Sample viewer

vx.netlux.org/Virus.DOS.Lazarus.2222

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:27.778484893Z 37 PC: 12b9f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:42:27.781474943Z 222 PC: 12bb7 | UNKNOWN!
2018-12-17T22:42:27.78283923Z 82 PC: 12f31 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:42:27.785128057Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:27.786438082Z 37 PC: 12bf2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:27.792261646Z 53 PC: 9e6e2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:27.793943044Z 37 PC: 9e6f6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:27.795740461Z 67 PC: 9e708 | Get or set file attributes
2018-12-17T22:42:27.806547642Z 67 PC: 9e719 | Get or set file attributes
2018-12-17T22:42:28.275254831Z 61 PC: 9eb30 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-17T22:42:28.283147732Z 87 PC: 9e731 | Get or set file date and time
2018-12-17T22:42:28.288560648Z 63 PC: 9e747 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:42:28.296283922Z 66 PC: 9eb3a | Move file pointer
2018-12-17T22:42:28.299654065Z 63 PC: 9e837 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:42:28.30567264Z 66 PC: 9eb44 | Move file pointer
2018-12-17T22:42:28.309672226Z 44 PC: 9eb49 | Get time 0x9eb49: add ch, cl
0x9eb4b: add ch, dh
0x9eb4d: add ch, dl
0x9eb4f: mov al, ch
0x9eb51: mov byte ptr cs:[0x123], al
0x9eb55: push cs
0x9eb56: pop ds
0x9eb57: push cs
0x9eb58: pop es
0x9eb59: mov si, 0x100
0x9eb5c: mov di, 0x9ae
0x9eb5f: mov cx, 0x8ae
0x9eb62: rep movsb byte ptr es:[di], byte ptr [si]
0x9eb64: mov di, 0x9ae
0x9eb67: add di, 0x25
0x9eb6b: mov cx, 0x889
0x9eb6e: xor byte ptr es:[di], al
0x9eb71: inc di
0x9eb72: loop 0x9eb6e
0x9eb74: mov ah, 0x40
2018-12-17T22:42:28.313239082Z 64 PC: 9eb7e | Write file or device (Write 2222 bytes on handle 5)
2018-12-17T22:42:28.325749723Z 66 PC: 9eb3a | Move file pointer
2018-12-17T22:42:28.327930191Z 64 PC: 9e873 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:42:28.331702524Z 87 PC: 9e882 | Get or set file date and time
2018-12-17T22:42:28.334020032Z 62 PC: 9e886 | Close file
2018-12-17T22:42:28.35052537Z 67 PC: 9e892 | Get or set file attributes
2018-12-17T22:42:28.361527346Z 37 PC: 9e89c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:28.36287328Z 61 PC: 12bff | Open file (Filename = '')
2018-12-17T22:42:28.371940469Z 62 PC: 12c1e | Close file
2018-12-17T22:42:28.376025743Z 67 PC: 13213 | Get or set file attributes
2018-12-17T22:42:28.383753104Z 65 PC: 13217 | Delete file (Filename = 'N p')
2018-12-17T22:42:28.391980157Z 67 PC: 13213 | Get or set file attributes
2018-12-17T22:42:28.398817191Z 65 PC: 13217 | Delete file (Filename = 'AT12 ')
2018-12-17T22:42:28.405506329Z 67 PC: 13213 | Get or set file attributes
2018-12-17T22:42:28.412817228Z 65 PC: 13217 | Delete file (Filename = '6 ')
2018-12-17T22:42:28.419607972Z 67 PC: 13213 | Get or set file attributes
2018-12-17T22:42:28.426231772Z 65 PC: 13217 | Delete file (Filename = 'E ')
2018-12-17T22:42:28.433364312Z 42 PC: 13227 | Get date 0x13227: cmp dh, 6
0x1322a: jne 0x13284
0x1322c: cmp dl, 2
0x1322f: jne 0x13284
0x13231: mov ax, 3
0x13234: int 0x10
0x13236: mov ah, 2
0x13238: mov bh, 0
0x1323a: mov dx, 0x1950
0x1323d: int 0x10
0x1323f: push cs
0x13240: pop es
0x13241: mov bp, 0x7f8
0x13244: add bp, si
0x13246: mov dx, 0xa12
0x13249: mov bl, 7
0x1324b: call 0x23218
0x1324e: mov bp, 0x823
0x13251: add bp, si
0x13253: mov dx, 0xb12
2018-12-17T22:42:28.436290615Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:42:28.455972436Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7553,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:51.502717655Z 37 PC: 12b9f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:01:51.505442819Z 222 PC: 12bb7 | UNKNOWN!
2018-12-25T12:01:51.506440043Z 82 PC: 12f31 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:51.507903826Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:51.509060579Z 37 PC: 12bf2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:51.51072395Z 53 PC: 9e6e2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:51.512039061Z 37 PC: 9e6f6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:51.513500702Z 67 PC: 9e708 | Get or set file attributes
2018-12-25T12:01:51.523886378Z 67 PC: 9e719 | Get or set file attributes
2018-12-25T12:01:52.004054372Z 61 PC: 9eb30 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T12:01:52.012226979Z 87 PC: 9e731 | Get or set file date and time
2018-12-25T12:01:52.014785034Z 63 PC: 9e747 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:01:52.023310277Z 66 PC: 9eb3a | Move file pointer
2018-12-25T12:01:52.025360008Z 63 PC: 9e837 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:52.029727406Z 66 PC: 9eb44 | Move file pointer
2018-12-25T12:01:52.031934916Z 44 PC: 9eb49 | Get time 0x9eb49: add ch, cl
0x9eb4b: add ch, dh
0x9eb4d: add ch, dl
0x9eb4f: mov al, ch
0x9eb51: mov byte ptr cs:[0x123], al
0x9eb55: push cs
0x9eb56: pop ds
0x9eb57: push cs
0x9eb58: pop es
0x9eb59: mov si, 0x100
0x9eb5c: mov di, 0x9ae
0x9eb5f: mov cx, 0x8ae
0x9eb62: rep movsb byte ptr es:[di], byte ptr [si]
0x9eb64: mov di, 0x9ae
0x9eb67: add di, 0x25
0x9eb6b: mov cx, 0x889
0x9eb6e: xor byte ptr es:[di], al
0x9eb71: inc di
0x9eb72: loop 0x9eb6e
0x9eb74: mov ah, 0x40
2018-12-25T12:01:52.035662598Z 64 PC: 9eb7e | Write file or device (Write 2222 bytes on handle 5)
2018-12-25T12:01:52.049941917Z 66 PC: 9eb3a | Move file pointer (See above)
2018-12-25T12:01:52.052187621Z 64 PC: 9e873 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:52.055902904Z 87 PC: 9e882 | Get or set file date and time
2018-12-25T12:01:52.05835047Z 62 PC: 9e886 | Close file
2018-12-25T12:01:52.067114823Z 67 PC: 9e892 | Get or set file attributes
2018-12-25T12:01:52.078278817Z 37 PC: 9e89c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:52.079730859Z 61 PC: 12bff | Open file (Filename = '')
2018-12-25T12:01:52.089350633Z 62 PC: 12c1e | Close file
2018-12-25T12:01:52.091894109Z 67 PC: 13213 | Get or set file attributes
2018-12-25T12:01:52.098483876Z 65 PC: 13217 | Delete file (Filename = 'N p')
2018-12-25T12:01:52.103466866Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.108196128Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.11325685Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.127356878Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.132585729Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.136871774Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.144667149Z 42 PC: 13227 | Get date 0x13227: cmp dh, 6
0x1322a: jne 0x13284
0x1322c: cmp dl, 2
0x1322f: jne 0x13284
0x13231: mov ax, 3
0x13234: int 0x10
0x13236: mov ah, 2
0x13238: mov bh, 0
0x1323a: mov dx, 0x1950
0x1323d: int 0x10
0x1323f: push cs
0x13240: pop es
0x13241: mov bp, 0x7f8
0x13244: add bp, si
0x13246: mov dx, 0xa12
0x13249: mov bl, 7
0x1324b: call 0x23218
0x1324e: mov bp, 0x823
0x13251: add bp, si
0x13253: mov dx, 0xb12
2018-12-25T12:01:52.147468788Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:52.15373519Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7553,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:51.852729638Z 37 PC: 12b9f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:01:51.855965622Z 222 PC: 12bb7 | UNKNOWN!
2018-12-25T12:01:51.856721872Z 82 PC: 12f31 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:51.85798946Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:51.859611256Z 37 PC: 12bf2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:51.861148887Z 53 PC: 9e6e2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:51.86245789Z 37 PC: 9e6f6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:51.864159642Z 67 PC: 9e708 | Get or set file attributes
2018-12-25T12:01:51.873112761Z 67 PC: 9e719 | Get or set file attributes
2018-12-25T12:01:52.219204555Z 61 PC: 9eb30 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T12:01:52.231044106Z 87 PC: 9e731 | Get or set file date and time
2018-12-25T12:01:52.233304068Z 63 PC: 9e747 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:01:52.23884754Z 66 PC: 9eb3a | Move file pointer
2018-12-25T12:01:52.240367184Z 63 PC: 9e837 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:52.244167986Z 66 PC: 9eb44 | Move file pointer
2018-12-25T12:01:52.245959996Z 44 PC: 9eb49 | Get time 0x9eb49: add ch, cl
0x9eb4b: add ch, dh
0x9eb4d: add ch, dl
0x9eb4f: mov al, ch
0x9eb51: mov byte ptr cs:[0x123], al
0x9eb55: push cs
0x9eb56: pop ds
0x9eb57: push cs
0x9eb58: pop es
0x9eb59: mov si, 0x100
0x9eb5c: mov di, 0x9ae
0x9eb5f: mov cx, 0x8ae
0x9eb62: rep movsb byte ptr es:[di], byte ptr [si]
0x9eb64: mov di, 0x9ae
0x9eb67: add di, 0x25
0x9eb6b: mov cx, 0x889
0x9eb6e: xor byte ptr es:[di], al
0x9eb71: inc di
0x9eb72: loop 0x9eb6e
0x9eb74: mov ah, 0x40
2018-12-25T12:01:52.24956907Z 64 PC: 9eb7e | Write file or device (Write 2222 bytes on handle 5)
2018-12-25T12:01:52.260303237Z 66 PC: 9eb3a | Move file pointer (See above)
2018-12-25T12:01:52.261771143Z 64 PC: 9e873 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:52.264579155Z 87 PC: 9e882 | Get or set file date and time
2018-12-25T12:01:52.266725621Z 62 PC: 9e886 | Close file
2018-12-25T12:01:52.274071863Z 67 PC: 9e892 | Get or set file attributes
2018-12-25T12:01:52.283787651Z 37 PC: 9e89c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:52.2906903Z 61 PC: 12bff | Open file (Filename = '')
2018-12-25T12:01:52.297646307Z 62 PC: 12c1e | Close file
2018-12-25T12:01:52.29954109Z 67 PC: 13213 | Get or set file attributes
2018-12-25T12:01:52.306067257Z 65 PC: 13217 | Delete file (Filename = 'N p')
2018-12-25T12:01:52.311819136Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.317953585Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.325174165Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.331302003Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.337343995Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.357157256Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.363127709Z 42 PC: 13227 | Get date 0x13227: cmp dh, 6
0x1322a: jne 0x13284
0x1322c: cmp dl, 2
0x1322f: jne 0x13284
0x13231: mov ax, 3
0x13234: int 0x10
0x13236: mov ah, 2
0x13238: mov bh, 0
0x1323a: mov dx, 0x1950
0x1323d: int 0x10
0x1323f: push cs
0x13240: pop es
0x13241: mov bp, 0x7f8
0x13244: add bp, si
0x13246: mov dx, 0xa12
0x13249: mov bl, 7
0x1324b: call 0x23218
0x1324e: mov bp, 0x823
0x13251: add bp, si
0x13253: mov dx, 0xb12
2018-12-25T12:01:52.365459342Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:52.370814878Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":2,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7553,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:52.189841181Z 37 PC: 12b9f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:01:52.192800822Z 222 PC: 12bb7 | UNKNOWN!
2018-12-25T12:01:52.194696731Z 82 PC: 12f31 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:52.196354822Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:52.197827333Z 37 PC: 12bf2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:52.200293341Z 53 PC: 9e6e2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:52.202031002Z 37 PC: 9e6f6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:52.204067113Z 67 PC: 9e708 | Get or set file attributes
2018-12-25T12:01:52.215349456Z 67 PC: 9e719 | Get or set file attributes
2018-12-25T12:01:52.629935996Z 61 PC: 9eb30 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T12:01:52.636802929Z 87 PC: 9e731 | Get or set file date and time
2018-12-25T12:01:52.640123036Z 63 PC: 9e747 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:01:52.647654472Z 66 PC: 9eb3a | Move file pointer
2018-12-25T12:01:52.649724432Z 63 PC: 9e837 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:52.653286253Z 66 PC: 9eb44 | Move file pointer
2018-12-25T12:01:52.656209758Z 44 PC: 9eb49 | Get time 0x9eb49: add ch, cl
0x9eb4b: add ch, dh
0x9eb4d: add ch, dl
0x9eb4f: mov al, ch
0x9eb51: mov byte ptr cs:[0x123], al
0x9eb55: push cs
0x9eb56: pop ds
0x9eb57: push cs
0x9eb58: pop es
0x9eb59: mov si, 0x100
0x9eb5c: mov di, 0x9ae
0x9eb5f: mov cx, 0x8ae
0x9eb62: rep movsb byte ptr es:[di], byte ptr [si]
0x9eb64: mov di, 0x9ae
0x9eb67: add di, 0x25
0x9eb6b: mov cx, 0x889
0x9eb6e: xor byte ptr es:[di], al
0x9eb71: inc di
0x9eb72: loop 0x9eb6e
0x9eb74: mov ah, 0x40
2018-12-25T12:01:52.659735108Z 64 PC: 9eb7e | Write file or device (Write 2222 bytes on handle 5)
2018-12-25T12:01:52.671299517Z 66 PC: 9eb3a | Move file pointer (See above)
2018-12-25T12:01:52.67466319Z 64 PC: 9e873 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:52.678283893Z 87 PC: 9e882 | Get or set file date and time
2018-12-25T12:01:52.68044715Z 62 PC: 9e886 | Close file
2018-12-25T12:01:52.688832409Z 67 PC: 9e892 | Get or set file attributes
2018-12-25T12:01:52.710134672Z 37 PC: 9e89c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:52.712744101Z 61 PC: 12bff | Open file (Filename = '')
2018-12-25T12:01:52.72184912Z 62 PC: 12c1e | Close file
2018-12-25T12:01:52.724522955Z 67 PC: 13213 | Get or set file attributes
2018-12-25T12:01:52.731698941Z 65 PC: 13217 | Delete file (Filename = 'N p')
2018-12-25T12:01:52.739219937Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.746181049Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.753648548Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.761134118Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.767843417Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.775889115Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.783256487Z 42 PC: 13227 | Get date 0x13227: cmp dh, 6
0x1322a: jne 0x13284
0x1322c: cmp dl, 2
0x1322f: jne 0x13284
0x13231: mov ax, 3
0x13234: int 0x10
0x13236: mov ah, 2
0x13238: mov bh, 0
0x1323a: mov dx, 0x1950
0x1323d: int 0x10
0x1323f: push cs
0x13240: pop es
0x13241: mov bp, 0x7f8
0x13244: add bp, si
0x13246: mov dx, 0xa12
0x13249: mov bl, 7
0x1324b: call 0x23218
0x1324e: mov bp, 0x823
0x13251: add bp, si
0x13253: mov dx, 0xb12
2018-12-25T12:01:52.7952851Z 2 PC: 1327b | Character output (Char = '07')
2018-12-25T12:01:52.799619709Z 7 PC: 1327f | Direct console input without echo

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7553,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:52.379830876Z 37 PC: 12b9f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:01:52.382861372Z 222 PC: 12bb7 | UNKNOWN!
2018-12-25T12:01:52.383644189Z 82 PC: 12f31 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:52.384764644Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:52.386790633Z 37 PC: 12bf2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:52.388101656Z 53 PC: 9e6e2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:52.389951751Z 37 PC: 9e6f6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:52.391663176Z 67 PC: 9e708 | Get or set file attributes
2018-12-25T12:01:52.400144125Z 67 PC: 9e719 | Get or set file attributes
2018-12-25T12:01:52.738757217Z 61 PC: 9eb30 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T12:01:52.745653425Z 87 PC: 9e731 | Get or set file date and time
2018-12-25T12:01:52.74722539Z 63 PC: 9e747 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:01:52.752535786Z 66 PC: 9eb3a | Move file pointer
2018-12-25T12:01:52.753779651Z 63 PC: 9e837 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:52.756250108Z 66 PC: 9eb44 | Move file pointer
2018-12-25T12:01:52.757544303Z 44 PC: 9eb49 | Get time 0x9eb49: add ch, cl
0x9eb4b: add ch, dh
0x9eb4d: add ch, dl
0x9eb4f: mov al, ch
0x9eb51: mov byte ptr cs:[0x123], al
0x9eb55: push cs
0x9eb56: pop ds
0x9eb57: push cs
0x9eb58: pop es
0x9eb59: mov si, 0x100
0x9eb5c: mov di, 0x9ae
0x9eb5f: mov cx, 0x8ae
0x9eb62: rep movsb byte ptr es:[di], byte ptr [si]
0x9eb64: mov di, 0x9ae
0x9eb67: add di, 0x25
0x9eb6b: mov cx, 0x889
0x9eb6e: xor byte ptr es:[di], al
0x9eb71: inc di
0x9eb72: loop 0x9eb6e
0x9eb74: mov ah, 0x40
2018-12-25T12:01:52.760077852Z 64 PC: 9eb7e | Write file or device (Write 2222 bytes on handle 5)
2018-12-25T12:01:52.770399282Z 66 PC: 9eb3a | Move file pointer (See above)
2018-12-25T12:01:52.771653308Z 64 PC: 9e873 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:52.774325469Z 87 PC: 9e882 | Get or set file date and time
2018-12-25T12:01:52.776074084Z 62 PC: 9e886 | Close file
2018-12-25T12:01:52.783059952Z 67 PC: 9e892 | Get or set file attributes
2018-12-25T12:01:52.792527084Z 37 PC: 9e89c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:52.794101553Z 61 PC: 12bff | Open file (Filename = '')
2018-12-25T12:01:52.800826239Z 62 PC: 12c1e | Close file
2018-12-25T12:01:52.802558319Z 67 PC: 13213 | Get or set file attributes
2018-12-25T12:01:52.808560919Z 65 PC: 13217 | Delete file (Filename = 'N p')
2018-12-25T12:01:52.814048118Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.819536169Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.82612614Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.831615013Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.837154277Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:52.843074417Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:52.84861274Z 42 PC: 13227 | Get date 0x13227: cmp dh, 6
0x1322a: jne 0x13284
0x1322c: cmp dl, 2
0x1322f: jne 0x13284
0x13231: mov ax, 3
0x13234: int 0x10
0x13236: mov ah, 2
0x13238: mov bh, 0
0x1323a: mov dx, 0x1950
0x1323d: int 0x10
0x1323f: push cs
0x13240: pop es
0x13241: mov bp, 0x7f8
0x13244: add bp, si
0x13246: mov dx, 0xa12
0x13249: mov bl, 7
0x1324b: call 0x23218
0x1324e: mov bp, 0x823
0x13251: add bp, si
0x13253: mov dx, 0xb12
2018-12-25T12:01:52.850854668Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:52.856461332Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":2,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7553,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:09.591826705Z 37 PC: 12b9f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T13:07:09.594301688Z 222 PC: 12bb7 | UNKNOWN!
2018-12-25T13:07:09.594931078Z 82 PC: 12f31 | Get DOS internal pointers (SYSVARS)
2018-12-25T13:07:09.596000519Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:09.597323988Z 37 PC: 12bf2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:09.598503146Z 53 PC: 9e6e2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:09.599635726Z 37 PC: 9e6f6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:09.601254607Z 67 PC: 9e708 | Get or set file attributes
2018-12-25T13:07:09.610330301Z 67 PC: 9e719 | Get or set file attributes
2018-12-25T13:07:09.942496349Z 61 PC: 9eb30 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T13:07:09.947865636Z 87 PC: 9e731 | Get or set file date and time
2018-12-25T13:07:09.949425048Z 63 PC: 9e747 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T13:07:09.964376591Z 66 PC: 9eb3a | Move file pointer
2018-12-25T13:07:09.965780588Z 63 PC: 9e837 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T13:07:09.969056416Z 66 PC: 9eb44 | Move file pointer
2018-12-25T13:07:09.970722716Z 44 PC: 9eb49 | Get time 0x9eb49: add ch, cl
0x9eb4b: add ch, dh
0x9eb4d: add ch, dl
0x9eb4f: mov al, ch
0x9eb51: mov byte ptr cs:[0x123], al
0x9eb55: push cs
0x9eb56: pop ds
0x9eb57: push cs
0x9eb58: pop es
0x9eb59: mov si, 0x100
0x9eb5c: mov di, 0x9ae
0x9eb5f: mov cx, 0x8ae
0x9eb62: rep movsb byte ptr es:[di], byte ptr [si]
0x9eb64: mov di, 0x9ae
0x9eb67: add di, 0x25
0x9eb6b: mov cx, 0x889
0x9eb6e: xor byte ptr es:[di], al
0x9eb71: inc di
0x9eb72: loop 0x9eb6e
0x9eb74: mov ah, 0x40
2018-12-25T13:07:09.973257771Z 64 PC: 9eb7e | Write file or device (Write 2222 bytes on handle 5)
2018-12-25T13:07:09.983631589Z 66 PC: 9eb3a | Move file pointer (See above)
2018-12-25T13:07:09.985210085Z 64 PC: 9e873 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T13:07:09.988002882Z 87 PC: 9e882 | Get or set file date and time
2018-12-25T13:07:09.990180161Z 62 PC: 9e886 | Close file
2018-12-25T13:07:09.998121466Z 67 PC: 9e892 | Get or set file attributes
2018-12-25T13:07:10.007643685Z 37 PC: 9e89c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:10.009743864Z 61 PC: 12bff | Open file (Filename = '')
2018-12-25T13:07:10.016832473Z 62 PC: 12c1e | Close file
2018-12-25T13:07:10.018629584Z 67 PC: 13213 | Get or set file attributes
2018-12-25T13:07:10.025274785Z 65 PC: 13217 | Delete file (Filename = 'N p')
2018-12-25T13:07:10.031175759Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T13:07:10.037072262Z 65 PC: 13217 | Delete file (See above)
2018-12-25T13:07:10.043799061Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T13:07:10.049733331Z 65 PC: 13217 | Delete file (See above)
2018-12-25T13:07:10.05556495Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T13:07:10.062840121Z 65 PC: 13217 | Delete file (See above)
2018-12-25T13:07:10.069064713Z 42 PC: 13227 | Get date 0x13227: cmp dh, 6
0x1322a: jne 0x13284
0x1322c: cmp dl, 2
0x1322f: jne 0x13284
0x13231: mov ax, 3
0x13234: int 0x10
0x13236: mov ah, 2
0x13238: mov bh, 0
0x1323a: mov dx, 0x1950
0x1323d: int 0x10
0x1323f: push cs
0x13240: pop es
0x13241: mov bp, 0x7f8
0x13244: add bp, si
0x13246: mov dx, 0xa12
0x13249: mov bl, 7
0x1324b: call 0x23218
0x1324e: mov bp, 0x823
0x13251: add bp, si
0x13253: mov dx, 0xb12
2018-12-25T13:07:10.080875807Z 2 PC: 1327b | Character output (Char = '07')
2018-12-25T13:07:10.085351291Z 7 PC: 1327f | Direct console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7553,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:52.680016432Z 37 PC: 12b9f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:01:52.684309892Z 222 PC: 12bb7 | UNKNOWN!
2018-12-25T12:01:52.685343036Z 82 PC: 12f31 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:52.686895934Z 53 PC: 12be2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:52.688295416Z 37 PC: 12bf2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:52.690915974Z 53 PC: 9e6e2 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:52.69279815Z 37 PC: 9e6f6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:52.694876122Z 67 PC: 9e708 | Get or set file attributes
2018-12-25T12:01:52.705609345Z 67 PC: 9e719 | Get or set file attributes
2018-12-25T12:01:53.12437512Z 61 PC: 9eb30 | Open file (Filename = 'C:\DOS\FORMAT.COM')
2018-12-25T12:01:53.13130134Z 87 PC: 9e731 | Get or set file date and time
2018-12-25T12:01:53.134356158Z 63 PC: 9e747 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:01:53.139602353Z 66 PC: 9eb3a | Move file pointer
2018-12-25T12:01:53.141072927Z 63 PC: 9e837 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:53.14454249Z 66 PC: 9eb44 | Move file pointer
2018-12-25T12:01:53.146216273Z 44 PC: 9eb49 | Get time 0x9eb49: add ch, cl
0x9eb4b: add ch, dh
0x9eb4d: add ch, dl
0x9eb4f: mov al, ch
0x9eb51: mov byte ptr cs:[0x123], al
0x9eb55: push cs
0x9eb56: pop ds
0x9eb57: push cs
0x9eb58: pop es
0x9eb59: mov si, 0x100
0x9eb5c: mov di, 0x9ae
0x9eb5f: mov cx, 0x8ae
0x9eb62: rep movsb byte ptr es:[di], byte ptr [si]
0x9eb64: mov di, 0x9ae
0x9eb67: add di, 0x25
0x9eb6b: mov cx, 0x889
0x9eb6e: xor byte ptr es:[di], al
0x9eb71: inc di
0x9eb72: loop 0x9eb6e
0x9eb74: mov ah, 0x40
2018-12-25T12:01:53.148975055Z 64 PC: 9eb7e | Write file or device (Write 2222 bytes on handle 5)
2018-12-25T12:01:53.159708729Z 66 PC: 9eb3a | Move file pointer (See above)
2018-12-25T12:01:53.161239264Z 64 PC: 9e873 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:53.163858067Z 87 PC: 9e882 | Get or set file date and time
2018-12-25T12:01:53.165480273Z 62 PC: 9e886 | Close file
2018-12-25T12:01:53.172290007Z 67 PC: 9e892 | Get or set file attributes
2018-12-25T12:01:53.181574036Z 37 PC: 9e89c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:01:53.183220745Z 61 PC: 12bff | Open file (Filename = '')
2018-12-25T12:01:53.190773698Z 62 PC: 12c1e | Close file
2018-12-25T12:01:53.192664082Z 67 PC: 13213 | Get or set file attributes
2018-12-25T12:01:53.198085319Z 65 PC: 13217 | Delete file (Filename = 'N p')
2018-12-25T12:01:53.204640109Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:53.209734454Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:53.214805392Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:53.220517848Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:53.226314585Z 67 PC: 13213 | Get or set file attributes (See above)
2018-12-25T12:01:53.23140735Z 65 PC: 13217 | Delete file (See above)
2018-12-25T12:01:53.236942736Z 42 PC: 13227 | Get date 0x13227: cmp dh, 6
0x1322a: jne 0x13284
0x1322c: cmp dl, 2
0x1322f: jne 0x13284
0x13231: mov ax, 3
0x13234: int 0x10
0x13236: mov ah, 2
0x13238: mov bh, 0
0x1323a: mov dx, 0x1950
0x1323d: int 0x10
0x1323f: push cs
0x13240: pop es
0x13241: mov bp, 0x7f8
0x13244: add bp, si
0x13246: mov dx, 0xa12
0x13249: mov bl, 7
0x1324b: call 0x23218
0x1324e: mov bp, 0x823
0x13251: add bp, si
0x13253: mov dx, 0xb12
2018-12-25T12:01:53.239198837Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:53.244061317Z 76 PC: 12a86 | Terminate with return code (Return code = '36')