Sample viewer

vx.netlux.org/Virus.DOS.Yafo.328.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:09.116397983Z 78 PC: 12ba6 | Find first file
2018-12-17T23:00:09.122431561Z 61 PC: 12bd9 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:09.130594121Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:09.143212483Z 66 PC: 12bf2 | Move file pointer
2018-12-17T23:00:09.144939128Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T23:00:09.162141185Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:00:09.163832403Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:09.170911136Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T23:00:09.173370518Z 62 PC: 12c2e | Close file
2018-12-17T23:00:09.182649415Z 79 PC: 12bc1 | Find next file
2018-12-17T23:00:09.186465095Z 61 PC: 12bd9 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:00:09.194788637Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:09.201707249Z 66 PC: 12bf2 | Move file pointer
2018-12-17T23:00:09.203455053Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T23:00:09.207522126Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:00:09.209481769Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:09.212642589Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T23:00:09.214486935Z 62 PC: 12c2e | Close file
2018-12-17T23:00:09.226105369Z 79 PC: 12bc1 | Find next file
2018-12-17T23:00:09.229346169Z 61 PC: 12bd9 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:00:09.238388421Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:09.246331658Z 66 PC: 12bf2 | Move file pointer
2018-12-17T23:00:09.24799807Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T23:00:09.251226266Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:00:09.254028402Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:09.256947939Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T23:00:09.258918773Z 62 PC: 12c2e | Close file
2018-12-17T23:00:09.267693292Z 79 PC: 12bc1 | Find next file
2018-12-17T23:00:09.271621174Z 61 PC: 12bd9 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:00:09.277173748Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:09.283203248Z 66 PC: 12bf2 | Move file pointer
2018-12-17T23:00:09.284802904Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T23:00:09.287336155Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:00:09.289793944Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:09.293785225Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T23:00:09.296380592Z 62 PC: 12c2e | Close file
2018-12-17T23:00:09.305017553Z 79 PC: 12bc1 | Find next file
2018-12-17T23:00:09.309346137Z 61 PC: 12bd9 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:00:09.316619045Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:09.323513191Z 66 PC: 12bf2 | Move file pointer
2018-12-17T23:00:09.326572931Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T23:00:09.329882289Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:00:09.331713911Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:09.335939091Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T23:00:09.337828903Z 62 PC: 12c2e | Close file
2018-12-17T23:00:09.343910942Z 79 PC: 12bc1 | Find next file
2018-12-17T23:00:09.347108882Z 61 PC: 12bd9 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:00:09.353039227Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:09.358377359Z 66 PC: 12bf2 | Move file pointer
2018-12-17T23:00:09.360608391Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T23:00:09.366809064Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:00:09.367908981Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:09.373931699Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T23:00:09.375726502Z 62 PC: 12c2e | Close file
2018-12-17T23:00:09.38197338Z 79 PC: 12bc1 | Find next file
2018-12-17T23:00:09.3840273Z 61 PC: 12bd9 | Open file (Filename = 'PAH.COM')
2018-12-17T23:00:09.389482823Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:09.395992205Z 66 PC: 12bf2 | Move file pointer
2018-12-17T23:00:09.397366478Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T23:00:09.400498744Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:00:09.401855484Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:09.404324624Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T23:00:09.409809201Z 62 PC: 12c2e | Close file
2018-12-17T23:00:09.41794464Z 79 PC: 12bc1 | Find next file
2018-12-17T23:00:09.420609317Z 61 PC: 12bd9 | Open file (Filename = 'TEST.COM')
2018-12-17T23:00:09.428341026Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:09.431578009Z 66 PC: 12bf2 | Move file pointer
2018-12-17T23:00:09.433523095Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T23:00:09.438148146Z 66 PC: 12c10 | Move file pointer
2018-12-17T23:00:09.440217184Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:09.443578511Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T23:00:09.445629636Z 62 PC: 12c2e | Close file
2018-12-17T23:00:09.468382184Z 79 PC: 12bc1 | Find next file
2018-12-17T23:00:09.471739763Z 42 PC: 12b61 | Get date 0x12b61: cmp dh, 2
0x12b64: jne 0x12b71
0x12b66: cmp dl, 0xf
0x12b69: jne 0x12b71
0x12b6b: call 0x12b7c
0x12b6e: cli
0x12b6f: jmp 0x12b6f
0x12b71: xor ax, ax
0x12b73: int 0x16
0x12b75: pop bp
0x12b76: mov di, 0x100
0x12b79: cld
0x12b7a: jmp di
0x12b7c: mov ah, 0xe
0x12b7e: xor bh, bh
0x12b80: lodsb al, byte ptr [si]
0x12b81: ror al, 1
0x12b83: or ax, 0x74c0
0x12b86: add al, 0xcd
0x12b88: adc bl, ch

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13447,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:12.548508822Z 78 PC: 12ba6 | Find first file
2018-12-25T12:38:12.556518299Z 61 PC: 12bd9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:12.564960899Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:12.572324825Z 66 PC: 12bf2 | Move file pointer
2018-12-25T12:38:12.574328833Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-25T12:38:12.590363454Z 66 PC: 12c10 | Move file pointer
2018-12-25T12:38:12.600986361Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:12.611786893Z 87 PC: 12c2a | Get or set file date and time
2018-12-25T12:38:12.618319727Z 62 PC: 12c2e | Close file
2018-12-25T12:38:12.627323136Z 79 PC: 12bc1 | Find next file
2018-12-25T12:38:12.63038131Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.639531612Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.647092118Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.649016726Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.653982073Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.656548035Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.659892845Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.662103787Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.669491348Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.672595258Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.680173535Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.688229481Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.68986107Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.69284014Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.695306252Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.69873285Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.700226113Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.709059799Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.712018335Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.720006816Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.727087936Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.728680503Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.731402178Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.73266854Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.736182142Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.737748451Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.745808102Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.749853275Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.757243904Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.762572646Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.764423409Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.767343681Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.768686607Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.771868773Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.773464573Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.781341252Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.784580231Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.791822796Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.798689606Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.800239541Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.809125988Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.810556906Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.818246199Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.820035643Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.826522299Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.828407562Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.834334173Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.84140972Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.842959776Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.846474972Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.848053311Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.851139084Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.853199044Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.861594929Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.864514619Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.872301795Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.875287019Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.876779005Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.881714403Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.8834002Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.886448185Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.88959222Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.897770435Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.900720801Z 42 PC: 12b61 | Get date 0x12b61: cmp dh, 2
0x12b64: jne 0x12b71
0x12b66: cmp dl, 0xf
0x12b69: jne 0x12b71
0x12b6b: call 0x12b7c
0x12b6e: cli
0x12b6f: jmp 0x12b6f
0x12b71: xor ax, ax
0x12b73: int 0x16
0x12b75: pop bp
0x12b76: mov di, 0x100
0x12b79: cld
0x12b7a: jmp di
0x12b7c: mov ah, 0xe
0x12b7e: xor bh, bh
0x12b80: lodsb al, byte ptr [si]
0x12b81: ror al, 1
0x12b83: or ax, 0x74c0
0x12b86: add al, 0xcd
0x12b88: adc bl, ch

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13447,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:12.584819153Z 78 PC: 12ba6 | Find first file
2018-12-25T12:38:12.589257227Z 61 PC: 12bd9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:12.594822715Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:12.601496401Z 66 PC: 12bf2 | Move file pointer
2018-12-25T12:38:12.603532673Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-25T12:38:12.619933882Z 66 PC: 12c10 | Move file pointer
2018-12-25T12:38:12.621803073Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:12.629472173Z 87 PC: 12c2a | Get or set file date and time
2018-12-25T12:38:12.632136532Z 62 PC: 12c2e | Close file
2018-12-25T12:38:12.641113142Z 79 PC: 12bc1 | Find next file
2018-12-25T12:38:12.644080711Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.65259354Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.660334515Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.661879036Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.665090229Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.667641674Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.671069812Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.673277451Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.68281893Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.685849113Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.691302882Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.696383519Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.697678501Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.705484136Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.707215842Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.709718192Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.71093605Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.718199391Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.720620827Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.725432029Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.732971245Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.735245167Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.738176701Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.739603601Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.742563454Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.743871344Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.748881887Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.75145584Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.75577226Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.761497359Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.764418143Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.76746445Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.768700101Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.771159189Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.772622568Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.777763636Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.7805716Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.785093264Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.789509362Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.792323774Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.802706213Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.804394426Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.811711458Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.813334578Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.822216018Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.825072983Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.833043098Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.840252133Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.841832227Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.846341194Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.847805787Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.850706277Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.8529639Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.8616439Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.864665952Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.873085286Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.875928304Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.877344026Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.881154046Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.882727266Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.885733152Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.888373628Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.897964536Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.900944037Z 42 PC: 12b61 | Get date 0x12b61: cmp dh, 2
0x12b64: jne 0x12b71
0x12b66: cmp dl, 0xf
0x12b69: jne 0x12b71
0x12b6b: call 0x12b7c
0x12b6e: cli
0x12b6f: jmp 0x12b6f
0x12b71: xor ax, ax
0x12b73: int 0x16
0x12b75: pop bp
0x12b76: mov di, 0x100
0x12b79: cld
0x12b7a: jmp di
0x12b7c: mov ah, 0xe
0x12b7e: xor bh, bh
0x12b80: lodsb al, byte ptr [si]
0x12b81: ror al, 1
0x12b83: or ax, 0x74c0
0x12b86: add al, 0xcd
0x12b88: adc bl, ch

{"DateBased":true,"Day":15,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13447,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:12.677928808Z 78 PC: 12ba6 | Find first file
2018-12-25T12:38:12.684647284Z 61 PC: 12bd9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:12.691204977Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:12.697953296Z 66 PC: 12bf2 | Move file pointer
2018-12-25T12:38:12.700077703Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-25T12:38:12.713702051Z 66 PC: 12c10 | Move file pointer
2018-12-25T12:38:12.715342511Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:12.722084569Z 87 PC: 12c2a | Get or set file date and time
2018-12-25T12:38:12.724075883Z 62 PC: 12c2e | Close file
2018-12-25T12:38:12.73169148Z 79 PC: 12bc1 | Find next file
2018-12-25T12:38:12.73456757Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.741617689Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.74801484Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.749631152Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.752971763Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.754529618Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.757287511Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.759866758Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.766954264Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.769488272Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.776804992Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.798738868Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.800357097Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.803704293Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.805269664Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.808035886Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.810571052Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.831548488Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.834404457Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.841197855Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.848229643Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.849586608Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.852177088Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.854159575Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.857884252Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.863992253Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.886857491Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.889558526Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.89643775Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.910552968Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.912789508Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.915569662Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.917923104Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.920603105Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.922371986Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.929819339Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.932817221Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:12.939456802Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:12.946404405Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:12.959564816Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:12.967722695Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:12.969901387Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:12.976920943Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:12.978754108Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:12.986739877Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:12.989860793Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:13.009756085Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:13.015878841Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:13.019180589Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:13.022259995Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:13.023888403Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:13.027508908Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:13.029255035Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:13.036883647Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:13.040383852Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:38:13.046778549Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:38:13.049539211Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:38:13.052487859Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:38:13.055763962Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:38:13.057364883Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:38:13.061286813Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:38:13.062988909Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:38:13.070298905Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:38:13.073651773Z 42 PC: 12b61 | Get date 0x12b61: cmp dh, 2
0x12b64: jne 0x12b71
0x12b66: cmp dl, 0xf
0x12b69: jne 0x12b71
0x12b6b: call 0x12b7c
0x12b6e: cli
0x12b6f: jmp 0x12b6f
0x12b71: xor ax, ax
0x12b73: int 0x16
0x12b75: pop bp
0x12b76: mov di, 0x100
0x12b79: cld
0x12b7a: jmp di
0x12b7c: mov ah, 0xe
0x12b7e: xor bh, bh
0x12b80: lodsb al, byte ptr [si]
0x12b81: ror al, 1
0x12b83: or ax, 0x74c0
0x12b86: add al, 0xcd
0x12b88: adc bl, ch