Sample viewer

vx.netlux.org/Virus.DOS.LAVI.Metralla.1464

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:23.616440047Z 42 PC: 12ae3 | Get date 0x12ae3: add bh, 0
0x12ae6: sub ah, 0
0x12ae9: cmp dh, 7
0x12aec: jne 0x12afc
0x12aee: cmp dl, 9
0x12af1: jne 0x12afc
0x12af3: mov ch, ch
0x12af5: mov di, di
0x12af7: call 0x12caf
0x12afa: mov dl, dl
0x12afc: mov cl, cl
0x12afe: mov ax, ax
0x12b00: push cs
0x12b01: pop es
0x12b02: mov si, 0x140
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b26
0x12b0c: add ch, 0
0x12b0f: sub bx, 0
0x12b12: mov ah, 0xb9
2018-12-17T23:01:23.620029758Z 185 PC: 12b1b | UNKNOWN!
2018-12-17T23:01:23.622355287Z 74 PC: 12b80 | Reallocate memory
2018-12-17T23:01:23.624298357Z 53 PC: 12b88 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:23.626359094Z 37 PC: 12bb0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:23.634949681Z 75 PC: 12c40 | Execute program
2018-12-17T23:01:24.727640777Z 42 PC: 13343 | Get date 0x13343: add bh, 0
0x13346: sub ah, 0
0x13349: cmp dh, 7
0x1334c: jne 0x1335c
0x1334e: cmp dl, 9
0x13351: jne 0x1335c
0x13353: mov ch, ch
0x13355: mov di, di
0x13357: call 0x1350f
0x1335a: mov dl, dl
0x1335c: mov cl, cl
0x1335e: mov ax, ax
0x13360: push cs
0x13361: pop es
0x13362: mov si, 0x140
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13386
0x1336c: add ch, 0
0x1336f: sub bx, 0
0x13372: mov ah, 0xb9
2018-12-17T23:01:24.73082603Z 76 PC: 132a4 | Terminate with return code (Return code = '1')
2018-12-17T23:01:24.735592349Z 73 PC: 12c57 | Release memory
2018-12-17T23:01:24.744268787Z 49 PC: 12c6d | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13844,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:12.906943062Z 42 PC: 12ae3 | Get date 0x12ae3: add bh, 0
0x12ae6: sub ah, 0
0x12ae9: cmp dh, 7
0x12aec: jne 0x12afc
0x12aee: cmp dl, 9
0x12af1: jne 0x12afc
0x12af3: mov ch, ch
0x12af5: mov di, di
0x12af7: call 0x12caf
0x12afa: mov dl, dl
0x12afc: mov cl, cl
0x12afe: mov ax, ax
0x12b00: push cs
0x12b01: pop es
0x12b02: mov si, 0x140
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b26
0x12b0c: add ch, 0
0x12b0f: sub bx, 0
0x12b12: mov ah, 0xb9
2018-12-25T12:39:12.91009263Z 185 PC: 12b1b | UNKNOWN!
2018-12-25T12:39:12.911519824Z 74 PC: 12b80 | Reallocate memory
2018-12-25T12:39:12.91257528Z 53 PC: 12b88 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:12.914659293Z 37 PC: 12bb0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:12.915785597Z 75 PC: 12c40 | Execute program
2018-12-25T12:39:12.929446209Z 42 PC: 13343 | Get date 0x13343: add bh, 0
0x13346: sub ah, 0
0x13349: cmp dh, 7
0x1334c: jne 0x1335c
0x1334e: cmp dl, 9
0x13351: jne 0x1335c
0x13353: mov ch, ch
0x13355: mov di, di
0x13357: call 0x1350f
0x1335a: mov dl, dl
0x1335c: mov cl, cl
0x1335e: mov ax, ax
0x13360: push cs
0x13361: pop es
0x13362: mov si, 0x140
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13386
0x1336c: add ch, 0
0x1336f: sub bx, 0
0x13372: mov ah, 0xb9
2018-12-25T12:39:12.932457383Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:39:12.935428615Z 73 PC: 12c57 | Release memory
2018-12-25T12:39:12.936694195Z 49 PC: 12c6d | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13844,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:12.907568014Z 42 PC: 12ae3 | Get date 0x12ae3: add bh, 0
0x12ae6: sub ah, 0
0x12ae9: cmp dh, 7
0x12aec: jne 0x12afc
0x12aee: cmp dl, 9
0x12af1: jne 0x12afc
0x12af3: mov ch, ch
0x12af5: mov di, di
0x12af7: call 0x12caf
0x12afa: mov dl, dl
0x12afc: mov cl, cl
0x12afe: mov ax, ax
0x12b00: push cs
0x12b01: pop es
0x12b02: mov si, 0x140
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b26
0x12b0c: add ch, 0
0x12b0f: sub bx, 0
0x12b12: mov ah, 0xb9
2018-12-25T12:39:12.9107321Z 185 PC: 12b1b | UNKNOWN!
2018-12-25T12:39:12.912712974Z 74 PC: 12b80 | Reallocate memory
2018-12-25T12:39:12.914321453Z 53 PC: 12b88 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:12.927023652Z 37 PC: 12bb0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:12.928036377Z 75 PC: 12c40 | Execute program
2018-12-25T12:39:12.941889993Z 42 PC: 13343 | Get date 0x13343: add bh, 0
0x13346: sub ah, 0
0x13349: cmp dh, 7
0x1334c: jne 0x1335c
0x1334e: cmp dl, 9
0x13351: jne 0x1335c
0x13353: mov ch, ch
0x13355: mov di, di
0x13357: call 0x1350f
0x1335a: mov dl, dl
0x1335c: mov cl, cl
0x1335e: mov ax, ax
0x13360: push cs
0x13361: pop es
0x13362: mov si, 0x140
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13386
0x1336c: add ch, 0
0x1336f: sub bx, 0
0x13372: mov ah, 0xb9
2018-12-25T12:39:12.944761558Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:39:12.947912163Z 73 PC: 12c57 | Release memory
2018-12-25T12:39:12.949486464Z 49 PC: 12c6d | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":9,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13844,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:12.961462406Z 42 PC: 12ae3 | Get date 0x12ae3: add bh, 0
0x12ae6: sub ah, 0
0x12ae9: cmp dh, 7
0x12aec: jne 0x12afc
0x12aee: cmp dl, 9
0x12af1: jne 0x12afc
0x12af3: mov ch, ch
0x12af5: mov di, di
0x12af7: call 0x12caf
0x12afa: mov dl, dl
0x12afc: mov cl, cl
0x12afe: mov ax, ax
0x12b00: push cs
0x12b01: pop es
0x12b02: mov si, 0x140
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b26
0x12b0c: add ch, 0
0x12b0f: sub bx, 0
0x12b12: mov ah, 0xb9
2018-12-25T12:39:12.963984808Z 9 PC: 12cb7 | Display string (String= 'SOY EL VIRUS METRALLA!!')
2018-12-25T12:39:12.966362961Z 185 PC: 12b1b | UNKNOWN!
2018-12-25T12:39:12.967947898Z 74 PC: 12b80 | Reallocate memory
2018-12-25T12:39:12.969773753Z 53 PC: 12b88 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:12.971864452Z 37 PC: 12bb0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:12.973375237Z 75 PC: 12c40 | Execute program
2018-12-25T12:39:12.988274411Z 42 PC: 13343 | Get date 0x13343: add bh, 0
0x13346: sub ah, 0
0x13349: cmp dh, 7
0x1334c: jne 0x1335c
0x1334e: cmp dl, 9
0x13351: jne 0x1335c
0x13353: mov ch, ch
0x13355: mov di, di
0x13357: call 0x1350f
0x1335a: mov dl, dl
0x1335c: mov cl, cl
0x1335e: mov ax, ax
0x13360: push cs
0x13361: pop es
0x13362: mov si, 0x140
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13386
0x1336c: add ch, 0
0x1336f: sub bx, 0
0x13372: mov ah, 0xb9
2018-12-25T12:39:12.991242406Z 9 PC: 13517 | Display string (String= 'SOY EL VIRUS METRALLA!!')
2018-12-25T12:39:12.994795633Z 76 PC: 132a4 | Terminate with return code (Return code = '36')
2018-12-25T12:39:12.997903445Z 73 PC: 12c57 | Release memory
2018-12-25T12:39:12.999884089Z 49 PC: 12c6d | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13844,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:12.975756288Z 42 PC: 12ae3 | Get date 0x12ae3: add bh, 0
0x12ae6: sub ah, 0
0x12ae9: cmp dh, 7
0x12aec: jne 0x12afc
0x12aee: cmp dl, 9
0x12af1: jne 0x12afc
0x12af3: mov ch, ch
0x12af5: mov di, di
0x12af7: call 0x12caf
0x12afa: mov dl, dl
0x12afc: mov cl, cl
0x12afe: mov ax, ax
0x12b00: push cs
0x12b01: pop es
0x12b02: mov si, 0x140
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b26
0x12b0c: add ch, 0
0x12b0f: sub bx, 0
0x12b12: mov ah, 0xb9
2018-12-25T12:39:12.979208628Z 185 PC: 12b1b | UNKNOWN!
2018-12-25T12:39:12.98259183Z 74 PC: 12b80 | Reallocate memory
2018-12-25T12:39:12.983941395Z 53 PC: 12b88 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:12.990070669Z 37 PC: 12bb0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:12.991601087Z 75 PC: 12c40 | Execute program
2018-12-25T12:39:13.00540978Z 42 PC: 13343 | Get date 0x13343: add bh, 0
0x13346: sub ah, 0
0x13349: cmp dh, 7
0x1334c: jne 0x1335c
0x1334e: cmp dl, 9
0x13351: jne 0x1335c
0x13353: mov ch, ch
0x13355: mov di, di
0x13357: call 0x1350f
0x1335a: mov dl, dl
0x1335c: mov cl, cl
0x1335e: mov ax, ax
0x13360: push cs
0x13361: pop es
0x13362: mov si, 0x140
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13386
0x1336c: add ch, 0
0x1336f: sub bx, 0
0x13372: mov ah, 0xb9
2018-12-25T12:39:13.007956507Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:39:13.012320523Z 73 PC: 12c57 | Release memory
2018-12-25T12:39:13.013865036Z 49 PC: 12c6d | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13844,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:13.003556456Z 42 PC: 12ae3 | Get date 0x12ae3: add bh, 0
0x12ae6: sub ah, 0
0x12ae9: cmp dh, 7
0x12aec: jne 0x12afc
0x12aee: cmp dl, 9
0x12af1: jne 0x12afc
0x12af3: mov ch, ch
0x12af5: mov di, di
0x12af7: call 0x12caf
0x12afa: mov dl, dl
0x12afc: mov cl, cl
0x12afe: mov ax, ax
0x12b00: push cs
0x12b01: pop es
0x12b02: mov si, 0x140
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b26
0x12b0c: add ch, 0
0x12b0f: sub bx, 0
0x12b12: mov ah, 0xb9
2018-12-25T12:39:13.009762604Z 185 PC: 12b1b | UNKNOWN!
2018-12-25T12:39:13.011305985Z 74 PC: 12b80 | Reallocate memory
2018-12-25T12:39:13.012740028Z 53 PC: 12b88 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:13.01439152Z 37 PC: 12bb0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:13.015822874Z 75 PC: 12c40 | Execute program
2018-12-25T12:39:13.029974282Z 42 PC: 13343 | Get date 0x13343: add bh, 0
0x13346: sub ah, 0
0x13349: cmp dh, 7
0x1334c: jne 0x1335c
0x1334e: cmp dl, 9
0x13351: jne 0x1335c
0x13353: mov ch, ch
0x13355: mov di, di
0x13357: call 0x1350f
0x1335a: mov dl, dl
0x1335c: mov cl, cl
0x1335e: mov ax, ax
0x13360: push cs
0x13361: pop es
0x13362: mov si, 0x140
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13386
0x1336c: add ch, 0
0x1336f: sub bx, 0
0x13372: mov ah, 0xb9
2018-12-25T12:39:13.03334313Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:39:13.04709059Z 73 PC: 12c57 | Release memory
2018-12-25T12:39:13.048699178Z 49 PC: 12c6d | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":9,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13844,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:13.036612015Z 42 PC: 12ae3 | Get date 0x12ae3: add bh, 0
0x12ae6: sub ah, 0
0x12ae9: cmp dh, 7
0x12aec: jne 0x12afc
0x12aee: cmp dl, 9
0x12af1: jne 0x12afc
0x12af3: mov ch, ch
0x12af5: mov di, di
0x12af7: call 0x12caf
0x12afa: mov dl, dl
0x12afc: mov cl, cl
0x12afe: mov ax, ax
0x12b00: push cs
0x12b01: pop es
0x12b02: mov si, 0x140
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b26
0x12b0c: add ch, 0
0x12b0f: sub bx, 0
0x12b12: mov ah, 0xb9
2018-12-25T12:39:13.039575211Z 9 PC: 12cb7 | Display string (String= 'SOY EL VIRUS METRALLA!!')
2018-12-25T12:39:13.042118357Z 185 PC: 12b1b | UNKNOWN!
2018-12-25T12:39:13.043606669Z 74 PC: 12b80 | Reallocate memory
2018-12-25T12:39:13.045573047Z 53 PC: 12b88 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:13.046935779Z 37 PC: 12bb0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:13.048304046Z 75 PC: 12c40 | Execute program
2018-12-25T12:39:13.063915943Z 42 PC: 13343 | Get date 0x13343: add bh, 0
0x13346: sub ah, 0
0x13349: cmp dh, 7
0x1334c: jne 0x1335c
0x1334e: cmp dl, 9
0x13351: jne 0x1335c
0x13353: mov ch, ch
0x13355: mov di, di
0x13357: call 0x1350f
0x1335a: mov dl, dl
0x1335c: mov cl, cl
0x1335e: mov ax, ax
0x13360: push cs
0x13361: pop es
0x13362: mov si, 0x140
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13386
0x1336c: add ch, 0
0x1336f: sub bx, 0
0x13372: mov ah, 0xb9
2018-12-25T12:39:13.066691813Z 9 PC: 13517 | Display string (String= 'SOY EL VIRUS METRALLA!!')
2018-12-25T12:39:13.070773167Z 76 PC: 132a4 | Terminate with return code (Return code = '36')
2018-12-25T12:39:13.088777271Z 73 PC: 12c57 | Release memory
2018-12-25T12:39:13.092256653Z 49 PC: 12c6d | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13844,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:13.161887199Z 42 PC: 12ae3 | Get date 0x12ae3: add bh, 0
0x12ae6: sub ah, 0
0x12ae9: cmp dh, 7
0x12aec: jne 0x12afc
0x12aee: cmp dl, 9
0x12af1: jne 0x12afc
0x12af3: mov ch, ch
0x12af5: mov di, di
0x12af7: call 0x12caf
0x12afa: mov dl, dl
0x12afc: mov cl, cl
0x12afe: mov ax, ax
0x12b00: push cs
0x12b01: pop es
0x12b02: mov si, 0x140
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b26
0x12b0c: add ch, 0
0x12b0f: sub bx, 0
0x12b12: mov ah, 0xb9
2018-12-25T12:39:13.164895395Z 185 PC: 12b1b | UNKNOWN!
2018-12-25T12:39:13.166557392Z 74 PC: 12b80 | Reallocate memory
2018-12-25T12:39:13.168177516Z 53 PC: 12b88 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:13.170093368Z 37 PC: 12bb0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:13.171226294Z 75 PC: 12c40 | Execute program
2018-12-25T12:39:13.184924834Z 42 PC: 13343 | Get date 0x13343: add bh, 0
0x13346: sub ah, 0
0x13349: cmp dh, 7
0x1334c: jne 0x1335c
0x1334e: cmp dl, 9
0x13351: jne 0x1335c
0x13353: mov ch, ch
0x13355: mov di, di
0x13357: call 0x1350f
0x1335a: mov dl, dl
0x1335c: mov cl, cl
0x1335e: mov ax, ax
0x13360: push cs
0x13361: pop es
0x13362: mov si, 0x140
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13386
0x1336c: add ch, 0
0x1336f: sub bx, 0
0x13372: mov ah, 0xb9
2018-12-25T12:39:13.18737909Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:39:13.192463957Z 73 PC: 12c57 | Release memory
2018-12-25T12:39:13.194033973Z 49 PC: 12c6d | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":9,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13844,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:13.157353559Z 42 PC: 12ae3 | Get date 0x12ae3: add bh, 0
0x12ae6: sub ah, 0
0x12ae9: cmp dh, 7
0x12aec: jne 0x12afc
0x12aee: cmp dl, 9
0x12af1: jne 0x12afc
0x12af3: mov ch, ch
0x12af5: mov di, di
0x12af7: call 0x12caf
0x12afa: mov dl, dl
0x12afc: mov cl, cl
0x12afe: mov ax, ax
0x12b00: push cs
0x12b01: pop es
0x12b02: mov si, 0x140
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b26
0x12b0c: add ch, 0
0x12b0f: sub bx, 0
0x12b12: mov ah, 0xb9
2018-12-25T12:39:13.164170114Z 9 PC: 12cb7 | Display string (String= 'SOY EL VIRUS METRALLA!!')
2018-12-25T12:39:13.172421817Z 185 PC: 12b1b | UNKNOWN!
2018-12-25T12:39:13.174092268Z 74 PC: 12b80 | Reallocate memory
2018-12-25T12:39:13.190697188Z 53 PC: 12b88 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:13.192761195Z 37 PC: 12bb0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:13.194079326Z 75 PC: 12c40 | Execute program
2018-12-25T12:39:13.204132187Z 42 PC: 13343 | Get date 0x13343: add bh, 0
0x13346: sub ah, 0
0x13349: cmp dh, 7
0x1334c: jne 0x1335c
0x1334e: cmp dl, 9
0x13351: jne 0x1335c
0x13353: mov ch, ch
0x13355: mov di, di
0x13357: call 0x1350f
0x1335a: mov dl, dl
0x1335c: mov cl, cl
0x1335e: mov ax, ax
0x13360: push cs
0x13361: pop es
0x13362: mov si, 0x140
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13386
0x1336c: add ch, 0
0x1336f: sub bx, 0
0x13372: mov ah, 0xb9
2018-12-25T12:39:13.206557381Z 9 PC: 13517 | Display string (String= 'SOY EL VIRUS METRALLA!!')
2018-12-25T12:39:13.209839563Z 76 PC: 132a4 | Terminate with return code (Return code = '36')
2018-12-25T12:39:13.225607037Z 73 PC: 12c57 | Release memory
2018-12-25T12:39:13.231880849Z 49 PC: 12c6d | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13844,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:13.211927165Z 42 PC: 12ae3 | Get date 0x12ae3: add bh, 0
0x12ae6: sub ah, 0
0x12ae9: cmp dh, 7
0x12aec: jne 0x12afc
0x12aee: cmp dl, 9
0x12af1: jne 0x12afc
0x12af3: mov ch, ch
0x12af5: mov di, di
0x12af7: call 0x12caf
0x12afa: mov dl, dl
0x12afc: mov cl, cl
0x12afe: mov ax, ax
0x12b00: push cs
0x12b01: pop es
0x12b02: mov si, 0x140
0x12b05: cmp word ptr [bp + si + 1], 0x414c
0x12b0a: jne 0x12b26
0x12b0c: add ch, 0
0x12b0f: sub bx, 0
0x12b12: mov ah, 0xb9
2018-12-25T12:39:13.214866405Z 185 PC: 12b1b | UNKNOWN!
2018-12-25T12:39:13.216440096Z 74 PC: 12b80 | Reallocate memory
2018-12-25T12:39:13.218157042Z 53 PC: 12b88 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:13.219892565Z 37 PC: 12bb0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:13.227031184Z 75 PC: 12c40 | Execute program
2018-12-25T12:39:13.256868273Z 42 PC: 13343 | Get date 0x13343: add bh, 0
0x13346: sub ah, 0
0x13349: cmp dh, 7
0x1334c: jne 0x1335c
0x1334e: cmp dl, 9
0x13351: jne 0x1335c
0x13353: mov ch, ch
0x13355: mov di, di
0x13357: call 0x1350f
0x1335a: mov dl, dl
0x1335c: mov cl, cl
0x1335e: mov ax, ax
0x13360: push cs
0x13361: pop es
0x13362: mov si, 0x140
0x13365: cmp word ptr [bp + si + 1], 0x414c
0x1336a: jne 0x13386
0x1336c: add ch, 0
0x1336f: sub bx, 0
0x13372: mov ah, 0xb9
2018-12-25T12:39:13.259383759Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:39:13.26351882Z 73 PC: 12c57 | Release memory
2018-12-25T12:39:13.265106338Z 49 PC: 12c6d | Terminate and stay resident (Return code = '1' | Memory size = '128')