Sample viewer

vx.netlux.org/Virus.DOS.Vienna.739

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:28.016468561Z	48	PC: 12ba6 \| Get DOS version
2018-12-17T23:12:28.018816832Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-17T23:12:28.020346585Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-17T23:12:28.0221139Z	42	PC: 12bd5 \| Get date 0x12bd5: cmp cx, 0x7c6 0x12bd9: jge 0x12bde 0x12bdb: jmp 0x12c09 0x12bdd: nop 0x12bde: mov ah, 0x2a 0x12be0: int 0x21 0x12be2: cmp dh, 6 0x12be5: jge 0x12bea 0x12be7: jmp 0x12c09 0x12be9: nop 0x12bea: mov ah, 0x2a 0x12bec: int 0x21 0x12bee: cmp dl, 0x18 0x12bf1: jge 0x12bf6 0x12bf3: jmp 0x12c09 0x12bf5: nop 0x12bf6: mov al, 2 0x12bf8: mov cx, 2 0x12bfb: mov dx, 0 0x12bfe: mov ds, word ptr [di + 0x37]
2018-12-17T23:12:28.027433712Z	42	PC: 12be2 \| Get date 0x12be2: cmp dh, 6 0x12be5: jge 0x12bea 0x12be7: jmp 0x12c09 0x12be9: nop 0x12bea: mov ah, 0x2a 0x12bec: int 0x21 0x12bee: cmp dl, 0x18 0x12bf1: jge 0x12bf6 0x12bf3: jmp 0x12c09 0x12bf5: nop 0x12bf6: mov al, 2 0x12bf8: mov cx, 2 0x12bfb: mov dx, 0 0x12bfe: mov ds, word ptr [di + 0x37] 0x12c01: mov bx, word ptr [di + 0x63] 0x12c04: int 0x26 0x12c06: jmp 0x12c09 0x12c08: nop 0x12c09: pop si 0x12c0a: push si
2018-12-17T23:12:28.029848351Z	42	PC: 12bee \| Get date 0x12bee: cmp dl, 0x18 0x12bf1: jge 0x12bf6 0x12bf3: jmp 0x12c09 0x12bf5: nop 0x12bf6: mov al, 2 0x12bf8: mov cx, 2 0x12bfb: mov dx, 0 0x12bfe: mov ds, word ptr [di + 0x37] 0x12c01: mov bx, word ptr [di + 0x63] 0x12c04: int 0x26 0x12c06: jmp 0x12c09 0x12c08: nop 0x12c09: pop si 0x12c0a: push si 0x12c0b: add si, 0x51 0x12c0e: nop 0x12c0f: lodsb al, byte ptr [si] 0x12c10: mov cx, 0x8000 0x12c13: repne scasb al, byte ptr es:[di] 0x12c15: mov cx, 4
2018-12-17T23:12:28.032334023Z	78	PC: 12c8c \| Find first file
2018-12-17T23:12:28.039524726Z	67	PC: 12cca \| Get or set file attributes
2018-12-17T23:12:28.045029335Z	67	PC: 12cdc \| Get or set file attributes
2018-12-17T23:12:28.064598318Z	61	PC: 12ce7 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:12:28.072122173Z	87	PC: 12cf3 \| Get or set file date and time
2018-12-17T23:12:28.074158027Z	44	PC: 12cff \| Get time 0x12cff: and dh, 7 0x12d02: jmp 0x12d05 0x12d04: nop 0x12d05: mov ah, 0x3f 0x12d07: mov cx, 3 0x12d0a: mov dx, 0x41 0x12d0d: nop 0x12d0e: add dx, si 0x12d10: int 0x21 0x12d12: jb 0x12d69 0x12d14: cmp ax, 3 0x12d17: jne 0x12d69 0x12d19: mov ax, 0x4202 0x12d1c: mov cx, 0 0x12d1f: mov dx, 0 0x12d22: int 0x21 0x12d24: jb 0x12d69 0x12d26: mov cx, ax 0x12d28: sub ax, 3 0x12d2b: mov word ptr [si + 0x45], ax
2018-12-17T23:12:28.076795046Z	63	PC: 12d12 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:28.086450263Z	66	PC: 12d24 \| Move file pointer
2018-12-17T23:12:28.088636925Z	64	PC: 12d48 \| Write file or device (Write 739 bytes on handle 5)
2018-12-17T23:12:28.096980814Z	66	PC: 12d5a \| Move file pointer
2018-12-17T23:12:28.098524323Z	64	PC: 12d69 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:28.105699733Z	87	PC: 12d7c \| Get or set file date and time
2018-12-17T23:12:28.107519736Z	62	PC: 12d80 \| Close file
2018-12-17T23:12:28.115605857Z	67	PC: 12d8f \| Get or set file attributes
2018-12-17T23:12:28.12618693Z	26	PC: 12d9c \| Set disk transfer address
2018-12-17T23:12:28.127341782Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T23:12:28.132089695Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17527,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:54.899189536Z	48	PC: 12ba6 \| Get DOS version
2018-12-25T12:55:54.900727088Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-25T12:55:54.901745533Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-25T12:55:54.90272757Z	42	PC: 12bd5 \| Get date 0x12bd5: cmp cx, 0x7c6 0x12bd9: jge 0x12bde 0x12bdb: jmp 0x12c09 0x12bdd: nop 0x12bde: mov ah, 0x2a 0x12be0: int 0x21 0x12be2: cmp dh, 6 0x12be5: jge 0x12bea 0x12be7: jmp 0x12c09 0x12be9: nop 0x12bea: mov ah, 0x2a 0x12bec: int 0x21 0x12bee: cmp dl, 0x18 0x12bf1: jge 0x12bf6 0x12bf3: jmp 0x12c09 0x12bf5: nop 0x12bf6: mov al, 2 0x12bf8: mov cx, 2 0x12bfb: mov dx, 0 0x12bfe: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:54.905913585Z	42	PC: 12be2 \| Get date 0x12be2: cmp dh, 6 0x12be5: jge 0x12bea 0x12be7: jmp 0x12c09 0x12be9: nop 0x12bea: mov ah, 0x2a 0x12bec: int 0x21 0x12bee: cmp dl, 0x18 0x12bf1: jge 0x12bf6 0x12bf3: jmp 0x12c09 0x12bf5: nop 0x12bf6: mov al, 2 0x12bf8: mov cx, 2 0x12bfb: mov dx, 0 0x12bfe: mov ds, word ptr [di + 0x37] 0x12c01: mov bx, word ptr [di + 0x63] 0x12c04: int 0x26 0x12c06: jmp 0x12c09 0x12c08: nop 0x12c09: pop si 0x12c0a: push si
2018-12-25T12:55:54.908134078Z	78	PC: 12c8c \| Find first file
2018-12-25T12:55:54.914304911Z	67	PC: 12cca \| Get or set file attributes
2018-12-25T12:55:54.920479475Z	67	PC: 12cdc \| Get or set file attributes
2018-12-25T12:55:54.938098469Z	61	PC: 12ce7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:54.944508513Z	87	PC: 12cf3 \| Get or set file date and time
2018-12-25T12:55:54.94604725Z	44	PC: 12cff \| Get time 0x12cff: and dh, 7 0x12d02: jmp 0x12d05 0x12d04: nop 0x12d05: mov ah, 0x3f 0x12d07: mov cx, 3 0x12d0a: mov dx, 0x41 0x12d0d: nop 0x12d0e: add dx, si 0x12d10: int 0x21 0x12d12: jb 0x12d69 0x12d14: cmp ax, 3 0x12d17: jne 0x12d69 0x12d19: mov ax, 0x4202 0x12d1c: mov cx, 0 0x12d1f: mov dx, 0 0x12d22: int 0x21 0x12d24: jb 0x12d69 0x12d26: mov cx, ax 0x12d28: sub ax, 3 0x12d2b: mov word ptr [si + 0x45], ax
2018-12-25T12:55:54.948242404Z	63	PC: 12d12 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:54.954430114Z	66	PC: 12d24 \| Move file pointer
2018-12-25T12:55:54.955768745Z	64	PC: 12d48 \| Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:54.964500999Z	66	PC: 12d5a \| Move file pointer
2018-12-25T12:55:54.965780368Z	64	PC: 12d69 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:54.972082155Z	87	PC: 12d7c \| Get or set file date and time
2018-12-25T12:55:54.974115076Z	62	PC: 12d80 \| Close file
2018-12-25T12:55:54.982165538Z	67	PC: 12d8f \| Get or set file attributes
2018-12-25T12:55:54.991992788Z	26	PC: 12d9c \| Set disk transfer address
2018-12-25T12:55:54.994329659Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:54.999694865Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17527,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:55.441211139Z	48	PC: 12ba6 \| Get DOS version
2018-12-25T12:55:55.443250379Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-25T12:55:55.444475648Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-25T12:55:55.445583446Z	42	PC: 12bd5 \| Get date 0x12bd5: cmp cx, 0x7c6 0x12bd9: jge 0x12bde 0x12bdb: jmp 0x12c09 0x12bdd: nop 0x12bde: mov ah, 0x2a 0x12be0: int 0x21 0x12be2: cmp dh, 6 0x12be5: jge 0x12bea 0x12be7: jmp 0x12c09 0x12be9: nop 0x12bea: mov ah, 0x2a 0x12bec: int 0x21 0x12bee: cmp dl, 0x18 0x12bf1: jge 0x12bf6 0x12bf3: jmp 0x12c09 0x12bf5: nop 0x12bf6: mov al, 2 0x12bf8: mov cx, 2 0x12bfb: mov dx, 0 0x12bfe: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:55.448794808Z	78	PC: 12c8c \| Find first file
2018-12-25T12:55:55.455790034Z	67	PC: 12cca \| Get or set file attributes
2018-12-25T12:55:55.463024015Z	67	PC: 12cdc \| Get or set file attributes
2018-12-25T12:55:55.483894882Z	61	PC: 12ce7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:55.492991452Z	87	PC: 12cf3 \| Get or set file date and time
2018-12-25T12:55:55.495166004Z	44	PC: 12cff \| Get time 0x12cff: and dh, 7 0x12d02: jmp 0x12d05 0x12d04: nop 0x12d05: mov ah, 0x3f 0x12d07: mov cx, 3 0x12d0a: mov dx, 0x41 0x12d0d: nop 0x12d0e: add dx, si 0x12d10: int 0x21 0x12d12: jb 0x12d69 0x12d14: cmp ax, 3 0x12d17: jne 0x12d69 0x12d19: mov ax, 0x4202 0x12d1c: mov cx, 0 0x12d1f: mov dx, 0 0x12d22: int 0x21 0x12d24: jb 0x12d69 0x12d26: mov cx, ax 0x12d28: sub ax, 3 0x12d2b: mov word ptr [si + 0x45], ax
2018-12-25T12:55:55.498117974Z	63	PC: 12d12 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:55.506615926Z	66	PC: 12d24 \| Move file pointer
2018-12-25T12:55:55.510279601Z	64	PC: 12d48 \| Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:55.520406272Z	66	PC: 12d5a \| Move file pointer
2018-12-25T12:55:55.524651416Z	64	PC: 12d69 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:55.532402618Z	87	PC: 12d7c \| Get or set file date and time
2018-12-25T12:55:55.534572287Z	62	PC: 12d80 \| Close file
2018-12-25T12:55:55.545203884Z	67	PC: 12d8f \| Get or set file attributes
2018-12-25T12:55:55.55638415Z	26	PC: 12d9c \| Set disk transfer address
2018-12-25T12:55:55.559204475Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:55.566608004Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17527,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:57.408923578Z	48	PC: 12ba6 \| Get DOS version
2018-12-25T12:55:57.410699435Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-25T12:55:57.412133592Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-25T12:55:57.41347803Z	42	PC: 12bd5 \| Get date 0x12bd5: cmp cx, 0x7c6 0x12bd9: jge 0x12bde 0x12bdb: jmp 0x12c09 0x12bdd: nop 0x12bde: mov ah, 0x2a 0x12be0: int 0x21 0x12be2: cmp dh, 6 0x12be5: jge 0x12bea 0x12be7: jmp 0x12c09 0x12be9: nop 0x12bea: mov ah, 0x2a 0x12bec: int 0x21 0x12bee: cmp dl, 0x18 0x12bf1: jge 0x12bf6 0x12bf3: jmp 0x12c09 0x12bf5: nop 0x12bf6: mov al, 2 0x12bf8: mov cx, 2 0x12bfb: mov dx, 0 0x12bfe: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:57.416360435Z	78	PC: 12c8c \| Find first file
2018-12-25T12:55:57.425074261Z	67	PC: 12cca \| Get or set file attributes
2018-12-25T12:55:57.431791136Z	67	PC: 12cdc \| Get or set file attributes
2018-12-25T12:55:57.451251751Z	61	PC: 12ce7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:57.460494422Z	87	PC: 12cf3 \| Get or set file date and time
2018-12-25T12:55:57.462493872Z	44	PC: 12cff \| Get time 0x12cff: and dh, 7 0x12d02: jmp 0x12d05 0x12d04: nop 0x12d05: mov ah, 0x3f 0x12d07: mov cx, 3 0x12d0a: mov dx, 0x41 0x12d0d: nop 0x12d0e: add dx, si 0x12d10: int 0x21 0x12d12: jb 0x12d69 0x12d14: cmp ax, 3 0x12d17: jne 0x12d69 0x12d19: mov ax, 0x4202 0x12d1c: mov cx, 0 0x12d1f: mov dx, 0 0x12d22: int 0x21 0x12d24: jb 0x12d69 0x12d26: mov cx, ax 0x12d28: sub ax, 3 0x12d2b: mov word ptr [si + 0x45], ax
2018-12-25T12:55:57.465349049Z	63	PC: 12d12 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:57.473469525Z	66	PC: 12d24 \| Move file pointer
2018-12-25T12:55:57.47548562Z	64	PC: 12d48 \| Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:57.508308276Z	66	PC: 12d5a \| Move file pointer
2018-12-25T12:55:57.511183113Z	64	PC: 12d69 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:57.519213477Z	87	PC: 12d7c \| Get or set file date and time
2018-12-25T12:55:57.520987594Z	62	PC: 12d80 \| Close file
2018-12-25T12:55:57.531094289Z	67	PC: 12d8f \| Get or set file attributes
2018-12-25T12:55:57.542628056Z	26	PC: 12d9c \| Set disk transfer address
2018-12-25T12:55:57.544450466Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:57.55200159Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17527,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:59.030942659Z	48	PC: 12ba6 \| Get DOS version
2018-12-25T12:55:59.033604138Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-25T12:55:59.03499733Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-25T12:55:59.036382891Z	42	PC: 12bd5 \| Get date 0x12bd5: cmp cx, 0x7c6 0x12bd9: jge 0x12bde 0x12bdb: jmp 0x12c09 0x12bdd: nop 0x12bde: mov ah, 0x2a 0x12be0: int 0x21 0x12be2: cmp dh, 6 0x12be5: jge 0x12bea 0x12be7: jmp 0x12c09 0x12be9: nop 0x12bea: mov ah, 0x2a 0x12bec: int 0x21 0x12bee: cmp dl, 0x18 0x12bf1: jge 0x12bf6 0x12bf3: jmp 0x12c09 0x12bf5: nop 0x12bf6: mov al, 2 0x12bf8: mov cx, 2 0x12bfb: mov dx, 0 0x12bfe: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:59.039035069Z	78	PC: 12c8c \| Find first file
2018-12-25T12:55:59.047161812Z	67	PC: 12cca \| Get or set file attributes
2018-12-25T12:55:59.053989385Z	67	PC: 12cdc \| Get or set file attributes
2018-12-25T12:55:59.073780943Z	61	PC: 12ce7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:59.081976466Z	87	PC: 12cf3 \| Get or set file date and time
2018-12-25T12:55:59.08354972Z	44	PC: 12cff \| Get time 0x12cff: and dh, 7 0x12d02: jmp 0x12d05 0x12d04: nop 0x12d05: mov ah, 0x3f 0x12d07: mov cx, 3 0x12d0a: mov dx, 0x41 0x12d0d: nop 0x12d0e: add dx, si 0x12d10: int 0x21 0x12d12: jb 0x12d69 0x12d14: cmp ax, 3 0x12d17: jne 0x12d69 0x12d19: mov ax, 0x4202 0x12d1c: mov cx, 0 0x12d1f: mov dx, 0 0x12d22: int 0x21 0x12d24: jb 0x12d69 0x12d26: mov cx, ax 0x12d28: sub ax, 3 0x12d2b: mov word ptr [si + 0x45], ax
2018-12-25T12:55:59.086017956Z	63	PC: 12d12 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:59.095645227Z	66	PC: 12d24 \| Move file pointer
2018-12-25T12:55:59.097312293Z	64	PC: 12d48 \| Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:59.107504055Z	66	PC: 12d5a \| Move file pointer
2018-12-25T12:55:59.110646922Z	64	PC: 12d69 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:59.118795424Z	87	PC: 12d7c \| Get or set file date and time
2018-12-25T12:55:59.120661641Z	62	PC: 12d80 \| Close file
2018-12-25T12:55:59.129951955Z	67	PC: 12d8f \| Get or set file attributes
2018-12-25T12:55:59.14206805Z	26	PC: 12d9c \| Set disk transfer address
2018-12-25T12:55:59.143462284Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:59.149795205Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17527,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:59.299455009Z	48	PC: 12ba6 \| Get DOS version
2018-12-25T12:55:59.301662278Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-25T12:55:59.303269605Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-25T12:55:59.304780646Z	42	PC: 12bd5 \| Get date 0x12bd5: cmp cx, 0x7c6 0x12bd9: jge 0x12bde 0x12bdb: jmp 0x12c09 0x12bdd: nop 0x12bde: mov ah, 0x2a 0x12be0: int 0x21 0x12be2: cmp dh, 6 0x12be5: jge 0x12bea 0x12be7: jmp 0x12c09 0x12be9: nop 0x12bea: mov ah, 0x2a 0x12bec: int 0x21 0x12bee: cmp dl, 0x18 0x12bf1: jge 0x12bf6 0x12bf3: jmp 0x12c09 0x12bf5: nop 0x12bf6: mov al, 2 0x12bf8: mov cx, 2 0x12bfb: mov dx, 0 0x12bfe: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:59.307549642Z	78	PC: 12c8c \| Find first file
2018-12-25T12:55:59.315331989Z	67	PC: 12cca \| Get or set file attributes
2018-12-25T12:55:59.322044927Z	67	PC: 12cdc \| Get or set file attributes
2018-12-25T12:55:59.340498274Z	61	PC: 12ce7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:59.349034489Z	87	PC: 12cf3 \| Get or set file date and time
2018-12-25T12:55:59.351128524Z	44	PC: 12cff \| Get time 0x12cff: and dh, 7 0x12d02: jmp 0x12d05 0x12d04: nop 0x12d05: mov ah, 0x3f 0x12d07: mov cx, 3 0x12d0a: mov dx, 0x41 0x12d0d: nop 0x12d0e: add dx, si 0x12d10: int 0x21 0x12d12: jb 0x12d69 0x12d14: cmp ax, 3 0x12d17: jne 0x12d69 0x12d19: mov ax, 0x4202 0x12d1c: mov cx, 0 0x12d1f: mov dx, 0 0x12d22: int 0x21 0x12d24: jb 0x12d69 0x12d26: mov cx, ax 0x12d28: sub ax, 3 0x12d2b: mov word ptr [si + 0x45], ax
2018-12-25T12:55:59.354022705Z	63	PC: 12d12 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:59.372199975Z	66	PC: 12d24 \| Move file pointer
2018-12-25T12:55:59.373722386Z	64	PC: 12d48 \| Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:59.396276732Z	66	PC: 12d5a \| Move file pointer
2018-12-25T12:55:59.398826014Z	64	PC: 12d69 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:59.406600691Z	87	PC: 12d7c \| Get or set file date and time
2018-12-25T12:55:59.408616898Z	62	PC: 12d80 \| Close file
2018-12-25T12:55:59.418797145Z	67	PC: 12d8f \| Get or set file attributes
2018-12-25T12:55:59.430376275Z	26	PC: 12d9c \| Set disk transfer address
2018-12-25T12:55:59.431981359Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:59.439282493Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":24,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17527,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:59.623367703Z	48	PC: 12ba6 \| Get DOS version
2018-12-25T12:55:59.625889747Z	47	PC: 12bb2 \| Get disk transfer address
2018-12-25T12:55:59.627719837Z	26	PC: 12bc5 \| Set disk transfer address
2018-12-25T12:55:59.629742904Z	42	PC: 12bd5 \| Get date 0x12bd5: cmp cx, 0x7c6 0x12bd9: jge 0x12bde 0x12bdb: jmp 0x12c09 0x12bdd: nop 0x12bde: mov ah, 0x2a 0x12be0: int 0x21 0x12be2: cmp dh, 6 0x12be5: jge 0x12bea 0x12be7: jmp 0x12c09 0x12be9: nop 0x12bea: mov ah, 0x2a 0x12bec: int 0x21 0x12bee: cmp dl, 0x18 0x12bf1: jge 0x12bf6 0x12bf3: jmp 0x12c09 0x12bf5: nop 0x12bf6: mov al, 2 0x12bf8: mov cx, 2 0x12bfb: mov dx, 0 0x12bfe: mov ds, word ptr [di + 0x37]
2018-12-25T12:55:59.634430136Z	78	PC: 12c8c \| Find first file
2018-12-25T12:55:59.642066219Z	67	PC: 12cca \| Get or set file attributes
2018-12-25T12:55:59.649019357Z	67	PC: 12cdc \| Get or set file attributes
2018-12-25T12:55:59.67187654Z	61	PC: 12ce7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:59.68048877Z	87	PC: 12cf3 \| Get or set file date and time
2018-12-25T12:55:59.682384124Z	44	PC: 12cff \| Get time 0x12cff: and dh, 7 0x12d02: jmp 0x12d05 0x12d04: nop 0x12d05: mov ah, 0x3f 0x12d07: mov cx, 3 0x12d0a: mov dx, 0x41 0x12d0d: nop 0x12d0e: add dx, si 0x12d10: int 0x21 0x12d12: jb 0x12d69 0x12d14: cmp ax, 3 0x12d17: jne 0x12d69 0x12d19: mov ax, 0x4202 0x12d1c: mov cx, 0 0x12d1f: mov dx, 0 0x12d22: int 0x21 0x12d24: jb 0x12d69 0x12d26: mov cx, ax 0x12d28: sub ax, 3 0x12d2b: mov word ptr [si + 0x45], ax
2018-12-25T12:55:59.685099266Z	63	PC: 12d12 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:59.706985485Z	66	PC: 12d24 \| Move file pointer
2018-12-25T12:55:59.708640708Z	64	PC: 12d48 \| Write file or device (Write 739 bytes on handle 5)
2018-12-25T12:55:59.718361174Z	66	PC: 12d5a \| Move file pointer
2018-12-25T12:55:59.720965112Z	64	PC: 12d69 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:59.728685269Z	87	PC: 12d7c \| Get or set file date and time
2018-12-25T12:55:59.73078523Z	62	PC: 12d80 \| Close file
2018-12-25T12:55:59.740293087Z	67	PC: 12d8f \| Get or set file attributes
2018-12-25T12:55:59.751929965Z	26	PC: 12d9c \| Set disk transfer address
2018-12-25T12:55:59.753547487Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:55:59.761043081Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')