{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15902,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:51.989312033Z | 75 | PC: 13cec | Execute program |
| 2018-12-25T12:44:51.991390239Z | 82 | PC: 13e7c | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T12:44:51.993390447Z | 53 | PC: 12d31 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:44:51.994665241Z | 37 | PC: 12d44 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:44:51.996032758Z | 42 | PC: 12d4d | Get date 0x12d4d: cmp dx, 0x909 0x12d51: jne 0x12d58 0x12d53: mov byte ptr [0x91], 1 0x12d58: mov es, word ptr [0x47] 0x12d5c: jmp 0x12bf4 0x12d5f: xor ax, ax 0x12d61: xor bx, bx 0x12d63: xor cx, cx 0x12d65: xor dx, dx 0x12d67: xor si, si 0x12d69: xor di, di 0x12d6b: xor bp, bp 0x12d6d: ret 0x12d6e: mov ax, 0x1203 0x12d71: int 0x2f 0x12d73: mov word ptr cs:[0x2e], ds 0x12d78: mov ah, 0x52 0x12d7a: int 0x21 0x12d7c: mov word ptr cs:[0x2c], es 0x12d81: mov es, word ptr es:[bx - 2] |
| 2018-12-25T12:44:51.999311296Z | 53 | PC: 13107 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:44:52.000479912Z | 37 | PC: 13117 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:44:52.008781312Z | 75 | PC: 12cf3 | Execute program |
| 2018-12-25T12:44:52.026948362Z | 9 | PC: 15b87 | Display string (String= 'Warning!! RuBBit V2.0 virus come in !! Written By Peter Ferng !!') |
{"DateBased":true,"Day":9,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15902,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:53.52120459Z | 75 | PC: 13cec | Execute program |
| 2018-12-25T12:44:53.52375799Z | 82 | PC: 13e7c | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T12:44:53.526597028Z | 53 | PC: 12d31 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:44:53.528376694Z | 37 | PC: 12d44 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:44:53.530516006Z | 42 | PC: 12d4d | Get date 0x12d4d: cmp dx, 0x909 0x12d51: jne 0x12d58 0x12d53: mov byte ptr [0x91], 1 0x12d58: mov es, word ptr [0x47] 0x12d5c: jmp 0x12bf4 0x12d5f: xor ax, ax 0x12d61: xor bx, bx 0x12d63: xor cx, cx 0x12d65: xor dx, dx 0x12d67: xor si, si 0x12d69: xor di, di 0x12d6b: xor bp, bp 0x12d6d: ret 0x12d6e: mov ax, 0x1203 0x12d71: int 0x2f 0x12d73: mov word ptr cs:[0x2e], ds 0x12d78: mov ah, 0x52 0x12d7a: int 0x21 0x12d7c: mov word ptr cs:[0x2c], es 0x12d81: mov es, word ptr es:[bx - 2] |
| 2018-12-25T12:44:53.53372351Z | 53 | PC: 13107 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:44:53.53533736Z | 37 | PC: 13117 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T12:44:53.551657585Z | 75 | PC: 12cf3 | Execute program |
| 2018-12-25T12:44:53.568082147Z | 9 | PC: 15b87 | Display string (String= 'Warning!! RuBBit V2.0 virus come in !! Written By Peter Ferng !!') |