Sample viewer

vx.netlux.org/Virus.DOS.Mipo.1086

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:07.485103084Z 255 PC: 25713 | UNKNOWN!
2018-12-17T22:42:07.508971794Z 48 PC: 28eb0 | Get DOS version
2018-12-17T22:42:07.511495514Z 74 PC: 28f27 | Reallocate memory
2018-12-17T22:42:07.513850337Z 72 PC: 2a453 | Allocate memory
2018-12-17T22:42:07.518198183Z 74 PC: 2a403 | Reallocate memory
2018-12-17T22:42:07.521617485Z 48 PC: 291b0 | Get DOS version
2018-12-17T22:42:07.523581484Z 53 PC: 28fb1 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:07.525585858Z 37 PC: 28fc3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:07.52785486Z 68 PC: 2904f | I/O control for devices (Set for = 'E�$� �!�E�')
2018-12-17T22:42:07.530171231Z 68 PC: 2904f | I/O control for devices (Set for = 'G5�')
2018-12-17T22:42:07.532086097Z 68 PC: 2904f | I/O control for devices (Set for = '5')
2018-12-17T22:42:07.534767613Z 68 PC: 2904f | I/O control for devices (Set for = 'D5-')
2018-12-17T22:42:07.536881564Z 68 PC: 2904f | I/O control for devices (Set for = 'D5-')
2018-12-17T22:42:07.539093368Z 48 PC: 28b85 | Get DOS version
2018-12-17T22:42:07.541721624Z 37 PC: 13730 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:07.543703527Z 37 PC: 1373d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:42:07.545601251Z 25 PC: 14bc8 | Get default drive
2018-12-17T22:42:07.548677929Z 25 PC: 2ad12 | Get default drive
2018-12-17T22:42:07.550337997Z 71 PC: 2a8c7 | Get current directory
2018-12-17T22:42:07.569310481Z 64 PC: 2a11c | Write file or device (Write 132 bytes on handle 1)
2018-12-17T22:42:07.576738954Z 64 PC: 2a11c | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:42:07.580791165Z 64 PC: 2a11c | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:42:07.583842916Z 42 PC: 13bba | Get date 0x13bba: cmp cx, 0x7cc
0x13bbe: ja 0x13bd3
0x13bc0: jb 0x13bce
0x13bc2: cmp dh, 0xa
0x13bc5: ja 0x13bd3
0x13bc7: jb 0x13bce
0x13bc9: cmp dl, 0xf
0x13bcc: ja 0x13bd3
0x13bce: mov word ptr [bp - 2], 1
0x13bd3: cmp word ptr [bp - 2], 0
0x13bd7: jne 0x13bed
0x13bd9: push 3
0x13bdb: lcall 0x149a:0x120
0x13be0: push 1
0x13be2: lcall 0x13d9:0x8e1
0x13be7: push 2
0x13be9: push cs
0x13bea: call 0x22a40
0x13bed: pop ds
0x13bee: leave
2018-12-17T22:42:07.588548775Z 64 PC: 2a11c | Write file or device (Write 74 bytes on handle 1)
2018-12-17T22:42:07.594529137Z 64 PC: 2a11c | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:42:07.59841205Z 14 PC: 2aeed | Set default drive (Drive = 'A')
2018-12-17T22:42:07.600362854Z 59 PC: 14b82 | Change current directory
2018-12-17T22:42:07.605722981Z 37 PC: 2910b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:42:07.607504357Z 76 PC: 290f0 | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7449,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:47.445837556Z 255 PC: 25713 | UNKNOWN!
2018-12-25T12:01:47.469947437Z 48 PC: 28eb0 | Get DOS version
2018-12-25T12:01:47.471701012Z 74 PC: 28f27 | Reallocate memory
2018-12-25T12:01:47.475020379Z 72 PC: 2a453 | Allocate memory
2018-12-25T12:01:47.477588622Z 74 PC: 2a403 | Reallocate memory
2018-12-25T12:01:47.479772988Z 48 PC: 291b0 | Get DOS version
2018-12-25T12:01:47.482050013Z 53 PC: 28fb1 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:47.483569165Z 37 PC: 28fc3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:47.485153413Z 68 PC: 2904f | I/O control for devices (Set for = 'E�$� �!�E�')
2018-12-25T12:01:47.48751357Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.489230528Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.490895927Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.493063045Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.495082271Z 48 PC: 28b85 | Get DOS version
2018-12-25T12:01:47.496836418Z 37 PC: 13730 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:47.499533984Z 37 PC: 1373d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:01:47.501660916Z 25 PC: 14bc8 | Get default drive
2018-12-25T12:01:47.503786988Z 25 PC: 2ad12 | Get default drive
2018-12-25T12:01:47.506154162Z 71 PC: 2a8c7 | Get current directory
2018-12-25T12:01:47.524045306Z 64 PC: 2a11c | Write file or device (Write 132 bytes on handle 1)
2018-12-25T12:01:47.530860768Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.53516519Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.538206014Z 42 PC: 13bba | Get date 0x13bba: cmp cx, 0x7cc
0x13bbe: ja 0x13bd3
0x13bc0: jb 0x13bce
0x13bc2: cmp dh, 0xa
0x13bc5: ja 0x13bd3
0x13bc7: jb 0x13bce
0x13bc9: cmp dl, 0xf
0x13bcc: ja 0x13bd3
0x13bce: mov word ptr [bp - 2], 1
0x13bd3: cmp word ptr [bp - 2], 0
0x13bd7: jne 0x13bed
0x13bd9: push 3
0x13bdb: lcall 0x149a:0x120
0x13be0: push 1
0x13be2: lcall 0x13d9:0x8e1
0x13be7: push 2
0x13be9: push cs
0x13bea: call 0x22a40
0x13bed: pop ds
0x13bee: leave
2018-12-25T12:01:47.541652052Z 64 PC: 2a182 | Write file or device (Write 22 bytes on handle 1)
2018-12-25T12:01:47.547789562Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.553145392Z 64 PC: 2a182 | Write file or device (See above)
2018-12-25T12:01:47.591341004Z 48 PC: 28b85 | Get DOS version (See above)
2018-12-25T12:01:47.59324462Z 82 PC: 1552b | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:47.607218977Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.613314344Z 64 PC: 2a182 | Write file or device (See above)
2018-12-25T12:01:47.618554782Z 61 PC: 29dcd | Open file (Filename = 'A:\TEST.EXE')
2018-12-25T12:01:47.62557275Z 68 PC: 29dff | I/O control for devices (Set for = 'A:\TEST.EXE')
2018-12-25T12:01:47.62800968Z 67 PC: 29eff | Get or set file attributes
2018-12-25T12:01:47.634958288Z 66 PC: 29d74 | Move file pointer
2018-12-25T12:01:47.638382538Z 63 PC: 29f84 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T12:01:47.652292553Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:47.65578935Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:47.671243474Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:47.678907136Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:47.682555003Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:47.710827426Z 62 PC: 29cfa | Close file
2018-12-25T12:01:47.713070838Z 61 PC: 29dcd | Open file (See above)
2018-12-25T12:01:47.719936876Z 68 PC: 29dff | I/O control for devices (See above)
2018-12-25T12:01:47.724782795Z 67 PC: 29eff | Get or set file attributes (See above)
2018-12-25T12:01:47.730771762Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:47.732592106Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:47.734938646Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:47.737856574Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:47.753038649Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:47.755330339Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:47.773728166Z 62 PC: 29cfa | Close file (See above)
2018-12-25T12:01:47.780707788Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.792525875Z 14 PC: 2aeed | Set default drive (Drive = 'A')
2018-12-25T12:01:47.794834325Z 59 PC: 14b82 | Change current directory
2018-12-25T12:01:47.804911306Z 37 PC: 2910b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:47.807752694Z 76 PC: 290f0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7449,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:47.792947809Z 255 PC: 25713 | UNKNOWN!
2018-12-25T12:01:47.824834027Z 48 PC: 28eb0 | Get DOS version
2018-12-25T12:01:47.826344932Z 74 PC: 28f27 | Reallocate memory
2018-12-25T12:01:47.828403638Z 72 PC: 2a453 | Allocate memory
2018-12-25T12:01:47.831205832Z 74 PC: 2a403 | Reallocate memory
2018-12-25T12:01:47.833236978Z 48 PC: 291b0 | Get DOS version
2018-12-25T12:01:47.834827436Z 53 PC: 28fb1 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:47.837160928Z 37 PC: 28fc3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:47.838637099Z 68 PC: 2904f | I/O control for devices (Set for = 'E�$� �!�E�')
2018-12-25T12:01:47.840218608Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.848904176Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.850357329Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.851772274Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.856001777Z 48 PC: 28b85 | Get DOS version
2018-12-25T12:01:47.857649216Z 37 PC: 13730 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:47.859180068Z 37 PC: 1373d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:01:47.861970846Z 25 PC: 14bc8 | Get default drive
2018-12-25T12:01:47.863481876Z 25 PC: 2ad12 | Get default drive
2018-12-25T12:01:47.865002112Z 71 PC: 2a8c7 | Get current directory
2018-12-25T12:01:47.886190552Z 64 PC: 2a11c | Write file or device (Write 132 bytes on handle 1)
2018-12-25T12:01:47.898746543Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.910561814Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.914041122Z 42 PC: 13bba | Get date 0x13bba: cmp cx, 0x7cc
0x13bbe: ja 0x13bd3
0x13bc0: jb 0x13bce
0x13bc2: cmp dh, 0xa
0x13bc5: ja 0x13bd3
0x13bc7: jb 0x13bce
0x13bc9: cmp dl, 0xf
0x13bcc: ja 0x13bd3
0x13bce: mov word ptr [bp - 2], 1
0x13bd3: cmp word ptr [bp - 2], 0
0x13bd7: jne 0x13bed
0x13bd9: push 3
0x13bdb: lcall 0x149a:0x120
0x13be0: push 1
0x13be2: lcall 0x13d9:0x8e1
0x13be7: push 2
0x13be9: push cs
0x13bea: call 0x22a40
0x13bed: pop ds
0x13bee: leave
2018-12-25T12:01:47.918116528Z 64 PC: 2a182 | Write file or device (Write 22 bytes on handle 1)
2018-12-25T12:01:47.931490328Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.936391899Z 64 PC: 2a182 | Write file or device (See above)
2018-12-25T12:01:47.983745562Z 48 PC: 28b85 | Get DOS version (See above)
2018-12-25T12:01:47.984972746Z 82 PC: 1552b | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:47.99954934Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:48.005325071Z 64 PC: 2a182 | Write file or device (See above)
2018-12-25T12:01:48.010639343Z 61 PC: 29dcd | Open file (Filename = 'A:\TEST.EXE')
2018-12-25T12:01:48.018688674Z 68 PC: 29dff | I/O control for devices (Set for = 'A:\TEST.EXE')
2018-12-25T12:01:48.020503436Z 67 PC: 29eff | Get or set file attributes
2018-12-25T12:01:48.026910745Z 66 PC: 29d74 | Move file pointer
2018-12-25T12:01:48.029818379Z 63 PC: 29f84 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T12:01:48.037369413Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.0393518Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.047963783Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.051260003Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.053153773Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.065667187Z 62 PC: 29cfa | Close file
2018-12-25T12:01:48.068151341Z 61 PC: 29dcd | Open file (See above)
2018-12-25T12:01:48.075040532Z 68 PC: 29dff | I/O control for devices (See above)
2018-12-25T12:01:48.077535797Z 67 PC: 29eff | Get or set file attributes (See above)
2018-12-25T12:01:48.085300357Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.087166397Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.089694998Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.093010737Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.09879673Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.104146292Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.111787397Z 62 PC: 29cfa | Close file (See above)
2018-12-25T12:01:48.115033324Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:48.120170831Z 14 PC: 2aeed | Set default drive (Drive = 'A')
2018-12-25T12:01:48.122519431Z 59 PC: 14b82 | Change current directory
2018-12-25T12:01:48.126739371Z 37 PC: 2910b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:48.127880175Z 76 PC: 290f0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":22,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7449,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:47.752248061Z 255 PC: 25713 | UNKNOWN!
2018-12-25T12:01:47.783501801Z 48 PC: 28eb0 | Get DOS version
2018-12-25T12:01:47.78548935Z 74 PC: 28f27 | Reallocate memory
2018-12-25T12:01:47.787780219Z 72 PC: 2a453 | Allocate memory
2018-12-25T12:01:47.791298246Z 74 PC: 2a403 | Reallocate memory
2018-12-25T12:01:47.794194824Z 48 PC: 291b0 | Get DOS version
2018-12-25T12:01:47.795740602Z 53 PC: 28fb1 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:47.797685608Z 37 PC: 28fc3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:47.799196306Z 68 PC: 2904f | I/O control for devices (Set for = 'E�$� �!�E�')
2018-12-25T12:01:47.800820322Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.802824709Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.804430513Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.805885253Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.808154741Z 48 PC: 28b85 | Get DOS version
2018-12-25T12:01:47.809603517Z 37 PC: 13730 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:47.810855088Z 37 PC: 1373d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:01:47.812941529Z 25 PC: 14bc8 | Get default drive
2018-12-25T12:01:47.814429131Z 25 PC: 2ad12 | Get default drive
2018-12-25T12:01:47.815854124Z 71 PC: 2a8c7 | Get current directory
2018-12-25T12:01:47.838543714Z 64 PC: 2a11c | Write file or device (Write 132 bytes on handle 1)
2018-12-25T12:01:47.865490385Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.870361875Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.875149759Z 42 PC: 13bba | Get date 0x13bba: cmp cx, 0x7cc
0x13bbe: ja 0x13bd3
0x13bc0: jb 0x13bce
0x13bc2: cmp dh, 0xa
0x13bc5: ja 0x13bd3
0x13bc7: jb 0x13bce
0x13bc9: cmp dl, 0xf
0x13bcc: ja 0x13bd3
0x13bce: mov word ptr [bp - 2], 1
0x13bd3: cmp word ptr [bp - 2], 0
0x13bd7: jne 0x13bed
0x13bd9: push 3
0x13bdb: lcall 0x149a:0x120
0x13be0: push 1
0x13be2: lcall 0x13d9:0x8e1
0x13be7: push 2
0x13be9: push cs
0x13bea: call 0x22a40
0x13bed: pop ds
0x13bee: leave
2018-12-25T12:01:47.88235969Z 64 PC: 2a182 | Write file or device (Write 22 bytes on handle 1)
2018-12-25T12:01:47.886203711Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.891144916Z 64 PC: 2a182 | Write file or device (See above)
2018-12-25T12:01:47.934601686Z 48 PC: 28b85 | Get DOS version (See above)
2018-12-25T12:01:47.936450277Z 82 PC: 1552b | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:47.95467388Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.961074879Z 64 PC: 2a182 | Write file or device (See above)
2018-12-25T12:01:47.969067448Z 61 PC: 29dcd | Open file (Filename = 'A:\TEST.EXE')
2018-12-25T12:01:47.978374758Z 68 PC: 29dff | I/O control for devices (Set for = 'A:\TEST.EXE')
2018-12-25T12:01:47.98054023Z 67 PC: 29eff | Get or set file attributes
2018-12-25T12:01:47.98752296Z 66 PC: 29d74 | Move file pointer
2018-12-25T12:01:47.990057305Z 63 PC: 29f84 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T12:01:47.998173429Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:47.99990528Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.012019995Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.015501797Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.018231871Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.032206422Z 62 PC: 29cfa | Close file
2018-12-25T12:01:48.035034938Z 61 PC: 29dcd | Open file (See above)
2018-12-25T12:01:48.042794972Z 68 PC: 29dff | I/O control for devices (See above)
2018-12-25T12:01:48.044679969Z 67 PC: 29eff | Get or set file attributes (See above)
2018-12-25T12:01:48.051200776Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.053508579Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.055828643Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.059122723Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.060893878Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.06274012Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.070892912Z 62 PC: 29cfa | Close file (See above)
2018-12-25T12:01:48.076368701Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:48.08287604Z 14 PC: 2aeed | Set default drive (Drive = 'A')
2018-12-25T12:01:48.085134004Z 59 PC: 14b82 | Change current directory
2018-12-25T12:01:48.090494456Z 37 PC: 2910b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:48.091931635Z 76 PC: 290f0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":22,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7449,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:47.886696748Z 255 PC: 25713 | UNKNOWN!
2018-12-25T12:01:47.914795399Z 48 PC: 28eb0 | Get DOS version
2018-12-25T12:01:47.916269014Z 74 PC: 28f27 | Reallocate memory
2018-12-25T12:01:47.918195571Z 72 PC: 2a453 | Allocate memory
2018-12-25T12:01:47.921608759Z 74 PC: 2a403 | Reallocate memory
2018-12-25T12:01:47.923699554Z 48 PC: 291b0 | Get DOS version
2018-12-25T12:01:47.925296777Z 53 PC: 28fb1 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:47.927577352Z 37 PC: 28fc3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:47.929125384Z 68 PC: 2904f | I/O control for devices (Set for = 'E�$� �!�E�')
2018-12-25T12:01:47.930753544Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.933166764Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.934928121Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.936686001Z 68 PC: 2904f | I/O control for devices (See above)
2018-12-25T12:01:47.938838418Z 48 PC: 28b85 | Get DOS version
2018-12-25T12:01:47.940983646Z 37 PC: 13730 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:47.942661234Z 37 PC: 1373d | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:01:47.944368318Z 25 PC: 14bc8 | Get default drive
2018-12-25T12:01:47.946931243Z 25 PC: 2ad12 | Get default drive
2018-12-25T12:01:47.949559963Z 71 PC: 2a8c7 | Get current directory
2018-12-25T12:01:47.972269591Z 64 PC: 2a11c | Write file or device (Write 132 bytes on handle 1)
2018-12-25T12:01:47.981093904Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.985670925Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:47.989202974Z 42 PC: 13bba | Get date 0x13bba: cmp cx, 0x7cc
0x13bbe: ja 0x13bd3
0x13bc0: jb 0x13bce
0x13bc2: cmp dh, 0xa
0x13bc5: ja 0x13bd3
0x13bc7: jb 0x13bce
0x13bc9: cmp dl, 0xf
0x13bcc: ja 0x13bd3
0x13bce: mov word ptr [bp - 2], 1
0x13bd3: cmp word ptr [bp - 2], 0
0x13bd7: jne 0x13bed
0x13bd9: push 3
0x13bdb: lcall 0x149a:0x120
0x13be0: push 1
0x13be2: lcall 0x13d9:0x8e1
0x13be7: push 2
0x13be9: push cs
0x13bea: call 0x22a40
0x13bed: pop ds
0x13bee: leave
2018-12-25T12:01:47.994322515Z 64 PC: 2a182 | Write file or device (Write 22 bytes on handle 1)
2018-12-25T12:01:48.001064487Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:48.006243369Z 64 PC: 2a182 | Write file or device (See above)
2018-12-25T12:01:48.051645731Z 48 PC: 28b85 | Get DOS version (See above)
2018-12-25T12:01:48.053278095Z 82 PC: 1552b | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:48.069277969Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:48.076091791Z 64 PC: 2a182 | Write file or device (See above)
2018-12-25T12:01:48.081099225Z 61 PC: 29dcd | Open file (Filename = 'A:\TEST.EXE')
2018-12-25T12:01:48.088320712Z 68 PC: 29dff | I/O control for devices (Set for = 'A:\TEST.EXE')
2018-12-25T12:01:48.090279557Z 67 PC: 29eff | Get or set file attributes
2018-12-25T12:01:48.096884352Z 66 PC: 29d74 | Move file pointer
2018-12-25T12:01:48.0987055Z 63 PC: 29f84 | Read file or device (Read 512 bytes on handle 5)
2018-12-25T12:01:48.107143256Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.109258955Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.11721547Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.121666476Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.123665653Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.137026154Z 62 PC: 29cfa | Close file
2018-12-25T12:01:48.140001568Z 61 PC: 29dcd | Open file (See above)
2018-12-25T12:01:48.149280584Z 68 PC: 29dff | I/O control for devices (See above)
2018-12-25T12:01:48.151303498Z 67 PC: 29eff | Get or set file attributes (See above)
2018-12-25T12:01:48.158715585Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.160501695Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.162174869Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.165682204Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.167590993Z 66 PC: 29d74 | Move file pointer (See above)
2018-12-25T12:01:48.169392933Z 63 PC: 29f84 | Read file or device (See above)
2018-12-25T12:01:48.177462681Z 62 PC: 29cfa | Close file (See above)
2018-12-25T12:01:48.181672293Z 64 PC: 2a11c | Write file or device (See above)
2018-12-25T12:01:48.188319658Z 14 PC: 2aeed | Set default drive (Drive = 'A')
2018-12-25T12:01:48.192519441Z 59 PC: 14b82 | Change current directory
2018-12-25T12:01:48.197475952Z 37 PC: 2910b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:01:48.198562102Z 76 PC: 290f0 | Terminate with return code (Return code = '1')