Sample viewer

vx.netlux.org/Virus.DOS.LAVI.Cris.1531

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:37.008705714Z 42 PC: 12afe | Get date 0x12afe: sub bh, 0
0x12b01: add bx, 0
0x12b04: cmp dh, 0xb
0x12b07: jne 0x12b13
0x12b09: mov cx, cx
0x12b0b: cmp dl, 0x1a
0x12b0e: jne 0x12b13
0x12b10: call 0x12cb1
0x12b13: push cs
0x12b14: pop es
0x12b15: add ax, 0
0x12b18: mov si, 0x144
0x12b1b: sub ah, 0
0x12b1e: add ax, 0
0x12b21: cmp word ptr [bp + si + 1], 0x414c
0x12b26: jne 0x12b41
0x12b28: sub ch, 0
0x12b2b: mov dh, dh
0x12b2d: mov ah, 0xb9
0x12b2f: mov cl, cl
2018-12-17T22:41:37.013162025Z 185 PC: 12b35 | UNKNOWN!
2018-12-17T22:41:37.015279541Z 74 PC: 12b97 | Reallocate memory
2018-12-17T22:41:37.01770673Z 53 PC: 12ba2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:37.01904328Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:37.022355512Z 75 PC: 12c50 | Execute program
2018-12-17T22:41:37.037822892Z 42 PC: 1335e | Get date 0x1335e: sub bh, 0
0x13361: add bx, 0
0x13364: cmp dh, 0xb
0x13367: jne 0x13373
0x13369: mov cx, cx
0x1336b: cmp dl, 0x1a
0x1336e: jne 0x13373
0x13370: call 0x13511
0x13373: push cs
0x13374: pop es
0x13375: add ax, 0
0x13378: mov si, 0x144
0x1337b: sub ah, 0
0x1337e: add ax, 0
0x13381: cmp word ptr [bp + si + 1], 0x414c
0x13386: jne 0x133a1
0x13388: sub ch, 0
0x1338b: mov dh, dh
0x1338d: mov ah, 0xb9
0x1338f: mov cl, cl
2018-12-17T22:41:37.040260781Z 76 PC: 132a4 | Terminate with return code (Return code = '1')
2018-12-17T22:41:37.045695358Z 73 PC: 12c6e | Release memory
2018-12-17T22:41:37.04703788Z 49 PC: 12c89 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:17.555809514Z 42 PC: 12afe | Get date 0x12afe: sub bh, 0
0x12b01: add bx, 0
0x12b04: cmp dh, 0xb
0x12b07: jne 0x12b13
0x12b09: mov cx, cx
0x12b0b: cmp dl, 0x1a
0x12b0e: jne 0x12b13
0x12b10: call 0x12cb1
0x12b13: push cs
0x12b14: pop es
0x12b15: add ax, 0
0x12b18: mov si, 0x144
0x12b1b: sub ah, 0
0x12b1e: add ax, 0
0x12b21: cmp word ptr [bp + si + 1], 0x414c
0x12b26: jne 0x12b41
0x12b28: sub ch, 0
0x12b2b: mov dh, dh
0x12b2d: mov ah, 0xb9
0x12b2f: mov cl, cl
2018-12-25T12:01:17.558223473Z 185 PC: 12b35 | UNKNOWN!
2018-12-25T12:01:17.559895494Z 74 PC: 12b97 | Reallocate memory
2018-12-25T12:01:17.561437091Z 53 PC: 12ba2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.562795592Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.565168966Z 75 PC: 12c50 | Execute program
2018-12-25T12:01:17.581369616Z 42 PC: 1335e | Get date 0x1335e: sub bh, 0
0x13361: add bx, 0
0x13364: cmp dh, 0xb
0x13367: jne 0x13373
0x13369: mov cx, cx
0x1336b: cmp dl, 0x1a
0x1336e: jne 0x13373
0x13370: call 0x13511
0x13373: push cs
0x13374: pop es
0x13375: add ax, 0
0x13378: mov si, 0x144
0x1337b: sub ah, 0
0x1337e: add ax, 0
0x13381: cmp word ptr [bp + si + 1], 0x414c
0x13386: jne 0x133a1
0x13388: sub ch, 0
0x1338b: mov dh, dh
0x1338d: mov ah, 0xb9
0x1338f: mov cl, cl
2018-12-25T12:01:17.584074528Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:01:17.587912864Z 73 PC: 12c6e | Release memory
2018-12-25T12:01:17.589805898Z 49 PC: 12c89 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:17.564550153Z 42 PC: 12afe | Get date 0x12afe: sub bh, 0
0x12b01: add bx, 0
0x12b04: cmp dh, 0xb
0x12b07: jne 0x12b13
0x12b09: mov cx, cx
0x12b0b: cmp dl, 0x1a
0x12b0e: jne 0x12b13
0x12b10: call 0x12cb1
0x12b13: push cs
0x12b14: pop es
0x12b15: add ax, 0
0x12b18: mov si, 0x144
0x12b1b: sub ah, 0
0x12b1e: add ax, 0
0x12b21: cmp word ptr [bp + si + 1], 0x414c
0x12b26: jne 0x12b41
0x12b28: sub ch, 0
0x12b2b: mov dh, dh
0x12b2d: mov ah, 0xb9
0x12b2f: mov cl, cl
2018-12-25T12:01:17.56715082Z 185 PC: 12b35 | UNKNOWN!
2018-12-25T12:01:17.568663498Z 74 PC: 12b97 | Reallocate memory
2018-12-25T12:01:17.570252501Z 53 PC: 12ba2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.571768919Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.572874396Z 75 PC: 12c50 | Execute program
2018-12-25T12:01:17.586429568Z 42 PC: 1335e | Get date 0x1335e: sub bh, 0
0x13361: add bx, 0
0x13364: cmp dh, 0xb
0x13367: jne 0x13373
0x13369: mov cx, cx
0x1336b: cmp dl, 0x1a
0x1336e: jne 0x13373
0x13370: call 0x13511
0x13373: push cs
0x13374: pop es
0x13375: add ax, 0
0x13378: mov si, 0x144
0x1337b: sub ah, 0
0x1337e: add ax, 0
0x13381: cmp word ptr [bp + si + 1], 0x414c
0x13386: jne 0x133a1
0x13388: sub ch, 0
0x1338b: mov dh, dh
0x1338d: mov ah, 0xb9
0x1338f: mov cl, cl
2018-12-25T12:01:17.588962332Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:01:17.59184039Z 73 PC: 12c6e | Release memory
2018-12-25T12:01:17.59300922Z 49 PC: 12c89 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":26,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:17.635088719Z 42 PC: 12afe | Get date 0x12afe: sub bh, 0
0x12b01: add bx, 0
0x12b04: cmp dh, 0xb
0x12b07: jne 0x12b13
0x12b09: mov cx, cx
0x12b0b: cmp dl, 0x1a
0x12b0e: jne 0x12b13
0x12b10: call 0x12cb1
0x12b13: push cs
0x12b14: pop es
0x12b15: add ax, 0
0x12b18: mov si, 0x144
0x12b1b: sub ah, 0
0x12b1e: add ax, 0
0x12b21: cmp word ptr [bp + si + 1], 0x414c
0x12b26: jne 0x12b41
0x12b28: sub ch, 0
0x12b2b: mov dh, dh
0x12b2d: mov ah, 0xb9
0x12b2f: mov cl, cl
2018-12-25T12:01:17.637918279Z 65 PC: 12cba | Delete file (Filename = 'A:\cris60e.com')
2018-12-25T12:01:17.644222879Z 185 PC: 12b35 | UNKNOWN!
2018-12-25T12:01:17.645393367Z 74 PC: 12b97 | Reallocate memory
2018-12-25T12:01:17.647245845Z 53 PC: 12ba2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.648332976Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.649599017Z 75 PC: 12c50 | Execute program
2018-12-25T12:01:17.663604803Z 42 PC: 1335e | Get date 0x1335e: sub bh, 0
0x13361: add bx, 0
0x13364: cmp dh, 0xb
0x13367: jne 0x13373
0x13369: mov cx, cx
0x1336b: cmp dl, 0x1a
0x1336e: jne 0x13373
0x13370: call 0x13511
0x13373: push cs
0x13374: pop es
0x13375: add ax, 0
0x13378: mov si, 0x144
0x1337b: sub ah, 0
0x1337e: add ax, 0
0x13381: cmp word ptr [bp + si + 1], 0x414c
0x13386: jne 0x133a1
0x13388: sub ch, 0
0x1338b: mov dh, dh
0x1338d: mov ah, 0xb9
0x1338f: mov cl, cl
2018-12-25T12:01:17.666177882Z 65 PC: 1351a | Delete file (Filename = 'A:\cris60e.com')
2018-12-25T12:01:17.671941604Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:01:17.674786632Z 73 PC: 12c6e | Release memory
2018-12-25T12:01:17.6760564Z 49 PC: 12c89 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:17.69217531Z 42 PC: 12afe | Get date 0x12afe: sub bh, 0
0x12b01: add bx, 0
0x12b04: cmp dh, 0xb
0x12b07: jne 0x12b13
0x12b09: mov cx, cx
0x12b0b: cmp dl, 0x1a
0x12b0e: jne 0x12b13
0x12b10: call 0x12cb1
0x12b13: push cs
0x12b14: pop es
0x12b15: add ax, 0
0x12b18: mov si, 0x144
0x12b1b: sub ah, 0
0x12b1e: add ax, 0
0x12b21: cmp word ptr [bp + si + 1], 0x414c
0x12b26: jne 0x12b41
0x12b28: sub ch, 0
0x12b2b: mov dh, dh
0x12b2d: mov ah, 0xb9
0x12b2f: mov cl, cl
2018-12-25T12:01:17.695651464Z 185 PC: 12b35 | UNKNOWN!
2018-12-25T12:01:17.697287455Z 74 PC: 12b97 | Reallocate memory
2018-12-25T12:01:17.698727277Z 53 PC: 12ba2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.700187519Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.71284191Z 75 PC: 12c50 | Execute program
2018-12-25T12:01:17.729504261Z 42 PC: 1335e | Get date 0x1335e: sub bh, 0
0x13361: add bx, 0
0x13364: cmp dh, 0xb
0x13367: jne 0x13373
0x13369: mov cx, cx
0x1336b: cmp dl, 0x1a
0x1336e: jne 0x13373
0x13370: call 0x13511
0x13373: push cs
0x13374: pop es
0x13375: add ax, 0
0x13378: mov si, 0x144
0x1337b: sub ah, 0
0x1337e: add ax, 0
0x13381: cmp word ptr [bp + si + 1], 0x414c
0x13386: jne 0x133a1
0x13388: sub ch, 0
0x1338b: mov dh, dh
0x1338d: mov ah, 0xb9
0x1338f: mov cl, cl
2018-12-25T12:01:17.731906439Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:01:17.735668043Z 73 PC: 12c6e | Release memory
2018-12-25T12:01:17.737499392Z 49 PC: 12c89 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:17.776326771Z 42 PC: 12afe | Get date 0x12afe: sub bh, 0
0x12b01: add bx, 0
0x12b04: cmp dh, 0xb
0x12b07: jne 0x12b13
0x12b09: mov cx, cx
0x12b0b: cmp dl, 0x1a
0x12b0e: jne 0x12b13
0x12b10: call 0x12cb1
0x12b13: push cs
0x12b14: pop es
0x12b15: add ax, 0
0x12b18: mov si, 0x144
0x12b1b: sub ah, 0
0x12b1e: add ax, 0
0x12b21: cmp word ptr [bp + si + 1], 0x414c
0x12b26: jne 0x12b41
0x12b28: sub ch, 0
0x12b2b: mov dh, dh
0x12b2d: mov ah, 0xb9
0x12b2f: mov cl, cl
2018-12-25T12:01:17.778636911Z 185 PC: 12b35 | UNKNOWN!
2018-12-25T12:01:17.784758628Z 74 PC: 12b97 | Reallocate memory
2018-12-25T12:01:17.786342849Z 53 PC: 12ba2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.787782923Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.79027602Z 75 PC: 12c50 | Execute program
2018-12-25T12:01:17.806713043Z 42 PC: 1335e | Get date 0x1335e: sub bh, 0
0x13361: add bx, 0
0x13364: cmp dh, 0xb
0x13367: jne 0x13373
0x13369: mov cx, cx
0x1336b: cmp dl, 0x1a
0x1336e: jne 0x13373
0x13370: call 0x13511
0x13373: push cs
0x13374: pop es
0x13375: add ax, 0
0x13378: mov si, 0x144
0x1337b: sub ah, 0
0x1337e: add ax, 0
0x13381: cmp word ptr [bp + si + 1], 0x414c
0x13386: jne 0x133a1
0x13388: sub ch, 0
0x1338b: mov dh, dh
0x1338d: mov ah, 0xb9
0x1338f: mov cl, cl
2018-12-25T12:01:17.809388037Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:01:17.813618396Z 73 PC: 12c6e | Release memory
2018-12-25T12:01:17.815346856Z 49 PC: 12c89 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":26,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:17.886143079Z 42 PC: 12afe | Get date 0x12afe: sub bh, 0
0x12b01: add bx, 0
0x12b04: cmp dh, 0xb
0x12b07: jne 0x12b13
0x12b09: mov cx, cx
0x12b0b: cmp dl, 0x1a
0x12b0e: jne 0x12b13
0x12b10: call 0x12cb1
0x12b13: push cs
0x12b14: pop es
0x12b15: add ax, 0
0x12b18: mov si, 0x144
0x12b1b: sub ah, 0
0x12b1e: add ax, 0
0x12b21: cmp word ptr [bp + si + 1], 0x414c
0x12b26: jne 0x12b41
0x12b28: sub ch, 0
0x12b2b: mov dh, dh
0x12b2d: mov ah, 0xb9
0x12b2f: mov cl, cl
2018-12-25T12:01:17.895869963Z 65 PC: 12cba | Delete file (Filename = 'A:\cris60e.com')
2018-12-25T12:01:17.901696604Z 185 PC: 12b35 | UNKNOWN!
2018-12-25T12:01:17.903019463Z 74 PC: 12b97 | Reallocate memory
2018-12-25T12:01:17.905063965Z 53 PC: 12ba2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.906163914Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:17.907362401Z 75 PC: 12c50 | Execute program
2018-12-25T12:01:17.921097743Z 42 PC: 1335e | Get date 0x1335e: sub bh, 0
0x13361: add bx, 0
0x13364: cmp dh, 0xb
0x13367: jne 0x13373
0x13369: mov cx, cx
0x1336b: cmp dl, 0x1a
0x1336e: jne 0x13373
0x13370: call 0x13511
0x13373: push cs
0x13374: pop es
0x13375: add ax, 0
0x13378: mov si, 0x144
0x1337b: sub ah, 0
0x1337e: add ax, 0
0x13381: cmp word ptr [bp + si + 1], 0x414c
0x13386: jne 0x133a1
0x13388: sub ch, 0
0x1338b: mov dh, dh
0x1338d: mov ah, 0xb9
0x1338f: mov cl, cl
2018-12-25T12:01:17.92420253Z 65 PC: 1351a | Delete file (Filename = 'A:\cris60e.com')
2018-12-25T12:01:17.93041916Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:01:17.933665841Z 73 PC: 12c6e | Release memory
2018-12-25T12:01:17.936252461Z 49 PC: 12c89 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:18.127338876Z 42 PC: 12afe | Get date 0x12afe: sub bh, 0
0x12b01: add bx, 0
0x12b04: cmp dh, 0xb
0x12b07: jne 0x12b13
0x12b09: mov cx, cx
0x12b0b: cmp dl, 0x1a
0x12b0e: jne 0x12b13
0x12b10: call 0x12cb1
0x12b13: push cs
0x12b14: pop es
0x12b15: add ax, 0
0x12b18: mov si, 0x144
0x12b1b: sub ah, 0
0x12b1e: add ax, 0
0x12b21: cmp word ptr [bp + si + 1], 0x414c
0x12b26: jne 0x12b41
0x12b28: sub ch, 0
0x12b2b: mov dh, dh
0x12b2d: mov ah, 0xb9
0x12b2f: mov cl, cl
2018-12-25T12:01:18.130249863Z 185 PC: 12b35 | UNKNOWN!
2018-12-25T12:01:18.133448081Z 74 PC: 12b97 | Reallocate memory
2018-12-25T12:01:18.13544142Z 53 PC: 12ba2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.1387218Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.141793044Z 75 PC: 12c50 | Execute program
2018-12-25T12:01:18.16160397Z 42 PC: 1335e | Get date 0x1335e: sub bh, 0
0x13361: add bx, 0
0x13364: cmp dh, 0xb
0x13367: jne 0x13373
0x13369: mov cx, cx
0x1336b: cmp dl, 0x1a
0x1336e: jne 0x13373
0x13370: call 0x13511
0x13373: push cs
0x13374: pop es
0x13375: add ax, 0
0x13378: mov si, 0x144
0x1337b: sub ah, 0
0x1337e: add ax, 0
0x13381: cmp word ptr [bp + si + 1], 0x414c
0x13386: jne 0x133a1
0x13388: sub ch, 0
0x1338b: mov dh, dh
0x1338d: mov ah, 0xb9
0x1338f: mov cl, cl
2018-12-25T12:01:18.164175579Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:01:18.168369222Z 73 PC: 12c6e | Release memory
2018-12-25T12:01:18.169868053Z 49 PC: 12c89 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:18.206996496Z 42 PC: 12afe | Get date 0x12afe: sub bh, 0
0x12b01: add bx, 0
0x12b04: cmp dh, 0xb
0x12b07: jne 0x12b13
0x12b09: mov cx, cx
0x12b0b: cmp dl, 0x1a
0x12b0e: jne 0x12b13
0x12b10: call 0x12cb1
0x12b13: push cs
0x12b14: pop es
0x12b15: add ax, 0
0x12b18: mov si, 0x144
0x12b1b: sub ah, 0
0x12b1e: add ax, 0
0x12b21: cmp word ptr [bp + si + 1], 0x414c
0x12b26: jne 0x12b41
0x12b28: sub ch, 0
0x12b2b: mov dh, dh
0x12b2d: mov ah, 0xb9
0x12b2f: mov cl, cl
2018-12-25T12:01:18.209506695Z 185 PC: 12b35 | UNKNOWN!
2018-12-25T12:01:18.232401975Z 74 PC: 12b97 | Reallocate memory
2018-12-25T12:01:18.233948957Z 53 PC: 12ba2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.235357698Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.237006175Z 75 PC: 12c50 | Execute program
2018-12-25T12:01:18.252369939Z 42 PC: 1335e | Get date 0x1335e: sub bh, 0
0x13361: add bx, 0
0x13364: cmp dh, 0xb
0x13367: jne 0x13373
0x13369: mov cx, cx
0x1336b: cmp dl, 0x1a
0x1336e: jne 0x13373
0x13370: call 0x13511
0x13373: push cs
0x13374: pop es
0x13375: add ax, 0
0x13378: mov si, 0x144
0x1337b: sub ah, 0
0x1337e: add ax, 0
0x13381: cmp word ptr [bp + si + 1], 0x414c
0x13386: jne 0x133a1
0x13388: sub ch, 0
0x1338b: mov dh, dh
0x1338d: mov ah, 0xb9
0x1338f: mov cl, cl
2018-12-25T12:01:18.255089327Z 76 PC: 132a4 | Terminate with return code (Return code = '6')
2018-12-25T12:01:18.259189499Z 73 PC: 12c6e | Release memory
2018-12-25T12:01:18.260988193Z 49 PC: 12c89 | Terminate and stay resident (Return code = '1' | Memory size = '128')

{"DateBased":true,"Day":26,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7280,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:18.242247486Z 42 PC: 12afe | Get date 0x12afe: sub bh, 0
0x12b01: add bx, 0
0x12b04: cmp dh, 0xb
0x12b07: jne 0x12b13
0x12b09: mov cx, cx
0x12b0b: cmp dl, 0x1a
0x12b0e: jne 0x12b13
0x12b10: call 0x12cb1
0x12b13: push cs
0x12b14: pop es
0x12b15: add ax, 0
0x12b18: mov si, 0x144
0x12b1b: sub ah, 0
0x12b1e: add ax, 0
0x12b21: cmp word ptr [bp + si + 1], 0x414c
0x12b26: jne 0x12b41
0x12b28: sub ch, 0
0x12b2b: mov dh, dh
0x12b2d: mov ah, 0xb9
0x12b2f: mov cl, cl
2018-12-25T12:01:18.246268768Z 65 PC: 12cba | Delete file (Filename = 'A:\cris60e.com')
2018-12-25T12:01:18.253355109Z 185 PC: 12b35 | UNKNOWN!
2018-12-25T12:01:18.254659965Z 74 PC: 12b97 | Reallocate memory
2018-12-25T12:01:18.25614926Z 53 PC: 12ba2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.265492693Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.267058743Z 75 PC: 12c50 | Execute program
2018-12-25T12:01:18.283018317Z 42 PC: 1335e | Get date 0x1335e: sub bh, 0
0x13361: add bx, 0
0x13364: cmp dh, 0xb
0x13367: jne 0x13373
0x13369: mov cx, cx
0x1336b: cmp dl, 0x1a
0x1336e: jne 0x13373
0x13370: call 0x13511
0x13373: push cs
0x13374: pop es
0x13375: add ax, 0
0x13378: mov si, 0x144
0x1337b: sub ah, 0
0x1337e: add ax, 0
0x13381: cmp word ptr [bp + si + 1], 0x414c
0x13386: jne 0x133a1
0x13388: sub ch, 0
0x1338b: mov dh, dh
0x1338d: mov ah, 0xb9
0x1338f: mov cl, cl
2018-12-25T12:01:18.2860236Z 65 PC: 1351a | Delete file (Filename = 'A:\cris60e.com')
2018-12-25T12:01:18.292553095Z 76 PC: 132a4 | Terminate with return code (Return code = '2')
2018-12-25T12:01:18.297165894Z 73 PC: 12c6e | Release memory
2018-12-25T12:01:18.300434442Z 49 PC: 12c89 | Terminate and stay resident (Return code = '1' | Memory size = '128')