{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14793,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:41.416293636Z | 251 | PC: 12f86 | UNKNOWN! |
| 2018-12-25T12:41:41.417891282Z | 251 | PC: 12b2e | UNKNOWN! |
| 2018-12-25T12:41:41.419246057Z | 74 | PC: 12b7d | Reallocate memory |
| 2018-12-25T12:41:41.420341301Z | 53 | PC: 12fa7 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:41.42247391Z | 37 | PC: 12fbc | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:41.423694991Z | 42 | PC: 12bb6 | Get date 0x12bb6: cmp dl, 4 0x12bb9: jne 0x12bc0 0x12bbb: inc byte ptr cs:[0xe] 0x12bc0: cmp al, 1 0x12bc2: je 0x12c08 0x12bc4: cmp al, 5 0x12bc6: je 0x12c08 0x12bc8: pop dx 0x12bc9: pop cx 0x12bca: pop bx 0x12bcb: pop ax 0x12bcc: pop es 0x12bcd: pop ds 0x12bce: pushf 0x12bcf: lcall ptr cs:[0x13] 0x12bd4: push ds 0x12bd5: pop es 0x12bd6: mov ah, 0x49 0x12bd8: int 0x21 0x12bda: mov ah, 0x4d |
| 2018-12-25T12:41:41.42655612Z | 53 | PC: 12c0e | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T12:41:41.428264663Z | 37 | PC: 12c23 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T12:41:41.42937333Z | 75 | PC: 12bd4 | Execute program |
| 2018-12-25T12:41:41.443767555Z | 9 | PC: 133a7 | Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T12:41:41.451176737Z | 76 | PC: 133ac | Terminate with return code (Return code = '0') |
| 2018-12-25T12:41:41.454277385Z | 73 | PC: 12bda | Release memory |
| 2018-12-25T12:41:41.455450071Z | 77 | PC: 12bde | Get program return code |
| 2018-12-25T12:41:41.457229169Z | 49 | PC: 12c08 | Terminate and stay resident (Return code = '2' | Memory size = '145') |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14793,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:41.707353229Z | 251 | PC: 12f86 | UNKNOWN! |
| 2018-12-25T12:41:41.708652352Z | 251 | PC: 12b2e | UNKNOWN! |
| 2018-12-25T12:41:41.711025002Z | 74 | PC: 12b7d | Reallocate memory |
| 2018-12-25T12:41:41.712974363Z | 53 | PC: 12fa7 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:41.714706561Z | 37 | PC: 12fbc | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:41.717312245Z | 42 | PC: 12bb6 | Get date 0x12bb6: cmp dl, 4 0x12bb9: jne 0x12bc0 0x12bbb: inc byte ptr cs:[0xe] 0x12bc0: cmp al, 1 0x12bc2: je 0x12c08 0x12bc4: cmp al, 5 0x12bc6: je 0x12c08 0x12bc8: pop dx 0x12bc9: pop cx 0x12bca: pop bx 0x12bcb: pop ax 0x12bcc: pop es 0x12bcd: pop ds 0x12bce: pushf 0x12bcf: lcall ptr cs:[0x13] 0x12bd4: push ds 0x12bd5: pop es 0x12bd6: mov ah, 0x49 0x12bd8: int 0x21 0x12bda: mov ah, 0x4d |
| 2018-12-25T12:41:41.719923987Z | 53 | PC: 12c0e | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T12:41:41.721314771Z | 37 | PC: 12c23 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T12:41:41.723050516Z | 75 | PC: 12bd4 | Execute program |
| 2018-12-25T12:41:41.740299933Z | 9 | PC: 133a7 | Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T12:41:41.748565103Z | 76 | PC: 133ac | Terminate with return code (Return code = '0') |
| 2018-12-25T12:41:41.75324038Z | 73 | PC: 12bda | Release memory |
| 2018-12-25T12:41:41.754805361Z | 77 | PC: 12bde | Get program return code |
| 2018-12-25T12:41:41.756745761Z | 49 | PC: 12c08 | Terminate and stay resident (Return code = '2' | Memory size = '145') |
{"DateBased":true,"Day":11,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14793,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:42.04055725Z | 251 | PC: 12f86 | UNKNOWN! |
| 2018-12-25T12:41:42.042374993Z | 251 | PC: 12b2e | UNKNOWN! |
| 2018-12-25T12:41:42.044071259Z | 74 | PC: 12b7d | Reallocate memory |
| 2018-12-25T12:41:42.046975146Z | 53 | PC: 12fa7 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:42.049191574Z | 37 | PC: 12fbc | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:42.051667556Z | 42 | PC: 12bb6 | Get date 0x12bb6: cmp dl, 4 0x12bb9: jne 0x12bc0 0x12bbb: inc byte ptr cs:[0xe] 0x12bc0: cmp al, 1 0x12bc2: je 0x12c08 0x12bc4: cmp al, 5 0x12bc6: je 0x12c08 0x12bc8: pop dx 0x12bc9: pop cx 0x12bca: pop bx 0x12bcb: pop ax 0x12bcc: pop es 0x12bcd: pop ds 0x12bce: pushf 0x12bcf: lcall ptr cs:[0x13] 0x12bd4: push ds 0x12bd5: pop es 0x12bd6: mov ah, 0x49 0x12bd8: int 0x21 0x12bda: mov ah, 0x4d |
| 2018-12-25T12:41:42.054607146Z | 53 | PC: 12c0e | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T12:41:42.056407091Z | 37 | PC: 12c23 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T12:41:42.058438794Z | 75 | PC: 12bd4 | Execute program |
| 2018-12-25T12:41:42.074841127Z | 9 | PC: 133a7 | Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T12:41:42.083543027Z | 76 | PC: 133ac | Terminate with return code (Return code = '0') |
| 2018-12-25T12:41:42.08761955Z | 73 | PC: 12bda | Release memory |
| 2018-12-25T12:41:42.089131551Z | 77 | PC: 12bde | Get program return code |
| 2018-12-25T12:41:42.091938345Z | 49 | PC: 12c08 | Terminate and stay resident (Return code = '2' | Memory size = '145') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14793,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:41:42.19196624Z | 251 | PC: 12f86 | UNKNOWN! |
| 2018-12-25T12:41:42.193047401Z | 251 | PC: 12b2e | UNKNOWN! |
| 2018-12-25T12:41:42.194428064Z | 74 | PC: 12b7d | Reallocate memory |
| 2018-12-25T12:41:42.195990175Z | 53 | PC: 12fa7 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:42.19737622Z | 37 | PC: 12fbc | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:41:42.198825579Z | 42 | PC: 12bb6 | Get date 0x12bb6: cmp dl, 4 0x12bb9: jne 0x12bc0 0x12bbb: inc byte ptr cs:[0xe] 0x12bc0: cmp al, 1 0x12bc2: je 0x12c08 0x12bc4: cmp al, 5 0x12bc6: je 0x12c08 0x12bc8: pop dx 0x12bc9: pop cx 0x12bca: pop bx 0x12bcb: pop ax 0x12bcc: pop es 0x12bcd: pop ds 0x12bce: pushf 0x12bcf: lcall ptr cs:[0x13] 0x12bd4: push ds 0x12bd5: pop es 0x12bd6: mov ah, 0x49 0x12bd8: int 0x21 0x12bda: mov ah, 0x4d |
| 2018-12-25T12:41:42.201180284Z | 75 | PC: 12bd4 | Execute program |
| 2018-12-25T12:41:42.214814529Z | 9 | PC: 133a7 | Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T12:41:42.222167657Z | 76 | PC: 133ac | Terminate with return code (Return code = '0') |
| 2018-12-25T12:41:42.225312172Z | 73 | PC: 12bda | Release memory |
| 2018-12-25T12:41:42.226806132Z | 77 | PC: 12bde | Get program return code |
| 2018-12-25T12:41:42.22880732Z | 49 | PC: 12c08 | Terminate and stay resident (Return code = '2' | Memory size = '145') |