{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11581,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:52.186677322Z | 192 | PC: 12e20 | UNKNOWN! |
| 2018-12-25T12:30:52.188804499Z | 74 | PC: 12e4f | Reallocate memory |
| 2018-12-25T12:30:52.1902313Z | 53 | PC: 12e54 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:52.191447789Z | 37 | PC: 12e68 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:52.193168753Z | 75 | PC: 12ea1 | Execute program |
| 2018-12-25T12:30:52.207212439Z | 9 | PC: 1313e | Display string (String= 'Infected Program. ') |
| 2018-12-25T12:30:52.213374601Z | 42 | PC: 12ece | Get date 0x12ece: cmp cx, 0x7c5 0x12ed2: jne 0x12ee6 0x12ed4: mov ax, 0x2521 0x12ed7: lds dx, ptr cs:[0x135] 0x12edc: int 0x21 0x12ede: mov ah, 0x4d 0x12ee0: int 0x21 0x12ee2: mov ah, 0x4c 0x12ee4: int 0x21 0x12ee6: mov ax, 0x3508 0x12ee9: int 0x21 0x12eeb: mov word ptr cs:[0x131], bx 0x12ef0: mov word ptr cs:[0x133], es 0x12ef5: mov ax, 0x2508 0x12ef8: push cs 0x12ef9: pop ds 0x12efa: mov dx, 0x43c 0x12efd: int 0x21 0x12eff: mov ah, 0x4d 0x12f01: int 0x21 |
| 2018-12-25T12:30:52.215660486Z | 53 | PC: 12eeb | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T12:30:52.223155222Z | 37 | PC: 12eff | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T12:30:52.223938609Z | 77 | PC: 12f03 | Get program return code |
| 2018-12-25T12:30:52.224783985Z | 49 | PC: 12f0f | Terminate and stay resident (Return code = '0' | Memory size = '109') |
{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11581,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:30:52.229449061Z | 192 | PC: 12e20 | UNKNOWN! |
| 2018-12-25T12:30:52.230437686Z | 74 | PC: 12e4f | Reallocate memory |
| 2018-12-25T12:30:52.231634764Z | 53 | PC: 12e54 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:52.232876497Z | 37 | PC: 12e68 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:52.234859976Z | 75 | PC: 12ea1 | Execute program |
| 2018-12-25T12:30:52.248090476Z | 9 | PC: 1313e | Display string (String= 'Infected Program. ') |
| 2018-12-25T12:30:52.254547712Z | 42 | PC: 12ece | Get date 0x12ece: cmp cx, 0x7c5 0x12ed2: jne 0x12ee6 0x12ed4: mov ax, 0x2521 0x12ed7: lds dx, ptr cs:[0x135] 0x12edc: int 0x21 0x12ede: mov ah, 0x4d 0x12ee0: int 0x21 0x12ee2: mov ah, 0x4c 0x12ee4: int 0x21 0x12ee6: mov ax, 0x3508 0x12ee9: int 0x21 0x12eeb: mov word ptr cs:[0x131], bx 0x12ef0: mov word ptr cs:[0x133], es 0x12ef5: mov ax, 0x2508 0x12ef8: push cs 0x12ef9: pop ds 0x12efa: mov dx, 0x43c 0x12efd: int 0x21 0x12eff: mov ah, 0x4d 0x12f01: int 0x21 |
| 2018-12-25T12:30:52.256919995Z | 37 | PC: 12ede | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:30:52.25783716Z | 77 | PC: 12ee2 | Get program return code |
| 2018-12-25T12:30:52.258784482Z | 76 | PC: 12ee6 | Terminate with return code (Return code = '0') |