Sample viewer

vx.netlux.org/Virus.DOS.LAVI.Cris.1494

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:01.15903265Z 65 PC: 12c73 | Delete file (Filename = ' G')
2018-12-17T22:51:01.165742889Z 42 PC: 12ae4 | Get date 0x12ae4: mov si, si
0x12ae6: mov dl, dl
0x12ae8: cmp dh, 0xb
0x12aeb: jne 0x12af9
0x12aed: cmp dl, 0x1a
0x12af0: jne 0x12af9
0x12af2: call 0x12c83
0x12af5: mov si, si
0x12af7: mov cx, cx
0x12af9: push cs
0x12afa: pop es
0x12afb: sub ax, 0
0x12afe: mov cx, cx
0x12b00: mov si, 0x143
0x12b03: mov dx, dx
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b18
0x12b0c: sub ah, 0
0x12b0f: mov ah, 0xb9
0x12b11: int 0x21
2018-12-17T22:51:01.167853783Z 185 PC: 12b13 | UNKNOWN!
2018-12-17T22:51:01.169198587Z 74 PC: 12b64 | Reallocate memory
2018-12-17T22:51:01.170834532Z 53 PC: 12b73 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:01.172588028Z 37 PC: 12b9a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:01.173894583Z 75 PC: 12c32 | Execute program
2018-12-17T22:51:01.182481161Z 65 PC: 134d3 | Delete file (Filename = ' G')
2018-12-17T22:51:01.193026397Z 42 PC: 13344 | Get date 0x13344: mov si, si
0x13346: mov dl, dl
0x13348: cmp dh, 0xb
0x1334b: jne 0x13359
0x1334d: cmp dl, 0x1a
0x13350: jne 0x13359
0x13352: call 0x134e3
0x13355: mov si, si
0x13357: mov cx, cx
0x13359: push cs
0x1335a: pop es
0x1335b: sub ax, 0
0x1335e: mov cx, cx
0x13360: mov si, 0x143
0x13363: mov dx, dx
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13378
0x1336c: sub ah, 0
0x1336f: mov ah, 0xb9
0x13371: int 0x21
2018-12-17T22:51:01.19508735Z 76 PC: 132a4 | Terminate with return code (Return code = '1')
2018-12-17T22:51:01.19807042Z 73 PC: 12c49 | Release memory
2018-12-17T22:51:01.199736658Z 49 PC: 12c62 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10406,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:54.939127277Z 65 PC: 12c73 | Delete file (Filename = ' G')
2018-12-25T12:27:54.945943816Z 42 PC: 12ae4 | Get date 0x12ae4: mov si, si
0x12ae6: mov dl, dl
0x12ae8: cmp dh, 0xb
0x12aeb: jne 0x12af9
0x12aed: cmp dl, 0x1a
0x12af0: jne 0x12af9
0x12af2: call 0x12c83
0x12af5: mov si, si
0x12af7: mov cx, cx
0x12af9: push cs
0x12afa: pop es
0x12afb: sub ax, 0
0x12afe: mov cx, cx
0x12b00: mov si, 0x143
0x12b03: mov dx, dx
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b18
0x12b0c: sub ah, 0
0x12b0f: mov ah, 0xb9
0x12b11: int 0x21
2018-12-25T12:27:54.948094149Z 185 PC: 12b13 | UNKNOWN!
2018-12-25T12:27:54.949517327Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:27:54.951602656Z 53 PC: 12b73 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:54.95284031Z 37 PC: 12b9a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:54.954125592Z 75 PC: 12c32 | Execute program
2018-12-25T12:27:54.969410184Z 65 PC: 134d3 | Delete file (Filename = ' G')
2018-12-25T12:27:54.97557101Z 42 PC: 13344 | Get date 0x13344: mov si, si
0x13346: mov dl, dl
0x13348: cmp dh, 0xb
0x1334b: jne 0x13359
0x1334d: cmp dl, 0x1a
0x13350: jne 0x13359
0x13352: call 0x134e3
0x13355: mov si, si
0x13357: mov cx, cx
0x13359: push cs
0x1335a: pop es
0x1335b: sub ax, 0
0x1335e: mov cx, cx
0x13360: mov si, 0x143
0x13363: mov dx, dx
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13378
0x1336c: sub ah, 0
0x1336f: mov ah, 0xb9
0x13371: int 0x21
2018-12-25T12:27:54.978032896Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:27:54.981166602Z 73 PC: 12c49 | Release memory
2018-12-25T12:27:54.983421138Z 49 PC: 12c62 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10406,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:54.947315804Z 65 PC: 12c73 | Delete file (Filename = ' G')
2018-12-25T12:27:54.953554367Z 42 PC: 12ae4 | Get date 0x12ae4: mov si, si
0x12ae6: mov dl, dl
0x12ae8: cmp dh, 0xb
0x12aeb: jne 0x12af9
0x12aed: cmp dl, 0x1a
0x12af0: jne 0x12af9
0x12af2: call 0x12c83
0x12af5: mov si, si
0x12af7: mov cx, cx
0x12af9: push cs
0x12afa: pop es
0x12afb: sub ax, 0
0x12afe: mov cx, cx
0x12b00: mov si, 0x143
0x12b03: mov dx, dx
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b18
0x12b0c: sub ah, 0
0x12b0f: mov ah, 0xb9
0x12b11: int 0x21
2018-12-25T12:27:54.955603651Z 185 PC: 12b13 | UNKNOWN!
2018-12-25T12:27:54.957308968Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:27:54.959095661Z 53 PC: 12b73 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:54.960244339Z 37 PC: 12b9a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:54.961407827Z 75 PC: 12c32 | Execute program
2018-12-25T12:27:54.975300434Z 65 PC: 134d3 | Delete file (Filename = ' G')
2018-12-25T12:27:54.987807437Z 42 PC: 13344 | Get date 0x13344: mov si, si
0x13346: mov dl, dl
0x13348: cmp dh, 0xb
0x1334b: jne 0x13359
0x1334d: cmp dl, 0x1a
0x13350: jne 0x13359
0x13352: call 0x134e3
0x13355: mov si, si
0x13357: mov cx, cx
0x13359: push cs
0x1335a: pop es
0x1335b: sub ax, 0
0x1335e: mov cx, cx
0x13360: mov si, 0x143
0x13363: mov dx, dx
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13378
0x1336c: sub ah, 0
0x1336f: mov ah, 0xb9
0x13371: int 0x21
2018-12-25T12:27:54.990276227Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:27:54.993150731Z 73 PC: 12c49 | Release memory
2018-12-25T12:27:54.995263844Z 49 PC: 12c62 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":26,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10406,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:55.640147288Z 65 PC: 12c73 | Delete file (Filename = ' G')
2018-12-25T12:27:55.644285887Z 42 PC: 12ae4 | Get date 0x12ae4: mov si, si
0x12ae6: mov dl, dl
0x12ae8: cmp dh, 0xb
0x12aeb: jne 0x12af9
0x12aed: cmp dl, 0x1a
0x12af0: jne 0x12af9
0x12af2: call 0x12c83
0x12af5: mov si, si
0x12af7: mov cx, cx
0x12af9: push cs
0x12afa: pop es
0x12afb: sub ax, 0
0x12afe: mov cx, cx
0x12b00: mov si, 0x143
0x12b03: mov dx, dx
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b18
0x12b0c: sub ah, 0
0x12b0f: mov ah, 0xb9
0x12b11: int 0x21
2018-12-25T12:27:56.323900892Z 185 PC: 12b13 | UNKNOWN!
2018-12-25T12:27:56.325606721Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:27:56.328051Z 53 PC: 12b73 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:56.329554971Z 37 PC: 12b9a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:56.331052019Z 75 PC: 12c32 | Execute program
2018-12-25T12:27:56.345130893Z 65 PC: 134d3 | Delete file (Filename = ' G')
2018-12-25T12:27:56.351476886Z 42 PC: 13344 | Get date 0x13344: mov si, si
0x13346: mov dl, dl
0x13348: cmp dh, 0xb
0x1334b: jne 0x13359
0x1334d: cmp dl, 0x1a
0x13350: jne 0x13359
0x13352: call 0x134e3
0x13355: mov si, si
0x13357: mov cx, cx
0x13359: push cs
0x1335a: pop es
0x1335b: sub ax, 0
0x1335e: mov cx, cx
0x13360: mov si, 0x143
0x13363: mov dx, dx
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13378
0x1336c: sub ah, 0
0x1336f: mov ah, 0xb9
0x13371: int 0x21
2018-12-25T12:27:57.302790442Z 76 PC: 132a4 | Terminate with return code (Return code = '32')
2018-12-25T12:27:57.305880027Z 73 PC: 12c49 | Release memory
2018-12-25T12:27:57.307303264Z 49 PC: 12c62 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10406,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:55.923510289Z 65 PC: 12c73 | Delete file (Filename = ' G')
2018-12-25T12:27:55.929002993Z 42 PC: 12ae4 | Get date 0x12ae4: mov si, si
0x12ae6: mov dl, dl
0x12ae8: cmp dh, 0xb
0x12aeb: jne 0x12af9
0x12aed: cmp dl, 0x1a
0x12af0: jne 0x12af9
0x12af2: call 0x12c83
0x12af5: mov si, si
0x12af7: mov cx, cx
0x12af9: push cs
0x12afa: pop es
0x12afb: sub ax, 0
0x12afe: mov cx, cx
0x12b00: mov si, 0x143
0x12b03: mov dx, dx
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b18
0x12b0c: sub ah, 0
0x12b0f: mov ah, 0xb9
0x12b11: int 0x21
2018-12-25T12:27:55.932118978Z 185 PC: 12b13 | UNKNOWN!
2018-12-25T12:27:55.93429297Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:27:55.936780946Z 53 PC: 12b73 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:55.938843772Z 37 PC: 12b9a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:55.940578511Z 75 PC: 12c32 | Execute program
2018-12-25T12:27:55.965802445Z 65 PC: 134d3 | Delete file (Filename = ' G')
2018-12-25T12:27:55.971816227Z 42 PC: 13344 | Get date 0x13344: mov si, si
0x13346: mov dl, dl
0x13348: cmp dh, 0xb
0x1334b: jne 0x13359
0x1334d: cmp dl, 0x1a
0x13350: jne 0x13359
0x13352: call 0x134e3
0x13355: mov si, si
0x13357: mov cx, cx
0x13359: push cs
0x1335a: pop es
0x1335b: sub ax, 0
0x1335e: mov cx, cx
0x13360: mov si, 0x143
0x13363: mov dx, dx
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13378
0x1336c: sub ah, 0
0x1336f: mov ah, 0xb9
0x13371: int 0x21
2018-12-25T12:27:55.974225956Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:27:55.97786759Z 73 PC: 12c49 | Release memory
2018-12-25T12:27:55.979428875Z 49 PC: 12c62 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10406,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:55.976245054Z 65 PC: 12c73 | Delete file (Filename = ' G')
2018-12-25T12:27:55.981605406Z 42 PC: 12ae4 | Get date 0x12ae4: mov si, si
0x12ae6: mov dl, dl
0x12ae8: cmp dh, 0xb
0x12aeb: jne 0x12af9
0x12aed: cmp dl, 0x1a
0x12af0: jne 0x12af9
0x12af2: call 0x12c83
0x12af5: mov si, si
0x12af7: mov cx, cx
0x12af9: push cs
0x12afa: pop es
0x12afb: sub ax, 0
0x12afe: mov cx, cx
0x12b00: mov si, 0x143
0x12b03: mov dx, dx
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b18
0x12b0c: sub ah, 0
0x12b0f: mov ah, 0xb9
0x12b11: int 0x21
2018-12-25T12:27:55.983619678Z 185 PC: 12b13 | UNKNOWN!
2018-12-25T12:27:55.984860805Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:27:55.986358538Z 53 PC: 12b73 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:55.987636411Z 37 PC: 12b9a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:55.988686735Z 75 PC: 12c32 | Execute program
2018-12-25T12:27:56.000009346Z 65 PC: 134d3 | Delete file (Filename = ' G')
2018-12-25T12:27:56.00935358Z 42 PC: 13344 | Get date 0x13344: mov si, si
0x13346: mov dl, dl
0x13348: cmp dh, 0xb
0x1334b: jne 0x13359
0x1334d: cmp dl, 0x1a
0x13350: jne 0x13359
0x13352: call 0x134e3
0x13355: mov si, si
0x13357: mov cx, cx
0x13359: push cs
0x1335a: pop es
0x1335b: sub ax, 0
0x1335e: mov cx, cx
0x13360: mov si, 0x143
0x13363: mov dx, dx
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13378
0x1336c: sub ah, 0
0x1336f: mov ah, 0xb9
0x13371: int 0x21
2018-12-25T12:27:56.011307431Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:27:56.013987183Z 73 PC: 12c49 | Release memory
2018-12-25T12:27:56.016190206Z 49 PC: 12c62 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":26,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10406,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:56.765192365Z 65 PC: 12c73 | Delete file (Filename = ' G')
2018-12-25T12:27:56.771865127Z 42 PC: 12ae4 | Get date 0x12ae4: mov si, si
0x12ae6: mov dl, dl
0x12ae8: cmp dh, 0xb
0x12aeb: jne 0x12af9
0x12aed: cmp dl, 0x1a
0x12af0: jne 0x12af9
0x12af2: call 0x12c83
0x12af5: mov si, si
0x12af7: mov cx, cx
0x12af9: push cs
0x12afa: pop es
0x12afb: sub ax, 0
0x12afe: mov cx, cx
0x12b00: mov si, 0x143
0x12b03: mov dx, dx
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b18
0x12b0c: sub ah, 0
0x12b0f: mov ah, 0xb9
0x12b11: int 0x21
2018-12-25T12:27:57.572851471Z 185 PC: 12b13 | UNKNOWN!
2018-12-25T12:27:57.573910444Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:27:57.575158307Z 53 PC: 12b73 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:57.576325516Z 37 PC: 12b9a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:57.577360086Z 75 PC: 12c32 | Execute program
2018-12-25T12:27:57.590924336Z 65 PC: 134d3 | Delete file (Filename = ' G')
2018-12-25T12:27:57.597243186Z 42 PC: 13344 | Get date 0x13344: mov si, si
0x13346: mov dl, dl
0x13348: cmp dh, 0xb
0x1334b: jne 0x13359
0x1334d: cmp dl, 0x1a
0x13350: jne 0x13359
0x13352: call 0x134e3
0x13355: mov si, si
0x13357: mov cx, cx
0x13359: push cs
0x1335a: pop es
0x1335b: sub ax, 0
0x1335e: mov cx, cx
0x13360: mov si, 0x143
0x13363: mov dx, dx
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13378
0x1336c: sub ah, 0
0x1336f: mov ah, 0xb9
0x13371: int 0x21
2018-12-25T12:27:58.710749648Z 76 PC: 132a4 | Terminate with return code (Return code = '32')
2018-12-25T12:27:58.713984969Z 73 PC: 12c49 | Release memory
2018-12-25T12:27:58.715954372Z 49 PC: 12c62 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":26,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10406,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:56.818096512Z 65 PC: 12c73 | Delete file (Filename = ' G')
2018-12-25T12:27:56.825904073Z 42 PC: 12ae4 | Get date 0x12ae4: mov si, si
0x12ae6: mov dl, dl
0x12ae8: cmp dh, 0xb
0x12aeb: jne 0x12af9
0x12aed: cmp dl, 0x1a
0x12af0: jne 0x12af9
0x12af2: call 0x12c83
0x12af5: mov si, si
0x12af7: mov cx, cx
0x12af9: push cs
0x12afa: pop es
0x12afb: sub ax, 0
0x12afe: mov cx, cx
0x12b00: mov si, 0x143
0x12b03: mov dx, dx
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b18
0x12b0c: sub ah, 0
0x12b0f: mov ah, 0xb9
0x12b11: int 0x21
2018-12-25T12:27:57.754262943Z 185 PC: 12b13 | UNKNOWN!
2018-12-25T12:27:57.75524061Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:27:57.756865153Z 53 PC: 12b73 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:57.758092374Z 37 PC: 12b9a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:57.759105925Z 75 PC: 12c32 | Execute program
2018-12-25T12:27:57.767871542Z 65 PC: 134d3 | Delete file (Filename = ' G')
2018-12-25T12:27:57.772055949Z 42 PC: 13344 | Get date 0x13344: mov si, si
0x13346: mov dl, dl
0x13348: cmp dh, 0xb
0x1334b: jne 0x13359
0x1334d: cmp dl, 0x1a
0x13350: jne 0x13359
0x13352: call 0x134e3
0x13355: mov si, si
0x13357: mov cx, cx
0x13359: push cs
0x1335a: pop es
0x1335b: sub ax, 0
0x1335e: mov cx, cx
0x13360: mov si, 0x143
0x13363: mov dx, dx
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13378
0x1336c: sub ah, 0
0x1336f: mov ah, 0xb9
0x13371: int 0x21
2018-12-25T12:27:58.611954493Z 76 PC: 132a4 | Terminate with return code (Return code = '32')
2018-12-25T12:27:58.614144601Z 73 PC: 12c49 | Release memory
2018-12-25T12:27:58.615774432Z 49 PC: 12c62 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10406,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:57.200890534Z 65 PC: 12c73 | Delete file (Filename = ' G')
2018-12-25T12:27:57.206940256Z 42 PC: 12ae4 | Get date 0x12ae4: mov si, si
0x12ae6: mov dl, dl
0x12ae8: cmp dh, 0xb
0x12aeb: jne 0x12af9
0x12aed: cmp dl, 0x1a
0x12af0: jne 0x12af9
0x12af2: call 0x12c83
0x12af5: mov si, si
0x12af7: mov cx, cx
0x12af9: push cs
0x12afa: pop es
0x12afb: sub ax, 0
0x12afe: mov cx, cx
0x12b00: mov si, 0x143
0x12b03: mov dx, dx
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b18
0x12b0c: sub ah, 0
0x12b0f: mov ah, 0xb9
0x12b11: int 0x21
2018-12-25T12:27:57.208974086Z 185 PC: 12b13 | UNKNOWN!
2018-12-25T12:27:57.210101736Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:27:57.212183086Z 53 PC: 12b73 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:57.213561451Z 37 PC: 12b9a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:57.214939865Z 75 PC: 12c32 | Execute program
2018-12-25T12:27:57.228929161Z 65 PC: 134d3 | Delete file (Filename = ' G')
2018-12-25T12:27:57.23980044Z 42 PC: 13344 | Get date 0x13344: mov si, si
0x13346: mov dl, dl
0x13348: cmp dh, 0xb
0x1334b: jne 0x13359
0x1334d: cmp dl, 0x1a
0x13350: jne 0x13359
0x13352: call 0x134e3
0x13355: mov si, si
0x13357: mov cx, cx
0x13359: push cs
0x1335a: pop es
0x1335b: sub ax, 0
0x1335e: mov cx, cx
0x13360: mov si, 0x143
0x13363: mov dx, dx
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13378
0x1336c: sub ah, 0
0x1336f: mov ah, 0xb9
0x13371: int 0x21
2018-12-25T12:27:57.241791434Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:27:57.245280705Z 73 PC: 12c49 | Release memory
2018-12-25T12:27:57.259286205Z 49 PC: 12c62 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10406,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:57.484644641Z 65 PC: 12c73 | Delete file (Filename = ' G')
2018-12-25T12:27:57.491151715Z 42 PC: 12ae4 | Get date 0x12ae4: mov si, si
0x12ae6: mov dl, dl
0x12ae8: cmp dh, 0xb
0x12aeb: jne 0x12af9
0x12aed: cmp dl, 0x1a
0x12af0: jne 0x12af9
0x12af2: call 0x12c83
0x12af5: mov si, si
0x12af7: mov cx, cx
0x12af9: push cs
0x12afa: pop es
0x12afb: sub ax, 0
0x12afe: mov cx, cx
0x12b00: mov si, 0x143
0x12b03: mov dx, dx
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b18
0x12b0c: sub ah, 0
0x12b0f: mov ah, 0xb9
0x12b11: int 0x21
2018-12-25T12:27:57.4931971Z 185 PC: 12b13 | UNKNOWN!
2018-12-25T12:27:57.494479551Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:27:57.496120917Z 53 PC: 12b73 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:57.497174117Z 37 PC: 12b9a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:57.498191941Z 75 PC: 12c32 | Execute program
2018-12-25T12:27:57.512297739Z 65 PC: 134d3 | Delete file (Filename = ' G')
2018-12-25T12:27:57.518181844Z 42 PC: 13344 | Get date 0x13344: mov si, si
0x13346: mov dl, dl
0x13348: cmp dh, 0xb
0x1334b: jne 0x13359
0x1334d: cmp dl, 0x1a
0x13350: jne 0x13359
0x13352: call 0x134e3
0x13355: mov si, si
0x13357: mov cx, cx
0x13359: push cs
0x1335a: pop es
0x1335b: sub ax, 0
0x1335e: mov cx, cx
0x13360: mov si, 0x143
0x13363: mov dx, dx
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13378
0x1336c: sub ah, 0
0x1336f: mov ah, 0xb9
0x13371: int 0x21
2018-12-25T12:27:57.521032945Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:27:57.523805198Z 73 PC: 12c49 | Release memory
2018-12-25T12:27:57.525141689Z 49 PC: 12c62 | Terminate and stay resident (Return code = '1' | Memory size = '128')