Sample viewer

vx.netlux.org/Virus.DOS.LAVI.Cough.1579

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:00.8916783Z	9	PC: 12c87 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-17T22:56:00.895060892Z	42	PC: 12ae9 \| Get date 0x12ae9: add bx, 0 0x12aec: cmp dh, 0xb 0x12aef: jne 0x12b02 0x12af1: cmp dl, 0x1d 0x12af4: jne 0x12b02 0x12af6: add dx, 0 0x12af9: mov ah, ah 0x12afb: call 0x12ca3 0x12afe: mov dx, dx 0x12b00: mov ch, ch 0x12b02: mov al, al 0x12b04: add ch, 0 0x12b07: push cs 0x12b08: pop es 0x12b09: mov al, al 0x12b0b: sub dx, 0 0x12b0e: mov si, 0x13c 0x12b11: mov si, si 0x12b13: cmp word ptr [bp + si + 1], 0x414c 0x12b18: jne 0x12b2a
2018-12-17T22:56:00.897978819Z	185	PC: 12b21 \| UNKNOWN!
2018-12-17T22:56:00.899583406Z	74	PC: 12b7f \| Reallocate memory
2018-12-17T22:56:00.901202941Z	53	PC: 12b89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:00.914992152Z	37	PC: 12ba7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:00.916461956Z	75	PC: 12c38 \| Execute program
2018-12-17T22:56:00.933061642Z	9	PC: 134e7 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-17T22:56:00.937638809Z	42	PC: 13349 \| Get date 0x13349: add bx, 0 0x1334c: cmp dh, 0xb 0x1334f: jne 0x13362 0x13351: cmp dl, 0x1d 0x13354: jne 0x13362 0x13356: add dx, 0 0x13359: mov ah, ah 0x1335b: call 0x13503 0x1335e: mov dx, dx 0x13360: mov ch, ch 0x13362: mov al, al 0x13364: add ch, 0 0x13367: push cs 0x13368: pop es 0x13369: mov al, al 0x1336b: sub dx, 0 0x1336e: mov si, 0x13c 0x13371: mov si, si 0x13373: cmp word ptr [bp + si + 1], 0x414c 0x13378: jne 0x1338a
2018-12-17T22:56:00.940770147Z	76	PC: 132a4 \| Terminate with return code (Return code = '1')
2018-12-17T22:56:00.944643732Z	73	PC: 12c60 \| Release memory
2018-12-17T22:56:00.947222902Z	49	PC: 12c76 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12083,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:56.695147975Z	9	PC: 12c87 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:56.698840923Z	42	PC: 12ae9 \| Get date 0x12ae9: add bx, 0 0x12aec: cmp dh, 0xb 0x12aef: jne 0x12b02 0x12af1: cmp dl, 0x1d 0x12af4: jne 0x12b02 0x12af6: add dx, 0 0x12af9: mov ah, ah 0x12afb: call 0x12ca3 0x12afe: mov dx, dx 0x12b00: mov ch, ch 0x12b02: mov al, al 0x12b04: add ch, 0 0x12b07: push cs 0x12b08: pop es 0x12b09: mov al, al 0x12b0b: sub dx, 0 0x12b0e: mov si, 0x13c 0x12b11: mov si, si 0x12b13: cmp word ptr [bp + si + 1], 0x414c 0x12b18: jne 0x12b2a
2018-12-25T12:31:56.701803423Z	185	PC: 12b21 \| UNKNOWN!
2018-12-25T12:31:56.703721038Z	74	PC: 12b7f \| Reallocate memory
2018-12-25T12:31:56.705899471Z	53	PC: 12b89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:56.708219989Z	37	PC: 12ba7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:56.710129104Z	75	PC: 12c38 \| Execute program
2018-12-25T12:31:56.726401345Z	9	PC: 134e7 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:56.731446072Z	42	PC: 13349 \| Get date 0x13349: add bx, 0 0x1334c: cmp dh, 0xb 0x1334f: jne 0x13362 0x13351: cmp dl, 0x1d 0x13354: jne 0x13362 0x13356: add dx, 0 0x13359: mov ah, ah 0x1335b: call 0x13503 0x1335e: mov dx, dx 0x13360: mov ch, ch 0x13362: mov al, al 0x13364: add ch, 0 0x13367: push cs 0x13368: pop es 0x13369: mov al, al 0x1336b: sub dx, 0 0x1336e: mov si, 0x13c 0x13371: mov si, si 0x13373: cmp word ptr [bp + si + 1], 0x414c 0x13378: jne 0x1338a
2018-12-25T12:31:56.735003626Z	76	PC: 132a4 \| Terminate with return code (Return code = '2')
2018-12-25T12:31:56.738557779Z	73	PC: 12c60 \| Release memory
2018-12-25T12:31:56.744474799Z	49	PC: 12c76 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12083,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:56.940843708Z	9	PC: 12c87 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:56.943341071Z	42	PC: 12ae9 \| Get date 0x12ae9: add bx, 0 0x12aec: cmp dh, 0xb 0x12aef: jne 0x12b02 0x12af1: cmp dl, 0x1d 0x12af4: jne 0x12b02 0x12af6: add dx, 0 0x12af9: mov ah, ah 0x12afb: call 0x12ca3 0x12afe: mov dx, dx 0x12b00: mov ch, ch 0x12b02: mov al, al 0x12b04: add ch, 0 0x12b07: push cs 0x12b08: pop es 0x12b09: mov al, al 0x12b0b: sub dx, 0 0x12b0e: mov si, 0x13c 0x12b11: mov si, si 0x12b13: cmp word ptr [bp + si + 1], 0x414c 0x12b18: jne 0x12b2a
2018-12-25T12:31:56.945513434Z	185	PC: 12b21 \| UNKNOWN!
2018-12-25T12:31:56.946720727Z	74	PC: 12b7f \| Reallocate memory
2018-12-25T12:31:56.949102138Z	53	PC: 12b89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:56.950474661Z	37	PC: 12ba7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:56.951594687Z	75	PC: 12c38 \| Execute program
2018-12-25T12:31:56.965467139Z	9	PC: 134e7 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:56.973923888Z	42	PC: 13349 \| Get date 0x13349: add bx, 0 0x1334c: cmp dh, 0xb 0x1334f: jne 0x13362 0x13351: cmp dl, 0x1d 0x13354: jne 0x13362 0x13356: add dx, 0 0x13359: mov ah, ah 0x1335b: call 0x13503 0x1335e: mov dx, dx 0x13360: mov ch, ch 0x13362: mov al, al 0x13364: add ch, 0 0x13367: push cs 0x13368: pop es 0x13369: mov al, al 0x1336b: sub dx, 0 0x1336e: mov si, 0x13c 0x13371: mov si, si 0x13373: cmp word ptr [bp + si + 1], 0x414c 0x13378: jne 0x1338a
2018-12-25T12:31:56.975948704Z	76	PC: 132a4 \| Terminate with return code (Return code = '6')
2018-12-25T12:31:56.97870173Z	73	PC: 12c60 \| Release memory
2018-12-25T12:31:56.98040503Z	49	PC: 12c76 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":29,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12083,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:56.967759396Z	9	PC: 12c87 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:56.970794097Z	42	PC: 12ae9 \| Get date 0x12ae9: add bx, 0 0x12aec: cmp dh, 0xb 0x12aef: jne 0x12b02 0x12af1: cmp dl, 0x1d 0x12af4: jne 0x12b02 0x12af6: add dx, 0 0x12af9: mov ah, ah 0x12afb: call 0x12ca3 0x12afe: mov dx, dx 0x12b00: mov ch, ch 0x12b02: mov al, al 0x12b04: add ch, 0 0x12b07: push cs 0x12b08: pop es 0x12b09: mov al, al 0x12b0b: sub dx, 0 0x12b0e: mov si, 0x13c 0x12b11: mov si, si 0x12b13: cmp word ptr [bp + si + 1], 0x414c 0x12b18: jne 0x12b2a
2018-12-25T12:31:57.013115781Z	185	PC: 12b21 \| UNKNOWN!
2018-12-25T12:31:57.0148016Z	74	PC: 12b7f \| Reallocate memory
2018-12-25T12:31:57.016724192Z	53	PC: 12b89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.018470614Z	37	PC: 12ba7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.019663442Z	75	PC: 12c38 \| Execute program
2018-12-25T12:31:57.033320453Z	9	PC: 134e7 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.037980798Z	42	PC: 13349 \| Get date 0x13349: add bx, 0 0x1334c: cmp dh, 0xb 0x1334f: jne 0x13362 0x13351: cmp dl, 0x1d 0x13354: jne 0x13362 0x13356: add dx, 0 0x13359: mov ah, ah 0x1335b: call 0x13503 0x1335e: mov dx, dx 0x13360: mov ch, ch 0x13362: mov al, al 0x13364: add ch, 0 0x13367: push cs 0x13368: pop es 0x13369: mov al, al 0x1336b: sub dx, 0 0x1336e: mov si, 0x13c 0x13371: mov si, si 0x13373: cmp word ptr [bp + si + 1], 0x414c 0x13378: jne 0x1338a
2018-12-25T12:31:57.077690753Z	76	PC: 132a4 \| Terminate with return code (Return code = '32')
2018-12-25T12:31:57.081133134Z	73	PC: 12c60 \| Release memory
2018-12-25T12:31:57.083820927Z	49	PC: 12c76 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12083,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:57.006178875Z	9	PC: 12c87 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.010020491Z	42	PC: 12ae9 \| Get date 0x12ae9: add bx, 0 0x12aec: cmp dh, 0xb 0x12aef: jne 0x12b02 0x12af1: cmp dl, 0x1d 0x12af4: jne 0x12b02 0x12af6: add dx, 0 0x12af9: mov ah, ah 0x12afb: call 0x12ca3 0x12afe: mov dx, dx 0x12b00: mov ch, ch 0x12b02: mov al, al 0x12b04: add ch, 0 0x12b07: push cs 0x12b08: pop es 0x12b09: mov al, al 0x12b0b: sub dx, 0 0x12b0e: mov si, 0x13c 0x12b11: mov si, si 0x12b13: cmp word ptr [bp + si + 1], 0x414c 0x12b18: jne 0x12b2a
2018-12-25T12:31:57.012509737Z	185	PC: 12b21 \| UNKNOWN!
2018-12-25T12:31:57.014218719Z	74	PC: 12b7f \| Reallocate memory
2018-12-25T12:31:57.017308118Z	53	PC: 12b89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.01900981Z	37	PC: 12ba7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.020621379Z	75	PC: 12c38 \| Execute program
2018-12-25T12:31:57.036402429Z	9	PC: 134e7 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.040218345Z	42	PC: 13349 \| Get date 0x13349: add bx, 0 0x1334c: cmp dh, 0xb 0x1334f: jne 0x13362 0x13351: cmp dl, 0x1d 0x13354: jne 0x13362 0x13356: add dx, 0 0x13359: mov ah, ah 0x1335b: call 0x13503 0x1335e: mov dx, dx 0x13360: mov ch, ch 0x13362: mov al, al 0x13364: add ch, 0 0x13367: push cs 0x13368: pop es 0x13369: mov al, al 0x1336b: sub dx, 0 0x1336e: mov si, 0x13c 0x13371: mov si, si 0x13373: cmp word ptr [bp + si + 1], 0x414c 0x13378: jne 0x1338a
2018-12-25T12:31:57.042478064Z	76	PC: 132a4 \| Terminate with return code (Return code = '2')
2018-12-25T12:31:57.045897217Z	73	PC: 12c60 \| Release memory
2018-12-25T12:31:57.047674439Z	49	PC: 12c76 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12083,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:57.145216535Z	9	PC: 12c87 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.152207865Z	42	PC: 12ae9 \| Get date 0x12ae9: add bx, 0 0x12aec: cmp dh, 0xb 0x12aef: jne 0x12b02 0x12af1: cmp dl, 0x1d 0x12af4: jne 0x12b02 0x12af6: add dx, 0 0x12af9: mov ah, ah 0x12afb: call 0x12ca3 0x12afe: mov dx, dx 0x12b00: mov ch, ch 0x12b02: mov al, al 0x12b04: add ch, 0 0x12b07: push cs 0x12b08: pop es 0x12b09: mov al, al 0x12b0b: sub dx, 0 0x12b0e: mov si, 0x13c 0x12b11: mov si, si 0x12b13: cmp word ptr [bp + si + 1], 0x414c 0x12b18: jne 0x12b2a
2018-12-25T12:31:57.15887285Z	185	PC: 12b21 \| UNKNOWN!
2018-12-25T12:31:57.159787573Z	74	PC: 12b7f \| Reallocate memory
2018-12-25T12:31:57.161224648Z	53	PC: 12b89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.162185534Z	37	PC: 12ba7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.163286898Z	75	PC: 12c38 \| Execute program
2018-12-25T12:31:57.177358919Z	9	PC: 134e7 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.181249968Z	42	PC: 13349 \| Get date 0x13349: add bx, 0 0x1334c: cmp dh, 0xb 0x1334f: jne 0x13362 0x13351: cmp dl, 0x1d 0x13354: jne 0x13362 0x13356: add dx, 0 0x13359: mov ah, ah 0x1335b: call 0x13503 0x1335e: mov dx, dx 0x13360: mov ch, ch 0x13362: mov al, al 0x13364: add ch, 0 0x13367: push cs 0x13368: pop es 0x13369: mov al, al 0x1336b: sub dx, 0 0x1336e: mov si, 0x13c 0x13371: mov si, si 0x13373: cmp word ptr [bp + si + 1], 0x414c 0x13378: jne 0x1338a
2018-12-25T12:31:57.183431506Z	76	PC: 132a4 \| Terminate with return code (Return code = '6')
2018-12-25T12:31:57.18645329Z	73	PC: 12c60 \| Release memory
2018-12-25T12:31:57.18851087Z	49	PC: 12c76 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":29,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12083,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:57.268773693Z	9	PC: 12c87 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.273185757Z	42	PC: 12ae9 \| Get date 0x12ae9: add bx, 0 0x12aec: cmp dh, 0xb 0x12aef: jne 0x12b02 0x12af1: cmp dl, 0x1d 0x12af4: jne 0x12b02 0x12af6: add dx, 0 0x12af9: mov ah, ah 0x12afb: call 0x12ca3 0x12afe: mov dx, dx 0x12b00: mov ch, ch 0x12b02: mov al, al 0x12b04: add ch, 0 0x12b07: push cs 0x12b08: pop es 0x12b09: mov al, al 0x12b0b: sub dx, 0 0x12b0e: mov si, 0x13c 0x12b11: mov si, si 0x12b13: cmp word ptr [bp + si + 1], 0x414c 0x12b18: jne 0x12b2a
2018-12-25T12:31:57.291849718Z	185	PC: 12b21 \| UNKNOWN!
2018-12-25T12:31:57.292629906Z	74	PC: 12b7f \| Reallocate memory
2018-12-25T12:31:57.293879424Z	53	PC: 12b89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.294688942Z	37	PC: 12ba7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.29545817Z	75	PC: 12c38 \| Execute program
2018-12-25T12:31:57.303988795Z	9	PC: 134e7 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.3071979Z	42	PC: 13349 \| Get date 0x13349: add bx, 0 0x1334c: cmp dh, 0xb 0x1334f: jne 0x13362 0x13351: cmp dl, 0x1d 0x13354: jne 0x13362 0x13356: add dx, 0 0x13359: mov ah, ah 0x1335b: call 0x13503 0x1335e: mov dx, dx 0x13360: mov ch, ch 0x13362: mov al, al 0x13364: add ch, 0 0x13367: push cs 0x13368: pop es 0x13369: mov al, al 0x1336b: sub dx, 0 0x1336e: mov si, 0x13c 0x13371: mov si, si 0x13373: cmp word ptr [bp + si + 1], 0x414c 0x13378: jne 0x1338a
2018-12-25T12:31:57.328042017Z	76	PC: 132a4 \| Terminate with return code (Return code = '32')
2018-12-25T12:31:57.33089936Z	73	PC: 12c60 \| Release memory
2018-12-25T12:31:57.332234228Z	49	PC: 12c76 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12083,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:57.713131911Z	9	PC: 12c87 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.717207898Z	42	PC: 12ae9 \| Get date 0x12ae9: add bx, 0 0x12aec: cmp dh, 0xb 0x12aef: jne 0x12b02 0x12af1: cmp dl, 0x1d 0x12af4: jne 0x12b02 0x12af6: add dx, 0 0x12af9: mov ah, ah 0x12afb: call 0x12ca3 0x12afe: mov dx, dx 0x12b00: mov ch, ch 0x12b02: mov al, al 0x12b04: add ch, 0 0x12b07: push cs 0x12b08: pop es 0x12b09: mov al, al 0x12b0b: sub dx, 0 0x12b0e: mov si, 0x13c 0x12b11: mov si, si 0x12b13: cmp word ptr [bp + si + 1], 0x414c 0x12b18: jne 0x12b2a
2018-12-25T12:31:57.720977967Z	185	PC: 12b21 \| UNKNOWN!
2018-12-25T12:31:57.72258448Z	74	PC: 12b7f \| Reallocate memory
2018-12-25T12:31:57.724824528Z	53	PC: 12b89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.726246989Z	37	PC: 12ba7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.727684567Z	75	PC: 12c38 \| Execute program
2018-12-25T12:31:57.743166657Z	9	PC: 134e7 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.74752042Z	42	PC: 13349 \| Get date 0x13349: add bx, 0 0x1334c: cmp dh, 0xb 0x1334f: jne 0x13362 0x13351: cmp dl, 0x1d 0x13354: jne 0x13362 0x13356: add dx, 0 0x13359: mov ah, ah 0x1335b: call 0x13503 0x1335e: mov dx, dx 0x13360: mov ch, ch 0x13362: mov al, al 0x13364: add ch, 0 0x13367: push cs 0x13368: pop es 0x13369: mov al, al 0x1336b: sub dx, 0 0x1336e: mov si, 0x13c 0x13371: mov si, si 0x13373: cmp word ptr [bp + si + 1], 0x414c 0x13378: jne 0x1338a
2018-12-25T12:31:57.750619677Z	76	PC: 132a4 \| Terminate with return code (Return code = '2')
2018-12-25T12:31:57.754616618Z	73	PC: 12c60 \| Release memory
2018-12-25T12:31:57.756901895Z	49	PC: 12c76 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12083,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:57.743014189Z	9	PC: 12c87 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.746204085Z	42	PC: 12ae9 \| Get date 0x12ae9: add bx, 0 0x12aec: cmp dh, 0xb 0x12aef: jne 0x12b02 0x12af1: cmp dl, 0x1d 0x12af4: jne 0x12b02 0x12af6: add dx, 0 0x12af9: mov ah, ah 0x12afb: call 0x12ca3 0x12afe: mov dx, dx 0x12b00: mov ch, ch 0x12b02: mov al, al 0x12b04: add ch, 0 0x12b07: push cs 0x12b08: pop es 0x12b09: mov al, al 0x12b0b: sub dx, 0 0x12b0e: mov si, 0x13c 0x12b11: mov si, si 0x12b13: cmp word ptr [bp + si + 1], 0x414c 0x12b18: jne 0x12b2a
2018-12-25T12:31:57.748651498Z	185	PC: 12b21 \| UNKNOWN!
2018-12-25T12:31:57.751026989Z	74	PC: 12b7f \| Reallocate memory
2018-12-25T12:31:57.753220957Z	53	PC: 12b89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.754791957Z	37	PC: 12ba7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.756268356Z	75	PC: 12c38 \| Execute program
2018-12-25T12:31:57.77090966Z	9	PC: 134e7 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.775756733Z	42	PC: 13349 \| Get date 0x13349: add bx, 0 0x1334c: cmp dh, 0xb 0x1334f: jne 0x13362 0x13351: cmp dl, 0x1d 0x13354: jne 0x13362 0x13356: add dx, 0 0x13359: mov ah, ah 0x1335b: call 0x13503 0x1335e: mov dx, dx 0x13360: mov ch, ch 0x13362: mov al, al 0x13364: add ch, 0 0x13367: push cs 0x13368: pop es 0x13369: mov al, al 0x1336b: sub dx, 0 0x1336e: mov si, 0x13c 0x13371: mov si, si 0x13373: cmp word ptr [bp + si + 1], 0x414c 0x13378: jne 0x1338a
2018-12-25T12:31:57.778472932Z	76	PC: 132a4 \| Terminate with return code (Return code = '6')
2018-12-25T12:31:57.783187656Z	73	PC: 12c60 \| Release memory
2018-12-25T12:31:57.784957135Z	49	PC: 12c76 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":29,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12083,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:57.757277763Z	9	PC: 12c87 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.761620074Z	42	PC: 12ae9 \| Get date 0x12ae9: add bx, 0 0x12aec: cmp dh, 0xb 0x12aef: jne 0x12b02 0x12af1: cmp dl, 0x1d 0x12af4: jne 0x12b02 0x12af6: add dx, 0 0x12af9: mov ah, ah 0x12afb: call 0x12ca3 0x12afe: mov dx, dx 0x12b00: mov ch, ch 0x12b02: mov al, al 0x12b04: add ch, 0 0x12b07: push cs 0x12b08: pop es 0x12b09: mov al, al 0x12b0b: sub dx, 0 0x12b0e: mov si, 0x13c 0x12b11: mov si, si 0x12b13: cmp word ptr [bp + si + 1], 0x414c 0x12b18: jne 0x12b2a
2018-12-25T12:31:57.793809456Z	185	PC: 12b21 \| UNKNOWN!
2018-12-25T12:31:57.796443578Z	74	PC: 12b7f \| Reallocate memory
2018-12-25T12:31:57.798145458Z	53	PC: 12b89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.799483012Z	37	PC: 12ba7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:57.800510985Z	75	PC: 12c38 \| Execute program
2018-12-25T12:31:57.82487779Z	9	PC: 134e7 \| Display string (String= 'pÀ õPRN kp€õ9CLOCK')
2018-12-25T12:31:57.82952904Z	42	PC: 13349 \| Get date 0x13349: add bx, 0 0x1334c: cmp dh, 0xb 0x1334f: jne 0x13362 0x13351: cmp dl, 0x1d 0x13354: jne 0x13362 0x13356: add dx, 0 0x13359: mov ah, ah 0x1335b: call 0x13503 0x1335e: mov dx, dx 0x13360: mov ch, ch 0x13362: mov al, al 0x13364: add ch, 0 0x13367: push cs 0x13368: pop es 0x13369: mov al, al 0x1336b: sub dx, 0 0x1336e: mov si, 0x13c 0x13371: mov si, si 0x13373: cmp word ptr [bp + si + 1], 0x414c 0x13378: jne 0x1338a
2018-12-25T12:31:57.879374602Z	76	PC: 132a4 \| Terminate with return code (Return code = '32')
2018-12-25T12:31:57.882452245Z	73	PC: 12c60 \| Release memory
2018-12-25T12:31:57.891203535Z	49	PC: 12c76 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')