Sample viewer

vx.netlux.org/Virus.DOS.Meminf.3310

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:46:47.44610114Z 72 PC: 1b05a | Allocate memory
2018-12-17T22:46:47.448734494Z 42 PC: 1b0ed | Get date 0x1b0ed: cmp dl, 0x10
0x1b0f0: jne 0x1b107
0x1b0f2: mov ah, 0x2c
0x1b0f4: int 0x21
0x1b0f6: pop bp
0x1b0f7: pop es
0x1b0f8: mov byte ptr es:[bp + 0x18b], dh
0x1b0fd: mov byte ptr es:[bp + 0x18a], dl
0x1b102: call 0x1b3fb
0x1b105: jmp 0x1b109
0x1b107: pop bp
0x1b108: pop es
0x1b109: mov ax, word ptr es:[bp + 0x21]
0x1b10d: dec ax
0x1b10e: mov ds, ax
0x1b110: mov bx, word ptr [3]
0x1b114: mov word ptr es:[bp + 0x33], bx
0x1b118: push es
0x1b119: push bp
0x1b11a: mov ax, 0x4643
2018-12-17T22:46:47.450575425Z 72 PC: 1b13b | Allocate memory
2018-12-17T22:46:47.452030798Z 74 PC: 1b196 | Reallocate memory
2018-12-17T22:46:47.453881187Z 52 PC: 1b1a6 | Get InDOS flag pointer
2018-12-17T22:46:47.45568178Z 72 PC: 1b1c4 | Allocate memory
2018-12-17T22:46:47.457124302Z 53 PC: 1b1df | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:46:47.458891943Z 53 PC: 1b1f2 | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T22:46:47.460218583Z 42 PC: 1b203 | Get date 0x1b203: cmp dl, 6
0x1b206: je 0x1b21d
0x1b208: cmp dl, 0x10
0x1b20b: je 0x1b215
0x1b20d: mov byte ptr es:[bp + 0x18f], 0
0x1b213: jmp 0x1b223
0x1b215: mov byte ptr es:[bp + 0x18f], 1
0x1b21b: jmp 0x1b223
0x1b21d: mov byte ptr es:[bp + 0x18f], 2
0x1b223: mov byte ptr es:[bp + 0x15e], 0
0x1b229: mov word ptr es:[bp + 0x163], 0
0x1b230: mov byte ptr es:[bp + 0x165], 0
0x1b236: mov byte ptr es:[bp + 0x166], 0
0x1b23c: cmp byte ptr es:[bp + 0x18f], 2
0x1b242: je 0x1b250
0x1b244: mov byte ptr es:[bp + 0x165], 0xf8
0x1b24a: mov byte ptr es:[bp + 0x166], 0
2018-12-17T22:46:47.462703321Z 37 PC: 1b291 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:46:47.464008349Z 37 PC: 1b2a2 | Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T22:46:47.465204423Z 26 PC: 1b2af | Set disk transfer address
2018-12-17T22:46:47.466343269Z 78 PC: 1b2fb | Find first file
2018-12-17T22:46:47.478005434Z 78 PC: 1b2fb | Find first file
2018-12-17T22:46:47.485608007Z 67 PC: 1b6b1 | Get or set file attributes
2018-12-17T22:46:47.503314671Z 61 PC: 1b6c0 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:46:47.51046472Z 63 PC: 1b6d8 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:46:47.513950154Z 66 PC: 1b6e7 | Move file pointer
2018-12-17T22:46:47.515272255Z 66 PC: 1b6f9 | Move file pointer
2018-12-17T22:46:47.516676422Z 63 PC: 1b708 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:46:47.525247121Z 62 PC: 1b984 | Close file
2018-12-17T22:46:47.526656519Z 79 PC: 1b318 | Find next file
2018-12-17T22:46:47.528609Z 61 PC: 1bb66 | Open file (Filename = '������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������')
2018-12-17T22:46:47.533508486Z 63 PC: 1bb7c | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:46:47.536529571Z 72 PC: 1bb88 | Allocate memory
2018-12-17T22:46:47.538284839Z 66 PC: 1bb9b | Move file pointer
2018-12-17T22:46:47.540740475Z 63 PC: 1bbb0 | Read file or device (Read 0 bytes on handle 5)
2018-12-17T22:46:47.543279092Z 66 PC: 1bc2b | Move file pointer
2018-12-17T22:46:47.544763814Z 66 PC: 1bc47 | Move file pointer
2018-12-17T22:46:47.547074461Z 63 PC: 1bc5d | Read file or device (Read 3308 bytes on handle 5)
2018-12-17T22:46:47.563714296Z 62 PC: 1bc62 | Close file
2018-12-17T22:46:47.566180858Z 73 PC: 1bc99 | Release memory
2018-12-17T22:46:47.569775478Z 74 PC: 1bca7 | Reallocate memory
2018-12-17T22:46:47.572083188Z 26 PC: 1bcb3 | Set disk transfer address
2018-12-17T22:46:47.573479654Z 9 PC: 1bb44 | Display string (Could not find end pointer)
2018-12-17T22:46:47.582374296Z 76 PC: 1bb48 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8994,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:18.073412283Z 72 PC: 1b05a | Allocate memory
2018-12-25T12:22:18.077414209Z 42 PC: 1b0ed | Get date 0x1b0ed: cmp dl, 0x10
0x1b0f0: jne 0x1b107
0x1b0f2: mov ah, 0x2c
0x1b0f4: int 0x21
0x1b0f6: pop bp
0x1b0f7: pop es
0x1b0f8: mov byte ptr es:[bp + 0x18b], dh
0x1b0fd: mov byte ptr es:[bp + 0x18a], dl
0x1b102: call 0x1b3fb
0x1b105: jmp 0x1b109
0x1b107: pop bp
0x1b108: pop es
0x1b109: mov ax, word ptr es:[bp + 0x21]
0x1b10d: dec ax
0x1b10e: mov ds, ax
0x1b110: mov bx, word ptr [3]
0x1b114: mov word ptr es:[bp + 0x33], bx
0x1b118: push es
0x1b119: push bp
0x1b11a: mov ax, 0x4643
2018-12-25T12:22:18.080582561Z 72 PC: 1b13b | Allocate memory
2018-12-25T12:22:18.082830444Z 74 PC: 1b196 | Reallocate memory
2018-12-25T12:22:18.085267104Z 52 PC: 1b1a6 | Get InDOS flag pointer
2018-12-25T12:22:18.087230916Z 72 PC: 1b1c4 | Allocate memory
2018-12-25T12:22:18.089258112Z 53 PC: 1b1df | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:22:18.100659619Z 53 PC: 1b1f2 | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:22:18.102002233Z 42 PC: 1b203 | Get date 0x1b203: cmp dl, 6
0x1b206: je 0x1b21d
0x1b208: cmp dl, 0x10
0x1b20b: je 0x1b215
0x1b20d: mov byte ptr es:[bp + 0x18f], 0
0x1b213: jmp 0x1b223
0x1b215: mov byte ptr es:[bp + 0x18f], 1
0x1b21b: jmp 0x1b223
0x1b21d: mov byte ptr es:[bp + 0x18f], 2
0x1b223: mov byte ptr es:[bp + 0x15e], 0
0x1b229: mov word ptr es:[bp + 0x163], 0
0x1b230: mov byte ptr es:[bp + 0x165], 0
0x1b236: mov byte ptr es:[bp + 0x166], 0
0x1b23c: cmp byte ptr es:[bp + 0x18f], 2
0x1b242: je 0x1b250
0x1b244: mov byte ptr es:[bp + 0x165], 0xf8
0x1b24a: mov byte ptr es:[bp + 0x166], 0
2018-12-25T12:22:18.104659472Z 37 PC: 1b291 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:22:18.106026309Z 37 PC: 1b2a2 | Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:22:18.107708526Z 26 PC: 1b2af | Set disk transfer address
2018-12-25T12:22:18.109060751Z 78 PC: 1b2fb | Find first file
2018-12-25T12:22:18.120631286Z 78 PC: 1b2fb | Find first file (See above)
2018-12-25T12:22:18.128237191Z 67 PC: 1b6b1 | Get or set file attributes
2018-12-25T12:22:18.144074862Z 61 PC: 1b6c0 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:22:18.152272175Z 63 PC: 1b6d8 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:22:18.15574984Z 66 PC: 1b6e7 | Move file pointer
2018-12-25T12:22:18.157161162Z 66 PC: 1b6f9 | Move file pointer
2018-12-25T12:22:18.158528334Z 63 PC: 1b708 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:22:18.16942973Z 62 PC: 1b984 | Close file
2018-12-25T12:22:18.171837632Z 79 PC: 1b318 | Find next file
2018-12-25T12:22:18.174806335Z 61 PC: 1bb66 | Open file (Filename = '������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������')
2018-12-25T12:22:18.183704418Z 63 PC: 1bb7c | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:22:18.186609743Z 72 PC: 1bb88 | Allocate memory
2018-12-25T12:22:18.188342624Z 66 PC: 1bb9b | Move file pointer
2018-12-25T12:22:18.191441496Z 63 PC: 1bbb0 | Read file or device (Read 0 bytes on handle 5)
2018-12-25T12:22:18.193445178Z 66 PC: 1bc2b | Move file pointer
2018-12-25T12:22:18.195059945Z 66 PC: 1bc47 | Move file pointer
2018-12-25T12:22:18.198046192Z 63 PC: 1bc5d | Read file or device (Read 3308 bytes on handle 5)
2018-12-25T12:22:18.207764973Z 62 PC: 1bc62 | Close file
2018-12-25T12:22:18.210256459Z 73 PC: 1bc99 | Release memory
2018-12-25T12:22:18.218844139Z 74 PC: 1bca7 | Reallocate memory
2018-12-25T12:22:18.220653511Z 26 PC: 1bcb3 | Set disk transfer address
2018-12-25T12:22:18.221713498Z 9 PC: 1bb44 | Display string (Could not find end pointer)
2018-12-25T12:22:18.227803016Z 76 PC: 1bb48 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":16,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8994,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:18.351328069Z 72 PC: 1b05a | Allocate memory
2018-12-25T12:22:18.355040659Z 42 PC: 1b0ed | Get date 0x1b0ed: cmp dl, 0x10
0x1b0f0: jne 0x1b107
0x1b0f2: mov ah, 0x2c
0x1b0f4: int 0x21
0x1b0f6: pop bp
0x1b0f7: pop es
0x1b0f8: mov byte ptr es:[bp + 0x18b], dh
0x1b0fd: mov byte ptr es:[bp + 0x18a], dl
0x1b102: call 0x1b3fb
0x1b105: jmp 0x1b109
0x1b107: pop bp
0x1b108: pop es
0x1b109: mov ax, word ptr es:[bp + 0x21]
0x1b10d: dec ax
0x1b10e: mov ds, ax
0x1b110: mov bx, word ptr [3]
0x1b114: mov word ptr es:[bp + 0x33], bx
0x1b118: push es
0x1b119: push bp
0x1b11a: mov ax, 0x4643
2018-12-25T12:22:18.357137751Z 44 PC: 1b0f6 | Get time 0x1b0f6: pop bp
0x1b0f7: pop es
0x1b0f8: mov byte ptr es:[bp + 0x18b], dh
0x1b0fd: mov byte ptr es:[bp + 0x18a], dl
0x1b102: call 0x1b3fb
0x1b105: jmp 0x1b109
0x1b107: pop bp
0x1b108: pop es
0x1b109: mov ax, word ptr es:[bp + 0x21]
0x1b10d: dec ax
0x1b10e: mov ds, ax
0x1b110: mov bx, word ptr [3]
0x1b114: mov word ptr es:[bp + 0x33], bx
0x1b118: push es
0x1b119: push bp
0x1b11a: mov ax, 0x4643
0x1b11d: int 0x1c
0x1b11f: cmp ax, 0x4b4f
0x1b122: jne 0x1b12d
0x1b124: pop bp
2018-12-25T12:22:18.359276961Z 72 PC: 1b13b | Allocate memory
2018-12-25T12:22:18.361463356Z 74 PC: 1b196 | Reallocate memory
2018-12-25T12:22:18.362965777Z 52 PC: 1b1a6 | Get InDOS flag pointer
2018-12-25T12:22:18.364151899Z 72 PC: 1b1c4 | Allocate memory
2018-12-25T12:22:18.366276862Z 53 PC: 1b1df | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:22:18.367698911Z 53 PC: 1b1f2 | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:22:18.369075475Z 42 PC: 1b203 | Get date 0x1b203: cmp dl, 6
0x1b206: je 0x1b21d
0x1b208: cmp dl, 0x10
0x1b20b: je 0x1b215
0x1b20d: mov byte ptr es:[bp + 0x18f], 0
0x1b213: jmp 0x1b223
0x1b215: mov byte ptr es:[bp + 0x18f], 1
0x1b21b: jmp 0x1b223
0x1b21d: mov byte ptr es:[bp + 0x18f], 2
0x1b223: mov byte ptr es:[bp + 0x15e], 0
0x1b229: mov word ptr es:[bp + 0x163], 0
0x1b230: mov byte ptr es:[bp + 0x165], 0
0x1b236: mov byte ptr es:[bp + 0x166], 0
0x1b23c: cmp byte ptr es:[bp + 0x18f], 2
0x1b242: je 0x1b250
0x1b244: mov byte ptr es:[bp + 0x165], 0xf8
0x1b24a: mov byte ptr es:[bp + 0x166], 0
2018-12-25T12:22:18.372672953Z 37 PC: 1b291 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:22:18.374025756Z 37 PC: 1b2a2 | Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:22:18.375393221Z 26 PC: 1b2af | Set disk transfer address
2018-12-25T12:22:18.377496775Z 78 PC: 1b2fb | Find first file
2018-12-25T12:22:18.387669959Z 78 PC: 1b2fb | Find first file (See above)
2018-12-25T12:22:18.394013669Z 67 PC: 1b6b1 | Get or set file attributes
2018-12-25T12:22:18.411143655Z 61 PC: 1b6c0 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:22:18.422558226Z 63 PC: 1b6d8 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:22:18.425352031Z 66 PC: 1b6e7 | Move file pointer
2018-12-25T12:22:18.427286885Z 66 PC: 1b6f9 | Move file pointer
2018-12-25T12:22:18.429649708Z 63 PC: 1b708 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:22:18.446045416Z 62 PC: 1b984 | Close file
2018-12-25T12:22:18.448304931Z 79 PC: 1b318 | Find next file
2018-12-25T12:22:18.451944754Z 61 PC: 1bb66 | Open file (Filename = '������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������')
2018-12-25T12:22:18.458615705Z 63 PC: 1bb7c | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:22:18.461557627Z 72 PC: 1bb88 | Allocate memory
2018-12-25T12:22:18.46421771Z 66 PC: 1bb9b | Move file pointer
2018-12-25T12:22:18.465610613Z 63 PC: 1bbb0 | Read file or device (Read 0 bytes on handle 5)
2018-12-25T12:22:18.467338395Z 66 PC: 1bc2b | Move file pointer
2018-12-25T12:22:18.469846089Z 66 PC: 1bc47 | Move file pointer
2018-12-25T12:22:18.471681773Z 63 PC: 1bc5d | Read file or device (Read 3308 bytes on handle 5)
2018-12-25T12:22:18.479401785Z 62 PC: 1bc62 | Close file
2018-12-25T12:22:18.481863258Z 73 PC: 1bc99 | Release memory
2018-12-25T12:22:18.48347533Z 74 PC: 1bca7 | Reallocate memory
2018-12-25T12:22:18.485339639Z 26 PC: 1bcb3 | Set disk transfer address
2018-12-25T12:22:18.487507416Z 9 PC: 1bb44 | Display string (Could not find end pointer)
2018-12-25T12:22:18.493094389Z 76 PC: 1bb48 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8994,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:18.389628164Z 72 PC: 1b05a | Allocate memory
2018-12-25T12:22:18.394468075Z 42 PC: 1b0ed | Get date 0x1b0ed: cmp dl, 0x10
0x1b0f0: jne 0x1b107
0x1b0f2: mov ah, 0x2c
0x1b0f4: int 0x21
0x1b0f6: pop bp
0x1b0f7: pop es
0x1b0f8: mov byte ptr es:[bp + 0x18b], dh
0x1b0fd: mov byte ptr es:[bp + 0x18a], dl
0x1b102: call 0x1b3fb
0x1b105: jmp 0x1b109
0x1b107: pop bp
0x1b108: pop es
0x1b109: mov ax, word ptr es:[bp + 0x21]
0x1b10d: dec ax
0x1b10e: mov ds, ax
0x1b110: mov bx, word ptr [3]
0x1b114: mov word ptr es:[bp + 0x33], bx
0x1b118: push es
0x1b119: push bp
0x1b11a: mov ax, 0x4643
2018-12-25T12:22:18.397682381Z 72 PC: 1b13b | Allocate memory
2018-12-25T12:22:18.400860386Z 74 PC: 1b196 | Reallocate memory
2018-12-25T12:22:18.402788392Z 52 PC: 1b1a6 | Get InDOS flag pointer
2018-12-25T12:22:18.411047834Z 72 PC: 1b1c4 | Allocate memory
2018-12-25T12:22:18.412982013Z 53 PC: 1b1df | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:22:18.414472953Z 53 PC: 1b1f2 | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:22:18.416636584Z 42 PC: 1b203 | Get date 0x1b203: cmp dl, 6
0x1b206: je 0x1b21d
0x1b208: cmp dl, 0x10
0x1b20b: je 0x1b215
0x1b20d: mov byte ptr es:[bp + 0x18f], 0
0x1b213: jmp 0x1b223
0x1b215: mov byte ptr es:[bp + 0x18f], 1
0x1b21b: jmp 0x1b223
0x1b21d: mov byte ptr es:[bp + 0x18f], 2
0x1b223: mov byte ptr es:[bp + 0x15e], 0
0x1b229: mov word ptr es:[bp + 0x163], 0
0x1b230: mov byte ptr es:[bp + 0x165], 0
0x1b236: mov byte ptr es:[bp + 0x166], 0
0x1b23c: cmp byte ptr es:[bp + 0x18f], 2
0x1b242: je 0x1b250
0x1b244: mov byte ptr es:[bp + 0x165], 0xf8
0x1b24a: mov byte ptr es:[bp + 0x166], 0
2018-12-25T12:22:18.4191216Z 37 PC: 1b291 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:22:18.420315046Z 37 PC: 1b2a2 | Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:22:18.423724387Z 26 PC: 1b2af | Set disk transfer address
2018-12-25T12:22:18.425321438Z 78 PC: 1b2fb | Find first file
2018-12-25T12:22:18.437519916Z 78 PC: 1b2fb | Find first file (See above)
2018-12-25T12:22:18.446293173Z 67 PC: 1b6b1 | Get or set file attributes
2018-12-25T12:22:18.468313255Z 61 PC: 1b6c0 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:22:18.476570515Z 63 PC: 1b6d8 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:22:18.48549266Z 66 PC: 1b6e7 | Move file pointer
2018-12-25T12:22:18.487665478Z 66 PC: 1b6f9 | Move file pointer
2018-12-25T12:22:18.489861073Z 63 PC: 1b708 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:22:18.498790588Z 62 PC: 1b984 | Close file
2018-12-25T12:22:18.502463799Z 79 PC: 1b318 | Find next file
2018-12-25T12:22:18.505390356Z 61 PC: 1bb66 | Open file (Filename = '������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������')
2018-12-25T12:22:18.513322241Z 63 PC: 1bb7c | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:22:18.516345335Z 72 PC: 1bb88 | Allocate memory
2018-12-25T12:22:18.518107695Z 66 PC: 1bb9b | Move file pointer
2018-12-25T12:22:18.519669262Z 63 PC: 1bbb0 | Read file or device (Read 0 bytes on handle 5)
2018-12-25T12:22:18.523201982Z 66 PC: 1bc2b | Move file pointer
2018-12-25T12:22:18.52469096Z 66 PC: 1bc47 | Move file pointer
2018-12-25T12:22:18.525889417Z 63 PC: 1bc5d | Read file or device (Read 3308 bytes on handle 5)
2018-12-25T12:22:18.531677086Z 62 PC: 1bc62 | Close file
2018-12-25T12:22:18.53427869Z 73 PC: 1bc99 | Release memory
2018-12-25T12:22:18.535411084Z 74 PC: 1bca7 | Reallocate memory
2018-12-25T12:22:18.537359097Z 26 PC: 1bcb3 | Set disk transfer address
2018-12-25T12:22:18.538453745Z 9 PC: 1bb44 | Display string (Could not find end pointer)
2018-12-25T12:22:18.541960057Z 76 PC: 1bb48 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8994,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:18.381967954Z 72 PC: 1b05a | Allocate memory
2018-12-25T12:22:18.386037055Z 42 PC: 1b0ed | Get date 0x1b0ed: cmp dl, 0x10
0x1b0f0: jne 0x1b107
0x1b0f2: mov ah, 0x2c
0x1b0f4: int 0x21
0x1b0f6: pop bp
0x1b0f7: pop es
0x1b0f8: mov byte ptr es:[bp + 0x18b], dh
0x1b0fd: mov byte ptr es:[bp + 0x18a], dl
0x1b102: call 0x1b3fb
0x1b105: jmp 0x1b109
0x1b107: pop bp
0x1b108: pop es
0x1b109: mov ax, word ptr es:[bp + 0x21]
0x1b10d: dec ax
0x1b10e: mov ds, ax
0x1b110: mov bx, word ptr [3]
0x1b114: mov word ptr es:[bp + 0x33], bx
0x1b118: push es
0x1b119: push bp
0x1b11a: mov ax, 0x4643
2018-12-25T12:22:18.389058299Z 72 PC: 1b13b | Allocate memory
2018-12-25T12:22:18.39115195Z 74 PC: 1b196 | Reallocate memory
2018-12-25T12:22:18.397837162Z 52 PC: 1b1a6 | Get InDOS flag pointer
2018-12-25T12:22:18.399265318Z 72 PC: 1b1c4 | Allocate memory
2018-12-25T12:22:18.401366887Z 53 PC: 1b1df | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:22:18.405806005Z 53 PC: 1b1f2 | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:22:18.407277162Z 42 PC: 1b203 | Get date 0x1b203: cmp dl, 6
0x1b206: je 0x1b21d
0x1b208: cmp dl, 0x10
0x1b20b: je 0x1b215
0x1b20d: mov byte ptr es:[bp + 0x18f], 0
0x1b213: jmp 0x1b223
0x1b215: mov byte ptr es:[bp + 0x18f], 1
0x1b21b: jmp 0x1b223
0x1b21d: mov byte ptr es:[bp + 0x18f], 2
0x1b223: mov byte ptr es:[bp + 0x15e], 0
0x1b229: mov word ptr es:[bp + 0x163], 0
0x1b230: mov byte ptr es:[bp + 0x165], 0
0x1b236: mov byte ptr es:[bp + 0x166], 0
0x1b23c: cmp byte ptr es:[bp + 0x18f], 2
0x1b242: je 0x1b250
0x1b244: mov byte ptr es:[bp + 0x165], 0xf8
0x1b24a: mov byte ptr es:[bp + 0x166], 0
2018-12-25T12:22:18.410262016Z 37 PC: 1b291 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:22:18.41176825Z 37 PC: 1b2a2 | Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:22:18.424738471Z 26 PC: 1b2af | Set disk transfer address
2018-12-25T12:22:18.426975441Z 78 PC: 1b2fb | Find first file
2018-12-25T12:22:18.438729995Z 78 PC: 1b2fb | Find first file (See above)
2018-12-25T12:22:18.446790125Z 67 PC: 1b6b1 | Get or set file attributes
2018-12-25T12:22:18.468494629Z 61 PC: 1b6c0 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:22:18.476107098Z 63 PC: 1b6d8 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:22:18.480769191Z 66 PC: 1b6e7 | Move file pointer
2018-12-25T12:22:18.482401345Z 66 PC: 1b6f9 | Move file pointer
2018-12-25T12:22:18.484082654Z 63 PC: 1b708 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:22:18.490612043Z 62 PC: 1b984 | Close file
2018-12-25T12:22:18.492504058Z 79 PC: 1b318 | Find next file
2018-12-25T12:22:18.494281024Z 61 PC: 1bb66 | Open file (Filename = '������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������')
2018-12-25T12:22:18.500166803Z 63 PC: 1bb7c | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:22:18.514205739Z 72 PC: 1bb88 | Allocate memory
2018-12-25T12:22:18.516373801Z 66 PC: 1bb9b | Move file pointer
2018-12-25T12:22:18.519147443Z 63 PC: 1bbb0 | Read file or device (Read 0 bytes on handle 5)
2018-12-25T12:22:18.521139791Z 66 PC: 1bc2b | Move file pointer
2018-12-25T12:22:18.523829939Z 66 PC: 1bc47 | Move file pointer
2018-12-25T12:22:18.529473534Z 63 PC: 1bc5d | Read file or device (Read 3308 bytes on handle 5)
2018-12-25T12:22:18.539188827Z 62 PC: 1bc62 | Close file
2018-12-25T12:22:18.541030019Z 73 PC: 1bc99 | Release memory
2018-12-25T12:22:18.543101143Z 74 PC: 1bca7 | Reallocate memory
2018-12-25T12:22:18.544936001Z 26 PC: 1bcb3 | Set disk transfer address
2018-12-25T12:22:18.546231049Z 9 PC: 1bb44 | Display string (Could not find end pointer)
2018-12-25T12:22:18.553472827Z 76 PC: 1bb48 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":16,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8994,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:18.679457306Z 72 PC: 1b05a | Allocate memory
2018-12-25T12:22:18.682267706Z 42 PC: 1b0ed | Get date 0x1b0ed: cmp dl, 0x10
0x1b0f0: jne 0x1b107
0x1b0f2: mov ah, 0x2c
0x1b0f4: int 0x21
0x1b0f6: pop bp
0x1b0f7: pop es
0x1b0f8: mov byte ptr es:[bp + 0x18b], dh
0x1b0fd: mov byte ptr es:[bp + 0x18a], dl
0x1b102: call 0x1b3fb
0x1b105: jmp 0x1b109
0x1b107: pop bp
0x1b108: pop es
0x1b109: mov ax, word ptr es:[bp + 0x21]
0x1b10d: dec ax
0x1b10e: mov ds, ax
0x1b110: mov bx, word ptr [3]
0x1b114: mov word ptr es:[bp + 0x33], bx
0x1b118: push es
0x1b119: push bp
0x1b11a: mov ax, 0x4643
2018-12-25T12:22:18.685461199Z 44 PC: 1b0f6 | Get time 0x1b0f6: pop bp
0x1b0f7: pop es
0x1b0f8: mov byte ptr es:[bp + 0x18b], dh
0x1b0fd: mov byte ptr es:[bp + 0x18a], dl
0x1b102: call 0x1b3fb
0x1b105: jmp 0x1b109
0x1b107: pop bp
0x1b108: pop es
0x1b109: mov ax, word ptr es:[bp + 0x21]
0x1b10d: dec ax
0x1b10e: mov ds, ax
0x1b110: mov bx, word ptr [3]
0x1b114: mov word ptr es:[bp + 0x33], bx
0x1b118: push es
0x1b119: push bp
0x1b11a: mov ax, 0x4643
0x1b11d: int 0x1c
0x1b11f: cmp ax, 0x4b4f
0x1b122: jne 0x1b12d
0x1b124: pop bp
2018-12-25T12:22:18.688210737Z 72 PC: 1b13b | Allocate memory
2018-12-25T12:22:18.690134764Z 74 PC: 1b196 | Reallocate memory
2018-12-25T12:22:18.692514411Z 52 PC: 1b1a6 | Get InDOS flag pointer
2018-12-25T12:22:18.694054544Z 72 PC: 1b1c4 | Allocate memory
2018-12-25T12:22:18.695838056Z 53 PC: 1b1df | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:22:18.701036924Z 53 PC: 1b1f2 | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:22:18.702704558Z 42 PC: 1b203 | Get date 0x1b203: cmp dl, 6
0x1b206: je 0x1b21d
0x1b208: cmp dl, 0x10
0x1b20b: je 0x1b215
0x1b20d: mov byte ptr es:[bp + 0x18f], 0
0x1b213: jmp 0x1b223
0x1b215: mov byte ptr es:[bp + 0x18f], 1
0x1b21b: jmp 0x1b223
0x1b21d: mov byte ptr es:[bp + 0x18f], 2
0x1b223: mov byte ptr es:[bp + 0x15e], 0
0x1b229: mov word ptr es:[bp + 0x163], 0
0x1b230: mov byte ptr es:[bp + 0x165], 0
0x1b236: mov byte ptr es:[bp + 0x166], 0
0x1b23c: cmp byte ptr es:[bp + 0x18f], 2
0x1b242: je 0x1b250
0x1b244: mov byte ptr es:[bp + 0x165], 0xf8
0x1b24a: mov byte ptr es:[bp + 0x166], 0
2018-12-25T12:22:18.704267687Z 37 PC: 1b291 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:22:18.706017331Z 37 PC: 1b2a2 | Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:22:18.708547424Z 26 PC: 1b2af | Set disk transfer address
2018-12-25T12:22:18.709540466Z 78 PC: 1b2fb | Find first file
2018-12-25T12:22:18.719629044Z 78 PC: 1b2fb | Find first file (See above)
2018-12-25T12:22:18.725613653Z 67 PC: 1b6b1 | Get or set file attributes
2018-12-25T12:22:18.742539219Z 61 PC: 1b6c0 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:22:18.749543193Z 63 PC: 1b6d8 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:22:18.753608412Z 66 PC: 1b6e7 | Move file pointer
2018-12-25T12:22:18.755371708Z 66 PC: 1b6f9 | Move file pointer
2018-12-25T12:22:18.757087297Z 63 PC: 1b708 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:22:18.76523739Z 62 PC: 1b984 | Close file
2018-12-25T12:22:18.767192201Z 79 PC: 1b318 | Find next file
2018-12-25T12:22:18.769975767Z 61 PC: 1bb66 | Open file (Filename = '������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������')
2018-12-25T12:22:18.77700532Z 63 PC: 1bb7c | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:22:18.779649332Z 72 PC: 1bb88 | Allocate memory
2018-12-25T12:22:18.781309864Z 66 PC: 1bb9b | Move file pointer
2018-12-25T12:22:18.783617961Z 63 PC: 1bbb0 | Read file or device (Read 0 bytes on handle 5)
2018-12-25T12:22:18.785316988Z 66 PC: 1bc2b | Move file pointer
2018-12-25T12:22:18.78664265Z 66 PC: 1bc47 | Move file pointer
2018-12-25T12:22:18.788516251Z 63 PC: 1bc5d | Read file or device (Read 3308 bytes on handle 5)
2018-12-25T12:22:18.795726425Z 62 PC: 1bc62 | Close file
2018-12-25T12:22:18.797705034Z 73 PC: 1bc99 | Release memory
2018-12-25T12:22:18.799505586Z 74 PC: 1bca7 | Reallocate memory
2018-12-25T12:22:18.801520006Z 26 PC: 1bcb3 | Set disk transfer address
2018-12-25T12:22:18.80248439Z 9 PC: 1bb44 | Display string (Could not find end pointer)
2018-12-25T12:22:18.809337415Z 76 PC: 1bb48 | Terminate with return code (Return code = '36')