{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11941,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:36.785468095Z | 42 | PC: 12a76 | Get date 0x12a76: cmp dl, 9 0x12a79: jne 0x12ab1 0x12a7b: mov ah, 9 0x12a7d: lea dx, word ptr [bp + 0x4f1] 0x12a81: int 0x21 0x12a83: xor ax, ax 0x12a85: mov es, ax 0x12a87: mov dx, 0xaaaa 0x12a8a: mov word ptr es:[0x416], dx 0x12a8f: ror dx, 1 0x12a91: mov cx, 0x101 0x12a94: mov ah, 5 0x12a96: int 0x16 0x12a98: mov ah, 0x10 0x12a9a: int 0x16 0x12a9c: int 5 0x12a9e: mov ax, 0xa07 0x12aa1: xor bh, bh 0x12aa3: mov cx, 1 0x12aa6: int 0x10 |
| 2018-12-25T12:31:36.788343263Z | 125 | PC: 12af2 | UNKNOWN! |
| 2018-12-25T12:31:36.78975284Z | 74 | PC: 12ac7 | Reallocate memory |
| 2018-12-25T12:31:36.792880391Z | 75 | PC: 12ad6 | Execute program |
| 2018-12-25T12:31:36.798334466Z | 76 | PC: 12ada | Terminate with return code (Return code = '5') |
{"DateBased":true,"Day":9,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11941,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:31:36.935783815Z | 42 | PC: 12a76 | Get date 0x12a76: cmp dl, 9 0x12a79: jne 0x12ab1 0x12a7b: mov ah, 9 0x12a7d: lea dx, word ptr [bp + 0x4f1] 0x12a81: int 0x21 0x12a83: xor ax, ax 0x12a85: mov es, ax 0x12a87: mov dx, 0xaaaa 0x12a8a: mov word ptr es:[0x416], dx 0x12a8f: ror dx, 1 0x12a91: mov cx, 0x101 0x12a94: mov ah, 5 0x12a96: int 0x16 0x12a98: mov ah, 0x10 0x12a9a: int 0x16 0x12a9c: int 5 0x12a9e: mov ax, 0xa07 0x12aa1: xor bh, bh 0x12aa3: mov cx, 1 0x12aa6: int 0x10 |
| 2018-12-25T12:31:36.939204377Z | 9 | PC: 12a83 | Display string (String= ' OFFSPRING V0.82') |