Sample viewer

vx.netlux.org/Virus.DOS.LAVI.1445

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:28.824760973Z 42 PC: 12aec | Get date 0x12aec: mov bh, bh
0x12aee: cmp dh, 0xb
0x12af1: jne 0x12aff
0x12af3: mov cl, cl
0x12af5: cmp dl, 0x1e
0x12af8: jne 0x12aff
0x12afa: call 0x12c89
0x12afd: mov al, al
0x12aff: add ax, 0
0x12b02: mov bh, bh
0x12b04: mov ah, ah
0x12b06: add cx, 0
0x12b09: push cs
0x12b0a: pop es
0x12b0b: mov si, 0x13d
0x12b0e: sub ah, 0
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
0x12b18: mov si, si
0x12b1a: mov ah, 0xb9
2018-12-17T23:04:28.827196065Z 185 PC: 12b21 | UNKNOWN!
2018-12-17T23:04:28.829401959Z 74 PC: 12b85 | Reallocate memory
2018-12-17T23:04:28.831722712Z 53 PC: 12b91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:28.833045108Z 37 PC: 12bad | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:28.8349118Z 75 PC: 12c3c | Execute program
2018-12-17T23:04:28.852585827Z 42 PC: 1334c | Get date 0x1334c: mov bh, bh
0x1334e: cmp dh, 0xb
0x13351: jne 0x1335f
0x13353: mov cl, cl
0x13355: cmp dl, 0x1e
0x13358: jne 0x1335f
0x1335a: call 0x134e9
0x1335d: mov al, al
0x1335f: add ax, 0
0x13362: mov bh, bh
0x13364: mov ah, ah
0x13366: add cx, 0
0x13369: push cs
0x1336a: pop es
0x1336b: mov si, 0x13d
0x1336e: sub ah, 0
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
0x13378: mov si, si
0x1337a: mov ah, 0xb9
2018-12-17T23:04:28.855657921Z 76 PC: 132a4 | Terminate with return code (Return code = '1')
2018-12-17T23:04:28.860508681Z 73 PC: 12c52 | Release memory
2018-12-17T23:04:28.862787705Z 49 PC: 12c65 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:57.484425996Z 42 PC: 12aec | Get date 0x12aec: mov bh, bh
0x12aee: cmp dh, 0xb
0x12af1: jne 0x12aff
0x12af3: mov cl, cl
0x12af5: cmp dl, 0x1e
0x12af8: jne 0x12aff
0x12afa: call 0x12c89
0x12afd: mov al, al
0x12aff: add ax, 0
0x12b02: mov bh, bh
0x12b04: mov ah, ah
0x12b06: add cx, 0
0x12b09: push cs
0x12b0a: pop es
0x12b0b: mov si, 0x13d
0x12b0e: sub ah, 0
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
0x12b18: mov si, si
0x12b1a: mov ah, 0xb9
2018-12-25T12:41:57.486796961Z 185 PC: 12b21 | UNKNOWN!
2018-12-25T12:41:57.488568258Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:57.489945004Z 53 PC: 12b91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.492214895Z 37 PC: 12bad | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.493564415Z 75 PC: 12c3c | Execute program
2018-12-25T12:41:57.522768336Z 42 PC: 1334c | Get date 0x1334c: mov bh, bh
0x1334e: cmp dh, 0xb
0x13351: jne 0x1335f
0x13353: mov cl, cl
0x13355: cmp dl, 0x1e
0x13358: jne 0x1335f
0x1335a: call 0x134e9
0x1335d: mov al, al
0x1335f: add ax, 0
0x13362: mov bh, bh
0x13364: mov ah, ah
0x13366: add cx, 0
0x13369: push cs
0x1336a: pop es
0x1336b: mov si, 0x13d
0x1336e: sub ah, 0
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
0x13378: mov si, si
0x1337a: mov ah, 0xb9
2018-12-25T12:41:57.525288277Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:41:57.529696112Z 73 PC: 12c52 | Release memory
2018-12-25T12:41:57.531188923Z 49 PC: 12c65 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":30,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:57.532444345Z 42 PC: 12aec | Get date 0x12aec: mov bh, bh
0x12aee: cmp dh, 0xb
0x12af1: jne 0x12aff
0x12af3: mov cl, cl
0x12af5: cmp dl, 0x1e
0x12af8: jne 0x12aff
0x12afa: call 0x12c89
0x12afd: mov al, al
0x12aff: add ax, 0
0x12b02: mov bh, bh
0x12b04: mov ah, ah
0x12b06: add cx, 0
0x12b09: push cs
0x12b0a: pop es
0x12b0b: mov si, 0x13d
0x12b0e: sub ah, 0
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
0x12b18: mov si, si
0x12b1a: mov ah, 0xb9
2018-12-25T12:41:57.536573053Z 185 PC: 12b21 | UNKNOWN!
2018-12-25T12:41:57.538101502Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:57.539597112Z 53 PC: 12b91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.541668885Z 37 PC: 12bad | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.556549909Z 75 PC: 12c3c | Execute program
2018-12-25T12:41:57.570508632Z 42 PC: 1334c | Get date 0x1334c: mov bh, bh
0x1334e: cmp dh, 0xb
0x13351: jne 0x1335f
0x13353: mov cl, cl
0x13355: cmp dl, 0x1e
0x13358: jne 0x1335f
0x1335a: call 0x134e9
0x1335d: mov al, al
0x1335f: add ax, 0
0x13362: mov bh, bh
0x13364: mov ah, ah
0x13366: add cx, 0
0x13369: push cs
0x1336a: pop es
0x1336b: mov si, 0x13d
0x1336e: sub ah, 0
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
0x13378: mov si, si
0x1337a: mov ah, 0xb9
2018-12-25T12:41:57.573896102Z 76 PC: 132a4 | Terminate with return code (Return code = '7')
2018-12-25T12:41:57.577038605Z 73 PC: 12c52 | Release memory
2018-12-25T12:41:57.578973879Z 49 PC: 12c65 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:57.662472234Z 42 PC: 12aec | Get date 0x12aec: mov bh, bh
0x12aee: cmp dh, 0xb
0x12af1: jne 0x12aff
0x12af3: mov cl, cl
0x12af5: cmp dl, 0x1e
0x12af8: jne 0x12aff
0x12afa: call 0x12c89
0x12afd: mov al, al
0x12aff: add ax, 0
0x12b02: mov bh, bh
0x12b04: mov ah, ah
0x12b06: add cx, 0
0x12b09: push cs
0x12b0a: pop es
0x12b0b: mov si, 0x13d
0x12b0e: sub ah, 0
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
0x12b18: mov si, si
0x12b1a: mov ah, 0xb9
2018-12-25T12:41:57.665606449Z 185 PC: 12b21 | UNKNOWN!
2018-12-25T12:41:57.667050696Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:57.668659184Z 53 PC: 12b91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.6709065Z 37 PC: 12bad | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.672225953Z 75 PC: 12c3c | Execute program
2018-12-25T12:41:57.68638482Z 42 PC: 1334c | Get date 0x1334c: mov bh, bh
0x1334e: cmp dh, 0xb
0x13351: jne 0x1335f
0x13353: mov cl, cl
0x13355: cmp dl, 0x1e
0x13358: jne 0x1335f
0x1335a: call 0x134e9
0x1335d: mov al, al
0x1335f: add ax, 0
0x13362: mov bh, bh
0x13364: mov ah, ah
0x13366: add cx, 0
0x13369: push cs
0x1336a: pop es
0x1336b: mov si, 0x13d
0x1336e: sub ah, 0
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
0x13378: mov si, si
0x1337a: mov ah, 0xb9
2018-12-25T12:41:57.689553028Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:41:57.693019317Z 73 PC: 12c52 | Release memory
2018-12-25T12:41:57.694622444Z 49 PC: 12c65 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:57.729487525Z 42 PC: 12aec | Get date 0x12aec: mov bh, bh
0x12aee: cmp dh, 0xb
0x12af1: jne 0x12aff
0x12af3: mov cl, cl
0x12af5: cmp dl, 0x1e
0x12af8: jne 0x12aff
0x12afa: call 0x12c89
0x12afd: mov al, al
0x12aff: add ax, 0
0x12b02: mov bh, bh
0x12b04: mov ah, ah
0x12b06: add cx, 0
0x12b09: push cs
0x12b0a: pop es
0x12b0b: mov si, 0x13d
0x12b0e: sub ah, 0
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
0x12b18: mov si, si
0x12b1a: mov ah, 0xb9
2018-12-25T12:41:57.731400294Z 185 PC: 12b21 | UNKNOWN!
2018-12-25T12:41:57.732405763Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:57.733440349Z 53 PC: 12b91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.734348315Z 37 PC: 12bad | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.735667556Z 75 PC: 12c3c | Execute program
2018-12-25T12:41:57.745725476Z 42 PC: 1334c | Get date 0x1334c: mov bh, bh
0x1334e: cmp dh, 0xb
0x13351: jne 0x1335f
0x13353: mov cl, cl
0x13355: cmp dl, 0x1e
0x13358: jne 0x1335f
0x1335a: call 0x134e9
0x1335d: mov al, al
0x1335f: add ax, 0
0x13362: mov bh, bh
0x13364: mov ah, ah
0x13366: add cx, 0
0x13369: push cs
0x1336a: pop es
0x1336b: mov si, 0x13d
0x1336e: sub ah, 0
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
0x13378: mov si, si
0x1337a: mov ah, 0xb9
2018-12-25T12:41:57.747558975Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:41:57.75038604Z 73 PC: 12c52 | Release memory
2018-12-25T12:41:57.751518419Z 49 PC: 12c65 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:57.672588796Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:41:57.67824977Z 41 PC: 94fae | Parse filename
2018-12-25T12:41:57.69380133Z 41 PC: 9502f | Parse filename
2018-12-25T12:41:57.695871043Z 41 PC: 9504c | Parse filename
2018-12-25T12:41:57.698993187Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T12:41:57.701916543Z 71 PC: 986f3 | Get current directory
2018-12-25T12:41:57.70508659Z 78 PC: 986fe | Find first file
2018-12-25T12:41:57.723172417Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T12:41:57.728205001Z 78 PC: 986fe | Find first file (See above)
2018-12-25T12:41:57.745446942Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T12:41:57.750145789Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:41:57.75201944Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:41:57.7531415Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:57.75473884Z 62 PC: 122ab | Close file
2018-12-25T12:41:57.757392423Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.759418828Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.761213015Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.7631676Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.765306196Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.767067496Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.768894005Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.773219179Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.775071474Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.776936379Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.789583972Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.791401968Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.793184222Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.796573521Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:41:57.798695045Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T12:41:57.801000502Z 56 PC: 94df9 | Get or set country info
2018-12-25T12:41:57.80440051Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:41:57.809076818Z 25 PC: 94e62 | Get default drive
2018-12-25T12:41:57.810925644Z 71 PC: 970dd | Get current directory
2018-12-25T12:41:57.816003091Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:41:57.819506004Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T12:41:57.821940086Z 93 PC: 94f20 | File sharing functions
2018-12-25T12:41:57.824280027Z 93 PC: 94f27 | File sharing functions
2018-12-25T12:41:57.826816613Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T12:42:12.719640543Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:42:14.0735072Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:42:14.1756728Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:42:14.182657437Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T12:42:14.184440951Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T12:42:14.185913251Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T12:42:14.190723211Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T12:42:14.192372838Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T12:42:14.200119166Z 78 PC: 986fe | Find first file (See above)
2018-12-25T12:42:14.209559971Z 71 PC: 9856c | Get current directory
2018-12-25T12:42:14.212855699Z 73 PC: 97c09 | Release memory
2018-12-25T12:42:14.214601024Z 75 PC: 11821 | Execute program
2018-12-25T12:42:14.240332464Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T12:42:14.244666293Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":30,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:57.790708207Z 42 PC: 12aec | Get date 0x12aec: mov bh, bh
0x12aee: cmp dh, 0xb
0x12af1: jne 0x12aff
0x12af3: mov cl, cl
0x12af5: cmp dl, 0x1e
0x12af8: jne 0x12aff
0x12afa: call 0x12c89
0x12afd: mov al, al
0x12aff: add ax, 0
0x12b02: mov bh, bh
0x12b04: mov ah, ah
0x12b06: add cx, 0
0x12b09: push cs
0x12b0a: pop es
0x12b0b: mov si, 0x13d
0x12b0e: sub ah, 0
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
0x12b18: mov si, si
0x12b1a: mov ah, 0xb9
2018-12-25T12:41:57.794242903Z 185 PC: 12b21 | UNKNOWN!
2018-12-25T12:41:57.796159745Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:57.797779509Z 53 PC: 12b91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.799233892Z 37 PC: 12bad | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.806801541Z 75 PC: 12c3c | Execute program
2018-12-25T12:41:57.829549513Z 42 PC: 1334c | Get date 0x1334c: mov bh, bh
0x1334e: cmp dh, 0xb
0x13351: jne 0x1335f
0x13353: mov cl, cl
0x13355: cmp dl, 0x1e
0x13358: jne 0x1335f
0x1335a: call 0x134e9
0x1335d: mov al, al
0x1335f: add ax, 0
0x13362: mov bh, bh
0x13364: mov ah, ah
0x13366: add cx, 0
0x13369: push cs
0x1336a: pop es
0x1336b: mov si, 0x13d
0x1336e: sub ah, 0
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
0x13378: mov si, si
0x1337a: mov ah, 0xb9
2018-12-25T12:41:57.835610939Z 76 PC: 132a4 | Terminate with return code (Return code = '7')
2018-12-25T12:41:57.854114111Z 73 PC: 12c52 | Release memory
2018-12-25T12:41:57.855428716Z 49 PC: 12c65 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:57.838784229Z 42 PC: 12aec | Get date 0x12aec: mov bh, bh
0x12aee: cmp dh, 0xb
0x12af1: jne 0x12aff
0x12af3: mov cl, cl
0x12af5: cmp dl, 0x1e
0x12af8: jne 0x12aff
0x12afa: call 0x12c89
0x12afd: mov al, al
0x12aff: add ax, 0
0x12b02: mov bh, bh
0x12b04: mov ah, ah
0x12b06: add cx, 0
0x12b09: push cs
0x12b0a: pop es
0x12b0b: mov si, 0x13d
0x12b0e: sub ah, 0
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
0x12b18: mov si, si
0x12b1a: mov ah, 0xb9
2018-12-25T12:41:57.841672024Z 185 PC: 12b21 | UNKNOWN!
2018-12-25T12:41:57.843138604Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:57.844428467Z 53 PC: 12b91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.845981504Z 37 PC: 12bad | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:57.847751308Z 75 PC: 12c3c | Execute program
2018-12-25T12:41:57.861450652Z 42 PC: 1334c | Get date 0x1334c: mov bh, bh
0x1334e: cmp dh, 0xb
0x13351: jne 0x1335f
0x13353: mov cl, cl
0x13355: cmp dl, 0x1e
0x13358: jne 0x1335f
0x1335a: call 0x134e9
0x1335d: mov al, al
0x1335f: add ax, 0
0x13362: mov bh, bh
0x13364: mov ah, ah
0x13366: add cx, 0
0x13369: push cs
0x1336a: pop es
0x1336b: mov si, 0x13d
0x1336e: sub ah, 0
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
0x13378: mov si, si
0x1337a: mov ah, 0xb9
2018-12-25T12:41:57.864154415Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:41:57.867353766Z 73 PC: 12c52 | Release memory
2018-12-25T12:41:57.869736265Z 49 PC: 12c65 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":30,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:58.833488913Z 42 PC: 12aec | Get date 0x12aec: mov bh, bh
0x12aee: cmp dh, 0xb
0x12af1: jne 0x12aff
0x12af3: mov cl, cl
0x12af5: cmp dl, 0x1e
0x12af8: jne 0x12aff
0x12afa: call 0x12c89
0x12afd: mov al, al
0x12aff: add ax, 0
0x12b02: mov bh, bh
0x12b04: mov ah, ah
0x12b06: add cx, 0
0x12b09: push cs
0x12b0a: pop es
0x12b0b: mov si, 0x13d
0x12b0e: sub ah, 0
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
0x12b18: mov si, si
0x12b1a: mov ah, 0xb9
2018-12-25T12:41:58.850405975Z 185 PC: 12b21 | UNKNOWN!
2018-12-25T12:41:58.853164545Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:58.855597141Z 53 PC: 12b91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:58.858344125Z 37 PC: 12bad | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:58.861240623Z 75 PC: 12c3c | Execute program
2018-12-25T12:41:58.875363579Z 42 PC: 1334c | Get date 0x1334c: mov bh, bh
0x1334e: cmp dh, 0xb
0x13351: jne 0x1335f
0x13353: mov cl, cl
0x13355: cmp dl, 0x1e
0x13358: jne 0x1335f
0x1335a: call 0x134e9
0x1335d: mov al, al
0x1335f: add ax, 0
0x13362: mov bh, bh
0x13364: mov ah, ah
0x13366: add cx, 0
0x13369: push cs
0x1336a: pop es
0x1336b: mov si, 0x13d
0x1336e: sub ah, 0
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
0x13378: mov si, si
0x1337a: mov ah, 0xb9
2018-12-25T12:41:58.879931162Z 76 PC: 132a4 | Terminate with return code (Return code = '7')
2018-12-25T12:41:58.884299135Z 73 PC: 12c52 | Release memory
2018-12-25T12:41:58.885711498Z 49 PC: 12c65 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14890,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:58.896892062Z 42 PC: 12aec | Get date 0x12aec: mov bh, bh
0x12aee: cmp dh, 0xb
0x12af1: jne 0x12aff
0x12af3: mov cl, cl
0x12af5: cmp dl, 0x1e
0x12af8: jne 0x12aff
0x12afa: call 0x12c89
0x12afd: mov al, al
0x12aff: add ax, 0
0x12b02: mov bh, bh
0x12b04: mov ah, ah
0x12b06: add cx, 0
0x12b09: push cs
0x12b0a: pop es
0x12b0b: mov si, 0x13d
0x12b0e: sub ah, 0
0x12b11: cmp word ptr [bp + si + 1], 0x414c
0x12b16: jne 0x12b26
0x12b18: mov si, si
0x12b1a: mov ah, 0xb9
2018-12-25T12:41:58.900410637Z 185 PC: 12b21 | UNKNOWN!
2018-12-25T12:41:58.901902884Z 74 PC: 12b85 | Reallocate memory
2018-12-25T12:41:58.903445226Z 53 PC: 12b91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:58.905285432Z 37 PC: 12bad | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:58.906996383Z 75 PC: 12c3c | Execute program
2018-12-25T12:41:58.922769533Z 42 PC: 1334c | Get date 0x1334c: mov bh, bh
0x1334e: cmp dh, 0xb
0x13351: jne 0x1335f
0x13353: mov cl, cl
0x13355: cmp dl, 0x1e
0x13358: jne 0x1335f
0x1335a: call 0x134e9
0x1335d: mov al, al
0x1335f: add ax, 0
0x13362: mov bh, bh
0x13364: mov ah, ah
0x13366: add cx, 0
0x13369: push cs
0x1336a: pop es
0x1336b: mov si, 0x13d
0x1336e: sub ah, 0
0x13371: cmp word ptr [bp + si + 1], 0x414c
0x13376: jne 0x13386
0x13378: mov si, si
0x1337a: mov ah, 0xb9
2018-12-25T12:41:58.940874296Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:41:58.957328628Z 73 PC: 12c52 | Release memory
2018-12-25T12:41:58.958860212Z 49 PC: 12c65 | Terminate and stay resident (Return code = '1' | Memory size = '128')