{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14328,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:18.291901983Z | 238 | PC: 12ada | UNKNOWN! |
| 2018-12-25T12:40:18.292471365Z | 42 | PC: 12af6 | Get date 0x12af6: cmp al, 1 0x12af8: jne 0x12aff 0x12afa: inc byte ptr cs:[0x184] 0x12aff: mov ax, cs 0x12b01: mov ss, ax 0x12b03: mov sp, 0x700 0x12b06: mov bx, sp 0x12b08: mov cl, 4 0x12b0a: shr bx, cl 0x12b0c: add bx, 0x10 0x12b0f: mov ah, 0x4a 0x12b11: int 0x21 0x12b13: push cs 0x12b14: pop es 0x12b15: mov bx, 0x187 0x12b18: mov ax, 0x4b00 0x12b1b: mov es, word ptr es:[0x2c] 0x12b20: xor di, di 0x12b22: mov cx, 0x7fff 0x12b25: xor al, al |
| 2018-12-25T12:40:18.296245899Z | 74 | PC: 12b13 | Reallocate memory |
| 2018-12-25T12:40:18.297538687Z | 53 | PC: 12b74 | Get interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-25T12:40:18.298601652Z | 37 | PC: 12b89 | Set interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-25T12:40:18.300532199Z | 53 | PC: 12b90 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:40:18.301460465Z | 37 | PC: 12ba4 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:40:18.302335579Z | 75 | PC: 12b5e | Execute program |
| 2018-12-25T12:40:18.318027731Z | 9 | PC: 1332a | Display string (String= '(C) 2000 Rising Computer Sci & Tech Inc. Host program for virus, DOSCOM Version. It's original size is 10000. Maybe you've just released a virus! ') |
| 2018-12-25T12:40:18.342018972Z | 76 | PC: 1332f | Terminate with return code (Return code = '0') |
| 2018-12-25T12:40:18.345188852Z | 73 | PC: 12b64 | Release memory |
| 2018-12-25T12:40:18.347924106Z | 77 | PC: 12b68 | Get program return code |
| 2018-12-25T12:40:18.34952725Z | 49 | PC: 12b6f | Terminate and stay resident (Return code = '0' | Memory size = '77') |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14328,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:40:18.414057904Z | 238 | PC: 12ada | UNKNOWN! |
| 2018-12-25T12:40:18.4156314Z | 42 | PC: 12af6 | Get date 0x12af6: cmp al, 1 0x12af8: jne 0x12aff 0x12afa: inc byte ptr cs:[0x184] 0x12aff: mov ax, cs 0x12b01: mov ss, ax 0x12b03: mov sp, 0x700 0x12b06: mov bx, sp 0x12b08: mov cl, 4 0x12b0a: shr bx, cl 0x12b0c: add bx, 0x10 0x12b0f: mov ah, 0x4a 0x12b11: int 0x21 0x12b13: push cs 0x12b14: pop es 0x12b15: mov bx, 0x187 0x12b18: mov ax, 0x4b00 0x12b1b: mov es, word ptr es:[0x2c] 0x12b20: xor di, di 0x12b22: mov cx, 0x7fff 0x12b25: xor al, al |
| 2018-12-25T12:40:18.419696664Z | 74 | PC: 12b13 | Reallocate memory |
| 2018-12-25T12:40:18.421356764Z | 53 | PC: 12b74 | Get interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-25T12:40:18.423550676Z | 37 | PC: 12b89 | Set interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-25T12:40:18.42515042Z | 53 | PC: 12b90 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:40:18.426602148Z | 37 | PC: 12ba4 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:40:18.429109399Z | 75 | PC: 12b5e | Execute program |
| 2018-12-25T12:40:18.444375829Z | 9 | PC: 1332a | Display string (String= '(C) 2000 Rising Computer Sci & Tech Inc. Host program for virus, DOSCOM Version. It's original size is 10000. Maybe you've just released a virus! ') |
| 2018-12-25T12:40:18.455154021Z | 76 | PC: 1332f | Terminate with return code (Return code = '0') |
| 2018-12-25T12:40:18.459667995Z | 73 | PC: 12b64 | Release memory |
| 2018-12-25T12:40:18.461308036Z | 77 | PC: 12b68 | Get program return code |
| 2018-12-25T12:40:18.462797916Z | 49 | PC: 12b6f | Terminate and stay resident (Return code = '0' | Memory size = '77') |