Sample viewer

vx.netlux.org/Virus.DOS.LAVI.Cough.1446

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:13.181477684Z 9 PC: 12c86 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-17T23:01:13.187154402Z 42 PC: 12afe | Get date 0x12afe: cmp dh, 0xb
0x12b01: jne 0x12b12
0x12b03: sub ax, 0
0x12b06: cmp dl, 0x1e
0x12b09: jne 0x12b12
0x12b0b: mov di, di
0x12b0d: mov ch, ch
0x12b0f: call 0x12ca2
0x12b12: sub bh, 0
0x12b15: mov dh, dh
0x12b17: push cs
0x12b18: pop es
0x12b19: mov si, 0x13e
0x12b1c: add bh, 0
0x12b1f: sub ah, 0
0x12b22: cmp word ptr [bp + si + 1], 0x414c
0x12b27: jne 0x12b38
0x12b29: add ax, 0
0x12b2c: mov ah, 0xc9
0x12b2e: int 0x21
2018-12-17T23:01:13.188550727Z 201 PC: 12b30 | UNKNOWN!
2018-12-17T23:01:13.189352045Z 74 PC: 12b90 | Reallocate memory
2018-12-17T23:01:13.190837384Z 53 PC: 12b9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:13.191742246Z 37 PC: 12bbd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:13.192586619Z 75 PC: 12c4f | Execute program
2018-12-17T23:01:13.20122858Z 9 PC: 134e6 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-17T23:01:13.20268797Z 42 PC: 1335e | Get date 0x1335e: cmp dh, 0xb
0x13361: jne 0x13372
0x13363: sub ax, 0
0x13366: cmp dl, 0x1e
0x13369: jne 0x13372
0x1336b: mov di, di
0x1336d: mov ch, ch
0x1336f: call 0x13502
0x13372: sub bh, 0
0x13375: mov dh, dh
0x13377: push cs
0x13378: pop es
0x13379: mov si, 0x13e
0x1337c: add bh, 0
0x1337f: sub ah, 0
0x13382: cmp word ptr [bp + si + 1], 0x414c
0x13387: jne 0x13398
0x13389: add ax, 0
0x1338c: mov ah, 0xc9
0x1338e: int 0x21
2018-12-17T23:01:13.204208463Z 76 PC: 132a4 | Terminate with return code (Return code = '1')
2018-12-17T23:01:13.212599752Z 73 PC: 12c70 | Release memory
2018-12-17T23:01:13.213772382Z 49 PC: 12c7e | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:59.256348995Z 9 PC: 12c86 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:59.259246176Z 42 PC: 12afe | Get date 0x12afe: cmp dh, 0xb
0x12b01: jne 0x12b12
0x12b03: sub ax, 0
0x12b06: cmp dl, 0x1e
0x12b09: jne 0x12b12
0x12b0b: mov di, di
0x12b0d: mov ch, ch
0x12b0f: call 0x12ca2
0x12b12: sub bh, 0
0x12b15: mov dh, dh
0x12b17: push cs
0x12b18: pop es
0x12b19: mov si, 0x13e
0x12b1c: add bh, 0
0x12b1f: sub ah, 0
0x12b22: cmp word ptr [bp + si + 1], 0x414c
0x12b27: jne 0x12b38
0x12b29: add ax, 0
0x12b2c: mov ah, 0xc9
0x12b2e: int 0x21
2018-12-25T12:38:59.261755356Z 201 PC: 12b30 | UNKNOWN!
2018-12-25T12:38:59.263164875Z 74 PC: 12b90 | Reallocate memory
2018-12-25T12:38:59.26443435Z 53 PC: 12b9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:59.266251837Z 37 PC: 12bbd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:59.267765239Z 75 PC: 12c4f | Execute program
2018-12-25T12:38:59.283275793Z 9 PC: 134e6 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:59.289301002Z 42 PC: 1335e | Get date 0x1335e: cmp dh, 0xb
0x13361: jne 0x13372
0x13363: sub ax, 0
0x13366: cmp dl, 0x1e
0x13369: jne 0x13372
0x1336b: mov di, di
0x1336d: mov ch, ch
0x1336f: call 0x13502
0x13372: sub bh, 0
0x13375: mov dh, dh
0x13377: push cs
0x13378: pop es
0x13379: mov si, 0x13e
0x1337c: add bh, 0
0x1337f: sub ah, 0
0x13382: cmp word ptr [bp + si + 1], 0x414c
0x13387: jne 0x13398
0x13389: add ax, 0
0x1338c: mov ah, 0xc9
0x1338e: int 0x21
2018-12-25T12:38:59.291735898Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:38:59.295018901Z 73 PC: 12c70 | Release memory
2018-12-25T12:38:59.312249292Z 49 PC: 12c7e | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:59.311280911Z 9 PC: 12c86 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:59.31392852Z 42 PC: 12afe | Get date 0x12afe: cmp dh, 0xb
0x12b01: jne 0x12b12
0x12b03: sub ax, 0
0x12b06: cmp dl, 0x1e
0x12b09: jne 0x12b12
0x12b0b: mov di, di
0x12b0d: mov ch, ch
0x12b0f: call 0x12ca2
0x12b12: sub bh, 0
0x12b15: mov dh, dh
0x12b17: push cs
0x12b18: pop es
0x12b19: mov si, 0x13e
0x12b1c: add bh, 0
0x12b1f: sub ah, 0
0x12b22: cmp word ptr [bp + si + 1], 0x414c
0x12b27: jne 0x12b38
0x12b29: add ax, 0
0x12b2c: mov ah, 0xc9
0x12b2e: int 0x21
2018-12-25T12:38:59.316359583Z 201 PC: 12b30 | UNKNOWN!
2018-12-25T12:38:59.317812803Z 74 PC: 12b90 | Reallocate memory
2018-12-25T12:38:59.319333881Z 53 PC: 12b9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:59.320792304Z 37 PC: 12bbd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:59.322006255Z 75 PC: 12c4f | Execute program
2018-12-25T12:38:59.337518198Z 9 PC: 134e6 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:59.341584354Z 42 PC: 1335e | Get date 0x1335e: cmp dh, 0xb
0x13361: jne 0x13372
0x13363: sub ax, 0
0x13366: cmp dl, 0x1e
0x13369: jne 0x13372
0x1336b: mov di, di
0x1336d: mov ch, ch
0x1336f: call 0x13502
0x13372: sub bh, 0
0x13375: mov dh, dh
0x13377: push cs
0x13378: pop es
0x13379: mov si, 0x13e
0x1337c: add bh, 0
0x1337f: sub ah, 0
0x13382: cmp word ptr [bp + si + 1], 0x414c
0x13387: jne 0x13398
0x13389: add ax, 0
0x1338c: mov ah, 0xc9
0x1338e: int 0x21
2018-12-25T12:38:59.34390714Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:38:59.347066606Z 73 PC: 12c70 | Release memory
2018-12-25T12:38:59.34873997Z 49 PC: 12c7e | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":30,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:59.344870825Z 9 PC: 12c86 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:59.347532901Z 42 PC: 12afe | Get date 0x12afe: cmp dh, 0xb
0x12b01: jne 0x12b12
0x12b03: sub ax, 0
0x12b06: cmp dl, 0x1e
0x12b09: jne 0x12b12
0x12b0b: mov di, di
0x12b0d: mov ch, ch
0x12b0f: call 0x12ca2
0x12b12: sub bh, 0
0x12b15: mov dh, dh
0x12b17: push cs
0x12b18: pop es
0x12b19: mov si, 0x13e
0x12b1c: add bh, 0
0x12b1f: sub ah, 0
0x12b22: cmp word ptr [bp + si + 1], 0x414c
0x12b27: jne 0x12b38
0x12b29: add ax, 0
0x12b2c: mov ah, 0xc9
0x12b2e: int 0x21
2018-12-25T12:38:59.350435095Z 201 PC: 12b30 | UNKNOWN!
2018-12-25T12:38:59.351711095Z 74 PC: 12b90 | Reallocate memory
2018-12-25T12:38:59.353660763Z 53 PC: 12b9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:59.354745451Z 37 PC: 12bbd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:59.355791593Z 75 PC: 12c4f | Execute program
2018-12-25T12:38:59.369897998Z 9 PC: 134e6 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:59.373455833Z 42 PC: 1335e | Get date 0x1335e: cmp dh, 0xb
0x13361: jne 0x13372
0x13363: sub ax, 0
0x13366: cmp dl, 0x1e
0x13369: jne 0x13372
0x1336b: mov di, di
0x1336d: mov ch, ch
0x1336f: call 0x13502
0x13372: sub bh, 0
0x13375: mov dh, dh
0x13377: push cs
0x13378: pop es
0x13379: mov si, 0x13e
0x1337c: add bh, 0
0x1337f: sub ah, 0
0x13382: cmp word ptr [bp + si + 1], 0x414c
0x13387: jne 0x13398
0x13389: add ax, 0
0x1338c: mov ah, 0xc9
0x1338e: int 0x21
2018-12-25T12:38:59.376559876Z 76 PC: 132a4 | Terminate with return code (Return code = '7')
2018-12-25T12:38:59.379936621Z 73 PC: 12c70 | Release memory
2018-12-25T12:38:59.381581413Z 49 PC: 12c7e | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:59.381755401Z 9 PC: 12c86 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:59.385007896Z 42 PC: 12afe | Get date 0x12afe: cmp dh, 0xb
0x12b01: jne 0x12b12
0x12b03: sub ax, 0
0x12b06: cmp dl, 0x1e
0x12b09: jne 0x12b12
0x12b0b: mov di, di
0x12b0d: mov ch, ch
0x12b0f: call 0x12ca2
0x12b12: sub bh, 0
0x12b15: mov dh, dh
0x12b17: push cs
0x12b18: pop es
0x12b19: mov si, 0x13e
0x12b1c: add bh, 0
0x12b1f: sub ah, 0
0x12b22: cmp word ptr [bp + si + 1], 0x414c
0x12b27: jne 0x12b38
0x12b29: add ax, 0
0x12b2c: mov ah, 0xc9
0x12b2e: int 0x21
2018-12-25T12:38:59.387072112Z 201 PC: 12b30 | UNKNOWN!
2018-12-25T12:38:59.38827293Z 74 PC: 12b90 | Reallocate memory
2018-12-25T12:38:59.389972623Z 53 PC: 12b9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:59.391043496Z 37 PC: 12bbd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:59.392104199Z 75 PC: 12c4f | Execute program
2018-12-25T12:38:59.406572511Z 9 PC: 134e6 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:59.409447094Z 42 PC: 1335e | Get date 0x1335e: cmp dh, 0xb
0x13361: jne 0x13372
0x13363: sub ax, 0
0x13366: cmp dl, 0x1e
0x13369: jne 0x13372
0x1336b: mov di, di
0x1336d: mov ch, ch
0x1336f: call 0x13502
0x13372: sub bh, 0
0x13375: mov dh, dh
0x13377: push cs
0x13378: pop es
0x13379: mov si, 0x13e
0x1337c: add bh, 0
0x1337f: sub ah, 0
0x13382: cmp word ptr [bp + si + 1], 0x414c
0x13387: jne 0x13398
0x13389: add ax, 0
0x1338c: mov ah, 0xc9
0x1338e: int 0x21
2018-12-25T12:38:59.412054613Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:38:59.418400616Z 73 PC: 12c70 | Release memory
2018-12-25T12:38:59.42046851Z 49 PC: 12c7e | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:59.409269293Z 9 PC: 12c86 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:59.412539032Z 42 PC: 12afe | Get date 0x12afe: cmp dh, 0xb
0x12b01: jne 0x12b12
0x12b03: sub ax, 0
0x12b06: cmp dl, 0x1e
0x12b09: jne 0x12b12
0x12b0b: mov di, di
0x12b0d: mov ch, ch
0x12b0f: call 0x12ca2
0x12b12: sub bh, 0
0x12b15: mov dh, dh
0x12b17: push cs
0x12b18: pop es
0x12b19: mov si, 0x13e
0x12b1c: add bh, 0
0x12b1f: sub ah, 0
0x12b22: cmp word ptr [bp + si + 1], 0x414c
0x12b27: jne 0x12b38
0x12b29: add ax, 0
0x12b2c: mov ah, 0xc9
0x12b2e: int 0x21
2018-12-25T12:38:59.414863737Z 201 PC: 12b30 | UNKNOWN!
2018-12-25T12:38:59.416149835Z 74 PC: 12b90 | Reallocate memory
2018-12-25T12:38:59.417444485Z 53 PC: 12b9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:59.421635242Z 37 PC: 12bbd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:59.422892075Z 75 PC: 12c4f | Execute program
2018-12-25T12:38:59.438615288Z 9 PC: 134e6 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:38:59.442997512Z 42 PC: 1335e | Get date 0x1335e: cmp dh, 0xb
0x13361: jne 0x13372
0x13363: sub ax, 0
0x13366: cmp dl, 0x1e
0x13369: jne 0x13372
0x1336b: mov di, di
0x1336d: mov ch, ch
0x1336f: call 0x13502
0x13372: sub bh, 0
0x13375: mov dh, dh
0x13377: push cs
0x13378: pop es
0x13379: mov si, 0x13e
0x1337c: add bh, 0
0x1337f: sub ah, 0
0x13382: cmp word ptr [bp + si + 1], 0x414c
0x13387: jne 0x13398
0x13389: add ax, 0
0x1338c: mov ah, 0xc9
0x1338e: int 0x21
2018-12-25T12:38:59.446407093Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:38:59.450191308Z 73 PC: 12c70 | Release memory
2018-12-25T12:38:59.452727054Z 49 PC: 12c7e | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":30,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:00.097253718Z 9 PC: 12c86 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:39:00.100196868Z 42 PC: 12afe | Get date 0x12afe: cmp dh, 0xb
0x12b01: jne 0x12b12
0x12b03: sub ax, 0
0x12b06: cmp dl, 0x1e
0x12b09: jne 0x12b12
0x12b0b: mov di, di
0x12b0d: mov ch, ch
0x12b0f: call 0x12ca2
0x12b12: sub bh, 0
0x12b15: mov dh, dh
0x12b17: push cs
0x12b18: pop es
0x12b19: mov si, 0x13e
0x12b1c: add bh, 0
0x12b1f: sub ah, 0
0x12b22: cmp word ptr [bp + si + 1], 0x414c
0x12b27: jne 0x12b38
0x12b29: add ax, 0
0x12b2c: mov ah, 0xc9
0x12b2e: int 0x21
2018-12-25T12:39:00.103085228Z 201 PC: 12b30 | UNKNOWN!
2018-12-25T12:39:00.104286304Z 74 PC: 12b90 | Reallocate memory
2018-12-25T12:39:00.105967609Z 53 PC: 12b9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:00.107834923Z 37 PC: 12bbd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:00.108937465Z 75 PC: 12c4f | Execute program
2018-12-25T12:39:00.122902067Z 9 PC: 134e6 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:39:00.126524995Z 42 PC: 1335e | Get date 0x1335e: cmp dh, 0xb
0x13361: jne 0x13372
0x13363: sub ax, 0
0x13366: cmp dl, 0x1e
0x13369: jne 0x13372
0x1336b: mov di, di
0x1336d: mov ch, ch
0x1336f: call 0x13502
0x13372: sub bh, 0
0x13375: mov dh, dh
0x13377: push cs
0x13378: pop es
0x13379: mov si, 0x13e
0x1337c: add bh, 0
0x1337f: sub ah, 0
0x13382: cmp word ptr [bp + si + 1], 0x414c
0x13387: jne 0x13398
0x13389: add ax, 0
0x1338c: mov ah, 0xc9
0x1338e: int 0x21
2018-12-25T12:39:00.129205525Z 76 PC: 132a4 | Terminate with return code (Return code = '7')
2018-12-25T12:39:00.132002848Z 73 PC: 12c70 | Release memory
2018-12-25T12:39:00.138909207Z 49 PC: 12c7e | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:00.167167245Z 9 PC: 12c86 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:39:00.171405176Z 42 PC: 12afe | Get date 0x12afe: cmp dh, 0xb
0x12b01: jne 0x12b12
0x12b03: sub ax, 0
0x12b06: cmp dl, 0x1e
0x12b09: jne 0x12b12
0x12b0b: mov di, di
0x12b0d: mov ch, ch
0x12b0f: call 0x12ca2
0x12b12: sub bh, 0
0x12b15: mov dh, dh
0x12b17: push cs
0x12b18: pop es
0x12b19: mov si, 0x13e
0x12b1c: add bh, 0
0x12b1f: sub ah, 0
0x12b22: cmp word ptr [bp + si + 1], 0x414c
0x12b27: jne 0x12b38
0x12b29: add ax, 0
0x12b2c: mov ah, 0xc9
0x12b2e: int 0x21
2018-12-25T12:39:00.17312097Z 201 PC: 12b30 | UNKNOWN!
2018-12-25T12:39:00.174104744Z 74 PC: 12b90 | Reallocate memory
2018-12-25T12:39:00.175735276Z 53 PC: 12b9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:00.177020707Z 37 PC: 12bbd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:00.178067274Z 75 PC: 12c4f | Execute program
2018-12-25T12:39:00.193728741Z 9 PC: 134e6 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:39:00.199948298Z 42 PC: 1335e | Get date 0x1335e: cmp dh, 0xb
0x13361: jne 0x13372
0x13363: sub ax, 0
0x13366: cmp dl, 0x1e
0x13369: jne 0x13372
0x1336b: mov di, di
0x1336d: mov ch, ch
0x1336f: call 0x13502
0x13372: sub bh, 0
0x13375: mov dh, dh
0x13377: push cs
0x13378: pop es
0x13379: mov si, 0x13e
0x1337c: add bh, 0
0x1337f: sub ah, 0
0x13382: cmp word ptr [bp + si + 1], 0x414c
0x13387: jne 0x13398
0x13389: add ax, 0
0x1338c: mov ah, 0xc9
0x1338e: int 0x21
2018-12-25T12:39:00.202348601Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:39:00.205511988Z 73 PC: 12c70 | Release memory
2018-12-25T12:39:00.207438377Z 49 PC: 12c7e | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:00.228720912Z 9 PC: 12c86 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:39:00.231214231Z 42 PC: 12afe | Get date 0x12afe: cmp dh, 0xb
0x12b01: jne 0x12b12
0x12b03: sub ax, 0
0x12b06: cmp dl, 0x1e
0x12b09: jne 0x12b12
0x12b0b: mov di, di
0x12b0d: mov ch, ch
0x12b0f: call 0x12ca2
0x12b12: sub bh, 0
0x12b15: mov dh, dh
0x12b17: push cs
0x12b18: pop es
0x12b19: mov si, 0x13e
0x12b1c: add bh, 0
0x12b1f: sub ah, 0
0x12b22: cmp word ptr [bp + si + 1], 0x414c
0x12b27: jne 0x12b38
0x12b29: add ax, 0
0x12b2c: mov ah, 0xc9
0x12b2e: int 0x21
2018-12-25T12:39:00.233272178Z 201 PC: 12b30 | UNKNOWN!
2018-12-25T12:39:00.234526925Z 74 PC: 12b90 | Reallocate memory
2018-12-25T12:39:00.236139752Z 53 PC: 12b9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:00.237272206Z 37 PC: 12bbd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:00.238354046Z 75 PC: 12c4f | Execute program
2018-12-25T12:39:00.252058696Z 9 PC: 134e6 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:39:00.255359008Z 42 PC: 1335e | Get date 0x1335e: cmp dh, 0xb
0x13361: jne 0x13372
0x13363: sub ax, 0
0x13366: cmp dl, 0x1e
0x13369: jne 0x13372
0x1336b: mov di, di
0x1336d: mov ch, ch
0x1336f: call 0x13502
0x13372: sub bh, 0
0x13375: mov dh, dh
0x13377: push cs
0x13378: pop es
0x13379: mov si, 0x13e
0x1337c: add bh, 0
0x1337f: sub ah, 0
0x13382: cmp word ptr [bp + si + 1], 0x414c
0x13387: jne 0x13398
0x13389: add ax, 0
0x1338c: mov ah, 0xc9
0x1338e: int 0x21
2018-12-25T12:39:00.2573299Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:39:00.260374045Z 73 PC: 12c70 | Release memory
2018-12-25T12:39:00.261499488Z 49 PC: 12c7e | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":30,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13792,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:00.6406594Z 9 PC: 12c86 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:39:00.643484853Z 42 PC: 12afe | Get date 0x12afe: cmp dh, 0xb
0x12b01: jne 0x12b12
0x12b03: sub ax, 0
0x12b06: cmp dl, 0x1e
0x12b09: jne 0x12b12
0x12b0b: mov di, di
0x12b0d: mov ch, ch
0x12b0f: call 0x12ca2
0x12b12: sub bh, 0
0x12b15: mov dh, dh
0x12b17: push cs
0x12b18: pop es
0x12b19: mov si, 0x13e
0x12b1c: add bh, 0
0x12b1f: sub ah, 0
0x12b22: cmp word ptr [bp + si + 1], 0x414c
0x12b27: jne 0x12b38
0x12b29: add ax, 0
0x12b2c: mov ah, 0xc9
0x12b2e: int 0x21
2018-12-25T12:39:00.646602509Z 201 PC: 12b30 | UNKNOWN!
2018-12-25T12:39:00.647954132Z 74 PC: 12b90 | Reallocate memory
2018-12-25T12:39:00.649124895Z 53 PC: 12b9a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:00.650332858Z 37 PC: 12bbd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:00.651575773Z 75 PC: 12c4f | Execute program
2018-12-25T12:39:00.661214397Z 9 PC: 134e6 | Display string (String= 'YpÀ õPRN kp€õ9CLOCK')
2018-12-25T12:39:00.665604498Z 42 PC: 1335e | Get date 0x1335e: cmp dh, 0xb
0x13361: jne 0x13372
0x13363: sub ax, 0
0x13366: cmp dl, 0x1e
0x13369: jne 0x13372
0x1336b: mov di, di
0x1336d: mov ch, ch
0x1336f: call 0x13502
0x13372: sub bh, 0
0x13375: mov dh, dh
0x13377: push cs
0x13378: pop es
0x13379: mov si, 0x13e
0x1337c: add bh, 0
0x1337f: sub ah, 0
0x13382: cmp word ptr [bp + si + 1], 0x414c
0x13387: jne 0x13398
0x13389: add ax, 0
0x1338c: mov ah, 0xc9
0x1338e: int 0x21
2018-12-25T12:39:00.668650393Z 76 PC: 132a4 | Terminate with return code (Return code = '7')
2018-12-25T12:39:00.671606593Z 73 PC: 12c70 | Release memory
2018-12-25T12:39:00.673062849Z 49 PC: 12c7e | Terminate and stay resident (Return code = '1' | Memory size = '128')