Sample viewer

vx.netlux.org/Virus.DOS.Yankee.2541

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:59:51.227761896Z 192 PC: 133cd | UNKNOWN!
2018-12-17T21:59:51.229377427Z 48 PC: 133d7 | Get DOS version
2018-12-17T21:59:51.230716147Z 74 PC: 1340a | Reallocate memory
2018-12-17T21:59:51.232858351Z 72 PC: 13413 | Allocate memory
2018-12-17T21:59:51.23532954Z 42 PC: 9f725 | Get date 0x9f725: cmp al, 0
0x9f727: jne 0x9f734
0x9f729: mov al, 0x1c
0x9f72b: mov dx, 0x8da
0x9f72e: mov di, 0x201
0x9f731: call 0xaf14c
0x9f734: pop ds
0x9f735: pop es
0x9f736: pop dx
0x9f737: pop cx
0x9f738: pop bx
0x9f739: pop ax
0x9f73a: mov sp, word ptr cs:[0x215]
0x9f73f: mov ss, word ptr cs:[0x213]
0x9f744: ljmp ptr cs:[0x217]
0x9f749: popaw
0x9f74a: and ax, word ptr fs:[eax]
0x9f74e: add byte ptr [bx + si], al
0x9f750: add byte ptr [bx + si], al
0x9f752: add byte ptr [bx + si], al
2018-12-17T21:59:51.237772744Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-17T21:59:51.241987989Z 76 PC: 12a86 | Terminate with return code (Return code = '36')
2018-12-17T21:59:51.246745382Z 77 PC: 11fe0 | Get program return code
2018-12-17T21:59:51.252827659Z 72 PC: 12174 | Allocate memory
2018-12-17T21:59:51.254746428Z 72 PC: 1218d | Allocate memory
2018-12-17T21:59:51.257067174Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T21:59:51.259298509Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T21:59:51.260767841Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:51.262344941Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.264193289Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.265723237Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.26648881Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.26876707Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.270169366Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.271956319Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.273438312Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.275260367Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.276085681Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.278939944Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.280088843Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.282191247Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.291273248Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.293011135Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.294078655Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.301490142Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.303084163Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.304699002Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.305689495Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.307771095Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.308549929Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.310387909Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.311415632Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.312931307Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.314004365Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.31667259Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.317524378Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.319329072Z 98 PC: 9f111 | Get current PSP
2018-12-17T21:59:51.320720569Z 62 PC: 122ab | Close file
2018-12-17T21:59:51.323618631Z 99 PC: 99627 | Get DBCS lead byte table pointer
2018-12-17T21:59:51.325054015Z 56 PC: 93e49 | Get or set country info
2018-12-17T21:59:51.327508902Z 64 PC: 99898 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T21:59:51.331841102Z 25 PC: 93eb2 | Get default drive
2018-12-17T21:59:51.333804193Z 71 PC: 9612d | Get current directory
2018-12-17T21:59:51.338116618Z 64 PC: 99898 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T21:59:51.342530288Z 2 PC: 96102 | Character output (Char = '3e')
2018-12-17T21:59:51.345303708Z 93 PC: 93f70 | File sharing functions
2018-12-17T21:59:51.352919946Z 93 PC: 93f77 | File sharing functions
2018-12-17T21:59:51.355162966Z 10 PC: 93f89 | Buffered keyboard input
2018-12-17T22:00:06.220118546Z 0 PC: 0 | Program terminate
2018-12-17T22:00:07.574067054Z 0 PC: 0 | Program terminate
2018-12-17T22:00:07.677366505Z 64 PC: 99898 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:00:07.683073196Z 41 PC: 93ffe | Parse filename
2018-12-17T22:00:07.684828782Z 41 PC: 9407f | Parse filename
2018-12-17T22:00:07.687046535Z 41 PC: 9409c | Parse filename
2018-12-17T22:00:07.690535134Z 26 PC: 97547 | Set disk transfer address
2018-12-17T22:00:07.693184872Z 71 PC: 97743 | Get current directory
2018-12-17T22:00:07.701995635Z 78 PC: 9f2a6 | Find first file
2018-12-17T22:00:07.711707822Z 47 PC: 9f2d0 | Get disk transfer address
2018-12-17T22:00:07.713365803Z 47 PC: 9f33a | Get disk transfer address
2018-12-17T22:00:07.715111541Z 61 PC: 9eea6 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:00:07.723443054Z 66 PC: 9eeb6 | Move file pointer
2018-12-17T22:00:07.725327464Z 66 PC: 9eec6 | Move file pointer
2018-12-17T22:00:07.726778482Z 63 PC: 9eed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:00:07.734272895Z 62 PC: 9ef12 | Close file
2018-12-17T22:00:07.736453853Z 71 PC: 975bc | Get current directory
2018-12-17T22:00:07.739492888Z 73 PC: 96c59 | Release memory
2018-12-17T22:00:07.741537159Z 61 PC: 9f382 | Open file (Filename = 'A:\PRINT.COM')
2018-12-17T22:00:07.748544626Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.749795991Z 82 PC: 9f128 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:00:07.752348798Z 66 PC: 9f413 | Move file pointer
2018-12-17T22:00:07.753996352Z 63 PC: 9f421 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:00:07.756925399Z 54 PC: 9f463 | Get free disk space
2018-12-17T22:00:07.768091854Z 66 PC: 9eeb6 | Move file pointer
2018-12-17T22:00:07.770241661Z 66 PC: 9eec6 | Move file pointer
2018-12-17T22:00:07.772304838Z 63 PC: 9eed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:00:07.7789477Z 66 PC: 9f06c | Move file pointer
2018-12-17T22:00:07.780943753Z 63 PC: 9f079 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:00:07.783582833Z 66 PC: 9f49d | Move file pointer
2018-12-17T22:00:07.784872246Z 63 PC: 9ef4f | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:00:07.78815351Z 66 PC: 9ef7b | Move file pointer
2018-12-17T22:00:07.789716822Z 64 PC: 9ef87 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:00:07.792576957Z 44 PC: 9f4c0 | Get time 0x9f4c0: xor dl, dh
0x9f4c2: mov byte ptr [0xaec], dl
0x9f4c6: call 0xaef2a
0x9f4c9: mov ax, 0x4202
0x9f4cc: xor dx, dx
0x9f4ce: xor cx, cx
0x9f4d0: pushf
0x9f4d1: lcall ptr cs:[0x1ed]
0x9f4d6: mov ah, 0x40
0x9f4d8: mov cx, word ptr [0x105]
0x9f4dc: mov dx, 0x100
0x9f4df: pushf
0x9f4e0: lcall ptr cs:[0x1ed]
0x9f4e5: jb 0x9f4f8
0x9f4e7: pop si
0x9f4e8: pop es
0x9f4e9: pop dx
0x9f4ea: pop cx
0x9f4eb: mov ax, 0x5701
0x9f4ee: pushf
2018-12-17T22:00:07.795954866Z 66 PC: 9f4d6 | Move file pointer
2018-12-17T22:00:07.797706724Z 64 PC: 9f4e5 | Write file or device (Write 2541 bytes on handle 5)
2018-12-17T22:00:07.812430092Z 87 PC: 9f4f4 | Get or set file date and time
2018-12-17T22:00:07.814449252Z 104 PC: 9f500 | Commit file
2018-12-17T22:00:07.822706145Z 62 PC: 9f38a | Close file
2018-12-17T22:00:07.829587101Z 75 PC: 11821 | Execute program
2018-12-17T22:00:07.845775129Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-17T22:00:07.85046211Z 76 PC: 12a4b | Terminate with return code (Return code = '36')
2018-12-17T22:00:07.853865523Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:00:07.855712817Z 72 PC: 12174 | Allocate memory
2018-12-17T22:00:07.858543769Z 72 PC: 1218d | Allocate memory
2018-12-17T22:00:07.860488621Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:00:07.861945247Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:00:07.86440134Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:00:07.865944554Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.867028791Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.869787063Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.870935881Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.872777429Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.874759616Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.876621589Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.877794244Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.880716559Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.88198805Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.883881907Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.886388961Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.888309857Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.889471661Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.892085847Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.892996795Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.894545928Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.89629511Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.897896888Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.898771626Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.900814556Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.901709984Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.903272284Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.904582214Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.906091838Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.906951268Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.908995775Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.909862157Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.911375726Z 98 PC: 9f111 | Get current PSP
2018-12-17T22:00:07.912732784Z 62 PC: 122ab | Close file
2018-12-17T22:00:07.91558188Z 99 PC: 99627 | Get DBCS lead byte table pointer
2018-12-17T22:00:07.916892552Z 56 PC: 93e49 | Get or set country info
2018-12-17T22:00:07.919318427Z 64 PC: 99898 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:00:07.924530841Z 25 PC: 93eb2 | Get default drive
2018-12-17T22:00:07.92605048Z 71 PC: 9612d | Get current directory
2018-12-17T22:00:07.930330102Z 64 PC: 99898 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:00:07.933942382Z 2 PC: 96102 | Character output (Char = '3e')
2018-12-17T22:00:07.936527132Z 93 PC: 93f70 | File sharing functions
2018-12-17T22:00:07.943379955Z 93 PC: 93f77 | File sharing functions
2018-12-17T22:00:07.945073363Z 10 PC: 93f89 | Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1091,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:43.929737659Z 192 PC: 133cd | UNKNOWN!
2018-12-25T11:42:43.931325858Z 48 PC: 133d7 | Get DOS version
2018-12-25T11:42:43.93245711Z 74 PC: 1340a | Reallocate memory
2018-12-25T11:42:43.933749653Z 72 PC: 13413 | Allocate memory
2018-12-25T11:42:43.936636115Z 42 PC: 9f725 | Get date 0x9f725: cmp al, 0
0x9f727: jne 0x9f734
0x9f729: mov al, 0x1c
0x9f72b: mov dx, 0x8da
0x9f72e: mov di, 0x201
0x9f731: call 0xaf14c
0x9f734: pop ds
0x9f735: pop es
0x9f736: pop dx
0x9f737: pop cx
0x9f738: pop bx
0x9f739: pop ax
0x9f73a: mov sp, word ptr cs:[0x215]
0x9f73f: mov ss, word ptr cs:[0x213]
0x9f744: ljmp ptr cs:[0x217]
0x9f749: popaw
0x9f74a: and ax, word ptr fs:[eax]
0x9f74e: add byte ptr [bx + si], al
0x9f750: add byte ptr [bx + si], al
0x9f752: add byte ptr [bx + si], al
2018-12-25T11:42:43.938878134Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T11:42:43.944158346Z 76 PC: 12a86 | Terminate with return code (Return code = '36')
2018-12-25T11:42:43.948039177Z 77 PC: 11fe0 | Get program return code
2018-12-25T11:42:43.949443817Z 72 PC: 12174 | Allocate memory
2018-12-25T11:42:43.951205243Z 72 PC: 1218d | Allocate memory
2018-12-25T11:42:43.953415819Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:42:43.961115781Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:42:43.962175592Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:43.963340396Z 98 PC: 9f111 | Get current PSP
2018-12-25T11:42:43.964839243Z 62 PC: 122ab | Close file
2018-12-25T11:42:43.96708176Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:43.968439048Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:43.971074177Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:43.972890113Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:43.975208365Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:43.97666189Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:43.97966135Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:43.980645435Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:43.982329053Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:43.983534126Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:43.985421134Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:43.986345563Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:43.988468994Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:43.989855927Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:43.99174908Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:43.992875254Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:43.995358073Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:43.996531718Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:43.998433103Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:44.000550328Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:44.002411308Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:44.003589984Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:44.00699337Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:44.008051169Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:44.009702661Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:44.011841006Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:44.013408657Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:44.014298351Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:44.017965625Z 99 PC: 99627 | Get DBCS lead byte table pointer
2018-12-25T11:42:44.020150538Z 56 PC: 93e49 | Get or set country info
2018-12-25T11:42:44.022553316Z 64 PC: 99898 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:42:44.039392149Z 25 PC: 93eb2 | Get default drive
2018-12-25T11:42:44.041056418Z 71 PC: 9612d | Get current directory
2018-12-25T11:42:44.044827555Z 64 PC: 99898 | Write file or device (See above)
2018-12-25T11:42:44.048414288Z 2 PC: 96102 | Character output (Char = '3e')
2018-12-25T11:42:44.050492207Z 93 PC: 93f70 | File sharing functions
2018-12-25T11:42:44.052013483Z 93 PC: 93f77 | File sharing functions
2018-12-25T11:42:44.054105318Z 10 PC: 93f89 | Buffered keyboard input
2018-12-25T11:42:58.913840894Z 0 PC: 0 | Program terminate
2018-12-25T11:43:00.267219935Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:43:00.369340931Z 64 PC: 99898 | Write file or device (See above)
2018-12-25T11:43:00.374753718Z 41 PC: 93ffe | Parse filename
2018-12-25T11:43:00.377340357Z 41 PC: 9407f | Parse filename
2018-12-25T11:43:00.378678615Z 41 PC: 9409c | Parse filename
2018-12-25T11:43:00.38174246Z 26 PC: 97547 | Set disk transfer address
2018-12-25T11:43:00.383856942Z 71 PC: 97743 | Get current directory
2018-12-25T11:43:00.391436297Z 78 PC: 9f2a6 | Find first file
2018-12-25T11:43:00.400308157Z 47 PC: 9f2d0 | Get disk transfer address
2018-12-25T11:43:00.402725909Z 47 PC: 9f33a | Get disk transfer address
2018-12-25T11:43:00.403827364Z 61 PC: 9eea6 | Open file (Filename = 'PRINT.COM')
2018-12-25T11:43:00.409994955Z 66 PC: 9eeb6 | Move file pointer
2018-12-25T11:43:00.41184773Z 66 PC: 9eec6 | Move file pointer
2018-12-25T11:43:00.413200426Z 63 PC: 9eed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:00.420741624Z 62 PC: 9ef12 | Close file
2018-12-25T11:43:00.423698544Z 71 PC: 975bc | Get current directory
2018-12-25T11:43:00.427004886Z 73 PC: 96c59 | Release memory
2018-12-25T11:43:00.428607271Z 61 PC: 9f382 | Open file (Filename = 'A:\PRINT.COM')
2018-12-25T11:43:00.43589028Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:00.436789712Z 82 PC: 9f128 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:43:00.438119954Z 66 PC: 9f413 | Move file pointer
2018-12-25T11:43:00.44043282Z 63 PC: 9f421 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:43:00.442866344Z 54 PC: 9f463 | Get free disk space
2018-12-25T11:43:00.451472717Z 66 PC: 9eeb6 | Move file pointer (See above)
2018-12-25T11:43:00.453590923Z 66 PC: 9eec6 | Move file pointer (See above)
2018-12-25T11:43:00.454736506Z 63 PC: 9eed5 | Read file or device (See above)
2018-12-25T11:43:00.457300892Z 66 PC: 9f06c | Move file pointer
2018-12-25T11:43:00.459013851Z 63 PC: 9f079 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:43:00.461666284Z 66 PC: 9f49d | Move file pointer
2018-12-25T11:43:00.463201369Z 63 PC: 9ef4f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:00.466372639Z 66 PC: 9ef7b | Move file pointer
2018-12-25T11:43:00.467635127Z 64 PC: 9ef87 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:00.470437416Z 44 PC: 9f4c0 | Get time 0x9f4c0: xor dl, dh
0x9f4c2: mov byte ptr [0xaec], dl
0x9f4c6: call 0xaef2a
0x9f4c9: mov ax, 0x4202
0x9f4cc: xor dx, dx
0x9f4ce: xor cx, cx
0x9f4d0: pushf
0x9f4d1: lcall ptr cs:[0x1ed]
0x9f4d6: mov ah, 0x40
0x9f4d8: mov cx, word ptr [0x105]
0x9f4dc: mov dx, 0x100
0x9f4df: pushf
0x9f4e0: lcall ptr cs:[0x1ed]
0x9f4e5: jb 0x9f4f8
0x9f4e7: pop si
0x9f4e8: pop es
0x9f4e9: pop dx
0x9f4ea: pop cx
0x9f4eb: mov ax, 0x5701
0x9f4ee: pushf
2018-12-25T11:43:00.473266327Z 66 PC: 9f4d6 | Move file pointer
2018-12-25T11:43:00.474501811Z 64 PC: 9f4e5 | Write file or device (Write 2541 bytes on handle 5)
2018-12-25T11:43:01.170452462Z 87 PC: 9f4f4 | Get or set file date and time
2018-12-25T11:43:01.178283201Z 104 PC: 9f500 | Commit file
2018-12-25T11:43:01.187281164Z 62 PC: 9f38a | Close file
2018-12-25T11:43:01.193481116Z 75 PC: 11821 | Execute program
2018-12-25T11:43:01.211156151Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T11:43:01.215175329Z 76 PC: 12a4b | Terminate with return code (Return code = '36')
2018-12-25T11:43:01.218126097Z 77 PC: 11fe0 | Get program return code (See above)
2018-12-25T11:43:01.219792935Z 72 PC: 12174 | Allocate memory (See above)
2018-12-25T11:43:01.221647595Z 72 PC: 1218d | Allocate memory (See above)
2018-12-25T11:43:01.223261631Z 37 PC: 123c4 | Set interrupt vector (See above)
2018-12-25T11:43:01.22487061Z 37 PC: 123cb | Set interrupt vector (See above)
2018-12-25T11:43:01.225940182Z 37 PC: 123d2 | Set interrupt vector (See above)
2018-12-25T11:43:01.22731004Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.229451311Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.231375393Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.232509475Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.235409002Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.236562483Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.238428866Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.240405625Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.242612242Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.243748356Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.246182651Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.247077279Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.248619378Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.250207774Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.251782221Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.252609072Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.254911488Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.255818317Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.258046909Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.259053178Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.261315093Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.262125754Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.2637373Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.265410929Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.267037129Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.267930842Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.270529253Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.271415812Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.27300358Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:01.27481809Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:01.279083314Z 99 PC: 99627 | Get DBCS lead byte table pointer (See above)
2018-12-25T11:43:01.28058773Z 56 PC: 93e49 | Get or set country info (See above)
2018-12-25T11:43:01.283236937Z 64 PC: 99898 | Write file or device (See above)
2018-12-25T11:43:01.287977858Z 25 PC: 93eb2 | Get default drive (See above)
2018-12-25T11:43:01.289859276Z 71 PC: 9612d | Get current directory (See above)
2018-12-25T11:43:01.295116492Z 64 PC: 99898 | Write file or device (See above)
2018-12-25T11:43:01.298594282Z 2 PC: 96102 | Character output (See above)
2018-12-25T11:43:01.304618053Z 93 PC: 93f70 | File sharing functions (See above)
2018-12-25T11:43:01.307459878Z 93 PC: 93f77 | File sharing functions (See above)
2018-12-25T11:43:01.309917564Z 10 PC: 93f89 | Buffered keyboard input (See above)

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1091,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:47.181427656Z 192 PC: 133cd | UNKNOWN!
2018-12-25T11:42:47.18338903Z 48 PC: 133d7 | Get DOS version
2018-12-25T11:42:47.185009267Z 74 PC: 1340a | Reallocate memory
2018-12-25T11:42:47.187267265Z 72 PC: 13413 | Allocate memory
2018-12-25T11:42:47.190379981Z 42 PC: 9f725 | Get date 0x9f725: cmp al, 0
0x9f727: jne 0x9f734
0x9f729: mov al, 0x1c
0x9f72b: mov dx, 0x8da
0x9f72e: mov di, 0x201
0x9f731: call 0xaf14c
0x9f734: pop ds
0x9f735: pop es
0x9f736: pop dx
0x9f737: pop cx
0x9f738: pop bx
0x9f739: pop ax
0x9f73a: mov sp, word ptr cs:[0x215]
0x9f73f: mov ss, word ptr cs:[0x213]
0x9f744: ljmp ptr cs:[0x217]
0x9f749: popaw
0x9f74a: and ax, word ptr fs:[eax]
0x9f74e: add byte ptr [bx + si], al
0x9f750: add byte ptr [bx + si], al
0x9f752: add byte ptr [bx + si], al
2018-12-25T11:42:47.192848426Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=00000064h/0000000100d bytes. ')
2018-12-25T11:42:47.201184908Z 76 PC: 12a86 | Terminate with return code (Return code = '36')
2018-12-25T11:42:47.204795314Z 77 PC: 11fe0 | Get program return code
2018-12-25T11:42:47.206123408Z 72 PC: 12174 | Allocate memory
2018-12-25T11:42:47.208017766Z 72 PC: 1218d | Allocate memory
2018-12-25T11:42:47.210398947Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:42:47.219728078Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:42:47.220947757Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:47.222231463Z 98 PC: 9f111 | Get current PSP
2018-12-25T11:42:47.224075954Z 62 PC: 122ab | Close file
2018-12-25T11:42:47.226058581Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.227988872Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.235040716Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.235895542Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.237392553Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.240576858Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.242371326Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.243394266Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.246222583Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.247243136Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.248993583Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.254954243Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.256625094Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.257692748Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.260238807Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.261964649Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.264316466Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.26610794Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.26905362Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.27070413Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.272586507Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.273881696Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.275513744Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.276412931Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.278720819Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.279618273Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.281201376Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:42:47.282680966Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:42:47.286596805Z 99 PC: 99627 | Get DBCS lead byte table pointer
2018-12-25T11:42:47.287888029Z 56 PC: 93e49 | Get or set country info
2018-12-25T11:42:47.290556479Z 64 PC: 99898 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:42:47.295273368Z 25 PC: 93eb2 | Get default drive
2018-12-25T11:42:47.297233083Z 71 PC: 9612d | Get current directory
2018-12-25T11:42:47.302798424Z 64 PC: 99898 | Write file or device (See above)
2018-12-25T11:42:47.306585902Z 2 PC: 96102 | Character output (Char = '3e')
2018-12-25T11:42:47.309064281Z 93 PC: 93f70 | File sharing functions
2018-12-25T11:42:47.311752165Z 93 PC: 93f77 | File sharing functions
2018-12-25T11:42:47.313565598Z 10 PC: 93f89 | Buffered keyboard input
2018-12-25T11:43:02.173282916Z 0 PC: 0 | Program terminate
2018-12-25T11:43:03.530312465Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:43:03.63244583Z 64 PC: 99898 | Write file or device (See above)
2018-12-25T11:43:03.639407054Z 41 PC: 93ffe | Parse filename
2018-12-25T11:43:03.64119843Z 41 PC: 9407f | Parse filename
2018-12-25T11:43:03.642547084Z 41 PC: 9409c | Parse filename
2018-12-25T11:43:03.646314522Z 26 PC: 97547 | Set disk transfer address
2018-12-25T11:43:03.647823816Z 71 PC: 97743 | Get current directory
2018-12-25T11:43:03.655224052Z 78 PC: 9f2a6 | Find first file
2018-12-25T11:43:03.664330563Z 47 PC: 9f2d0 | Get disk transfer address
2018-12-25T11:43:03.665775002Z 47 PC: 9f33a | Get disk transfer address
2018-12-25T11:43:03.666894069Z 61 PC: 9eea6 | Open file (Filename = 'PRINT.COM')
2018-12-25T11:43:03.674416459Z 66 PC: 9eeb6 | Move file pointer
2018-12-25T11:43:03.675794788Z 66 PC: 9eec6 | Move file pointer
2018-12-25T11:43:03.67717873Z 63 PC: 9eed5 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:03.683885326Z 62 PC: 9ef12 | Close file
2018-12-25T11:43:03.686110063Z 71 PC: 975bc | Get current directory
2018-12-25T11:43:03.689017748Z 73 PC: 96c59 | Release memory
2018-12-25T11:43:03.690628237Z 61 PC: 9f382 | Open file (Filename = 'A:\PRINT.COM')
2018-12-25T11:43:03.697147521Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.697954415Z 82 PC: 9f128 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:43:03.69938824Z 66 PC: 9f413 | Move file pointer
2018-12-25T11:43:03.701295262Z 63 PC: 9f421 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:43:03.703710199Z 54 PC: 9f463 | Get free disk space
2018-12-25T11:43:03.712295829Z 66 PC: 9eeb6 | Move file pointer (See above)
2018-12-25T11:43:03.713742914Z 66 PC: 9eec6 | Move file pointer (See above)
2018-12-25T11:43:03.716208426Z 63 PC: 9eed5 | Read file or device (See above)
2018-12-25T11:43:03.718936451Z 66 PC: 9f06c | Move file pointer
2018-12-25T11:43:03.720478757Z 63 PC: 9f079 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:43:03.722663286Z 66 PC: 9f49d | Move file pointer
2018-12-25T11:43:03.724207598Z 63 PC: 9ef4f | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:03.728684777Z 66 PC: 9ef7b | Move file pointer
2018-12-25T11:43:03.730633429Z 64 PC: 9ef87 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:03.733290488Z 44 PC: 9f4c0 | Get time 0x9f4c0: xor dl, dh
0x9f4c2: mov byte ptr [0xaec], dl
0x9f4c6: call 0xaef2a
0x9f4c9: mov ax, 0x4202
0x9f4cc: xor dx, dx
0x9f4ce: xor cx, cx
0x9f4d0: pushf
0x9f4d1: lcall ptr cs:[0x1ed]
0x9f4d6: mov ah, 0x40
0x9f4d8: mov cx, word ptr [0x105]
0x9f4dc: mov dx, 0x100
0x9f4df: pushf
0x9f4e0: lcall ptr cs:[0x1ed]
0x9f4e5: jb 0x9f4f8
0x9f4e7: pop si
0x9f4e8: pop es
0x9f4e9: pop dx
0x9f4ea: pop cx
0x9f4eb: mov ax, 0x5701
0x9f4ee: pushf
2018-12-25T11:43:03.746851267Z 66 PC: 9f4d6 | Move file pointer
2018-12-25T11:43:03.748814292Z 64 PC: 9f4e5 | Write file or device (Write 2541 bytes on handle 5)
2018-12-25T11:43:03.761157362Z 87 PC: 9f4f4 | Get or set file date and time
2018-12-25T11:43:03.763503145Z 104 PC: 9f500 | Commit file
2018-12-25T11:43:03.771225083Z 62 PC: 9f38a | Close file
2018-12-25T11:43:03.778875909Z 75 PC: 11821 | Execute program
2018-12-25T11:43:03.794600517Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T11:43:03.814904922Z 76 PC: 12a4b | Terminate with return code (Return code = '36')
2018-12-25T11:43:03.819099108Z 77 PC: 11fe0 | Get program return code (See above)
2018-12-25T11:43:03.821077656Z 72 PC: 12174 | Allocate memory (See above)
2018-12-25T11:43:03.822948019Z 72 PC: 1218d | Allocate memory (See above)
2018-12-25T11:43:03.82486076Z 37 PC: 123c4 | Set interrupt vector (See above)
2018-12-25T11:43:03.826924635Z 37 PC: 123cb | Set interrupt vector (See above)
2018-12-25T11:43:03.828355876Z 37 PC: 123d2 | Set interrupt vector (See above)
2018-12-25T11:43:03.829869362Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.831439677Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.833289271Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.834363005Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.836609386Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.837440166Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.838997064Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.840884081Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.842545509Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.84338388Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.847392583Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.848234217Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.850554293Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.852267586Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.853854686Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.854878597Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.858083331Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.859035369Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.860231475Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.861738019Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.866885906Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.868075004Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.870900111Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.871783047Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.873393703Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.875672261Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.877457584Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.878800251Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.881884255Z 98 PC: 9f111 | Get current PSP (See above)
2018-12-25T11:43:03.883310256Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:03.88621639Z 99 PC: 99627 | Get DBCS lead byte table pointer (See above)
2018-12-25T11:43:03.888122267Z 56 PC: 93e49 | Get or set country info (See above)
2018-12-25T11:43:03.890330159Z 64 PC: 99898 | Write file or device (See above)
2018-12-25T11:43:03.895528024Z 25 PC: 93eb2 | Get default drive (See above)
2018-12-25T11:43:03.899405764Z 71 PC: 9612d | Get current directory (See above)
2018-12-25T11:43:03.90356847Z 64 PC: 99898 | Write file or device (See above)
2018-12-25T11:43:03.905834585Z 2 PC: 96102 | Character output (See above)
2018-12-25T11:43:03.908133026Z 93 PC: 93f70 | File sharing functions (See above)
2018-12-25T11:43:03.90934486Z 93 PC: 93f77 | File sharing functions (See above)
2018-12-25T11:43:03.910594475Z 10 PC: 93f89 | Buffered keyboard input (See above)