Sample viewer

vx.netlux.org/Virus.DOS.Cascade.1701.f

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:05.252674305Z 48 PC: 1814e | Get DOS version
2018-12-17T22:49:05.255258761Z 75 PC: 1815c | Execute program
2018-12-17T22:49:05.257607353Z 53 PC: 18177 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:05.259626447Z 80 PC: 181de | Set current PSP
2018-12-17T22:49:05.263061111Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:05.271352709Z 26 PC: 12be4 | Set disk transfer address
2018-12-17T22:49:05.273084363Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-17T22:49:05.276066015Z 48 PC: 16199 | Get DOS version
2018-12-17T22:49:05.278425478Z 44 PC: 161a8 | Get time 0x161a8: pop di
0x161a9: xchg ax, dx
0x161aa: stosw word ptr es:[di], ax
0x161ab: xchg ax, cx
0x161ac: stosw word ptr es:[di], ax
0x161ad: mov ah, 0x2a
0x161af: push di
0x161b0: int 0x21
0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
2018-12-17T22:49:05.281768859Z 42 PC: 161b2 | Get date 0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
0x161c4: mov ah, 0x47
0x161c6: mov dl, 0
0x161c8: push si
0x161c9: int 0x21
0x161cb: pop si
0x161cc: lodsb al, byte ptr [si]
0x161cd: test al, al
0x161cf: jne 0x161cc
2018-12-17T22:49:05.284451911Z 25 PC: 161bc | Get default drive
2018-12-17T22:49:05.286637828Z 71 PC: 161cb | Get current directory
2018-12-17T22:49:05.292982879Z 64 PC: 162ed | Write file or device (Write 58 bytes on handle 1)
2018-12-17T22:49:05.301023857Z 64 PC: 162ed | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:49:05.306018211Z 64 PC: 162ed | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:49:05.318927616Z 64 PC: 162ed | Write file or device (Write 77 bytes on handle 1)
2018-12-17T22:49:05.3260298Z 64 PC: 162ed | Write file or device (Write 54 bytes on handle 1)
2018-12-17T22:49:05.335427648Z 64 PC: 162ed | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:49:05.343578271Z 64 PC: 162ed | Write file or device (Write 55 bytes on handle 1)
2018-12-17T22:49:05.349576061Z 64 PC: 162ed | Write file or device (Write 55 bytes on handle 1)
2018-12-17T22:49:05.357812175Z 64 PC: 162ed | Write file or device (Write 55 bytes on handle 1)
2018-12-17T22:49:05.364612121Z 64 PC: 162ed | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:49:05.369934472Z 64 PC: 162ed | Write file or device (Write 74 bytes on handle 1)
2018-12-17T22:49:05.377857838Z 64 PC: 162ed | Write file or device (Write 13 bytes on handle 1)
2018-12-17T22:49:05.385313867Z 64 PC: 162ed | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:49:05.390503558Z 64 PC: 162ed | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:49:05.394349664Z 64 PC: 162ed | Write file or device (Write 50 bytes on handle 1)
2018-12-17T22:49:05.400986013Z 64 PC: 162ed | Write file or device (Write 34 bytes on handle 1)
2018-12-17T22:49:05.413116885Z 64 PC: 162ed | Write file or device (Write 34 bytes on handle 1)
2018-12-17T22:49:05.418720684Z 64 PC: 162ed | Write file or device (Write 0 bytes on handle 1)
2018-12-17T22:49:05.421884618Z 76 PC: 162ed | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:45.785887142Z 48 PC: 1814e | Get DOS version
2018-12-25T12:23:45.78738595Z 75 PC: 1815c | Execute program
2018-12-25T12:23:45.788905519Z 53 PC: 18177 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:45.790070249Z 80 PC: 181de | Set current PSP
2018-12-25T12:23:45.79277202Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:45.794388751Z 26 PC: 12be4 | Set disk transfer address
2018-12-25T12:23:45.795890876Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-25T12:23:45.798873327Z 48 PC: 16199 | Get DOS version
2018-12-25T12:23:45.800528712Z 44 PC: 161a8 | Get time 0x161a8: pop di
0x161a9: xchg ax, dx
0x161aa: stosw word ptr es:[di], ax
0x161ab: xchg ax, cx
0x161ac: stosw word ptr es:[di], ax
0x161ad: mov ah, 0x2a
0x161af: push di
0x161b0: int 0x21
0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
2018-12-25T12:23:45.802664867Z 42 PC: 161b2 | Get date 0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
0x161c4: mov ah, 0x47
0x161c6: mov dl, 0
0x161c8: push si
0x161c9: int 0x21
0x161cb: pop si
0x161cc: lodsb al, byte ptr [si]
0x161cd: test al, al
0x161cf: jne 0x161cc
2018-12-25T12:23:45.80476946Z 25 PC: 161bc | Get default drive
2018-12-25T12:23:45.808312367Z 71 PC: 161cb | Get current directory
2018-12-25T12:23:45.814733904Z 64 PC: 162ed | Write file or device (Write 58 bytes on handle 1)
2018-12-25T12:23:45.820642172Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.823898243Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.828803739Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.835574665Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.842116379Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.847104541Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.854741504Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.862484454Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.868671312Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.873682384Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.881750292Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.886522084Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.890971553Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.894414225Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.903133173Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.90856412Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.916340926Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:45.918219851Z 76 PC: 162ed | Terminate with return code (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:45.973775209Z 48 PC: 1814e | Get DOS version
2018-12-25T12:23:45.97589252Z 75 PC: 1815c | Execute program
2018-12-25T12:23:45.97748446Z 53 PC: 18177 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:45.978820539Z 80 PC: 181de | Set current PSP
2018-12-25T12:23:45.982043952Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:45.983950046Z 26 PC: 12be4 | Set disk transfer address
2018-12-25T12:23:45.985416082Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-25T12:23:45.9882135Z 53 PC: 12bff | Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:23:45.991056839Z 37 PC: 12c13 | Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:23:46.040518901Z 53 PC: 12c40 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:23:46.04222357Z 37 PC: 12c55 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:23:46.0447181Z 48 PC: 16199 | Get DOS version
2018-12-25T12:23:46.046189371Z 44 PC: 161a8 | Get time 0x161a8: pop di
0x161a9: xchg ax, dx
0x161aa: stosw word ptr es:[di], ax
0x161ab: xchg ax, cx
0x161ac: stosw word ptr es:[di], ax
0x161ad: mov ah, 0x2a
0x161af: push di
0x161b0: int 0x21
0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
2018-12-25T12:23:46.048732024Z 42 PC: 161b2 | Get date 0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
0x161c4: mov ah, 0x47
0x161c6: mov dl, 0
0x161c8: push si
0x161c9: int 0x21
0x161cb: pop si
0x161cc: lodsb al, byte ptr [si]
0x161cd: test al, al
0x161cf: jne 0x161cc
2018-12-25T12:23:46.051416155Z 25 PC: 161bc | Get default drive
2018-12-25T12:23:46.052387893Z 71 PC: 161cb | Get current directory
2018-12-25T12:23:46.058308644Z 64 PC: 162ed | Write file or device (Write 58 bytes on handle 1)
2018-12-25T12:23:46.065552267Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.068040703Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.073351763Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.081120613Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.087908023Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.094056767Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.102751007Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.110361878Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.117241306Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.123148591Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.130312137Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.136509656Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.14207049Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.145094376Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.153137037Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.158851625Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.168915309Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.170883937Z 76 PC: 162ed | Terminate with return code (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:46.263733315Z 48 PC: 1814e | Get DOS version
2018-12-25T12:23:46.267102257Z 75 PC: 1815c | Execute program
2018-12-25T12:23:46.268989687Z 53 PC: 18177 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:46.270731863Z 80 PC: 181de | Set current PSP
2018-12-25T12:23:46.274377754Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:46.275601166Z 26 PC: 12be4 | Set disk transfer address
2018-12-25T12:23:46.27659563Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-25T12:23:46.278293956Z 48 PC: 16199 | Get DOS version
2018-12-25T12:23:46.281434791Z 44 PC: 161a8 | Get time 0x161a8: pop di
0x161a9: xchg ax, dx
0x161aa: stosw word ptr es:[di], ax
0x161ab: xchg ax, cx
0x161ac: stosw word ptr es:[di], ax
0x161ad: mov ah, 0x2a
0x161af: push di
0x161b0: int 0x21
0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
2018-12-25T12:23:46.283226588Z 42 PC: 161b2 | Get date 0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
0x161c4: mov ah, 0x47
0x161c6: mov dl, 0
0x161c8: push si
0x161c9: int 0x21
0x161cb: pop si
0x161cc: lodsb al, byte ptr [si]
0x161cd: test al, al
0x161cf: jne 0x161cc
2018-12-25T12:23:46.28510152Z 25 PC: 161bc | Get default drive
2018-12-25T12:23:46.295382725Z 71 PC: 161cb | Get current directory
2018-12-25T12:23:46.29924958Z 64 PC: 162ed | Write file or device (Write 58 bytes on handle 1)
2018-12-25T12:23:46.303158943Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.305168124Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.308389821Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.312742684Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.319981095Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.325316055Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.329878359Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.335051761Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.34310766Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.351956614Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.364501906Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.370307495Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.375305714Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.377776723Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.3866105Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.392589408Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.39942976Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.402233026Z 76 PC: 162ed | Terminate with return code (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:46.421606723Z 48 PC: 1814e | Get DOS version
2018-12-25T12:23:46.424037446Z 75 PC: 1815c | Execute program
2018-12-25T12:23:46.426062543Z 53 PC: 18177 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:46.427796017Z 80 PC: 181de | Set current PSP
2018-12-25T12:23:46.443638865Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:46.44500032Z 26 PC: 12be4 | Set disk transfer address
2018-12-25T12:23:46.446420437Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-25T12:23:46.449588656Z 48 PC: 16199 | Get DOS version
2018-12-25T12:23:46.45213212Z 44 PC: 161a8 | Get time 0x161a8: pop di
0x161a9: xchg ax, dx
0x161aa: stosw word ptr es:[di], ax
0x161ab: xchg ax, cx
0x161ac: stosw word ptr es:[di], ax
0x161ad: mov ah, 0x2a
0x161af: push di
0x161b0: int 0x21
0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
2018-12-25T12:23:46.454822897Z 42 PC: 161b2 | Get date 0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
0x161c4: mov ah, 0x47
0x161c6: mov dl, 0
0x161c8: push si
0x161c9: int 0x21
0x161cb: pop si
0x161cc: lodsb al, byte ptr [si]
0x161cd: test al, al
0x161cf: jne 0x161cc
2018-12-25T12:23:46.457386973Z 25 PC: 161bc | Get default drive
2018-12-25T12:23:46.458426297Z 71 PC: 161cb | Get current directory
2018-12-25T12:23:46.462517309Z 64 PC: 162ed | Write file or device (Write 58 bytes on handle 1)
2018-12-25T12:23:46.466623959Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.468523377Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.471582954Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.475718699Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.480288572Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.483519956Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.487824754Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.492880114Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.496873728Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.500028958Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.504891465Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.509061613Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.513386316Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.51629703Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.52938387Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.535504595Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.543551608Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.545563624Z 76 PC: 162ed | Terminate with return code (See above)

{"DateBased":true,"Day":1,"Month":10,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9772,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:46.615894835Z 48 PC: 1814e | Get DOS version
2018-12-25T12:23:46.617474773Z 75 PC: 1815c | Execute program
2018-12-25T12:23:46.618731748Z 53 PC: 18177 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:46.620687407Z 80 PC: 181de | Set current PSP
2018-12-25T12:23:46.628939112Z 37 PC: 12bdc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:46.643591578Z 26 PC: 12be4 | Set disk transfer address
2018-12-25T12:23:46.645080881Z 42 PC: 12beb | Get date 0x12beb: cmp cx, 0x7c4
0x12bef: ja 0x12c56
0x12bf1: je 0x12c1d
0x12bf3: cmp cx, 0x7bc
0x12bf7: jne 0x12c56
0x12bf9: push ds
0x12bfa: mov ax, 0x3528
0x12bfd: int 0x21
0x12bff: mov word ptr cs:[0x13b], bx
0x12c04: mov word ptr cs:[0x13d], es
0x12c09: mov ax, 0x2528
0x12c0c: mov dx, 0x722
0x12c0f: push cs
0x12c10: pop ds
0x12c11: int 0x21
0x12c13: pop ds
0x12c14: or byte ptr cs:[0x157], 8
0x12c1a: jmp 0x12c22
0x12c1c: nop
0x12c1d: cmp dh, 0xa
2018-12-25T12:23:46.725379341Z 53 PC: 12c40 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:23:46.727364754Z 37 PC: 12c55 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:23:46.729272399Z 48 PC: 16199 | Get DOS version
2018-12-25T12:23:46.731777176Z 44 PC: 161a8 | Get time 0x161a8: pop di
0x161a9: xchg ax, dx
0x161aa: stosw word ptr es:[di], ax
0x161ab: xchg ax, cx
0x161ac: stosw word ptr es:[di], ax
0x161ad: mov ah, 0x2a
0x161af: push di
0x161b0: int 0x21
0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
2018-12-25T12:23:46.73472904Z 42 PC: 161b2 | Get date 0x161b2: pop di
0x161b3: xchg ax, dx
0x161b4: stosw word ptr es:[di], ax
0x161b5: xchg ax, cx
0x161b6: stosw word ptr es:[di], ax
0x161b7: mov ah, 0x19
0x161b9: push di
0x161ba: int 0x21
0x161bc: pop di
0x161bd: mov ah, byte ptr [0x311a]
0x161c1: stosw word ptr es:[di], ax
0x161c2: mov si, di
0x161c4: mov ah, 0x47
0x161c6: mov dl, 0
0x161c8: push si
0x161c9: int 0x21
0x161cb: pop si
0x161cc: lodsb al, byte ptr [si]
0x161cd: test al, al
0x161cf: jne 0x161cc
2018-12-25T12:23:46.737188438Z 25 PC: 161bc | Get default drive
2018-12-25T12:23:46.739076758Z 71 PC: 161cb | Get current directory
2018-12-25T12:23:46.744773376Z 64 PC: 162ed | Write file or device (Write 58 bytes on handle 1)
2018-12-25T12:23:46.751357721Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.754208636Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.760015936Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.766686128Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.772734446Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.778438788Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.785219263Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.791866239Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.798969887Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.804347572Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.81051615Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.81635074Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.820623626Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.823343254Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.830759786Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.836021186Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.84222619Z 64 PC: 162ed | Write file or device (See above)
2018-12-25T12:23:46.844882862Z 76 PC: 162ed | Terminate with return code (See above)