25T12:22:04.277430289Z 9 PC: 12aef | Display string (String= 'Copyright (C) 1991 JADE Corporation ')
2018-12-25T12:22:04.282818345Z 61 PC: 12b0d | Open file (Filename = '')
2018-12-25T12:22:04.289154872Z 63 PC: 12b25 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:22:04.292221622Z 62 PC: 12b63 | Close file
2018-12-25T12:22:04.293812188Z 9 PC: 12b69 | Display string (String= 'Warning !!!! Warning !!!! Program was Infected with Virus ')
2018-12-25T12:22:04.299924642Z 76 PC: 12b6d | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8841,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:04.418075426Z 44 PC: 13627 | Get time 0x13627: add dx, bp
0x13629: mov byte ptr [bp + 0x400], dh
0x1362d: mov al, 0
0x1362f: and al, al
0x13631: jne 0x13646
0x13633: mov ah, 0x2a
0x13635: int 0x21
0x13637: cmp dh, 8
0x1363a: jne 0x13646
0x1363c: add dh, 0x17
0x1363f: nop
0x13640: cmp dl, dh
0x13642: jne 0x13646
0x13644: jmp 0x13649
0x13646: jmp 0x136cd
0x13649: mov si, 0xcb
0x1364c: add si, di
0x1364e: call 0x1383a
0x13651: mov si, 0xaa
0x13654: add si, di
2018-12-25T12:22:04.421122793Z 42 PC: 13637 | Get date 0x13637: cmp dh, 8
0x1363a: jne 0x13646
0x1363c: add dh, 0x17
0x1363f: nop
0x13640: cmp dl, dh
0x13642: jne 0x13646
0x13644: jmp 0x13649
0x13646: jmp 0x136cd
0x13649: mov si, 0xcb
0x1364c: add si, di
0x1364e: call 0x1383a
0x13651: mov si, 0xaa
0x13654: add si, di
0x13656: mov al, byte ptr [si]
0x13658: xor al, 0xfe
0x1365a: inc al
0x1365c: xor al, 0xfe
0x1365e: mov byte ptr [si], al
0x13660: xor al, 0xfe
0x13662: cmp al, 0x37
2018-12-25T12:22:04.423134164Z 26 PC: 136e2 | Set disk transfer address
2018-12-25T12:22:04.424064143Z 78 PC: 136ee | Find first file
2018-12-25T12:22:04.430324182Z 79 PC: 13706 | Find next file
2018-12-25T12:22:04.432819787Z 79 PC: 13706 | Find next file (See above)
2018-12-25T12:22:04.435180595Z 61 PC: 1371d | Open file (Filename = 'HELLO.COM')
2018-12-25T12:22:04.441681155Z 87 PC: 13729 | Get or set file date and time
2018-12-25T12:22:04.443114463Z 63 PC: 1373e | Read file or device (Read 30720 bytes on handle 5)
2018-12-25T12:22:04.449108818Z 62 PC: 13746 | Close file
2018-12-25T12:22:04.451531817Z 60 PC: 137eb | Create or truncate file
2018-12-25T12:22:04.472465377Z 64 PC: 13802 | Write file or device (Write 692 bytes on handle 5)
2018-12-25T12:22:04.480486943Z 87 PC: 13810 | Get or set file date and time
2018-12-25T12:22:04.481900281Z 62 PC: 13814 | Close file
2018-12-25T12:22:04.489467191Z 9 PC: 12aef | Display string (String= 'Copyright (C) 1991 JADE Corporation ')
2018-12-25T12:22:04.49455609Z 61 PC: 12b0d | Open file (Filename = '')
2018-12-25T12:22:04.500896641Z 63 PC: 12b25 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:22:04.507656004Z 62 PC: 12b63 | Close file
2018-12-25T12:22:04.509245824Z 9 PC: 12b69 | Display string (String= 'Warning !!!! Warning !!!! Program was Infected with Virus ')
2018-12-25T12:22:04.516253784Z 76 PC: 12b6d | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8841,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:04.797749007Z 44 PC: 13627 | Get time 0x13627: add dx, bp
0x13629: mov byte ptr [bp + 0x400], dh
0x1362d: mov al, 0
0x1362f: and al, al
0x13631: jne 0x13646
0x13633: mov ah, 0x2a
0x13635: int 0x21
0x13637: cmp dh, 8
0x1363a: jne 0x13646
0x1363c: add dh, 0x17
0x1363f: nop
0x13640: cmp dl, dh
0x13642: jne 0x13646
0x13644: jmp 0x13649
0x13646: jmp 0x136cd
0x13649: mov si, 0xcb
0x1364c: add si, di
0x1364e: call 0x1383a
0x13651: mov si, 0xaa
0x13654: add si, di
2018-12-25T12:22:04.80026842Z 42 PC: 13637 | Get date 0x13637: cmp dh, 8
0x1363a: jne 0x13646
0x1363c: add dh, 0x17
0x1363f: nop
0x13640: cmp dl, dh
0x13642: jne 0x13646
0x13644: jmp 0x13649
0x13646: jmp 0x136cd
0x13649: mov si, 0xcb
0x1364c: add si, di
0x1364e: call 0x1383a
0x13651: mov si, 0xaa
0x13654: add si, di
0x13656: mov al, byte ptr [si]
0x13658: xor al, 0xfe
0x1365a: inc al
0x1365c: xor al, 0xfe
0x1365e: mov byte ptr [si], al
0x13660: xor al, 0xfe
0x13662: cmp al, 0x37
2018-12-25T12:22:04.802198648Z 26 PC: 136e2 | Set disk transfer address
2018-12-25T12:22:04.803137575Z 78 PC: 136ee | Find first file
2018-12-25T12:22:04.809338441Z 79 PC: 13706 | Find next file
2018-12-25T12:22:04.811749963Z 79 PC: 13706 | Find next file (See above)
2018-12-25T12:22:04.814095095Z 79 PC: 13706 | Find next file (See above)
2018-12-25T12:22:04.816978874Z 61 PC: 1371d | Open file (Filename = 'PHANG.COM')
2018-12-25T12:22:04.823255074Z 87 PC: 13729 | Get or set file date and time
2018-12-25T12:22:04.824786262Z 63 PC: 1373e | Read file or device (Read 30720 bytes on handle 5)
2018-12-25T12:22:04.831309332Z 62 PC: 13746 | Close file
2018-12-25T12:22:04.8331174Z 60 PC: 137eb | Create or truncate file
2018-12-25T12:22:04.851527706Z 64 PC: 13802 | Write file or device (Write 629 bytes on handle 5)
2018-12-25T12:22:04.859667712Z 87 PC: 13810 | Get or set file date and time
2018-12-25T12:22:04.861024303Z 62 PC: 13814 | Close file
2018-12-25T12:22:04.868373491Z 9 PC: 12aef | Display string (String= 'Copyright (C) 1991 JADE Corporation ')
2018-12-25T12:22:04.874619562Z 61 PC: 12b0d | Open file (Filename = '')
2018-12-25T12:22:04.880965441Z 63 PC: 12b25 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:22:04.883350639Z 62 PC: 12b63 | Close file
2018-12-25T12:22:04.885035518Z 9 PC: 12b69 | Display string (String= 'Warning !!!! Warning !!!! Program was Infected with Virus ')
2018-12-25T12:22:04.8924493Z 76 PC: 12b6d | Terminate with return code (Return code = '36')