Sample viewer

vx.netlux.org/Virus.DOS.LAVI.Cough.1534

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:48.360435801Z	42	PC: 12b00 \| Get date 0x12b00: cmp dh, 0xb 0x12b03: jne 0x12b11 0x12b05: cmp dl, 0x1c 0x12b08: jne 0x12b11 0x12b0a: mov cx, cx 0x12b0c: call 0x12cee 0x12b0f: mov ch, ch 0x12b11: mov bh, bh 0x12b13: mov bl, bl 0x12b15: push cs 0x12b16: pop es 0x12b17: mov si, si 0x12b19: mov si, 0x14a 0x12b1c: add ax, 0 0x12b1f: cmp word ptr [bp + si + 1], 0x414c 0x12b24: jne 0x12b36 0x12b26: mov ah, 0xb9 0x12b28: mov di, di 0x12b2a: int 0x21 0x12b2c: cmp ah, 0xb9
2018-12-17T22:57:48.363698217Z	185	PC: 12b2c \| UNKNOWN!
2018-12-17T22:57:48.365317827Z	74	PC: 12b90 \| Reallocate memory
2018-12-17T22:57:48.366910907Z	53	PC: 12b9f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:48.373397437Z	37	PC: 12bc3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:48.374649228Z	75	PC: 12c72 \| Execute program
2018-12-17T22:57:48.388378349Z	42	PC: 13360 \| Get date 0x13360: cmp dh, 0xb 0x13363: jne 0x13371 0x13365: cmp dl, 0x1c 0x13368: jne 0x13371 0x1336a: mov cx, cx 0x1336c: call 0x1354e 0x1336f: mov ch, ch 0x13371: mov bh, bh 0x13373: mov bl, bl 0x13375: push cs 0x13376: pop es 0x13377: mov si, si 0x13379: mov si, 0x14a 0x1337c: add ax, 0 0x1337f: cmp word ptr [bp + si + 1], 0x414c 0x13384: jne 0x13396 0x13386: mov ah, 0xb9 0x13388: mov di, di 0x1338a: int 0x21 0x1338c: cmp ah, 0xb9
2018-12-17T22:57:48.391206687Z	76	PC: 132a4 \| Terminate with return code (Return code = '1')
2018-12-17T22:57:48.394207702Z	73	PC: 12c9d \| Release memory
2018-12-17T22:57:48.395477835Z	49	PC: 12ca9 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12674,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:58.232818906Z	42	PC: 12b00 \| Get date 0x12b00: cmp dh, 0xb 0x12b03: jne 0x12b11 0x12b05: cmp dl, 0x1c 0x12b08: jne 0x12b11 0x12b0a: mov cx, cx 0x12b0c: call 0x12cee 0x12b0f: mov ch, ch 0x12b11: mov bh, bh 0x12b13: mov bl, bl 0x12b15: push cs 0x12b16: pop es 0x12b17: mov si, si 0x12b19: mov si, 0x14a 0x12b1c: add ax, 0 0x12b1f: cmp word ptr [bp + si + 1], 0x414c 0x12b24: jne 0x12b36 0x12b26: mov ah, 0xb9 0x12b28: mov di, di 0x12b2a: int 0x21 0x12b2c: cmp ah, 0xb9
2018-12-25T12:35:58.235119317Z	185	PC: 12b2c \| UNKNOWN!
2018-12-25T12:35:58.236407677Z	74	PC: 12b90 \| Reallocate memory
2018-12-25T12:35:58.237862866Z	53	PC: 12b9f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.239636398Z	37	PC: 12bc3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.240848374Z	75	PC: 12c72 \| Execute program
2018-12-25T12:35:58.786699566Z	42	PC: 13360 \| Get date 0x13360: cmp dh, 0xb 0x13363: jne 0x13371 0x13365: cmp dl, 0x1c 0x13368: jne 0x13371 0x1336a: mov cx, cx 0x1336c: call 0x1354e 0x1336f: mov ch, ch 0x13371: mov bh, bh 0x13373: mov bl, bl 0x13375: push cs 0x13376: pop es 0x13377: mov si, si 0x13379: mov si, 0x14a 0x1337c: add ax, 0 0x1337f: cmp word ptr [bp + si + 1], 0x414c 0x13384: jne 0x13396 0x13386: mov ah, 0xb9 0x13388: mov di, di 0x1338a: int 0x21 0x1338c: cmp ah, 0xb9
2018-12-25T12:35:58.789684174Z	76	PC: 132a4 \| Terminate with return code (Return code = '2')
2018-12-25T12:35:58.793639863Z	73	PC: 12c9d \| Release memory
2018-12-25T12:35:58.794985909Z	49	PC: 12ca9 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12674,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:58.498718691Z	42	PC: 12b00 \| Get date 0x12b00: cmp dh, 0xb 0x12b03: jne 0x12b11 0x12b05: cmp dl, 0x1c 0x12b08: jne 0x12b11 0x12b0a: mov cx, cx 0x12b0c: call 0x12cee 0x12b0f: mov ch, ch 0x12b11: mov bh, bh 0x12b13: mov bl, bl 0x12b15: push cs 0x12b16: pop es 0x12b17: mov si, si 0x12b19: mov si, 0x14a 0x12b1c: add ax, 0 0x12b1f: cmp word ptr [bp + si + 1], 0x414c 0x12b24: jne 0x12b36 0x12b26: mov ah, 0xb9 0x12b28: mov di, di 0x12b2a: int 0x21 0x12b2c: cmp ah, 0xb9
2018-12-25T12:35:58.500953863Z	185	PC: 12b2c \| UNKNOWN!
2018-12-25T12:35:58.502400542Z	74	PC: 12b90 \| Reallocate memory
2018-12-25T12:35:58.503885946Z	53	PC: 12b9f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.50557621Z	37	PC: 12bc3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.507594455Z	75	PC: 12c72 \| Execute program
2018-12-25T12:35:59.053384301Z	42	PC: 13360 \| Get date 0x13360: cmp dh, 0xb 0x13363: jne 0x13371 0x13365: cmp dl, 0x1c 0x13368: jne 0x13371 0x1336a: mov cx, cx 0x1336c: call 0x1354e 0x1336f: mov ch, ch 0x13371: mov bh, bh 0x13373: mov bl, bl 0x13375: push cs 0x13376: pop es 0x13377: mov si, si 0x13379: mov si, 0x14a 0x1337c: add ax, 0 0x1337f: cmp word ptr [bp + si + 1], 0x414c 0x13384: jne 0x13396 0x13386: mov ah, 0xb9 0x13388: mov di, di 0x1338a: int 0x21 0x1338c: cmp ah, 0xb9
2018-12-25T12:35:59.056359546Z	76	PC: 132a4 \| Terminate with return code (Return code = '6')
2018-12-25T12:35:59.072904669Z	73	PC: 12c9d \| Release memory
2018-12-25T12:35:59.074042693Z	49	PC: 12ca9 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":28,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12674,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:58.566622431Z	42	PC: 12b00 \| Get date 0x12b00: cmp dh, 0xb 0x12b03: jne 0x12b11 0x12b05: cmp dl, 0x1c 0x12b08: jne 0x12b11 0x12b0a: mov cx, cx 0x12b0c: call 0x12cee 0x12b0f: mov ch, ch 0x12b11: mov bh, bh 0x12b13: mov bl, bl 0x12b15: push cs 0x12b16: pop es 0x12b17: mov si, si 0x12b19: mov si, 0x14a 0x12b1c: add ax, 0 0x12b1f: cmp word ptr [bp + si + 1], 0x414c 0x12b24: jne 0x12b36 0x12b26: mov ah, 0xb9 0x12b28: mov di, di 0x12b2a: int 0x21 0x12b2c: cmp ah, 0xb9
2018-12-25T12:35:58.569161262Z	9	PC: 12cf5 \| Display string (String= 'Cough Cough Cough Cough Ch')
2018-12-25T12:35:58.572382585Z	185	PC: 12b2c \| UNKNOWN!
2018-12-25T12:35:58.573873019Z	74	PC: 12b90 \| Reallocate memory
2018-12-25T12:35:58.575330039Z	53	PC: 12b9f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.57750028Z	37	PC: 12bc3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.579071602Z	75	PC: 12c72 \| Execute program
2018-12-25T12:35:59.121346139Z	42	PC: 13360 \| Get date 0x13360: cmp dh, 0xb 0x13363: jne 0x13371 0x13365: cmp dl, 0x1c 0x13368: jne 0x13371 0x1336a: mov cx, cx 0x1336c: call 0x1354e 0x1336f: mov ch, ch 0x13371: mov bh, bh 0x13373: mov bl, bl 0x13375: push cs 0x13376: pop es 0x13377: mov si, si 0x13379: mov si, 0x14a 0x1337c: add ax, 0 0x1337f: cmp word ptr [bp + si + 1], 0x414c 0x13384: jne 0x13396 0x13386: mov ah, 0xb9 0x13388: mov di, di 0x1338a: int 0x21 0x1338c: cmp ah, 0xb9
2018-12-25T12:35:59.136370873Z	9	PC: 13555 \| Display string (String= 'Cough Cough Cough Cough Ch')
2018-12-25T12:35:59.142802133Z	76	PC: 132a4 \| Terminate with return code (Return code = '36')
2018-12-25T12:35:59.146613237Z	73	PC: 12c9d \| Release memory
2018-12-25T12:35:59.149124817Z	49	PC: 12ca9 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12674,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:58.582698972Z	42	PC: 12b00 \| Get date 0x12b00: cmp dh, 0xb 0x12b03: jne 0x12b11 0x12b05: cmp dl, 0x1c 0x12b08: jne 0x12b11 0x12b0a: mov cx, cx 0x12b0c: call 0x12cee 0x12b0f: mov ch, ch 0x12b11: mov bh, bh 0x12b13: mov bl, bl 0x12b15: push cs 0x12b16: pop es 0x12b17: mov si, si 0x12b19: mov si, 0x14a 0x12b1c: add ax, 0 0x12b1f: cmp word ptr [bp + si + 1], 0x414c 0x12b24: jne 0x12b36 0x12b26: mov ah, 0xb9 0x12b28: mov di, di 0x12b2a: int 0x21 0x12b2c: cmp ah, 0xb9
2018-12-25T12:35:58.585218242Z	185	PC: 12b2c \| UNKNOWN!
2018-12-25T12:35:58.586964391Z	74	PC: 12b90 \| Reallocate memory
2018-12-25T12:35:58.588264901Z	53	PC: 12b9f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.589386306Z	37	PC: 12bc3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.59155561Z	75	PC: 12c72 \| Execute program
2018-12-25T12:35:59.137167379Z	42	PC: 13360 \| Get date 0x13360: cmp dh, 0xb 0x13363: jne 0x13371 0x13365: cmp dl, 0x1c 0x13368: jne 0x13371 0x1336a: mov cx, cx 0x1336c: call 0x1354e 0x1336f: mov ch, ch 0x13371: mov bh, bh 0x13373: mov bl, bl 0x13375: push cs 0x13376: pop es 0x13377: mov si, si 0x13379: mov si, 0x14a 0x1337c: add ax, 0 0x1337f: cmp word ptr [bp + si + 1], 0x414c 0x13384: jne 0x13396 0x13386: mov ah, 0xb9 0x13388: mov di, di 0x1338a: int 0x21 0x1338c: cmp ah, 0xb9
2018-12-25T12:35:59.139795256Z	76	PC: 132a4 \| Terminate with return code (Return code = '2')
2018-12-25T12:35:59.143856544Z	73	PC: 12c9d \| Release memory
2018-12-25T12:35:59.145414161Z	49	PC: 12ca9 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12674,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:58.613421632Z	42	PC: 12b00 \| Get date 0x12b00: cmp dh, 0xb 0x12b03: jne 0x12b11 0x12b05: cmp dl, 0x1c 0x12b08: jne 0x12b11 0x12b0a: mov cx, cx 0x12b0c: call 0x12cee 0x12b0f: mov ch, ch 0x12b11: mov bh, bh 0x12b13: mov bl, bl 0x12b15: push cs 0x12b16: pop es 0x12b17: mov si, si 0x12b19: mov si, 0x14a 0x12b1c: add ax, 0 0x12b1f: cmp word ptr [bp + si + 1], 0x414c 0x12b24: jne 0x12b36 0x12b26: mov ah, 0xb9 0x12b28: mov di, di 0x12b2a: int 0x21 0x12b2c: cmp ah, 0xb9
2018-12-25T12:35:58.617013362Z	185	PC: 12b2c \| UNKNOWN!
2018-12-25T12:35:58.618602336Z	74	PC: 12b90 \| Reallocate memory
2018-12-25T12:35:58.620232139Z	53	PC: 12b9f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.622143464Z	37	PC: 12bc3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.623609589Z	75	PC: 12c72 \| Execute program
2018-12-25T12:35:59.167920385Z	42	PC: 13360 \| Get date 0x13360: cmp dh, 0xb 0x13363: jne 0x13371 0x13365: cmp dl, 0x1c 0x13368: jne 0x13371 0x1336a: mov cx, cx 0x1336c: call 0x1354e 0x1336f: mov ch, ch 0x13371: mov bh, bh 0x13373: mov bl, bl 0x13375: push cs 0x13376: pop es 0x13377: mov si, si 0x13379: mov si, 0x14a 0x1337c: add ax, 0 0x1337f: cmp word ptr [bp + si + 1], 0x414c 0x13384: jne 0x13396 0x13386: mov ah, 0xb9 0x13388: mov di, di 0x1338a: int 0x21 0x1338c: cmp ah, 0xb9
2018-12-25T12:35:59.171312928Z	76	PC: 132a4 \| Terminate with return code (Return code = '6')
2018-12-25T12:35:59.17617515Z	73	PC: 12c9d \| Release memory
2018-12-25T12:35:59.178052248Z	49	PC: 12ca9 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":28,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12674,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:58.595230815Z	42	PC: 12b00 \| Get date 0x12b00: cmp dh, 0xb 0x12b03: jne 0x12b11 0x12b05: cmp dl, 0x1c 0x12b08: jne 0x12b11 0x12b0a: mov cx, cx 0x12b0c: call 0x12cee 0x12b0f: mov ch, ch 0x12b11: mov bh, bh 0x12b13: mov bl, bl 0x12b15: push cs 0x12b16: pop es 0x12b17: mov si, si 0x12b19: mov si, 0x14a 0x12b1c: add ax, 0 0x12b1f: cmp word ptr [bp + si + 1], 0x414c 0x12b24: jne 0x12b36 0x12b26: mov ah, 0xb9 0x12b28: mov di, di 0x12b2a: int 0x21 0x12b2c: cmp ah, 0xb9
2018-12-25T12:35:58.598054383Z	9	PC: 12cf5 \| Display string (String= 'Cough Cough Cough Cough Ch')
2018-12-25T12:35:58.600593687Z	185	PC: 12b2c \| UNKNOWN!
2018-12-25T12:35:58.602018968Z	74	PC: 12b90 \| Reallocate memory
2018-12-25T12:35:58.603683205Z	53	PC: 12b9f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.605253301Z	37	PC: 12bc3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.60654502Z	75	PC: 12c72 \| Execute program
2018-12-25T12:35:59.148631784Z	42	PC: 13360 \| Get date 0x13360: cmp dh, 0xb 0x13363: jne 0x13371 0x13365: cmp dl, 0x1c 0x13368: jne 0x13371 0x1336a: mov cx, cx 0x1336c: call 0x1354e 0x1336f: mov ch, ch 0x13371: mov bh, bh 0x13373: mov bl, bl 0x13375: push cs 0x13376: pop es 0x13377: mov si, si 0x13379: mov si, 0x14a 0x1337c: add ax, 0 0x1337f: cmp word ptr [bp + si + 1], 0x414c 0x13384: jne 0x13396 0x13386: mov ah, 0xb9 0x13388: mov di, di 0x1338a: int 0x21 0x1338c: cmp ah, 0xb9
2018-12-25T12:35:59.151321498Z	9	PC: 13555 \| Display string (String= 'Cough Cough Cough Cough Ch')
2018-12-25T12:35:59.155861801Z	76	PC: 132a4 \| Terminate with return code (Return code = '36')
2018-12-25T12:35:59.159070952Z	73	PC: 12c9d \| Release memory
2018-12-25T12:35:59.167171304Z	49	PC: 12ca9 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12674,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:58.663419073Z	42	PC: 12b00 \| Get date 0x12b00: cmp dh, 0xb 0x12b03: jne 0x12b11 0x12b05: cmp dl, 0x1c 0x12b08: jne 0x12b11 0x12b0a: mov cx, cx 0x12b0c: call 0x12cee 0x12b0f: mov ch, ch 0x12b11: mov bh, bh 0x12b13: mov bl, bl 0x12b15: push cs 0x12b16: pop es 0x12b17: mov si, si 0x12b19: mov si, 0x14a 0x12b1c: add ax, 0 0x12b1f: cmp word ptr [bp + si + 1], 0x414c 0x12b24: jne 0x12b36 0x12b26: mov ah, 0xb9 0x12b28: mov di, di 0x12b2a: int 0x21 0x12b2c: cmp ah, 0xb9
2018-12-25T12:35:58.666562368Z	185	PC: 12b2c \| UNKNOWN!
2018-12-25T12:35:58.668225392Z	74	PC: 12b90 \| Reallocate memory
2018-12-25T12:35:58.669835614Z	53	PC: 12b9f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.671701898Z	37	PC: 12bc3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.673111922Z	75	PC: 12c72 \| Execute program
2018-12-25T12:35:59.217679523Z	42	PC: 13360 \| Get date 0x13360: cmp dh, 0xb 0x13363: jne 0x13371 0x13365: cmp dl, 0x1c 0x13368: jne 0x13371 0x1336a: mov cx, cx 0x1336c: call 0x1354e 0x1336f: mov ch, ch 0x13371: mov bh, bh 0x13373: mov bl, bl 0x13375: push cs 0x13376: pop es 0x13377: mov si, si 0x13379: mov si, 0x14a 0x1337c: add ax, 0 0x1337f: cmp word ptr [bp + si + 1], 0x414c 0x13384: jne 0x13396 0x13386: mov ah, 0xb9 0x13388: mov di, di 0x1338a: int 0x21 0x1338c: cmp ah, 0xb9
2018-12-25T12:35:59.220672538Z	76	PC: 132a4 \| Terminate with return code (Return code = '2')
2018-12-25T12:35:59.228186684Z	73	PC: 12c9d \| Release memory
2018-12-25T12:35:59.229713221Z	49	PC: 12ca9 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12674,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:58.653593396Z	42	PC: 12b00 \| Get date 0x12b00: cmp dh, 0xb 0x12b03: jne 0x12b11 0x12b05: cmp dl, 0x1c 0x12b08: jne 0x12b11 0x12b0a: mov cx, cx 0x12b0c: call 0x12cee 0x12b0f: mov ch, ch 0x12b11: mov bh, bh 0x12b13: mov bl, bl 0x12b15: push cs 0x12b16: pop es 0x12b17: mov si, si 0x12b19: mov si, 0x14a 0x12b1c: add ax, 0 0x12b1f: cmp word ptr [bp + si + 1], 0x414c 0x12b24: jne 0x12b36 0x12b26: mov ah, 0xb9 0x12b28: mov di, di 0x12b2a: int 0x21 0x12b2c: cmp ah, 0xb9
2018-12-25T12:35:58.656627685Z	185	PC: 12b2c \| UNKNOWN!
2018-12-25T12:35:58.65836546Z	74	PC: 12b90 \| Reallocate memory
2018-12-25T12:35:58.660004381Z	53	PC: 12b9f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.661844336Z	37	PC: 12bc3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.663572172Z	75	PC: 12c72 \| Execute program
2018-12-25T12:35:59.208548706Z	42	PC: 13360 \| Get date 0x13360: cmp dh, 0xb 0x13363: jne 0x13371 0x13365: cmp dl, 0x1c 0x13368: jne 0x13371 0x1336a: mov cx, cx 0x1336c: call 0x1354e 0x1336f: mov ch, ch 0x13371: mov bh, bh 0x13373: mov bl, bl 0x13375: push cs 0x13376: pop es 0x13377: mov si, si 0x13379: mov si, 0x14a 0x1337c: add ax, 0 0x1337f: cmp word ptr [bp + si + 1], 0x414c 0x13384: jne 0x13396 0x13386: mov ah, 0xb9 0x13388: mov di, di 0x1338a: int 0x21 0x1338c: cmp ah, 0xb9
2018-12-25T12:35:59.211148928Z	76	PC: 132a4 \| Terminate with return code (Return code = '6')
2018-12-25T12:35:59.215131494Z	73	PC: 12c9d \| Release memory
2018-12-25T12:35:59.216647093Z	49	PC: 12ca9 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":28,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12674,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:58.722362642Z	42	PC: 12b00 \| Get date 0x12b00: cmp dh, 0xb 0x12b03: jne 0x12b11 0x12b05: cmp dl, 0x1c 0x12b08: jne 0x12b11 0x12b0a: mov cx, cx 0x12b0c: call 0x12cee 0x12b0f: mov ch, ch 0x12b11: mov bh, bh 0x12b13: mov bl, bl 0x12b15: push cs 0x12b16: pop es 0x12b17: mov si, si 0x12b19: mov si, 0x14a 0x12b1c: add ax, 0 0x12b1f: cmp word ptr [bp + si + 1], 0x414c 0x12b24: jne 0x12b36 0x12b26: mov ah, 0xb9 0x12b28: mov di, di 0x12b2a: int 0x21 0x12b2c: cmp ah, 0xb9
2018-12-25T12:35:58.726077417Z	9	PC: 12cf5 \| Display string (String= 'Cough Cough Cough Cough Ch')
2018-12-25T12:35:58.729156675Z	185	PC: 12b2c \| UNKNOWN!
2018-12-25T12:35:58.731294293Z	74	PC: 12b90 \| Reallocate memory
2018-12-25T12:35:58.733959757Z	53	PC: 12b9f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.735308012Z	37	PC: 12bc3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:58.736622721Z	75	PC: 12c72 \| Execute program
2018-12-25T12:35:59.279028411Z	42	PC: 13360 \| Get date 0x13360: cmp dh, 0xb 0x13363: jne 0x13371 0x13365: cmp dl, 0x1c 0x13368: jne 0x13371 0x1336a: mov cx, cx 0x1336c: call 0x1354e 0x1336f: mov ch, ch 0x13371: mov bh, bh 0x13373: mov bl, bl 0x13375: push cs 0x13376: pop es 0x13377: mov si, si 0x13379: mov si, 0x14a 0x1337c: add ax, 0 0x1337f: cmp word ptr [bp + si + 1], 0x414c 0x13384: jne 0x13396 0x13386: mov ah, 0xb9 0x13388: mov di, di 0x1338a: int 0x21 0x1338c: cmp ah, 0xb9
2018-12-25T12:35:59.281876441Z	9	PC: 13555 \| Display string (String= 'Cough Cough Cough Cough Ch')
2018-12-25T12:35:59.286412477Z	76	PC: 132a4 \| Terminate with return code (Return code = '36')
2018-12-25T12:35:59.289963612Z	73	PC: 12c9d \| Release memory
2018-12-25T12:35:59.292082613Z	49	PC: 12ca9 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')