Sample viewer

vx.netlux.org/Virus.DOS.Yafo.328.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:29.198633341Z 78 PC: 12ba6 | Find first file
2018-12-17T22:47:29.205098103Z 61 PC: 12bd9 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:47:29.211392315Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:29.217288876Z 66 PC: 12bf2 | Move file pointer
2018-12-17T22:47:29.219249192Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:47:29.233031925Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:47:29.235179396Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:29.261684588Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T22:47:29.263573653Z 62 PC: 12c2e | Close file
2018-12-17T22:47:29.271155691Z 79 PC: 12bc1 | Find next file
2018-12-17T22:47:29.27443992Z 61 PC: 12bd9 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:47:29.281069881Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:29.287187428Z 66 PC: 12bf2 | Move file pointer
2018-12-17T22:47:29.288495624Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:47:29.292749996Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:47:29.294863069Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:29.298200337Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T22:47:29.300646036Z 62 PC: 12c2e | Close file
2018-12-17T22:47:29.308032026Z 79 PC: 12bc1 | Find next file
2018-12-17T22:47:29.310635021Z 61 PC: 12bd9 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:47:29.315245343Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:29.319425974Z 66 PC: 12bf2 | Move file pointer
2018-12-17T22:47:29.320448749Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:47:29.322909758Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:47:29.323913409Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:29.325637824Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T22:47:29.327149256Z 62 PC: 12c2e | Close file
2018-12-17T22:47:29.331700338Z 79 PC: 12bc1 | Find next file
2018-12-17T22:47:29.333350713Z 61 PC: 12bd9 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:47:29.337528305Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:29.341412308Z 66 PC: 12bf2 | Move file pointer
2018-12-17T22:47:29.342347449Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:47:29.344258038Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:47:29.358312599Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:29.360141745Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T22:47:29.361325868Z 62 PC: 12c2e | Close file
2018-12-17T22:47:29.366393715Z 79 PC: 12bc1 | Find next file
2018-12-17T22:47:29.368198916Z 61 PC: 12bd9 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:47:29.375609445Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:29.380053699Z 66 PC: 12bf2 | Move file pointer
2018-12-17T22:47:29.381183852Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:47:29.382971216Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:47:29.384672327Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:29.386463246Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T22:47:29.387581951Z 62 PC: 12c2e | Close file
2018-12-17T22:47:29.392973062Z 79 PC: 12bc1 | Find next file
2018-12-17T22:47:29.39504479Z 61 PC: 12bd9 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:47:29.399422858Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:29.403747394Z 66 PC: 12bf2 | Move file pointer
2018-12-17T22:47:29.405166446Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:47:29.41031004Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:47:29.411998009Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:29.416194561Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T22:47:29.4173885Z 62 PC: 12c2e | Close file
2018-12-17T22:47:29.423559535Z 79 PC: 12bc1 | Find next file
2018-12-17T22:47:29.426341129Z 61 PC: 12bd9 | Open file (Filename = 'PAH.COM')
2018-12-17T22:47:29.433019848Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:29.440337767Z 66 PC: 12bf2 | Move file pointer
2018-12-17T22:47:29.441968056Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:47:29.445349798Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:47:29.446820282Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:29.449909744Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T22:47:29.451273732Z 62 PC: 12c2e | Close file
2018-12-17T22:47:29.458734686Z 79 PC: 12bc1 | Find next file
2018-12-17T22:47:29.462320904Z 61 PC: 12bd9 | Open file (Filename = 'TEST.COM')
2018-12-17T22:47:29.468754927Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:29.475084085Z 66 PC: 12bf2 | Move file pointer
2018-12-17T22:47:29.477539232Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-17T22:47:29.484527362Z 66 PC: 12c10 | Move file pointer
2018-12-17T22:47:29.486224588Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:29.489851249Z 87 PC: 12c2a | Get or set file date and time
2018-12-17T22:47:29.491519025Z 62 PC: 12c2e | Close file
2018-12-17T22:47:29.498881927Z 79 PC: 12bc1 | Find next file
2018-12-17T22:47:29.506818966Z 42 PC: 12b61 | Get date 0x12b61: cmp dh, 2
0x12b64: jne 0x12b71
0x12b66: cmp dl, 0xf
0x12b69: jne 0x12b71
0x12b6b: call 0x12b7c
0x12b6e: cli
0x12b6f: jmp 0x12b6f
0x12b71: xor ax, ax
0x12b73: int 0x16
0x12b75: pop bp
0x12b76: mov di, 0x100
0x12b79: cld
0x12b7a: jmp di
0x12b7c: mov ah, 0xe
0x12b7e: xor bh, bh
0x12b80: lodsb al, byte ptr [si]
0x12b81: ror al, 1
0x12b83: or al, al
0x12b85: je 0x12b8b
0x12b87: int 0x10

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9240,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:43.41749381Z 78 PC: 12ba6 | Find first file
2018-12-25T12:22:43.424842312Z 61 PC: 12bd9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:43.432670795Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:43.439989068Z 66 PC: 12bf2 | Move file pointer
2018-12-25T12:22:43.442023825Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-25T12:22:43.573875797Z 66 PC: 12c10 | Move file pointer
2018-12-25T12:22:43.575761771Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:43.583931087Z 87 PC: 12c2a | Get or set file date and time
2018-12-25T12:22:43.586925735Z 62 PC: 12c2e | Close file
2018-12-25T12:22:43.598169158Z 79 PC: 12bc1 | Find next file
2018-12-25T12:22:43.602209882Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.613862858Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.62465374Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.628296424Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.6336273Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.635427441Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.638549424Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.640329853Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.648907305Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.654648687Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.663149457Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.675630928Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.677818177Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.681271064Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.684342862Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.687654318Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.689684656Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.69933123Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.711286385Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.719222282Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.737536107Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.739194358Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.742635472Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.745045912Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.751489696Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.753725189Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.767508371Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.771782023Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.779382076Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.786774072Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.789758947Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.793404947Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.795286462Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.799595621Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.801888369Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.810342225Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.814546444Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.822794622Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.830860651Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.832960754Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.843527416Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.845519059Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.853392675Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.856048042Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.864965702Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.868049807Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.876440754Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.884010175Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.885776029Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.888990031Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.890923786Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.894726524Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.896653613Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.905679815Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.908685276Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.916047922Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.920019315Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.922055464Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.926618205Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.929200492Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.932648929Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.934637627Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.944833399Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.953346194Z 42 PC: 12b61 | Get date 0x12b61: cmp dh, 2
0x12b64: jne 0x12b71
0x12b66: cmp dl, 0xf
0x12b69: jne 0x12b71
0x12b6b: call 0x12b7c
0x12b6e: cli
0x12b6f: jmp 0x12b6f
0x12b71: xor ax, ax
0x12b73: int 0x16
0x12b75: pop bp
0x12b76: mov di, 0x100
0x12b79: cld
0x12b7a: jmp di
0x12b7c: mov ah, 0xe
0x12b7e: xor bh, bh
0x12b80: lodsb al, byte ptr [si]
0x12b81: ror al, 1
0x12b83: or al, al
0x12b85: je 0x12b8b
0x12b87: int 0x10

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9240,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:43.513535434Z 78 PC: 12ba6 | Find first file
2018-12-25T12:22:43.520881046Z 61 PC: 12bd9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:43.528519475Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:43.535608203Z 66 PC: 12bf2 | Move file pointer
2018-12-25T12:22:43.537241564Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-25T12:22:43.573522183Z 66 PC: 12c10 | Move file pointer
2018-12-25T12:22:43.575683452Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:43.583963701Z 87 PC: 12c2a | Get or set file date and time
2018-12-25T12:22:43.587125659Z 62 PC: 12c2e | Close file
2018-12-25T12:22:43.596340609Z 79 PC: 12bc1 | Find next file
2018-12-25T12:22:43.59990152Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.608637334Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.61614971Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.618173785Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.622322023Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.62459993Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.627898228Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.629942163Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.639978308Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.643322322Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.651748481Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.659682871Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.661680137Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.664607956Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.666382505Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.668201691Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.669359529Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.676433727Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.679552693Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.686969752Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.694756588Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.696551223Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.699988672Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.702167307Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.705786952Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.707804836Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.716391739Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.720252924Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.727137215Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.733858691Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.735622735Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.738338227Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.73956893Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.742567701Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.74390136Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.752209366Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.755338408Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.762400418Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.769102385Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.771138035Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.780031798Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.782277327Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.790242783Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.792007345Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.8008988Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.804424669Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.812552775Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.819635491Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.821225398Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.824756927Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.826517672Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.829613442Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.832506883Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.840946543Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.844089342Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.853014555Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.856055126Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.85775229Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.862299813Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.864021147Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.867190946Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.869195422Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.878926504Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.887528276Z 42 PC: 12b61 | Get date 0x12b61: cmp dh, 2
0x12b64: jne 0x12b71
0x12b66: cmp dl, 0xf
0x12b69: jne 0x12b71
0x12b6b: call 0x12b7c
0x12b6e: cli
0x12b6f: jmp 0x12b6f
0x12b71: xor ax, ax
0x12b73: int 0x16
0x12b75: pop bp
0x12b76: mov di, 0x100
0x12b79: cld
0x12b7a: jmp di
0x12b7c: mov ah, 0xe
0x12b7e: xor bh, bh
0x12b80: lodsb al, byte ptr [si]
0x12b81: ror al, 1
0x12b83: or al, al
0x12b85: je 0x12b8b
0x12b87: int 0x10

{"DateBased":true,"Day":15,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9240,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:43.666088321Z 78 PC: 12ba6 | Find first file
2018-12-25T12:22:43.673201835Z 61 PC: 12bd9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:43.679720929Z 63 PC: 12be9 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:43.68629067Z 66 PC: 12bf2 | Move file pointer
2018-12-25T12:22:43.6890054Z 64 PC: 12c07 | Write file or device (Write 328 bytes on handle 5)
2018-12-25T12:22:43.902356647Z 66 PC: 12c10 | Move file pointer
2018-12-25T12:22:43.904156425Z 64 PC: 12c22 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:43.91146485Z 87 PC: 12c2a | Get or set file date and time
2018-12-25T12:22:43.913072481Z 62 PC: 12c2e | Close file
2018-12-25T12:22:43.921696522Z 79 PC: 12bc1 | Find next file
2018-12-25T12:22:43.925160094Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.933011347Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.939981486Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.942014208Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.945663543Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.94724761Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.950008549Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.952545352Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.960632107Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:43.963656286Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:43.971522218Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:43.978756043Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:43.980588193Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:43.984151319Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:43.985622857Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:43.989066139Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:43.991464035Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:43.998919345Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:44.001556552Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:44.008120489Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:44.015643453Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:44.017592824Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:44.02073368Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:44.023242723Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:44.025984784Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:44.027612887Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:44.035948736Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:44.039735983Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:44.046446623Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:44.053639648Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:44.055109904Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:44.057704229Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:44.060447549Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:44.063743631Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:44.065186543Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:44.074558609Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:44.077578221Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:44.084030239Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:44.090826527Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:44.092644432Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:44.100280149Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:44.10181063Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:44.108495677Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:44.109904661Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:44.117312885Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:44.12082184Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:44.127533645Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:44.134542289Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:44.136641603Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:44.139374122Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:44.140836519Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:44.143736847Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:44.145042971Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:44.151972722Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:44.156198146Z 61 PC: 12bd9 | Open file (See above)
2018-12-25T12:22:44.162292112Z 63 PC: 12be9 | Read file or device (See above)
2018-12-25T12:22:44.165095373Z 66 PC: 12bf2 | Move file pointer (See above)
2018-12-25T12:22:44.167031784Z 64 PC: 12c07 | Write file or device (See above)
2018-12-25T12:22:44.169986413Z 66 PC: 12c10 | Move file pointer (See above)
2018-12-25T12:22:44.171240622Z 64 PC: 12c22 | Write file or device (See above)
2018-12-25T12:22:44.174123051Z 87 PC: 12c2a | Get or set file date and time (See above)
2018-12-25T12:22:44.17555593Z 62 PC: 12c2e | Close file (See above)
2018-12-25T12:22:44.182684683Z 79 PC: 12bc1 | Find next file (See above)
2018-12-25T12:22:44.189976372Z 42 PC: 12b61 | Get date 0x12b61: cmp dh, 2
0x12b64: jne 0x12b71
0x12b66: cmp dl, 0xf
0x12b69: jne 0x12b71
0x12b6b: call 0x12b7c
0x12b6e: cli
0x12b6f: jmp 0x12b6f
0x12b71: xor ax, ax
0x12b73: int 0x16
0x12b75: pop bp
0x12b76: mov di, 0x100
0x12b79: cld
0x12b7a: jmp di
0x12b7c: mov ah, 0xe
0x12b7e: xor bh, bh
0x12b80: lodsb al, byte ptr [si]
0x12b81: ror al, 1
0x12b83: or al, al
0x12b85: je 0x12b8b
0x12b87: int 0x10