{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13290,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:59.002180854Z | 47 | PC: 12a55 | Get disk transfer address |
| 2018-12-25T12:37:59.004022518Z | 26 | PC: 12a61 | Set disk transfer address |
| 2018-12-25T12:37:59.005039228Z | 78 | PC: 12a6b | Find first file |
| 2018-12-25T12:37:59.011031832Z | 61 | PC: 12a76 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:37:59.018122309Z | 63 | PC: 12a85 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:37:59.024205228Z | 66 | PC: 12a9d | Move file pointer |
| 2018-12-25T12:37:59.025477218Z | 64 | PC: 12ab3 | Write file or device (Write 413 bytes on handle 5) |
| 2018-12-25T12:37:59.040363713Z | 66 | PC: 12abc | Move file pointer |
| 2018-12-25T12:37:59.041671556Z | 64 | PC: 12ac7 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:37:59.04845262Z | 62 | PC: 12ada | Close file |
| 2018-12-25T12:37:59.056385779Z | 26 | PC: 12ae2 | Set disk transfer address |
| 2018-12-25T12:37:59.057702137Z | 42 | PC: 12ae6 | Get date 0x12ae6: cmp al, 5 0x12ae8: jne 0x12af6 0x12aea: lea dx, word ptr [bp + 0x1c7] 0x12aee: mov ah, 9 0x12af0: int 0x21 0x12af2: xor ax, ax 0x12af4: int 0x16 0x12af6: lea si, word ptr [bp + 0x266] 0x12afa: mov di, 0x100 0x12afd: mov cx, 4 0x12b00: rep movsb byte ptr es:[di], byte ptr [si] 0x12b02: mov ax, 0x100 0x12b05: jmp ax 0x12b07: pop bx 0x12b08: and byte ptr [bx + si + 0x52], dl 0x12b0b: imul cx, word ptr [di + 0x45], 0x3220 0x12b10: xor byte ptr cs:[bx + si], ah 0x12b13: pop bp 0x12b14: and byte ptr [bp + 0x69], dl 0x12b17: jb 0x12b8e |
{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13290,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:37:59.183554441Z | 47 | PC: 12a55 | Get disk transfer address |
| 2018-12-25T12:37:59.196148138Z | 26 | PC: 12a61 | Set disk transfer address |
| 2018-12-25T12:37:59.197439213Z | 78 | PC: 12a6b | Find first file |
| 2018-12-25T12:37:59.204051457Z | 61 | PC: 12a76 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T12:37:59.211428044Z | 63 | PC: 12a85 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T12:37:59.218612404Z | 66 | PC: 12a9d | Move file pointer |
| 2018-12-25T12:37:59.220060794Z | 64 | PC: 12ab3 | Write file or device (Write 413 bytes on handle 5) |
| 2018-12-25T12:37:59.234766184Z | 66 | PC: 12abc | Move file pointer |
| 2018-12-25T12:37:59.236441161Z | 64 | PC: 12ac7 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T12:37:59.244049576Z | 62 | PC: 12ada | Close file |
| 2018-12-25T12:37:59.252957406Z | 26 | PC: 12ae2 | Set disk transfer address |
| 2018-12-25T12:37:59.254802083Z | 42 | PC: 12ae6 | Get date 0x12ae6: cmp al, 5 0x12ae8: jne 0x12af6 0x12aea: lea dx, word ptr [bp + 0x1c7] 0x12aee: mov ah, 9 0x12af0: int 0x21 0x12af2: xor ax, ax 0x12af4: int 0x16 0x12af6: lea si, word ptr [bp + 0x266] 0x12afa: mov di, 0x100 0x12afd: mov cx, 4 0x12b00: rep movsb byte ptr es:[di], byte ptr [si] 0x12b02: mov ax, 0x100 0x12b05: jmp ax 0x12b07: pop bx 0x12b08: and byte ptr [bx + si + 0x52], dl 0x12b0b: imul cx, word ptr [di + 0x45], 0x3220 0x12b10: xor byte ptr cs:[bx + si], ah 0x12b13: pop bp 0x12b14: and byte ptr [bp + 0x69], dl 0x12b17: jb 0x12b8e |
| 2018-12-25T12:37:59.257185421Z | 9 | PC: 12af2 | Display string (String= '[ PRiME 2.0 ] Virus Forro by Ren Greets to the virukers of SkNetwork! *JUST* the virii authors! ...ok...Cyborg too :-) Handles RULES!!! Juap! ;) ') |