Sample viewer

vx.netlux.org/Virus.DOS.LAVI.Cough.1437

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:51.916170378Z 9 PC: 12c45 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-17T23:00:51.918774662Z 42 PC: 12ae3 | Get date 0x12ae3: cmp dh, 0xb
0x12ae6: jne 0x12af3
0x12ae8: cmp dl, 0x1c
0x12aeb: jne 0x12af3
0x12aed: call 0x12c61
0x12af0: sub ch, 0
0x12af3: mov bl, bl
0x12af5: push cs
0x12af6: pop es
0x12af7: add ch, 0
0x12afa: mov si, 0x13e
0x12afd: cmp word ptr [bp + si + 1], 0x414c
0x12b02: jne 0x12b17
0x12b04: mov cx, cx
0x12b06: mov ah, 0xb9
0x12b08: sub ch, 0
0x12b0b: mov dx, dx
0x12b0d: int 0x21
0x12b0f: cmp ah, 0xb9
0x12b12: je 0x12b25
2018-12-17T23:00:51.92531938Z 185 PC: 12b0f | UNKNOWN!
2018-12-17T23:00:51.928026928Z 74 PC: 12b64 | Reallocate memory
2018-12-17T23:00:51.929827832Z 53 PC: 12b6f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:51.931985797Z 37 PC: 12b86 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:51.933271203Z 75 PC: 12c01 | Execute program
2018-12-17T23:00:51.952657311Z 9 PC: 134a5 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-17T23:00:51.956303052Z 42 PC: 13343 | Get date 0x13343: cmp dh, 0xb
0x13346: jne 0x13353
0x13348: cmp dl, 0x1c
0x1334b: jne 0x13353
0x1334d: call 0x134c1
0x13350: sub ch, 0
0x13353: mov bl, bl
0x13355: push cs
0x13356: pop es
0x13357: add ch, 0
0x1335a: mov si, 0x13e
0x1335d: cmp word ptr [bp + si + 1], 0x414c
0x13362: jne 0x13377
0x13364: mov cx, cx
0x13366: mov ah, 0xb9
0x13368: sub ch, 0
0x1336b: mov dx, dx
0x1336d: int 0x21
0x1336f: cmp ah, 0xb9
0x13372: je 0x13385
2018-12-17T23:00:51.959158147Z 76 PC: 132a4 | Terminate with return code (Return code = '1')
2018-12-17T23:00:51.962814027Z 73 PC: 12c1d | Release memory
2018-12-17T23:00:51.965711351Z 49 PC: 12c35 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13675,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:23.569530295Z 9 PC: 12c45 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T13:07:23.572598125Z 42 PC: 12ae3 | Get date 0x12ae3: cmp dh, 0xb
0x12ae6: jne 0x12af3
0x12ae8: cmp dl, 0x1c
0x12aeb: jne 0x12af3
0x12aed: call 0x12c61
0x12af0: sub ch, 0
0x12af3: mov bl, bl
0x12af5: push cs
0x12af6: pop es
0x12af7: add ch, 0
0x12afa: mov si, 0x13e
0x12afd: cmp word ptr [bp + si + 1], 0x414c
0x12b02: jne 0x12b17
0x12b04: mov cx, cx
0x12b06: mov ah, 0xb9
0x12b08: sub ch, 0
0x12b0b: mov dx, dx
0x12b0d: int 0x21
0x12b0f: cmp ah, 0xb9
0x12b12: je 0x12b25
2018-12-25T13:07:23.575844746Z 185 PC: 12b0f | UNKNOWN!
2018-12-25T13:07:23.57744721Z 74 PC: 12b64 | Reallocate memory
2018-12-25T13:07:23.579101081Z 53 PC: 12b6f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:23.58129158Z 37 PC: 12b86 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:23.583077575Z 75 PC: 12c01 | Execute program
2018-12-25T13:07:23.598988466Z 9 PC: 134a5 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T13:07:23.604742884Z 42 PC: 13343 | Get date 0x13343: cmp dh, 0xb
0x13346: jne 0x13353
0x13348: cmp dl, 0x1c
0x1334b: jne 0x13353
0x1334d: call 0x134c1
0x13350: sub ch, 0
0x13353: mov bl, bl
0x13355: push cs
0x13356: pop es
0x13357: add ch, 0
0x1335a: mov si, 0x13e
0x1335d: cmp word ptr [bp + si + 1], 0x414c
0x13362: jne 0x13377
0x13364: mov cx, cx
0x13366: mov ah, 0xb9
0x13368: sub ch, 0
0x1336b: mov dx, dx
0x1336d: int 0x21
0x1336f: cmp ah, 0xb9
0x13372: je 0x13385
2018-12-25T13:07:23.607352972Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T13:07:23.610988489Z 73 PC: 12c1d | Release memory
2018-12-25T13:07:23.613797249Z 49 PC: 12c35 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13675,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:44.185115018Z 9 PC: 12c45 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:44.187449798Z 42 PC: 12ae3 | Get date 0x12ae3: cmp dh, 0xb
0x12ae6: jne 0x12af3
0x12ae8: cmp dl, 0x1c
0x12aeb: jne 0x12af3
0x12aed: call 0x12c61
0x12af0: sub ch, 0
0x12af3: mov bl, bl
0x12af5: push cs
0x12af6: pop es
0x12af7: add ch, 0
0x12afa: mov si, 0x13e
0x12afd: cmp word ptr [bp + si + 1], 0x414c
0x12b02: jne 0x12b17
0x12b04: mov cx, cx
0x12b06: mov ah, 0xb9
0x12b08: sub ch, 0
0x12b0b: mov dx, dx
0x12b0d: int 0x21
0x12b0f: cmp ah, 0xb9
0x12b12: je 0x12b25
2018-12-25T12:38:44.189055245Z 185 PC: 12b0f | UNKNOWN!
2018-12-25T12:38:44.190111218Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:38:44.191701464Z 53 PC: 12b6f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:44.19307927Z 37 PC: 12b86 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:44.194161592Z 75 PC: 12c01 | Execute program
2018-12-25T12:38:44.203453279Z 9 PC: 134a5 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:44.206045665Z 42 PC: 13343 | Get date 0x13343: cmp dh, 0xb
0x13346: jne 0x13353
0x13348: cmp dl, 0x1c
0x1334b: jne 0x13353
0x1334d: call 0x134c1
0x13350: sub ch, 0
0x13353: mov bl, bl
0x13355: push cs
0x13356: pop es
0x13357: add ch, 0
0x1335a: mov si, 0x13e
0x1335d: cmp word ptr [bp + si + 1], 0x414c
0x13362: jne 0x13377
0x13364: mov cx, cx
0x13366: mov ah, 0xb9
0x13368: sub ch, 0
0x1336b: mov dx, dx
0x1336d: int 0x21
0x1336f: cmp ah, 0xb9
0x13372: je 0x13385
2018-12-25T12:38:44.207493601Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:38:44.209420118Z 73 PC: 12c1d | Release memory
2018-12-25T12:38:44.21098772Z 49 PC: 12c35 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":28,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13675,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:44.315927346Z 9 PC: 12c45 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:44.318750939Z 42 PC: 12ae3 | Get date 0x12ae3: cmp dh, 0xb
0x12ae6: jne 0x12af3
0x12ae8: cmp dl, 0x1c
0x12aeb: jne 0x12af3
0x12aed: call 0x12c61
0x12af0: sub ch, 0
0x12af3: mov bl, bl
0x12af5: push cs
0x12af6: pop es
0x12af7: add ch, 0
0x12afa: mov si, 0x13e
0x12afd: cmp word ptr [bp + si + 1], 0x414c
0x12b02: jne 0x12b17
0x12b04: mov cx, cx
0x12b06: mov ah, 0xb9
0x12b08: sub ch, 0
0x12b0b: mov dx, dx
0x12b0d: int 0x21
0x12b0f: cmp ah, 0xb9
0x12b12: je 0x12b25
2018-12-25T12:38:50.888905798Z 185 PC: 12b0f | UNKNOWN!
2018-12-25T12:38:50.890897727Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:38:50.893198632Z 53 PC: 12b6f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:50.895081272Z 37 PC: 12b86 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:50.89642962Z 75 PC: 12c01 | Execute program
2018-12-25T12:38:50.923909794Z 9 PC: 134a5 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:50.929055563Z 42 PC: 13343 | Get date 0x13343: cmp dh, 0xb
0x13346: jne 0x13353
0x13348: cmp dl, 0x1c
0x1334b: jne 0x13353
0x1334d: call 0x134c1
0x13350: sub ch, 0
0x13353: mov bl, bl
0x13355: push cs
0x13356: pop es
0x13357: add ch, 0
0x1335a: mov si, 0x13e
0x1335d: cmp word ptr [bp + si + 1], 0x414c
0x13362: jne 0x13377
0x13364: mov cx, cx
0x13366: mov ah, 0xb9
0x13368: sub ch, 0
0x1336b: mov dx, dx
0x1336d: int 0x21
0x1336f: cmp ah, 0xb9
0x13372: je 0x13385
2018-12-25T12:38:57.486721073Z 76 PC: 132a4 | Terminate with return code (Return code = '0')
2018-12-25T12:38:57.489996113Z 73 PC: 12c1d | Release memory
2018-12-25T12:38:57.4933004Z 49 PC: 12c35 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13675,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:45.029000509Z 9 PC: 12c45 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:45.033063195Z 42 PC: 12ae3 | Get date 0x12ae3: cmp dh, 0xb
0x12ae6: jne 0x12af3
0x12ae8: cmp dl, 0x1c
0x12aeb: jne 0x12af3
0x12aed: call 0x12c61
0x12af0: sub ch, 0
0x12af3: mov bl, bl
0x12af5: push cs
0x12af6: pop es
0x12af7: add ch, 0
0x12afa: mov si, 0x13e
0x12afd: cmp word ptr [bp + si + 1], 0x414c
0x12b02: jne 0x12b17
0x12b04: mov cx, cx
0x12b06: mov ah, 0xb9
0x12b08: sub ch, 0
0x12b0b: mov dx, dx
0x12b0d: int 0x21
0x12b0f: cmp ah, 0xb9
0x12b12: je 0x12b25
2018-12-25T12:38:45.035670154Z 185 PC: 12b0f | UNKNOWN!
2018-12-25T12:38:45.037350459Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:38:45.040177683Z 53 PC: 12b6f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:45.04173163Z 37 PC: 12b86 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:45.043335466Z 75 PC: 12c01 | Execute program
2018-12-25T12:38:45.058182437Z 9 PC: 134a5 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:45.062905788Z 42 PC: 13343 | Get date 0x13343: cmp dh, 0xb
0x13346: jne 0x13353
0x13348: cmp dl, 0x1c
0x1334b: jne 0x13353
0x1334d: call 0x134c1
0x13350: sub ch, 0
0x13353: mov bl, bl
0x13355: push cs
0x13356: pop es
0x13357: add ch, 0
0x1335a: mov si, 0x13e
0x1335d: cmp word ptr [bp + si + 1], 0x414c
0x13362: jne 0x13377
0x13364: mov cx, cx
0x13366: mov ah, 0xb9
0x13368: sub ch, 0
0x1336b: mov dx, dx
0x1336d: int 0x21
0x1336f: cmp ah, 0xb9
0x13372: je 0x13385
2018-12-25T12:38:45.065346715Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:38:45.068521699Z 73 PC: 12c1d | Release memory
2018-12-25T12:38:45.070650806Z 49 PC: 12c35 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13675,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:45.065006435Z 9 PC: 12c45 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:45.067980851Z 42 PC: 12ae3 | Get date 0x12ae3: cmp dh, 0xb
0x12ae6: jne 0x12af3
0x12ae8: cmp dl, 0x1c
0x12aeb: jne 0x12af3
0x12aed: call 0x12c61
0x12af0: sub ch, 0
0x12af3: mov bl, bl
0x12af5: push cs
0x12af6: pop es
0x12af7: add ch, 0
0x12afa: mov si, 0x13e
0x12afd: cmp word ptr [bp + si + 1], 0x414c
0x12b02: jne 0x12b17
0x12b04: mov cx, cx
0x12b06: mov ah, 0xb9
0x12b08: sub ch, 0
0x12b0b: mov dx, dx
0x12b0d: int 0x21
0x12b0f: cmp ah, 0xb9
0x12b12: je 0x12b25
2018-12-25T12:38:45.070345673Z 185 PC: 12b0f | UNKNOWN!
2018-12-25T12:38:45.071926089Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:38:45.0741723Z 53 PC: 12b6f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:45.075518462Z 37 PC: 12b86 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:45.081500271Z 75 PC: 12c01 | Execute program
2018-12-25T12:38:45.096394653Z 9 PC: 134a5 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:45.113957831Z 42 PC: 13343 | Get date 0x13343: cmp dh, 0xb
0x13346: jne 0x13353
0x13348: cmp dl, 0x1c
0x1334b: jne 0x13353
0x1334d: call 0x134c1
0x13350: sub ch, 0
0x13353: mov bl, bl
0x13355: push cs
0x13356: pop es
0x13357: add ch, 0
0x1335a: mov si, 0x13e
0x1335d: cmp word ptr [bp + si + 1], 0x414c
0x13362: jne 0x13377
0x13364: mov cx, cx
0x13366: mov ah, 0xb9
0x13368: sub ch, 0
0x1336b: mov dx, dx
0x1336d: int 0x21
0x1336f: cmp ah, 0xb9
0x13372: je 0x13385
2018-12-25T12:38:45.117521421Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:38:45.122967008Z 73 PC: 12c1d | Release memory
2018-12-25T12:38:45.124839254Z 49 PC: 12c35 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":28,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13675,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:46.114681828Z 9 PC: 12c45 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:46.116499518Z 42 PC: 12ae3 | Get date 0x12ae3: cmp dh, 0xb
0x12ae6: jne 0x12af3
0x12ae8: cmp dl, 0x1c
0x12aeb: jne 0x12af3
0x12aed: call 0x12c61
0x12af0: sub ch, 0
0x12af3: mov bl, bl
0x12af5: push cs
0x12af6: pop es
0x12af7: add ch, 0
0x12afa: mov si, 0x13e
0x12afd: cmp word ptr [bp + si + 1], 0x414c
0x12b02: jne 0x12b17
0x12b04: mov cx, cx
0x12b06: mov ah, 0xb9
0x12b08: sub ch, 0
0x12b0b: mov dx, dx
0x12b0d: int 0x21
0x12b0f: cmp ah, 0xb9
0x12b12: je 0x12b25
2018-12-25T12:38:52.687896438Z 185 PC: 12b0f | UNKNOWN!
2018-12-25T12:38:52.689728644Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:38:52.692103841Z 53 PC: 12b6f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:52.693835012Z 37 PC: 12b86 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:52.695437027Z 75 PC: 12c01 | Execute program
2018-12-25T12:38:52.71288753Z 9 PC: 134a5 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:52.716895456Z 42 PC: 13343 | Get date 0x13343: cmp dh, 0xb
0x13346: jne 0x13353
0x13348: cmp dl, 0x1c
0x1334b: jne 0x13353
0x1334d: call 0x134c1
0x13350: sub ch, 0
0x13353: mov bl, bl
0x13355: push cs
0x13356: pop es
0x13357: add ch, 0
0x1335a: mov si, 0x13e
0x1335d: cmp word ptr [bp + si + 1], 0x414c
0x13362: jne 0x13377
0x13364: mov cx, cx
0x13366: mov ah, 0xb9
0x13368: sub ch, 0
0x1336b: mov dx, dx
0x1336d: int 0x21
0x1336f: cmp ah, 0xb9
0x13372: je 0x13385
2018-12-25T12:38:59.285327407Z 76 PC: 132a4 | Terminate with return code (Return code = '0')
2018-12-25T12:38:59.287524879Z 73 PC: 12c1d | Release memory
2018-12-25T12:38:59.289131802Z 49 PC: 12c35 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13675,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:46.423610713Z 9 PC: 12c45 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:46.42645972Z 42 PC: 12ae3 | Get date 0x12ae3: cmp dh, 0xb
0x12ae6: jne 0x12af3
0x12ae8: cmp dl, 0x1c
0x12aeb: jne 0x12af3
0x12aed: call 0x12c61
0x12af0: sub ch, 0
0x12af3: mov bl, bl
0x12af5: push cs
0x12af6: pop es
0x12af7: add ch, 0
0x12afa: mov si, 0x13e
0x12afd: cmp word ptr [bp + si + 1], 0x414c
0x12b02: jne 0x12b17
0x12b04: mov cx, cx
0x12b06: mov ah, 0xb9
0x12b08: sub ch, 0
0x12b0b: mov dx, dx
0x12b0d: int 0x21
0x12b0f: cmp ah, 0xb9
0x12b12: je 0x12b25
2018-12-25T12:38:46.430029258Z 185 PC: 12b0f | UNKNOWN!
2018-12-25T12:38:46.431521604Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:38:46.43285889Z 53 PC: 12b6f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:46.434596736Z 37 PC: 12b86 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:46.435743628Z 75 PC: 12c01 | Execute program
2018-12-25T12:38:46.446790516Z 9 PC: 134a5 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:46.452569291Z 42 PC: 13343 | Get date 0x13343: cmp dh, 0xb
0x13346: jne 0x13353
0x13348: cmp dl, 0x1c
0x1334b: jne 0x13353
0x1334d: call 0x134c1
0x13350: sub ch, 0
0x13353: mov bl, bl
0x13355: push cs
0x13356: pop es
0x13357: add ch, 0
0x1335a: mov si, 0x13e
0x1335d: cmp word ptr [bp + si + 1], 0x414c
0x13362: jne 0x13377
0x13364: mov cx, cx
0x13366: mov ah, 0xb9
0x13368: sub ch, 0
0x1336b: mov dx, dx
0x1336d: int 0x21
0x1336f: cmp ah, 0xb9
0x13372: je 0x13385
2018-12-25T12:38:46.455058879Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:38:46.45833955Z 73 PC: 12c1d | Release memory
2018-12-25T12:38:46.462193544Z 49 PC: 12c35 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13675,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:46.464951953Z 9 PC: 12c45 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:46.467549863Z 42 PC: 12ae3 | Get date 0x12ae3: cmp dh, 0xb
0x12ae6: jne 0x12af3
0x12ae8: cmp dl, 0x1c
0x12aeb: jne 0x12af3
0x12aed: call 0x12c61
0x12af0: sub ch, 0
0x12af3: mov bl, bl
0x12af5: push cs
0x12af6: pop es
0x12af7: add ch, 0
0x12afa: mov si, 0x13e
0x12afd: cmp word ptr [bp + si + 1], 0x414c
0x12b02: jne 0x12b17
0x12b04: mov cx, cx
0x12b06: mov ah, 0xb9
0x12b08: sub ch, 0
0x12b0b: mov dx, dx
0x12b0d: int 0x21
0x12b0f: cmp ah, 0xb9
0x12b12: je 0x12b25
2018-12-25T12:38:46.470586796Z 185 PC: 12b0f | UNKNOWN!
2018-12-25T12:38:46.474879759Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:38:46.476690592Z 53 PC: 12b6f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:46.478678442Z 37 PC: 12b86 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:46.479627962Z 75 PC: 12c01 | Execute program
2018-12-25T12:38:46.49631349Z 9 PC: 134a5 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:46.501744499Z 42 PC: 13343 | Get date 0x13343: cmp dh, 0xb
0x13346: jne 0x13353
0x13348: cmp dl, 0x1c
0x1334b: jne 0x13353
0x1334d: call 0x134c1
0x13350: sub ch, 0
0x13353: mov bl, bl
0x13355: push cs
0x13356: pop es
0x13357: add ch, 0
0x1335a: mov si, 0x13e
0x1335d: cmp word ptr [bp + si + 1], 0x414c
0x13362: jne 0x13377
0x13364: mov cx, cx
0x13366: mov ah, 0xb9
0x13368: sub ch, 0
0x1336b: mov dx, dx
0x1336d: int 0x21
0x1336f: cmp ah, 0xb9
0x13372: je 0x13385
2018-12-25T12:38:46.504584481Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:38:46.50788194Z 73 PC: 12c1d | Release memory
2018-12-25T12:38:46.510194601Z 49 PC: 12c35 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":28,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13675,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:46.485968337Z 9 PC: 12c45 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:46.489445345Z 42 PC: 12ae3 | Get date 0x12ae3: cmp dh, 0xb
0x12ae6: jne 0x12af3
0x12ae8: cmp dl, 0x1c
0x12aeb: jne 0x12af3
0x12aed: call 0x12c61
0x12af0: sub ch, 0
0x12af3: mov bl, bl
0x12af5: push cs
0x12af6: pop es
0x12af7: add ch, 0
0x12afa: mov si, 0x13e
0x12afd: cmp word ptr [bp + si + 1], 0x414c
0x12b02: jne 0x12b17
0x12b04: mov cx, cx
0x12b06: mov ah, 0xb9
0x12b08: sub ch, 0
0x12b0b: mov dx, dx
0x12b0d: int 0x21
0x12b0f: cmp ah, 0xb9
0x12b12: je 0x12b25
2018-12-25T12:38:53.085637661Z 185 PC: 12b0f | UNKNOWN!
2018-12-25T12:38:53.087234837Z 74 PC: 12b64 | Reallocate memory
2018-12-25T12:38:53.08883127Z 53 PC: 12b6f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:53.091066995Z 37 PC: 12b86 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:53.092741071Z 75 PC: 12c01 | Execute program
2018-12-25T12:38:53.111500762Z 9 PC: 134a5 | Display string (String= '“pZp.5p€õCON Gp€õ!AUX YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:53.117089339Z 42 PC: 13343 | Get date 0x13343: cmp dh, 0xb
0x13346: jne 0x13353
0x13348: cmp dl, 0x1c
0x1334b: jne 0x13353
0x1334d: call 0x134c1
0x13350: sub ch, 0
0x13353: mov bl, bl
0x13355: push cs
0x13356: pop es
0x13357: add ch, 0
0x1335a: mov si, 0x13e
0x1335d: cmp word ptr [bp + si + 1], 0x414c
0x13362: jne 0x13377
0x13364: mov cx, cx
0x13366: mov ah, 0xb9
0x13368: sub ch, 0
0x1336b: mov dx, dx
0x1336d: int 0x21
0x1336f: cmp ah, 0xb9
0x13372: je 0x13385
2018-12-25T12:38:59.68288737Z 76 PC: 132a4 | Terminate with return code (Return code = '0')
2018-12-25T12:38:59.686030415Z 73 PC: 12c1d | Release memory
2018-12-25T12:38:59.687878793Z 49 PC: 12c35 | Terminate and stay resident (Return code = '1' | Memory size = '128')