{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13079,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:27.425367367Z | 48 | PC: 12ac8 | Get DOS version |
| 2018-12-25T12:37:27.433042984Z | 42 | PC: 12b65 | Get date 0x12b65: cmp al, 1 0x12b67: jne 0x12b7f 0x12b69: mov bx, 0xb46 0x12b6c: mov word ptr [0x22], es 0x12b70: mov word ptr [0x20], bx 0x12b74: mov bx, 0xb6c 0x12b77: mov word ptr [0x26], es 0x12b7b: mov word ptr [0x24], bx 0x12b7f: sub byte ptr [0x413], 7 0x12b84: mov ax, cs 0x12b86: mov ds, ax 0x12b88: mov es, ax 0x12b8a: call 0x12b9e 0x12b8d: lea si, word ptr [bp + 0xea7] 0x12b91: mov di, 0x100 0x12b94: mov cx, 3 0x12b97: repne movsb byte ptr es:[di], byte ptr [si] 0x12b99: mov di, 0x100 0x12b9c: jmp di 0x12b9e: mov byte ptr cs:[bp + 0xecd], 0 |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13079,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:27.611930795Z | 48 | PC: 12ac8 | Get DOS version |
| 2018-12-25T12:37:27.61428035Z | 42 | PC: 12b65 | Get date 0x12b65: cmp al, 1 0x12b67: jne 0x12b7f 0x12b69: mov bx, 0xb46 0x12b6c: mov word ptr [0x22], es 0x12b70: mov word ptr [0x20], bx 0x12b74: mov bx, 0xb6c 0x12b77: mov word ptr [0x26], es 0x12b7b: mov word ptr [0x24], bx 0x12b7f: sub byte ptr [0x413], 7 0x12b84: mov ax, cs 0x12b86: mov ds, ax 0x12b88: mov es, ax 0x12b8a: call 0x12b9e 0x12b8d: lea si, word ptr [bp + 0xea7] 0x12b91: mov di, 0x100 0x12b94: mov cx, 3 0x12b97: repne movsb byte ptr es:[di], byte ptr [si] 0x12b99: mov di, 0x100 0x12b9c: jmp di 0x12b9e: mov byte ptr cs:[bp + 0xecd], 0 |