{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11826,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:23.750577952Z | 42 | PC: 13a23 | Get date 0x13a23: cmp dl, 7 0x13a26: je 0x13a2b 0x13a28: jmp 0x13b94 0x13a2b: mov ah, 0x2c 0x13a2d: int 0x21 0x13a2f: cmp cl, 0x14 0x13a32: jg 0x13a37 0x13a34: jmp 0x13b94 0x13a37: jmp 0x13b26 0x13a3a: or cl, byte ptr [di] 0x13a3c: or cl, byte ptr [di] 0x13a3e: or cl, byte ptr [di] 0x13a40: or cl, byte ptr [di] 0x13a42: or cl, byte ptr [di] 0x13a44: or cl, byte ptr [di] 0x13a46: and byte ptr [bx + 0x65], dl 0x13a49: insb byte ptr es:[di], dx 0x13a4a: insb byte ptr es:[di], dx 0x13a4b: sub al, 0x20 0x13a4d: je 0x13ab7 |
| 2018-12-25T12:31:23.754175511Z | 94 | PC: 12e0c | Network functions |
| 2018-12-25T12:31:23.755786578Z | 88 | PC: 12e33 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:31:23.757182319Z | 88 | PC: 12e3d | case 0xGet or set allocation strateg: |
| 2018-12-25T12:31:23.758880306Z | 88 | PC: 12e4a | case 0xGet or set allocation strateg: |
| 2018-12-25T12:31:23.761229174Z | 88 | PC: 12e52 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:31:23.76324454Z | 88 | PC: 12ee2 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:31:23.764701345Z | 88 | PC: 12eee | case 0xGet or set allocation strateg: |
| 2018-12-25T12:31:23.767216028Z | 74 | PC: 12f04 | Reallocate memory |
| 2018-12-25T12:31:23.769384733Z | 74 | PC: 12f12 | Reallocate memory |
| 2018-12-25T12:31:23.771741897Z | 25 | PC: 12fb6 | Get default drive |
| 2018-12-25T12:31:23.774793058Z | 76 | PC: 130cf | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11826,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:23.754420569Z | 42 | PC: 13a23 | Get date 0x13a23: cmp dl, 7 0x13a26: je 0x13a2b 0x13a28: jmp 0x13b94 0x13a2b: mov ah, 0x2c 0x13a2d: int 0x21 0x13a2f: cmp cl, 0x14 0x13a32: jg 0x13a37 0x13a34: jmp 0x13b94 0x13a37: jmp 0x13b26 0x13a3a: or cl, byte ptr [di] 0x13a3c: or cl, byte ptr [di] 0x13a3e: or cl, byte ptr [di] 0x13a40: or cl, byte ptr [di] 0x13a42: or cl, byte ptr [di] 0x13a44: or cl, byte ptr [di] 0x13a46: and byte ptr [bx + 0x65], dl 0x13a49: insb byte ptr es:[di], dx 0x13a4a: insb byte ptr es:[di], dx 0x13a4b: sub al, 0x20 0x13a4d: je 0x13ab7 |
| 2018-12-25T12:31:23.757877664Z | 44 | PC: 13a2f | Get time 0x13a2f: cmp cl, 0x14 0x13a32: jg 0x13a37 0x13a34: jmp 0x13b94 0x13a37: jmp 0x13b26 0x13a3a: or cl, byte ptr [di] 0x13a3c: or cl, byte ptr [di] 0x13a3e: or cl, byte ptr [di] 0x13a40: or cl, byte ptr [di] 0x13a42: or cl, byte ptr [di] 0x13a44: or cl, byte ptr [di] 0x13a46: and byte ptr [bx + 0x65], dl 0x13a49: insb byte ptr es:[di], dx 0x13a4a: insb byte ptr es:[di], dx 0x13a4b: sub al, 0x20 0x13a4d: je 0x13ab7 0x13a4f: imul si, word ptr [bp + di + 0x20], 0x756a 0x13a54: jae 0x13aca 0x13a56: and byte ptr [bx + di + 0x69], ah 0x13a59: outsb dx, byte ptr [si] 0x13a5a: daa |
| 2018-12-25T12:31:23.769583868Z | 9 | PC: 13b66 | Display string (String= ' Well, this just ain't your lucky day ! You are blessed with WHIPLASH V.2.0. Beta release Variant A written and compiled in Bucharest, Romania by The Viking Child (c) ') |