Sample viewer

vx.netlux.org/Virus.DOS.IVP.Gothic.2097

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:09.986735385Z 26 PC: 136e5 | Set disk transfer address
2018-12-17T22:48:09.988286999Z 53 PC: 134ec | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:09.989486662Z 37 PC: 134fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:09.99061643Z 71 PC: 1350a | Get current directory
2018-12-17T22:48:09.994280777Z 78 PC: 13580 | Find first file
2018-12-17T22:48:10.000869595Z 61 PC: 136ee | Open file (Filename = 'TEST.EXE')
2018-12-17T22:48:10.007902578Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:10.011050782Z 62 PC: 1359f | Close file
2018-12-17T22:48:10.012983618Z 79 PC: 13580 | Find next file
2018-12-17T22:48:10.015467101Z 78 PC: 13580 | Find first file
2018-12-17T22:48:10.021942011Z 61 PC: 136ee | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:10.034462045Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:10.041624528Z 62 PC: 1359f | Close file
2018-12-17T22:48:10.043649046Z 79 PC: 13580 | Find next file
2018-12-17T22:48:10.047577202Z 61 PC: 136ee | Open file (Filename = 'PRINT.COM')
2018-12-17T22:48:10.055202341Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:10.063342804Z 62 PC: 1359f | Close file
2018-12-17T22:48:10.066119033Z 79 PC: 13580 | Find next file
2018-12-17T22:48:10.069258871Z 61 PC: 136ee | Open file (Filename = 'HELLO.COM')
2018-12-17T22:48:10.076493007Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:10.084022009Z 62 PC: 1359f | Close file
2018-12-17T22:48:10.086017928Z 79 PC: 13580 | Find next file
2018-12-17T22:48:10.088897342Z 61 PC: 136ee | Open file (Filename = 'PHANG.COM')
2018-12-17T22:48:10.096669071Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:10.104262557Z 62 PC: 1359f | Close file
2018-12-17T22:48:10.106184209Z 79 PC: 13580 | Find next file
2018-12-17T22:48:10.10964608Z 61 PC: 136ee | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:48:10.117575154Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:10.125000964Z 62 PC: 1359f | Close file
2018-12-17T22:48:10.127602151Z 79 PC: 13580 | Find next file
2018-12-17T22:48:10.130530435Z 61 PC: 136ee | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:48:10.137763382Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:10.146247195Z 62 PC: 1359f | Close file
2018-12-17T22:48:10.148284433Z 67 PC: 136f9 | Get or set file attributes
2018-12-17T22:48:10.165519729Z 61 PC: 136ee | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:48:10.174390812Z 64 PC: 1368c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:48:10.177427921Z 66 PC: 136e0 | Move file pointer
2018-12-17T22:48:10.178895134Z 44 PC: 13697 | Get time 0x13697: cmp dh, 0
0x1369a: je 0x13693
0x1369c: mov byte ptr cs:[bp + 0x8ac], dh
0x136a1: call 0x13b3c
0x136a4: inc byte ptr cs:[bp + 0x955]
0x136a9: mov ax, 0x5701
0x136ac: mov cx, word ptr cs:[bp + 0x9c8]
0x136b1: mov dx, word ptr cs:[bp + 0x9ca]
0x136b6: int 0x21
0x136b8: mov ah, 0x3e
0x136ba: int 0x21
0x136bc: xor cx, cx
0x136be: mov cl, byte ptr cs:[bp + 0x9c7]
0x136c3: call 0x136f0
0x136c6: ret
0x136c7: mov ah, 0x2a
0x136c9: int 0x21
0x136cb: cmp al, 5
0x136cd: jb 0x136d7
0x136cf: mov ah, 9
2018-12-17T22:48:10.182563049Z 64 PC: 13c3d | Write file or device (Write 2097 bytes on handle 5)
2018-12-17T22:48:10.193338715Z 87 PC: 136b8 | Get or set file date and time
2018-12-17T22:48:10.195014945Z 62 PC: 136bc | Close file
2018-12-17T22:48:10.204184048Z 67 PC: 136f9 | Get or set file attributes
2018-12-17T22:48:10.214935641Z 79 PC: 13580 | Find next file
2018-12-17T22:48:10.216957696Z 61 PC: 136ee | Open file (Filename = 'PAH.COM')
2018-12-17T22:48:10.221462217Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:48:10.226238411Z 62 PC: 1359f | Close file
2018-12-17T22:48:10.227762607Z 79 PC: 13580 | Find next file
2018-12-17T22:48:10.230599056Z 59 PC: 13520 | Change current directory
2018-12-17T22:48:10.235085679Z 42 PC: 136cb | Get date 0x136cb: cmp al, 5
0x136cd: jb 0x136d7
0x136cf: mov ah, 9
0x136d1: lea dx, word ptr [bp + 0x449]
0x136d5: int 0x21
0x136d7: ret
0x136d8: mov ah, 0x42
0x136da: xor cx, cx
0x136dc: xor dx, dx
0x136de: int 0x21
0x136e0: ret
0x136e1: mov ah, 0x1a
0x136e3: int 0x21
0x136e5: ret
0x136e6: mov ah, 0x3d
0x136e8: lea dx, word ptr [bp + 0x9d0]
0x136ec: int 0x21
0x136ee: xchg ax, bx
0x136ef: ret
0x136f0: mov ax, 0x4301
2018-12-17T22:48:10.237116639Z 37 PC: 1352f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:10.238022142Z 59 PC: 13539 | Change current directory
2018-12-17T22:48:10.239845249Z 26 PC: 136e5 | Set disk transfer address
2018-12-17T22:48:10.240712642Z 9 PC: 133f2 | Display string (Could not find end pointer)
2018-12-17T22:48:10.243154609Z 76 PC: 133f8 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9456,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:14.755088218Z 26 PC: 136e5 | Set disk transfer address
2018-12-25T12:23:14.756996392Z 53 PC: 134ec | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:14.75853427Z 37 PC: 134fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:14.759629706Z 71 PC: 1350a | Get current directory
2018-12-25T12:23:14.762959745Z 78 PC: 13580 | Find first file
2018-12-25T12:23:14.769536237Z 61 PC: 136ee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:14.781229557Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:14.787695772Z 62 PC: 1359f | Close file
2018-12-25T12:23:14.790269711Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:14.79366778Z 78 PC: 13580 | Find first file (See above)
2018-12-25T12:23:14.799716338Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:14.807603629Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:14.814050818Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:14.815910437Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:14.819297126Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:14.8260136Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:14.832490042Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:14.835250392Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:14.838093349Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:14.84495201Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:14.851797645Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:14.853944083Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:14.856925363Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:14.866100839Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:14.872866673Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:14.874642762Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:14.878483164Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:14.884860042Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:14.89252945Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:14.900585907Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:14.908189449Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:14.914977209Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:14.922063718Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:14.92429844Z 67 PC: 136f9 | Get or set file attributes
2018-12-25T12:23:15.063594899Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.071135541Z 64 PC: 1368c | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:23:15.074673374Z 66 PC: 136e0 | Move file pointer
2018-12-25T12:23:15.076938693Z 44 PC: 13697 | Get time 0x13697: cmp dh, 0
0x1369a: je 0x13693
0x1369c: mov byte ptr cs:[bp + 0x8ac], dh
0x136a1: call 0x13b3c
0x136a4: inc byte ptr cs:[bp + 0x955]
0x136a9: mov ax, 0x5701
0x136ac: mov cx, word ptr cs:[bp + 0x9c8]
0x136b1: mov dx, word ptr cs:[bp + 0x9ca]
0x136b6: int 0x21
0x136b8: mov ah, 0x3e
0x136ba: int 0x21
0x136bc: xor cx, cx
0x136be: mov cl, byte ptr cs:[bp + 0x9c7]
0x136c3: call 0x136f0
0x136c6: ret
0x136c7: mov ah, 0x2a
0x136c9: int 0x21
0x136cb: cmp al, 5
0x136cd: jb 0x136d7
0x136cf: mov ah, 9
2018-12-25T12:23:15.080956471Z 64 PC: 13c3d | Write file or device (Write 2097 bytes on handle 5)
2018-12-25T12:23:15.091195356Z 87 PC: 136b8 | Get or set file date and time
2018-12-25T12:23:15.092980172Z 62 PC: 136bc | Close file
2018-12-25T12:23:15.101814559Z 67 PC: 136f9 | Get or set file attributes (See above)
2018-12-25T12:23:15.112746196Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.115558292Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.122220021Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.130458684Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.132264115Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.134769187Z 59 PC: 13520 | Change current directory
2018-12-25T12:23:15.13925529Z 42 PC: 136cb | Get date 0x136cb: cmp al, 5
0x136cd: jb 0x136d7
0x136cf: mov ah, 9
0x136d1: lea dx, word ptr [bp + 0x449]
0x136d5: int 0x21
0x136d7: ret
0x136d8: mov ah, 0x42
0x136da: xor cx, cx
0x136dc: xor dx, dx
0x136de: int 0x21
0x136e0: ret
0x136e1: mov ah, 0x1a
0x136e3: int 0x21
0x136e5: ret
0x136e6: mov ah, 0x3d
0x136e8: lea dx, word ptr [bp + 0x9d0]
0x136ec: int 0x21
0x136ee: xchg ax, bx
0x136ef: ret
0x136f0: mov ax, 0x4301
2018-12-25T12:23:15.141203499Z 37 PC: 1352f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:15.142331309Z 59 PC: 13539 | Change current directory
2018-12-25T12:23:15.144749941Z 26 PC: 136e5 | Set disk transfer address (See above)
2018-12-25T12:23:15.145810695Z 9 PC: 133f2 | Display string (Could not find end pointer)
2018-12-25T12:23:15.150944762Z 76 PC: 133f8 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9456,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:15.358531189Z 26 PC: 136e5 | Set disk transfer address
2018-12-25T12:23:15.36025971Z 53 PC: 134ec | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:15.362023995Z 37 PC: 134fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:15.363558545Z 71 PC: 1350a | Get current directory
2018-12-25T12:23:15.367311205Z 78 PC: 13580 | Find first file
2018-12-25T12:23:15.374738804Z 61 PC: 136ee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:15.382468381Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:15.385264714Z 62 PC: 1359f | Close file
2018-12-25T12:23:15.388174718Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.391161761Z 78 PC: 13580 | Find first file (See above)
2018-12-25T12:23:15.397961761Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.406526709Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.413904206Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.415927773Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.41924492Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.426527363Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.433458347Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.43575262Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.439351279Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.447446537Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.4547666Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.457485477Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.460717907Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.468054683Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.475524015Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.47756227Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.48045856Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.489569996Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.496280671Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.4983536Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.501960837Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.509878748Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.523180384Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.52642419Z 67 PC: 136f9 | Get or set file attributes
2018-12-25T12:23:15.545273663Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.552817244Z 64 PC: 1368c | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:23:15.556999974Z 66 PC: 136e0 | Move file pointer
2018-12-25T12:23:15.558786831Z 44 PC: 13697 | Get time 0x13697: cmp dh, 0
0x1369a: je 0x13693
0x1369c: mov byte ptr cs:[bp + 0x8ac], dh
0x136a1: call 0x13b3c
0x136a4: inc byte ptr cs:[bp + 0x955]
0x136a9: mov ax, 0x5701
0x136ac: mov cx, word ptr cs:[bp + 0x9c8]
0x136b1: mov dx, word ptr cs:[bp + 0x9ca]
0x136b6: int 0x21
0x136b8: mov ah, 0x3e
0x136ba: int 0x21
0x136bc: xor cx, cx
0x136be: mov cl, byte ptr cs:[bp + 0x9c7]
0x136c3: call 0x136f0
0x136c6: ret
0x136c7: mov ah, 0x2a
0x136c9: int 0x21
0x136cb: cmp al, 5
0x136cd: jb 0x136d7
0x136cf: mov ah, 9
2018-12-25T12:23:15.562341701Z 64 PC: 13c3d | Write file or device (Write 2097 bytes on handle 5)
2018-12-25T12:23:15.576568916Z 87 PC: 136b8 | Get or set file date and time
2018-12-25T12:23:15.578717519Z 62 PC: 136bc | Close file
2018-12-25T12:23:15.58785934Z 67 PC: 136f9 | Get or set file attributes (See above)
2018-12-25T12:23:15.598997411Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.60327447Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.610831646Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.618221185Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.621515511Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.625039474Z 59 PC: 13520 | Change current directory
2018-12-25T12:23:15.629963928Z 42 PC: 136cb | Get date 0x136cb: cmp al, 5
0x136cd: jb 0x136d7
0x136cf: mov ah, 9
0x136d1: lea dx, word ptr [bp + 0x449]
0x136d5: int 0x21
0x136d7: ret
0x136d8: mov ah, 0x42
0x136da: xor cx, cx
0x136dc: xor dx, dx
0x136de: int 0x21
0x136e0: ret
0x136e1: mov ah, 0x1a
0x136e3: int 0x21
0x136e5: ret
0x136e6: mov ah, 0x3d
0x136e8: lea dx, word ptr [bp + 0x9d0]
0x136ec: int 0x21
0x136ee: xchg ax, bx
0x136ef: ret
0x136f0: mov ax, 0x4301
2018-12-25T12:23:15.633376752Z 37 PC: 1352f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:15.634756051Z 59 PC: 13539 | Change current directory
2018-12-25T12:23:15.636779591Z 26 PC: 136e5 | Set disk transfer address (See above)
2018-12-25T12:23:15.638315441Z 9 PC: 133f2 | Display string (Could not find end pointer)
2018-12-25T12:23:15.644954321Z 76 PC: 133f8 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":9456,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:15.623970985Z 26 PC: 136e5 | Set disk transfer address
2018-12-25T12:23:15.625454219Z 53 PC: 134ec | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:15.627655755Z 37 PC: 134fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:15.629851053Z 71 PC: 1350a | Get current directory
2018-12-25T12:23:15.638443978Z 78 PC: 13580 | Find first file
2018-12-25T12:23:15.64558894Z 61 PC: 136ee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:15.653846402Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:15.657197672Z 62 PC: 1359f | Close file
2018-12-25T12:23:15.659640522Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.663601085Z 78 PC: 13580 | Find first file (See above)
2018-12-25T12:23:15.670354778Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.68341683Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.691760992Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.694077018Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.697530758Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.706286399Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.713909755Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.716123746Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.720223474Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.728542298Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.735938929Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.738385813Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.742564313Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.750182495Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.758007547Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.760910121Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.763849063Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.771200473Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.779693911Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.782128336Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.785464991Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.793543312Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.810984169Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.813511543Z 67 PC: 136f9 | Get or set file attributes
2018-12-25T12:23:15.832555208Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.841385763Z 64 PC: 1368c | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:23:15.844943634Z 66 PC: 136e0 | Move file pointer
2018-12-25T12:23:15.847106184Z 44 PC: 13697 | Get time 0x13697: cmp dh, 0
0x1369a: je 0x13693
0x1369c: mov byte ptr cs:[bp + 0x8ac], dh
0x136a1: call 0x13b3c
0x136a4: inc byte ptr cs:[bp + 0x955]
0x136a9: mov ax, 0x5701
0x136ac: mov cx, word ptr cs:[bp + 0x9c8]
0x136b1: mov dx, word ptr cs:[bp + 0x9ca]
0x136b6: int 0x21
0x136b8: mov ah, 0x3e
0x136ba: int 0x21
0x136bc: xor cx, cx
0x136be: mov cl, byte ptr cs:[bp + 0x9c7]
0x136c3: call 0x136f0
0x136c6: ret
0x136c7: mov ah, 0x2a
0x136c9: int 0x21
0x136cb: cmp al, 5
0x136cd: jb 0x136d7
0x136cf: mov ah, 9
2018-12-25T12:23:15.851344172Z 64 PC: 13c3d | Write file or device (Write 2097 bytes on handle 5)
2018-12-25T12:23:15.86258642Z 87 PC: 136b8 | Get or set file date and time
2018-12-25T12:23:15.864668677Z 62 PC: 136bc | Close file
2018-12-25T12:23:15.873926934Z 67 PC: 136f9 | Get or set file attributes (See above)
2018-12-25T12:23:15.887438485Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.890737127Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.899074128Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.907185094Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.90977533Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.914452664Z 59 PC: 13520 | Change current directory
2018-12-25T12:23:15.919916515Z 42 PC: 136cb | Get date 0x136cb: cmp al, 5
0x136cd: jb 0x136d7
0x136cf: mov ah, 9
0x136d1: lea dx, word ptr [bp + 0x449]
0x136d5: int 0x21
0x136d7: ret
0x136d8: mov ah, 0x42
0x136da: xor cx, cx
0x136dc: xor dx, dx
0x136de: int 0x21
0x136e0: ret
0x136e1: mov ah, 0x1a
0x136e3: int 0x21
0x136e5: ret
0x136e6: mov ah, 0x3d
0x136e8: lea dx, word ptr [bp + 0x9d0]
0x136ec: int 0x21
0x136ee: xchg ax, bx
0x136ef: ret
0x136f0: mov ax, 0x4301
2018-12-25T12:23:15.922737139Z 37 PC: 1352f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:15.925101328Z 59 PC: 13539 | Change current directory
2018-12-25T12:23:15.927555465Z 26 PC: 136e5 | Set disk transfer address (See above)
2018-12-25T12:23:15.929207471Z 9 PC: 133f2 | Display string (Could not find end pointer)
2018-12-25T12:23:15.936475578Z 76 PC: 133f8 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":9456,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:15.900413437Z 26 PC: 136e5 | Set disk transfer address
2018-12-25T12:23:15.902189638Z 53 PC: 134ec | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:15.903537801Z 37 PC: 134fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:15.904842785Z 71 PC: 1350a | Get current directory
2018-12-25T12:23:15.912840713Z 78 PC: 13580 | Find first file
2018-12-25T12:23:15.920865276Z 61 PC: 136ee | Open file (Filename = 'TEST.EXE')
2018-12-25T12:23:15.92911074Z 63 PC: 1359b | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:23:15.933085158Z 62 PC: 1359f | Close file
2018-12-25T12:23:15.935701578Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.939065362Z 78 PC: 13580 | Find first file (See above)
2018-12-25T12:23:15.946552203Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.954433648Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.961509561Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.963806613Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.967848397Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:15.976005631Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:15.983934548Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:15.988049058Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:15.992450834Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:16.000444345Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:16.008959336Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:16.011802179Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:16.01528276Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:16.024076768Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:16.032115746Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:16.035143003Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:16.038510192Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:16.046198381Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:16.053515749Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:16.05653922Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:16.059840308Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:16.067082339Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:16.074312601Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:16.077371322Z 67 PC: 136f9 | Get or set file attributes
2018-12-25T12:23:16.095790239Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:16.103430231Z 64 PC: 1368c | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:23:16.107612349Z 66 PC: 136e0 | Move file pointer
2018-12-25T12:23:16.10960675Z 44 PC: 13697 | Get time 0x13697: cmp dh, 0
0x1369a: je 0x13693
0x1369c: mov byte ptr cs:[bp + 0x8ac], dh
0x136a1: call 0x13b3c
0x136a4: inc byte ptr cs:[bp + 0x955]
0x136a9: mov ax, 0x5701
0x136ac: mov cx, word ptr cs:[bp + 0x9c8]
0x136b1: mov dx, word ptr cs:[bp + 0x9ca]
0x136b6: int 0x21
0x136b8: mov ah, 0x3e
0x136ba: int 0x21
0x136bc: xor cx, cx
0x136be: mov cl, byte ptr cs:[bp + 0x9c7]
0x136c3: call 0x136f0
0x136c6: ret
0x136c7: mov ah, 0x2a
0x136c9: int 0x21
0x136cb: cmp al, 5
0x136cd: jb 0x136d7
0x136cf: mov ah, 9
2018-12-25T12:23:16.113228698Z 64 PC: 13c3d | Write file or device (Write 2097 bytes on handle 5)
2018-12-25T12:23:16.125164299Z 87 PC: 136b8 | Get or set file date and time
2018-12-25T12:23:16.128311855Z 62 PC: 136bc | Close file
2018-12-25T12:23:16.137213093Z 67 PC: 136f9 | Get or set file attributes (See above)
2018-12-25T12:23:16.148186071Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:16.151853071Z 61 PC: 136ee | Open file (See above)
2018-12-25T12:23:16.159554338Z 63 PC: 1359b | Read file or device (See above)
2018-12-25T12:23:16.167087739Z 62 PC: 1359f | Close file (See above)
2018-12-25T12:23:16.170574012Z 79 PC: 13580 | Find next file (See above)
2018-12-25T12:23:16.173767197Z 59 PC: 13520 | Change current directory
2018-12-25T12:23:16.178224075Z 42 PC: 136cb | Get date 0x136cb: cmp al, 5
0x136cd: jb 0x136d7
0x136cf: mov ah, 9
0x136d1: lea dx, word ptr [bp + 0x449]
0x136d5: int 0x21
0x136d7: ret
0x136d8: mov ah, 0x42
0x136da: xor cx, cx
0x136dc: xor dx, dx
0x136de: int 0x21
0x136e0: ret
0x136e1: mov ah, 0x1a
0x136e3: int 0x21
0x136e5: ret
0x136e6: mov ah, 0x3d
0x136e8: lea dx, word ptr [bp + 0x9d0]
0x136ec: int 0x21
0x136ee: xchg ax, bx
0x136ef: ret
0x136f0: mov ax, 0x4301
2018-12-25T12:23:16.181519685Z 37 PC: 1352f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:16.182898823Z 59 PC: 13539 | Change current directory
2018-12-25T12:23:16.184898307Z 26 PC: 136e5 | Set disk transfer address (See above)
2018-12-25T12:23:16.187206294Z 9 PC: 133f2 | Display string (Could not find end pointer)
2018-12-25T12:23:16.193226389Z 76 PC: 133f8 | Terminate with return code (Return code = '0')