{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12629,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:35:43.963273307Z | 42 | PC: 12b77 | Get date 0x12b77: cmp dl, 9 0x12b7a: jne 0x12bb2 0x12b7c: mov ah, 9 0x12b7e: lea dx, word ptr [bp + 0x4f9] 0x12b82: int 0x21 0x12b84: xor ax, ax 0x12b86: mov es, ax 0x12b88: mov dx, 0xaaaa 0x12b8b: mov word ptr es:[0x416], dx 0x12b90: ror dx, 1 0x12b92: mov cx, 0x101 0x12b95: mov ah, 5 0x12b97: int 0x16 0x12b99: mov ah, 0x10 0x12b9b: int 0x16 0x12b9d: int 5 0x12b9f: mov ax, 0xa07 0x12ba2: xor bh, bh 0x12ba4: mov cx, 1 0x12ba7: int 0x10 |
| 2018-12-25T12:35:43.965279205Z | 125 | PC: 12bf3 | UNKNOWN! |
| 2018-12-25T12:35:43.966010546Z | 74 | PC: 12bc8 | Reallocate memory |
| 2018-12-25T12:35:43.967235277Z | 75 | PC: 12bd7 | Execute program |
| 2018-12-25T12:35:43.97068634Z | 76 | PC: 12bdb | Terminate with return code (Return code = '5') |
{"DateBased":true,"Day":9,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12629,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:35:44.228466843Z | 42 | PC: 12b77 | Get date 0x12b77: cmp dl, 9 0x12b7a: jne 0x12bb2 0x12b7c: mov ah, 9 0x12b7e: lea dx, word ptr [bp + 0x4f9] 0x12b82: int 0x21 0x12b84: xor ax, ax 0x12b86: mov es, ax 0x12b88: mov dx, 0xaaaa 0x12b8b: mov word ptr es:[0x416], dx 0x12b90: ror dx, 1 0x12b92: mov cx, 0x101 0x12b95: mov ah, 5 0x12b97: int 0x16 0x12b99: mov ah, 0x10 0x12b9b: int 0x16 0x12b9d: int 5 0x12b9f: mov ax, 0xa07 0x12ba2: xor bh, bh 0x12ba4: mov cx, 1 0x12ba7: int 0x10 |
| 2018-12-25T12:35:44.231609484Z | 9 | PC: 12b84 | Display string (Could not find end pointer) |