{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13390,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:09.460572613Z | 53 | PC: 12a50 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:38:09.462603784Z | 37 | PC: 12a61 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:38:09.464126709Z | 78 | PC: 12a87 | Find first file |
| 2018-12-25T12:38:09.470818436Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.473608023Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.476981049Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.480044835Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.483180682Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.486400724Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.48910466Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.491709383Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.49517409Z | 42 | PC: 12ad9 | Get date 0x12ad9: cmp cx, 0x7ca 0x12add: jb 0x12b21 0x12adf: mov ah, 9 0x12ae1: mov dx, 0x209 0x12ae4: int 0x21 0x12ae6: mov cx, 2 0x12ae9: push cx 0x12aea: cli 0x12aeb: mov dx, 0x2ee0 0x12aee: sub dx, word ptr cs:[0x1388] 0x12af3: mov bx, 0x64 0x12af6: mov al, 0xb6 0x12af8: out 0x43, al 0x12afa: mov ax, bx 0x12afc: out 0x42, al 0x12afe: mov al, ah 0x12b00: out 0x42, al 0x12b02: in al, 0x61 0x12b04: mov ah, 0 0x12b06: or ax, 3 |
| 2018-12-25T12:38:09.497506095Z | 37 | PC: 12a74 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13390,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:38:09.656805013Z | 53 | PC: 12a50 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:38:09.658110112Z | 37 | PC: 12a61 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:38:09.659209735Z | 78 | PC: 12a87 | Find first file |
| 2018-12-25T12:38:09.66495551Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.668079544Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.67103748Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.673685837Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.676620781Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.680023058Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.682723902Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.685429372Z | 79 | PC: 12a87 | Find next file (See above) |
| 2018-12-25T12:38:09.688669096Z | 42 | PC: 12ad9 | Get date 0x12ad9: cmp cx, 0x7ca 0x12add: jb 0x12b21 0x12adf: mov ah, 9 0x12ae1: mov dx, 0x209 0x12ae4: int 0x21 0x12ae6: mov cx, 2 0x12ae9: push cx 0x12aea: cli 0x12aeb: mov dx, 0x2ee0 0x12aee: sub dx, word ptr cs:[0x1388] 0x12af3: mov bx, 0x64 0x12af6: mov al, 0xb6 0x12af8: out 0x43, al 0x12afa: mov ax, bx 0x12afc: out 0x42, al 0x12afe: mov al, ah 0x12b00: out 0x42, al 0x12b02: in al, 0x61 0x12b04: mov ah, 0 0x12b06: or ax, 3 |
| 2018-12-25T12:38:09.690992391Z | 9 | PC: 12ae6 | Display string (String= 'HOT ZONE 5 VIRUS Somehing is growing inside! by eMpIrE-X [IVP] ') |
| 2018-12-25T12:38:09.737279661Z | 37 | PC: 12a74 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |