{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13045,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:12.757564926Z | 26 | PC: 12b95 | Set disk transfer address |
| 2018-12-25T12:37:12.760274386Z | 78 | PC: 12bc6 | Find first file |
| 2018-12-25T12:37:12.766608094Z | 61 | PC: 12be8 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:37:12.773321294Z | 87 | PC: 12bf5 | Get or set file date and time |
| 2018-12-25T12:37:12.775915821Z | 63 | PC: 12c0a | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:37:12.779399182Z | 66 | PC: 12c84 | Move file pointer |
| 2018-12-25T12:37:12.781297942Z | 66 | PC: 12cd3 | Move file pointer |
| 2018-12-25T12:37:12.783518938Z | 64 | PC: 12cde | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T12:37:12.787883117Z | 66 | PC: 12ce9 | Move file pointer |
| 2018-12-25T12:37:12.78978587Z | 64 | PC: 12b81 | Write file or device (Write 682 bytes on handle 5) |
| 2018-12-25T12:37:12.806424523Z | 87 | PC: 12d00 | Get or set file date and time |
| 2018-12-25T12:37:12.808791759Z | 62 | PC: 12d04 | Close file |
| 2018-12-25T12:37:12.817788811Z | 26 | PC: 12d0b | Set disk transfer address |
| 2018-12-25T12:37:12.829110288Z | 42 | PC: 12d0f | Get date 0x12d0f: cmp dl, 2 0x12d12: jne 0x12d26 0x12d14: cmp dh, 0xb 0x12d17: jne 0x12d26 0x12d19: mov ah, 9 0x12d1b: lea dx, word ptr [bp + 0x36a] 0x12d1f: int 0x21 0x12d21: mov cx, 1 0x12d24: jmp 0x12d21 0x12d26: cmp bp, 0 0x12d29: je 0x12d4e 0x12d2b: pop ds 0x12d2c: pop es 0x12d2d: mov ax, es 0x12d2f: add ax, 0x10 0x12d32: add word ptr cs:[bp + 0x308], ax 0x12d37: cli 0x12d38: add ax, word ptr cs:[bp + 0x30a] 0x12d3d: mov ax, ss 0x12d3f: mov sp, word ptr cs:[bp + 0x30c] |
| 2018-12-25T12:37:12.832493057Z | 76 | PC: 12d52 | Terminate with return code (Return code = '2') |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13045,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:13.844274594Z | 26 | PC: 12b95 | Set disk transfer address |
| 2018-12-25T12:37:13.84637505Z | 78 | PC: 12bc6 | Find first file |
| 2018-12-25T12:37:13.853161846Z | 61 | PC: 12be8 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:37:13.860819703Z | 87 | PC: 12bf5 | Get or set file date and time |
| 2018-12-25T12:37:13.863750176Z | 63 | PC: 12c0a | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:37:13.866914379Z | 66 | PC: 12c84 | Move file pointer |
| 2018-12-25T12:37:13.869046394Z | 66 | PC: 12cd3 | Move file pointer |
| 2018-12-25T12:37:13.871646103Z | 64 | PC: 12cde | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T12:37:13.875092991Z | 66 | PC: 12ce9 | Move file pointer |
| 2018-12-25T12:37:13.877429085Z | 64 | PC: 12b81 | Write file or device (Write 682 bytes on handle 5) |
| 2018-12-25T12:37:13.894554417Z | 87 | PC: 12d00 | Get or set file date and time |
| 2018-12-25T12:37:13.896288083Z | 62 | PC: 12d04 | Close file |
| 2018-12-25T12:37:13.905327327Z | 26 | PC: 12d0b | Set disk transfer address |
| 2018-12-25T12:37:13.90681333Z | 42 | PC: 12d0f | Get date 0x12d0f: cmp dl, 2 0x12d12: jne 0x12d26 0x12d14: cmp dh, 0xb 0x12d17: jne 0x12d26 0x12d19: mov ah, 9 0x12d1b: lea dx, word ptr [bp + 0x36a] 0x12d1f: int 0x21 0x12d21: mov cx, 1 0x12d24: jmp 0x12d21 0x12d26: cmp bp, 0 0x12d29: je 0x12d4e 0x12d2b: pop ds 0x12d2c: pop es 0x12d2d: mov ax, es 0x12d2f: add ax, 0x10 0x12d32: add word ptr cs:[bp + 0x308], ax 0x12d37: cli 0x12d38: add ax, word ptr cs:[bp + 0x30a] 0x12d3d: mov ax, ss 0x12d3f: mov sp, word ptr cs:[bp + 0x30c] |
| 2018-12-25T12:37:13.909976321Z | 76 | PC: 12d52 | Terminate with return code (Return code = '3') |
{"DateBased":true,"Day":2,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13045,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:14.769237761Z | 26 | PC: 12b95 | Set disk transfer address |
| 2018-12-25T12:37:14.771032044Z | 78 | PC: 12bc6 | Find first file |
| 2018-12-25T12:37:14.777884689Z | 61 | PC: 12be8 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:37:14.785599776Z | 87 | PC: 12bf5 | Get or set file date and time |
| 2018-12-25T12:37:14.787661489Z | 63 | PC: 12c0a | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T12:37:14.791190023Z | 66 | PC: 12c84 | Move file pointer |
| 2018-12-25T12:37:14.792768938Z | 66 | PC: 12cd3 | Move file pointer |
| 2018-12-25T12:37:14.794638502Z | 64 | PC: 12cde | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T12:37:14.797923487Z | 66 | PC: 12ce9 | Move file pointer |
| 2018-12-25T12:37:14.799635249Z | 64 | PC: 12b81 | Write file or device (Write 682 bytes on handle 5) |
| 2018-12-25T12:37:14.820658205Z | 87 | PC: 12d00 | Get or set file date and time |
| 2018-12-25T12:37:14.828917798Z | 62 | PC: 12d04 | Close file |
| 2018-12-25T12:37:14.99341723Z | 26 | PC: 12d0b | Set disk transfer address |
| 2018-12-25T12:37:14.994566277Z | 42 | PC: 12d0f | Get date 0x12d0f: cmp dl, 2 0x12d12: jne 0x12d26 0x12d14: cmp dh, 0xb 0x12d17: jne 0x12d26 0x12d19: mov ah, 9 0x12d1b: lea dx, word ptr [bp + 0x36a] 0x12d1f: int 0x21 0x12d21: mov cx, 1 0x12d24: jmp 0x12d21 0x12d26: cmp bp, 0 0x12d29: je 0x12d4e 0x12d2b: pop ds 0x12d2c: pop es 0x12d2d: mov ax, es 0x12d2f: add ax, 0x10 0x12d32: add word ptr cs:[bp + 0x308], ax 0x12d37: cli 0x12d38: add ax, word ptr cs:[bp + 0x30a] 0x12d3d: mov ax, ss 0x12d3f: mov sp, word ptr cs:[bp + 0x30c] |
| 2018-12-25T12:37:14.996956246Z | 9 | PC: 12d21 | Display string (String= ' Message of BeLiAL: My Last Temptation is now also yours... ') |