{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11150,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:29:59.356708684Z | 74 | PC: 12ba8 | Reallocate memory |
| 2018-12-25T12:29:59.358703029Z | 42 | PC: 12bbe | Get date 0x12bbe: cmp dl, 0xe 0x12bc1: jne 0x12bca 0x12bc3: mov ah, 9 0x12bc5: mov dx, 0x111 0x12bc8: int 0x21 0x12bca: call 0x12be0 0x12bcd: mov dx, 0x198 0x12bd0: mov bx, 0x1ee 0x12bd3: mov ax, 0x4b00 0x12bd6: int 0x21 0x12bd8: push cs 0x12bd9: pop ds 0x12bda: push ds 0x12bdb: pop es 0x12bdc: mov ah, 0x4c 0x12bde: int 0x21 0x12be0: mov ah, 0x7d 0x12be2: int 0x21 0x12be4: cmp ah, 0xfc 0x12be7: je 0x12c21 |
| 2018-12-25T12:29:59.361199325Z | 125 | PC: 12be4 | UNKNOWN! |
| 2018-12-25T12:29:59.362279625Z | 49 | PC: 12c20 | Terminate and stay resident (Return code = '0' | Memory size = '128') |
{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11150,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:00.009257055Z | 74 | PC: 12ba8 | Reallocate memory |
| 2018-12-25T12:30:00.011182625Z | 42 | PC: 12bbe | Get date 0x12bbe: cmp dl, 0xe 0x12bc1: jne 0x12bca 0x12bc3: mov ah, 9 0x12bc5: mov dx, 0x111 0x12bc8: int 0x21 0x12bca: call 0x12be0 0x12bcd: mov dx, 0x198 0x12bd0: mov bx, 0x1ee 0x12bd3: mov ax, 0x4b00 0x12bd6: int 0x21 0x12bd8: push cs 0x12bd9: pop ds 0x12bda: push ds 0x12bdb: pop es 0x12bdc: mov ah, 0x4c 0x12bde: int 0x21 0x12be0: mov ah, 0x7d 0x12be2: int 0x21 0x12be4: cmp ah, 0xfc 0x12be7: je 0x12c21 |
| 2018-12-25T12:30:00.013237609Z | 9 | PC: 12bca | Display string (String= ' (c)1993 VG Enterprises * Congratulations, You have recieved the privelge of being infected by the * * Offspring I v0.05. *') |
| 2018-12-25T12:30:00.02213658Z | 125 | PC: 12be4 | UNKNOWN! |
| 2018-12-25T12:30:00.023186092Z | 49 | PC: 12c20 | Terminate and stay resident (Return code = '0' | Memory size = '128') |