.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:07:08.763807495Z | 225 | PC: 12ada | UNKNOWN! |
| 2018-12-17T23:07:08.765666418Z | 225 | PC: 12b2e | UNKNOWN! |
| 2018-12-17T23:07:08.77016598Z | 74 | PC: 12bb2 | Reallocate memory |
| 2018-12-17T23:07:08.771822593Z | 53 | PC: 12bb7 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:07:08.774071197Z | 37 | PC: 12bcb | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T23:07:08.776678061Z | 42 | PC: 12bfb | Get date 0x12bfb: mov byte ptr cs:[0xe], 0
0x12c01: cmp cx, 0x7c8
0x12c05: je 0x12c37
0x12c07: cmp al, 2
0x12c09: jne 0x12c18
0x12c0b: cmp dl, 0xd
0x12c0e: jne 0x12c18
0x12c10: inc byte ptr cs:[0xe]
0x12c15: jmp 0x12c37
0x12c17: nop
0x12c18: mov ax, 0x3508
0x12c1b: int 0x21
0x12c1d: mov word ptr cs:[0x13], bx
0x12c22: mov word ptr cs:[0x15], es
0x12c27: push cs
0x12c28: pop ds
0x12c29: mov word ptr [0x1f], 0x7e90
0x12c2f: mov ax, 0x2508
0x12c32: mov dx, 0x21e
0x12c35: int 0x21
|
| 2018-12-17T23:07:08.779477422Z | 53 | PC: 12c1d | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-17T23:07:08.780853282Z | 37 | PC: 12c37 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-17T23:07:08.782687996Z | 75 | PC: 12c43 | Execute program |
| 2018-12-17T23:07:08.799370183Z | 9 | PC: 1429b | Display string (String= 'Infected file. Original length = 4096 bytes.
�') |
| 2018-12-17T23:07:08.804492331Z | 76 | PC: 142a0 | Terminate with return code (Return code = '0') |
| 2018-12-17T23:07:08.810765581Z | 73 | PC: 12c49 | Release memory |
| 2018-12-17T23:07:08.812760419Z | 77 | PC: 12c4d | Get program return code |
| 2018-12-17T23:07:08.814637165Z | 49 | PC: 12c5b | Terminate and stay resident (Return code = '0' | Memory size = '112') |
