Sample viewer

vx.netlux.org/Virus.DOS.Mao.1465

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:43:00.564961972Z 48 PC: 12f68 | Get DOS version
2018-12-17T22:43:00.566742146Z 74 PC: 12f27 | Reallocate memory
2018-12-17T22:43:00.569808825Z 42 PC: 9f676 | Get date 0x9f676: cmp cx, 0x7ca
0x9f67a: jl 0x9f692
0x9f67c: sub dx, 0x909
0x9f680: je 0x9f68d
0x9f682: sub dx, 0x311
0x9f686: jne 0x9f692
0x9f688: mov ax, 0x235
0x9f68b: jmp 0x9f694
0x9f68d: mov ax, 0x20c
0x9f690: jmp 0x9f694
0x9f692: xor ax, ax
0x9f694: mov word ptr [0x602], ax
0x9f697: ret
0x9f698: in al, 0x61
0x9f69a: or al, 3
0x9f69c: out 0x61, al
0x9f69e: mov al, 0xb6
0x9f6a0: out 0x43, al
0x9f6a2: mov ax, bx
0x9f6a4: out 0x42, al
2018-12-17T22:43:00.572997424Z 42 PC: 9f676 | Get date 0x9f676: cmp cx, 0x7ca
0x9f67a: jl 0x9f692
0x9f67c: sub dx, 0x909
0x9f680: je 0x9f68d
0x9f682: sub dx, 0x311
0x9f686: jne 0x9f692
0x9f688: mov ax, 0x235
0x9f68b: jmp 0x9f694
0x9f68d: mov ax, 0x20c
0x9f690: jmp 0x9f694
0x9f692: xor ax, ax
0x9f694: mov word ptr [0x602], ax
0x9f697: ret
0x9f698: in al, 0x61
0x9f69a: or al, 3
0x9f69c: out 0x61, al
0x9f69e: mov al, 0xb6
0x9f6a0: out 0x43, al
0x9f6a2: mov ax, bx
0x9f6a4: out 0x42, al
2018-12-17T22:43:00.575755875Z 61 PC: 9f9fb | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:43:00.583479502Z 63 PC: 9f9fb | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:43:00.586623787Z 62 PC: 9f978 | Close file
2018-12-17T22:43:00.588851972Z 37 PC: 9f9fb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:00.599189197Z 67 PC: 9f99a | Get or set file attributes
2018-12-17T22:43:00.605980362Z 67 PC: 9f9fb | Get or set file attributes
2018-12-17T22:43:00.944870187Z 61 PC: 9f9fb | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:43:00.95249621Z 87 PC: 9f9c3 | Get or set file date and time
2018-12-17T22:43:00.955272925Z 66 PC: 9f9fb | Move file pointer
2018-12-17T22:43:00.957396623Z 64 PC: 9f9fb | Write file or device (Write 1465 bytes on handle 5)
2018-12-17T22:43:00.994634212Z 66 PC: 9f9fb | Move file pointer
2018-12-17T22:43:00.997272247Z 64 PC: 9f9fb | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:43:01.001754295Z 87 PC: 9f9dc | Get or set file date and time
2018-12-17T22:43:01.003759411Z 62 PC: 9f978 | Close file
2018-12-17T22:43:01.016369685Z 37 PC: 9f9fb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:01.018490398Z 26 PC: 12a82 | Set disk transfer address
2018-12-17T22:43:01.01988133Z 42 PC: 12a92 | Get date 0x12a92: test dl, 1
0x12a95: jne 0x12ab6
0x12a97: mov dx, si
0x12a99: add dx, 5
0x12a9d: xor cx, cx
0x12a9f: mov ah, 0x4e
0x12aa1: int 0x21
0x12aa3: jb 0x12ab6
0x12aa5: call 0x12ad4
0x12aa8: mov dx, si
0x12aaa: add dx, 5
0x12aae: xor cx, cx
0x12ab0: mov ah, 0x4f
0x12ab2: int 0x21
0x12ab4: jae 0x12aa5
0x12ab6: mov al, byte ptr [si + 0x12]
0x12ab9: mov byte ptr [0x100], al
0x12abc: mov ax, word ptr [si + 0x13]
0x12abf: mov word ptr [0x101], ax
0x12ac2: mov dx, 0x80
2018-12-17T22:43:01.031579442Z 26 PC: 12ac9 | Set disk transfer address
2018-12-17T22:43:01.034215613Z 74 PC: 12c99 | Reallocate memory
2018-12-17T22:43:01.039768152Z 49 PC: 12a42 | Terminate and stay resident (Return code = '126' | Memory size = '30')

{"DateBased":true,"Day":9,"Month":9,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7742,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:31.156543365Z 48 PC: 12f68 | Get DOS version
2018-12-25T12:02:31.158296646Z 74 PC: 12f27 | Reallocate memory
2018-12-25T12:02:31.161677409Z 42 PC: 9f676 | Get date 0x9f676: cmp cx, 0x7ca
0x9f67a: jl 0x9f692
0x9f67c: sub dx, 0x909
0x9f680: je 0x9f68d
0x9f682: sub dx, 0x311
0x9f686: jne 0x9f692
0x9f688: mov ax, 0x235
0x9f68b: jmp 0x9f694
0x9f68d: mov ax, 0x20c
0x9f690: jmp 0x9f694
0x9f692: xor ax, ax
0x9f694: mov word ptr [0x602], ax
0x9f697: ret
0x9f698: in al, 0x61
0x9f69a: or al, 3
0x9f69c: out 0x61, al
0x9f69e: mov al, 0xb6
0x9f6a0: out 0x43, al
0x9f6a2: mov ax, bx
0x9f6a4: out 0x42, al
2018-12-25T12:02:31.165680786Z 42 PC: 9f676 | Get date (See above)
2018-12-25T12:02:31.16858525Z 61 PC: 9f9fb | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:02:31.176817124Z 63 PC: 9f9fb | Read file or device (See above)
2018-12-25T12:02:31.179830385Z 62 PC: 9f978 | Close file
2018-12-25T12:02:31.181866327Z 37 PC: 9f9fb | Set interrupt vector (See above)
2018-12-25T12:02:31.18457313Z 67 PC: 9f99a | Get or set file attributes
2018-12-25T12:02:31.190856586Z 67 PC: 9f9fb | Get or set file attributes (See above)
2018-12-25T12:02:31.876646762Z 61 PC: 9f9fb | Open file (See above)
2018-12-25T12:02:31.88412888Z 87 PC: 9f9c3 | Get or set file date and time
2018-12-25T12:02:31.886086663Z 66 PC: 9f9fb | Move file pointer (See above)
2018-12-25T12:02:31.888074704Z 64 PC: 9f9fb | Write file or device (See above)
2018-12-25T12:02:31.901570078Z 66 PC: 9f9fb | Move file pointer (See above)
2018-12-25T12:02:31.904837476Z 64 PC: 9f9fb | Write file or device (See above)
2018-12-25T12:02:31.907881886Z 87 PC: 9f9dc | Get or set file date and time
2018-12-25T12:02:31.909881244Z 62 PC: 9f978 | Close file (See above)
2018-12-25T12:02:32.039609068Z 37 PC: 9f9fb | Set interrupt vector (See above)
2018-12-25T12:02:32.04171024Z 26 PC: 12a82 | Set disk transfer address
2018-12-25T12:02:32.043066006Z 42 PC: 12a92 | Get date 0x12a92: test dl, 1
0x12a95: jne 0x12ab6
0x12a97: mov dx, si
0x12a99: add dx, 5
0x12a9d: xor cx, cx
0x12a9f: mov ah, 0x4e
0x12aa1: int 0x21
0x12aa3: jb 0x12ab6
0x12aa5: call 0x12ad4
0x12aa8: mov dx, si
0x12aaa: add dx, 5
0x12aae: xor cx, cx
0x12ab0: mov ah, 0x4f
0x12ab2: int 0x21
0x12ab4: jae 0x12aa5
0x12ab6: mov al, byte ptr [si + 0x12]
0x12ab9: mov byte ptr [0x100], al
0x12abc: mov ax, word ptr [si + 0x13]
0x12abf: mov word ptr [0x101], ax
0x12ac2: mov dx, 0x80
2018-12-25T12:02:32.046260236Z 26 PC: 12ac9 | Set disk transfer address
2018-12-25T12:02:32.048022127Z 74 PC: 12c99 | Reallocate memory
2018-12-25T12:02:32.049782644Z 49 PC: 12a42 | Terminate and stay resident (Return code = '126' | Memory size = '30')

{"DateBased":true,"Day":26,"Month":12,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7742,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:31.33385323Z 48 PC: 12f68 | Get DOS version
2018-12-25T12:02:31.335517657Z 74 PC: 12f27 | Reallocate memory
2018-12-25T12:02:31.337384896Z 42 PC: 9f676 | Get date 0x9f676: cmp cx, 0x7ca
0x9f67a: jl 0x9f692
0x9f67c: sub dx, 0x909
0x9f680: je 0x9f68d
0x9f682: sub dx, 0x311
0x9f686: jne 0x9f692
0x9f688: mov ax, 0x235
0x9f68b: jmp 0x9f694
0x9f68d: mov ax, 0x20c
0x9f690: jmp 0x9f694
0x9f692: xor ax, ax
0x9f694: mov word ptr [0x602], ax
0x9f697: ret
0x9f698: in al, 0x61
0x9f69a: or al, 3
0x9f69c: out 0x61, al
0x9f69e: mov al, 0xb6
0x9f6a0: out 0x43, al
0x9f6a2: mov ax, bx
0x9f6a4: out 0x42, al
2018-12-25T12:02:31.339561621Z 42 PC: 9f676 | Get date (See above)
2018-12-25T12:02:31.34163585Z 61 PC: 9f9fb | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:02:31.34646229Z 63 PC: 9f9fb | Read file or device (See above)
2018-12-25T12:02:31.348406137Z 62 PC: 9f978 | Close file
2018-12-25T12:02:31.349776897Z 37 PC: 9f9fb | Set interrupt vector (See above)
2018-12-25T12:02:31.353213958Z 67 PC: 9f99a | Get or set file attributes
2018-12-25T12:02:31.363780062Z 67 PC: 9f9fb | Get or set file attributes (See above)
2018-12-25T12:02:31.876946856Z 61 PC: 9f9fb | Open file (See above)
2018-12-25T12:02:31.884998225Z 87 PC: 9f9c3 | Get or set file date and time
2018-12-25T12:02:31.887312593Z 66 PC: 9f9fb | Move file pointer (See above)
2018-12-25T12:02:31.88945664Z 64 PC: 9f9fb | Write file or device (See above)
2018-12-25T12:02:31.913414025Z 66 PC: 9f9fb | Move file pointer (See above)
2018-12-25T12:02:31.915283966Z 64 PC: 9f9fb | Write file or device (See above)
2018-12-25T12:02:31.918948176Z 87 PC: 9f9dc | Get or set file date and time
2018-12-25T12:02:31.921532945Z 62 PC: 9f978 | Close file (See above)
2018-12-25T12:02:31.96405441Z 37 PC: 9f9fb | Set interrupt vector (See above)
2018-12-25T12:02:31.967001925Z 26 PC: 12a82 | Set disk transfer address
2018-12-25T12:02:31.968977525Z 42 PC: 12a92 | Get date 0x12a92: test dl, 1
0x12a95: jne 0x12ab6
0x12a97: mov dx, si
0x12a99: add dx, 5
0x12a9d: xor cx, cx
0x12a9f: mov ah, 0x4e
0x12aa1: int 0x21
0x12aa3: jb 0x12ab6
0x12aa5: call 0x12ad4
0x12aa8: mov dx, si
0x12aaa: add dx, 5
0x12aae: xor cx, cx
0x12ab0: mov ah, 0x4f
0x12ab2: int 0x21
0x12ab4: jae 0x12aa5
0x12ab6: mov al, byte ptr [si + 0x12]
0x12ab9: mov byte ptr [0x100], al
0x12abc: mov ax, word ptr [si + 0x13]
0x12abf: mov word ptr [0x101], ax
0x12ac2: mov dx, 0x80
2018-12-25T12:02:31.971484676Z 78 PC: 12aa3 | Find first file
2018-12-25T12:02:31.978055853Z 67 PC: 12ade | Get or set file attributes
2018-12-25T12:02:32.209522404Z 61 PC: 12ae6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:32.217748461Z 63 PC: 12afd | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:32.225714987Z 66 PC: 12b3f | Move file pointer
2018-12-25T12:02:32.227836596Z 64 PC: 12b58 | Write file or device (Write 867 bytes on handle 5)
2018-12-25T12:02:32.237682308Z 66 PC: 12b6a | Move file pointer
2018-12-25T12:02:32.239625096Z 64 PC: 12b7c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:32.247905827Z 87 PC: 12b8c | Get or set file date and time
2018-12-25T12:02:32.252146001Z 62 PC: 12b93 | Close file
2018-12-25T12:02:32.261376125Z 67 PC: 12b9f | Get or set file attributes
2018-12-25T12:02:32.266693882Z 79 PC: 12ab4 | Find next file
2018-12-25T12:02:32.272179542Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T12:02:32.282769724Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T12:02:32.28987149Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:32.297478077Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:32.299468781Z 64 PC: 12b58 | Write file or device (See above)
2018-12-25T12:02:32.308265423Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:02:32.310811432Z 64 PC: 12b7c | Write file or device (See above)
2018-12-25T12:02:32.31887995Z 87 PC: 12b8c | Get or set file date and time (See above)
2018-12-25T12:02:32.321301262Z 62 PC: 12b93 | Close file (See above)
2018-12-25T12:02:32.332427489Z 67 PC: 12b9f | Get or set file attributes (See above)
2018-12-25T12:02:32.338501857Z 79 PC: 12ab4 | Find next file (See above)
2018-12-25T12:02:32.341963316Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T12:02:32.35341241Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T12:02:32.362889393Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:32.370736779Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:32.372949885Z 64 PC: 12b58 | Write file or device (See above)
2018-12-25T12:02:32.383031764Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:02:32.384830013Z 64 PC: 12b7c | Write file or device (See above)
2018-12-25T12:02:32.393330778Z 87 PC: 12b8c | Get or set file date and time (See above)
2018-12-25T12:02:32.395837168Z 62 PC: 12b93 | Close file (See above)
2018-12-25T12:02:32.404937556Z 67 PC: 12b9f | Get or set file attributes (See above)
2018-12-25T12:02:32.410241134Z 79 PC: 12ab4 | Find next file (See above)
2018-12-25T12:02:32.414284509Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T12:02:32.425330674Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T12:02:32.432827482Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:32.441007176Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:32.443298685Z 64 PC: 12b58 | Write file or device (See above)
2018-12-25T12:02:32.453263781Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:02:32.455203922Z 64 PC: 12b7c | Write file or device (See above)
2018-12-25T12:02:32.463265381Z 87 PC: 12b8c | Get or set file date and time (See above)
2018-12-25T12:02:32.465228138Z 62 PC: 12b93 | Close file (See above)
2018-12-25T12:02:32.474932555Z 67 PC: 12b9f | Get or set file attributes (See above)
2018-12-25T12:02:32.481411493Z 79 PC: 12ab4 | Find next file (See above)
2018-12-25T12:02:32.490727959Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T12:02:32.501668451Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T12:02:32.509856412Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:32.5176262Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:32.519866267Z 64 PC: 12b58 | Write file or device (See above)
2018-12-25T12:02:32.52952614Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:02:32.532783915Z 64 PC: 12b7c | Write file or device (See above)
2018-12-25T12:02:32.540215024Z 87 PC: 12b8c | Get or set file date and time (See above)
2018-12-25T12:02:32.54296731Z 62 PC: 12b93 | Close file (See above)
2018-12-25T12:02:32.55231965Z 67 PC: 12b9f | Get or set file attributes (See above)
2018-12-25T12:02:32.55846135Z 79 PC: 12ab4 | Find next file (See above)
2018-12-25T12:02:32.562661317Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T12:02:32.574183271Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T12:02:32.582576897Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:32.591163884Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:32.593318912Z 64 PC: 12b58 | Write file or device (See above)
2018-12-25T12:02:32.603131372Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:02:32.605049817Z 64 PC: 12b7c | Write file or device (See above)
2018-12-25T12:02:32.613371189Z 87 PC: 12b8c | Get or set file date and time (See above)
2018-12-25T12:02:32.615496847Z 62 PC: 12b93 | Close file (See above)
2018-12-25T12:02:32.62524959Z 67 PC: 12b9f | Get or set file attributes (See above)
2018-12-25T12:02:32.632513659Z 79 PC: 12ab4 | Find next file (See above)
2018-12-25T12:02:32.636107196Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T12:02:32.648228043Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T12:02:32.657510333Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:32.665812988Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:32.66802399Z 64 PC: 12b58 | Write file or device (See above)
2018-12-25T12:02:32.681028727Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:02:32.683362195Z 64 PC: 12b7c | Write file or device (See above)
2018-12-25T12:02:32.691099805Z 87 PC: 12b8c | Get or set file date and time (See above)
2018-12-25T12:02:32.69392731Z 62 PC: 12b93 | Close file (See above)
2018-12-25T12:02:32.703937404Z 67 PC: 12b9f | Get or set file attributes (See above)
2018-12-25T12:02:32.709655284Z 79 PC: 12ab4 | Find next file (See above)
2018-12-25T12:02:32.714131583Z 67 PC: 12ade | Get or set file attributes (See above)
2018-12-25T12:02:32.726617811Z 61 PC: 12ae6 | Open file (See above)
2018-12-25T12:02:32.734428478Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:32.737742443Z 66 PC: 12b13 | Move file pointer
2018-12-25T12:02:32.740755499Z 63 PC: 12b25 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:02:32.748766466Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:32.75078392Z 64 PC: 12b58 | Write file or device (See above)
2018-12-25T12:02:32.760806479Z 66 PC: 12b6a | Move file pointer (See above)
2018-12-25T12:02:32.7629476Z 64 PC: 12b7c | Write file or device (See above)
2018-12-25T12:02:32.766092343Z 87 PC: 12b8c | Get or set file date and time (See above)
2018-12-25T12:02:32.768609273Z 62 PC: 12b93 | Close file (See above)
2018-12-25T12:02:32.77741042Z 67 PC: 12b9f | Get or set file attributes (See above)
2018-12-25T12:02:32.784211456Z 79 PC: 12ab4 | Find next file (See above)
2018-12-25T12:02:32.787191331Z 26 PC: 12ac9 | Set disk transfer address
2018-12-25T12:02:32.789226795Z 74 PC: 12c99 | Reallocate memory
2018-12-25T12:02:32.790839711Z 49 PC: 12a42 | Terminate and stay resident (Return code = '126' | Memory size = '30')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7742,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:32.089676238Z 48 PC: 12f68 | Get DOS version
2018-12-25T12:02:32.092549417Z 74 PC: 12f27 | Reallocate memory
2018-12-25T12:02:32.094470434Z 42 PC: 9f676 | Get date 0x9f676: cmp cx, 0x7ca
0x9f67a: jl 0x9f692
0x9f67c: sub dx, 0x909
0x9f680: je 0x9f68d
0x9f682: sub dx, 0x311
0x9f686: jne 0x9f692
0x9f688: mov ax, 0x235
0x9f68b: jmp 0x9f694
0x9f68d: mov ax, 0x20c
0x9f690: jmp 0x9f694
0x9f692: xor ax, ax
0x9f694: mov word ptr [0x602], ax
0x9f697: ret
0x9f698: in al, 0x61
0x9f69a: or al, 3
0x9f69c: out 0x61, al
0x9f69e: mov al, 0xb6
0x9f6a0: out 0x43, al
0x9f6a2: mov ax, bx
0x9f6a4: out 0x42, al
2018-12-25T12:02:32.097615155Z 42 PC: 9f676 | Get date (See above)
2018-12-25T12:02:32.100937353Z 61 PC: 9f9fb | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:02:32.107370464Z 63 PC: 9f9fb | Read file or device (See above)
2018-12-25T12:02:32.110176894Z 62 PC: 9f978 | Close file
2018-12-25T12:02:32.112629134Z 37 PC: 9f9fb | Set interrupt vector (See above)
2018-12-25T12:02:32.114214052Z 67 PC: 9f99a | Get or set file attributes
2018-12-25T12:02:32.119752247Z 67 PC: 9f9fb | Get or set file attributes (See above)
2018-12-25T12:02:32.829086196Z 61 PC: 9f9fb | Open file (See above)
2018-12-25T12:02:32.83594107Z 87 PC: 9f9c3 | Get or set file date and time
2018-12-25T12:02:32.838547617Z 66 PC: 9f9fb | Move file pointer (See above)
2018-12-25T12:02:32.840300082Z 64 PC: 9f9fb | Write file or device (See above)
2018-12-25T12:02:32.850924137Z 66 PC: 9f9fb | Move file pointer (See above)
2018-12-25T12:02:32.852450813Z 64 PC: 9f9fb | Write file or device (See above)
2018-12-25T12:02:32.855343535Z 87 PC: 9f9dc | Get or set file date and time
2018-12-25T12:02:32.857557979Z 62 PC: 9f978 | Close file (See above)
2018-12-25T12:02:32.864411134Z 37 PC: 9f9fb | Set interrupt vector (See above)
2018-12-25T12:02:32.86675428Z 26 PC: 12a82 | Set disk transfer address
2018-12-25T12:02:32.86890985Z 42 PC: 12a92 | Get date 0x12a92: test dl, 1
0x12a95: jne 0x12ab6
0x12a97: mov dx, si
0x12a99: add dx, 5
0x12a9d: xor cx, cx
0x12a9f: mov ah, 0x4e
0x12aa1: int 0x21
0x12aa3: jb 0x12ab6
0x12aa5: call 0x12ad4
0x12aa8: mov dx, si
0x12aaa: add dx, 5
0x12aae: xor cx, cx
0x12ab0: mov ah, 0x4f
0x12ab2: int 0x21
0x12ab4: jae 0x12aa5
0x12ab6: mov al, byte ptr [si + 0x12]
0x12ab9: mov byte ptr [0x100], al
0x12abc: mov ax, word ptr [si + 0x13]
0x12abf: mov word ptr [0x101], ax
0x12ac2: mov dx, 0x80
2018-12-25T12:02:32.871807036Z 26 PC: 12ac9 | Set disk transfer address
2018-12-25T12:02:32.873097712Z 74 PC: 12c99 | Reallocate memory
2018-12-25T12:02:32.875892332Z 49 PC: 12a42 | Terminate and stay resident (Return code = '126' | Memory size = '30')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7742,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:32.284051566Z 48 PC: 12f68 | Get DOS version
2018-12-25T12:02:32.285821113Z 74 PC: 12f27 | Reallocate memory
2018-12-25T12:02:32.287356531Z 42 PC: 9f676 | Get date 0x9f676: cmp cx, 0x7ca
0x9f67a: jl 0x9f692
0x9f67c: sub dx, 0x909
0x9f680: je 0x9f68d
0x9f682: sub dx, 0x311
0x9f686: jne 0x9f692
0x9f688: mov ax, 0x235
0x9f68b: jmp 0x9f694
0x9f68d: mov ax, 0x20c
0x9f690: jmp 0x9f694
0x9f692: xor ax, ax
0x9f694: mov word ptr [0x602], ax
0x9f697: ret
0x9f698: in al, 0x61
0x9f69a: or al, 3
0x9f69c: out 0x61, al
0x9f69e: mov al, 0xb6
0x9f6a0: out 0x43, al
0x9f6a2: mov ax, bx
0x9f6a4: out 0x42, al
2018-12-25T12:02:32.290370959Z 42 PC: 9f676 | Get date (See above)
2018-12-25T12:02:32.293745711Z 61 PC: 9f9fb | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:02:32.30016911Z 63 PC: 9f9fb | Read file or device (See above)
2018-12-25T12:02:32.30392839Z 62 PC: 9f978 | Close file
2018-12-25T12:02:32.306317684Z 37 PC: 9f9fb | Set interrupt vector (See above)
2018-12-25T12:02:32.307659698Z 67 PC: 9f99a | Get or set file attributes
2018-12-25T12:02:32.312947825Z 67 PC: 9f9fb | Get or set file attributes (See above)
2018-12-25T12:02:32.82911754Z 61 PC: 9f9fb | Open file (See above)
2018-12-25T12:02:32.836147035Z 87 PC: 9f9c3 | Get or set file date and time
2018-12-25T12:02:32.837959895Z 66 PC: 9f9fb | Move file pointer (See above)
2018-12-25T12:02:32.839723543Z 64 PC: 9f9fb | Write file or device (See above)
2018-12-25T12:02:32.866651365Z 66 PC: 9f9fb | Move file pointer (See above)
2018-12-25T12:02:32.868343558Z 64 PC: 9f9fb | Write file or device (See above)
2018-12-25T12:02:32.871471613Z 87 PC: 9f9dc | Get or set file date and time
2018-12-25T12:02:32.874839321Z 62 PC: 9f978 | Close file (See above)
2018-12-25T12:02:32.881911504Z 37 PC: 9f9fb | Set interrupt vector (See above)
2018-12-25T12:02:32.88400602Z 26 PC: 12a82 | Set disk transfer address
2018-12-25T12:02:32.886038262Z 42 PC: 12a92 | Get date 0x12a92: test dl, 1
0x12a95: jne 0x12ab6
0x12a97: mov dx, si
0x12a99: add dx, 5
0x12a9d: xor cx, cx
0x12a9f: mov ah, 0x4e
0x12aa1: int 0x21
0x12aa3: jb 0x12ab6
0x12aa5: call 0x12ad4
0x12aa8: mov dx, si
0x12aaa: add dx, 5
0x12aae: xor cx, cx
0x12ab0: mov ah, 0x4f
0x12ab2: int 0x21
0x12ab4: jae 0x12aa5
0x12ab6: mov al, byte ptr [si + 0x12]
0x12ab9: mov byte ptr [0x100], al
0x12abc: mov ax, word ptr [si + 0x13]
0x12abf: mov word ptr [0x101], ax
0x12ac2: mov dx, 0x80
2018-12-25T12:02:32.888592084Z 26 PC: 12ac9 | Set disk transfer address
2018-12-25T12:02:32.892744728Z 74 PC: 12c99 | Reallocate memory
2018-12-25T12:02:32.895323121Z 49 PC: 12a42 | Terminate and stay resident (Return code = '126' | Memory size = '30')