{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10050,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:27:05.836152061Z | 26 | PC: 2296e | Set disk transfer address |
| 2018-12-25T12:27:05.838126588Z | 78 | PC: 22978 | Find first file |
| 2018-12-25T12:27:05.843853941Z | 61 | PC: 22980 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:27:05.850309191Z | 63 | PC: 2298b | Read file or device (Read 351 bytes on handle 5) |
| 2018-12-25T12:27:05.85778975Z | 44 | PC: 22999 | Get time 0x22999: mov byte ptr ss:[0x22f], dl 0x2299e: mov byte ptr [0x12f], dl 0x229a2: mov ax, 0x4202 0x229a5: xor cx, cx 0x229a7: xor dx, dx 0x229a9: int 0x21 0x229ab: cmp ax, 0x15f 0x229ae: jae 0x229b6 0x229b0: mov ax, 0x25f 0x229b3: jmp 0x229b9 0x229b5: nop 0x229b6: add ax, 0x100 0x229b9: mov word ptr ss:[0x203], ax 0x229bd: push ss 0x229be: pop es 0x229bf: push es 0x229c0: pop ds 0x229c1: call 0x22a65 0x229c4: mov ax, 0x4200 0x229c7: xor cx, cx |
| 2018-12-25T12:27:05.859445828Z | 66 | PC: 229ab | Move file pointer |
| 2018-12-25T12:27:05.86049347Z | 66 | PC: 229cd | Move file pointer |
| 2018-12-25T12:27:05.861535618Z | 64 | PC: 229d7 | Write file or device (Write 351 bytes on handle 5) |
| 2018-12-25T12:27:05.864069451Z | 66 | PC: 229e0 | Move file pointer |
| 2018-12-25T12:27:05.8650967Z | 64 | PC: 229eb | Write file or device (Write 351 bytes on handle 5) |
| 2018-12-25T12:27:06.057348678Z | 62 | PC: 229ef | Close file |
| 2018-12-25T12:27:06.074854817Z | 42 | PC: 22a11 | Get date 0x22a11: cmp dh, 0xc 0x22a14: jne 0x22a31 0x22a16: cmp dl, 0x1d 0x22a19: jne 0x22a31 0x22a1b: mov dx, 0x43 0x22a1e: mov ah, 0x36 0x22a20: out dx, al 0x22a21: jmp 0x22a23 0x22a23: mov dx, 0x40 0x22a26: xor al, al 0x22a28: out dx, al 0x22a29: jmp 0x22a2b 0x22a2b: mov dx, 0x40 0x22a2e: mov al, 1 0x22a30: out dx, al 0x22a31: push ss 0x22a32: pop ds 0x22a33: jmp 0x2295a 0x22a36: mov ah, 0x3e 0x22a38: int 0x21 |
| 2018-12-25T12:27:06.077058428Z | 9 | PC: 12a47 | Display string (String= '(C) 1993 American Eagle Poblications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T12:27:06.084262254Z | 76 | PC: 12a4c | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10050,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T13:07:13.468510348Z | 26 | PC: 2296e | Set disk transfer address |
| 2018-12-25T13:07:13.471325979Z | 78 | PC: 22978 | Find first file |
| 2018-12-25T13:07:13.476982881Z | 61 | PC: 22980 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T13:07:13.483321439Z | 63 | PC: 2298b | Read file or device (Read 351 bytes on handle 5) |
| 2018-12-25T13:07:13.490448906Z | 44 | PC: 22999 | Get time 0x22999: mov byte ptr ss:[0x22f], dl 0x2299e: mov byte ptr [0x12f], dl 0x229a2: mov ax, 0x4202 0x229a5: xor cx, cx 0x229a7: xor dx, dx 0x229a9: int 0x21 0x229ab: cmp ax, 0x15f 0x229ae: jae 0x229b6 0x229b0: mov ax, 0x25f 0x229b3: jmp 0x229b9 0x229b5: nop 0x229b6: add ax, 0x100 0x229b9: mov word ptr ss:[0x203], ax 0x229bd: push ss 0x229be: pop es 0x229bf: push es 0x229c0: pop ds 0x229c1: call 0x22a65 0x229c4: mov ax, 0x4200 0x229c7: xor cx, cx |
| 2018-12-25T13:07:13.492777097Z | 66 | PC: 229ab | Move file pointer |
| 2018-12-25T13:07:13.494143962Z | 66 | PC: 229cd | Move file pointer |
| 2018-12-25T13:07:13.496581024Z | 64 | PC: 229d7 | Write file or device (Write 351 bytes on handle 5) |
| 2018-12-25T13:07:13.499233171Z | 66 | PC: 229e0 | Move file pointer |
| 2018-12-25T13:07:13.500497892Z | 64 | PC: 229eb | Write file or device (Write 351 bytes on handle 5) |
| 2018-12-25T13:07:13.516013314Z | 62 | PC: 229ef | Close file |
| 2018-12-25T13:07:13.524236861Z | 42 | PC: 22a11 | Get date 0x22a11: cmp dh, 0xc 0x22a14: jne 0x22a31 0x22a16: cmp dl, 0x1d 0x22a19: jne 0x22a31 0x22a1b: mov dx, 0x43 0x22a1e: mov ah, 0x36 0x22a20: out dx, al 0x22a21: jmp 0x22a23 0x22a23: mov dx, 0x40 0x22a26: xor al, al 0x22a28: out dx, al 0x22a29: jmp 0x22a2b 0x22a2b: mov dx, 0x40 0x22a2e: mov al, 1 0x22a30: out dx, al 0x22a31: push ss 0x22a32: pop ds 0x22a33: jmp 0x2295a 0x22a36: mov ah, 0x3e 0x22a38: int 0x21 |
| 2018-12-25T13:07:13.526629916Z | 9 | PC: 12a47 | Display string (String= '(C) 1993 American Eagle Poblications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T13:07:13.533950293Z | 76 | PC: 12a4c | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":29,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10050,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:27:05.993253108Z | 26 | PC: 2296e | Set disk transfer address |
| 2018-12-25T12:27:05.996069911Z | 78 | PC: 22978 | Find first file |
| 2018-12-25T12:27:06.002024673Z | 61 | PC: 22980 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:27:06.00856065Z | 63 | PC: 2298b | Read file or device (Read 351 bytes on handle 5) |
| 2018-12-25T12:27:06.015877708Z | 44 | PC: 22999 | Get time 0x22999: mov byte ptr ss:[0x22f], dl 0x2299e: mov byte ptr [0x12f], dl 0x229a2: mov ax, 0x4202 0x229a5: xor cx, cx 0x229a7: xor dx, dx 0x229a9: int 0x21 0x229ab: cmp ax, 0x15f 0x229ae: jae 0x229b6 0x229b0: mov ax, 0x25f 0x229b3: jmp 0x229b9 0x229b5: nop 0x229b6: add ax, 0x100 0x229b9: mov word ptr ss:[0x203], ax 0x229bd: push ss 0x229be: pop es 0x229bf: push es 0x229c0: pop ds 0x229c1: call 0x22a65 0x229c4: mov ax, 0x4200 0x229c7: xor cx, cx |
| 2018-12-25T12:27:06.018223688Z | 66 | PC: 229ab | Move file pointer |
| 2018-12-25T12:27:06.020051475Z | 66 | PC: 229cd | Move file pointer |
| 2018-12-25T12:27:06.022291363Z | 64 | PC: 229d7 | Write file or device (Write 351 bytes on handle 5) |
| 2018-12-25T12:27:06.025055186Z | 66 | PC: 229e0 | Move file pointer |
| 2018-12-25T12:27:06.026363032Z | 64 | PC: 229eb | Write file or device (Write 351 bytes on handle 5) |
| 2018-12-25T12:27:06.058207173Z | 62 | PC: 229ef | Close file |
| 2018-12-25T12:27:06.066848337Z | 42 | PC: 22a11 | Get date 0x22a11: cmp dh, 0xc 0x22a14: jne 0x22a31 0x22a16: cmp dl, 0x1d 0x22a19: jne 0x22a31 0x22a1b: mov dx, 0x43 0x22a1e: mov ah, 0x36 0x22a20: out dx, al 0x22a21: jmp 0x22a23 0x22a23: mov dx, 0x40 0x22a26: xor al, al 0x22a28: out dx, al 0x22a29: jmp 0x22a2b 0x22a2b: mov dx, 0x40 0x22a2e: mov al, 1 0x22a30: out dx, al 0x22a31: push ss 0x22a32: pop ds 0x22a33: jmp 0x2295a 0x22a36: mov ah, 0x3e 0x22a38: int 0x21 |
| 2018-12-25T12:27:06.068962616Z | 9 | PC: 12a47 | Display string (String= '(C) 1993 American Eagle Poblications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T12:27:06.078248111Z | 76 | PC: 12a4c | Terminate with return code (Return code = '0') |