{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1636,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:58.985431597Z | 42 | PC: 12a90 | Get date 0x12a90: cmp dl, 9 0x12a93: jne 0x12acb 0x12a95: mov ah, 9 0x12a97: lea dx, word ptr [bp + 0x5d9] 0x12a9b: int 0x21 0x12a9d: xor ax, ax 0x12a9f: mov es, ax 0x12aa1: mov dx, 0xaaaa 0x12aa4: mov word ptr es:[0x416], dx 0x12aa9: ror dx, 1 0x12aab: mov cx, 0x101 0x12aae: mov ah, 5 0x12ab0: int 0x16 0x12ab2: mov ah, 0x10 0x12ab4: int 0x16 0x12ab6: int 5 0x12ab8: mov ax, 0xa07 0x12abb: xor bh, bh 0x12abd: mov cx, 1 0x12ac0: int 0x10 |
| 2018-12-25T11:43:58.988272413Z | 125 | PC: 12acf | UNKNOWN! |
| 2018-12-25T11:43:58.98899115Z | 74 | PC: 12b44 | Reallocate memory |
| 2018-12-25T11:43:58.989853377Z | 75 | PC: 12b53 | Execute program |
| 2018-12-25T11:43:58.996110172Z | 76 | PC: 12b57 | Terminate with return code (Return code = '3') |
{"DateBased":true,"Day":9,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1636,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:59.681714024Z | 42 | PC: 12a90 | Get date 0x12a90: cmp dl, 9 0x12a93: jne 0x12acb 0x12a95: mov ah, 9 0x12a97: lea dx, word ptr [bp + 0x5d9] 0x12a9b: int 0x21 0x12a9d: xor ax, ax 0x12a9f: mov es, ax 0x12aa1: mov dx, 0xaaaa 0x12aa4: mov word ptr es:[0x416], dx 0x12aa9: ror dx, 1 0x12aab: mov cx, 0x101 0x12aae: mov ah, 5 0x12ab0: int 0x16 0x12ab2: mov ah, 0x10 0x12ab4: int 0x16 0x12ab6: int 5 0x12ab8: mov ax, 0xa07 0x12abb: xor bh, bh 0x12abd: mov cx, 1 0x12ac0: int 0x10 |
| 2018-12-25T11:43:59.685411752Z | 9 | PC: 12a9d | Display string (String= ' O��spring Virus V0.89') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1636,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:43:59.939149099Z | 42 | PC: 12a90 | Get date 0x12a90: cmp dl, 9 0x12a93: jne 0x12acb 0x12a95: mov ah, 9 0x12a97: lea dx, word ptr [bp + 0x5d9] 0x12a9b: int 0x21 0x12a9d: xor ax, ax 0x12a9f: mov es, ax 0x12aa1: mov dx, 0xaaaa 0x12aa4: mov word ptr es:[0x416], dx 0x12aa9: ror dx, 1 0x12aab: mov cx, 0x101 0x12aae: mov ah, 5 0x12ab0: int 0x16 0x12ab2: mov ah, 0x10 0x12ab4: int 0x16 0x12ab6: int 5 0x12ab8: mov ax, 0xa07 0x12abb: xor bh, bh 0x12abd: mov cx, 1 0x12ac0: int 0x10 |
| 2018-12-25T11:43:59.972390874Z | 125 | PC: 12acf | UNKNOWN! |
| 2018-12-25T11:43:59.973849244Z | 74 | PC: 12b44 | Reallocate memory |
| 2018-12-25T11:43:59.975827167Z | 75 | PC: 12b53 | Execute program |
| 2018-12-25T11:43:59.984112282Z | 76 | PC: 12b57 | Terminate with return code (Return code = '3') |
{"DateBased":true,"Day":9,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1636,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:00.358734375Z | 42 | PC: 12a90 | Get date 0x12a90: cmp dl, 9 0x12a93: jne 0x12acb 0x12a95: mov ah, 9 0x12a97: lea dx, word ptr [bp + 0x5d9] 0x12a9b: int 0x21 0x12a9d: xor ax, ax 0x12a9f: mov es, ax 0x12aa1: mov dx, 0xaaaa 0x12aa4: mov word ptr es:[0x416], dx 0x12aa9: ror dx, 1 0x12aab: mov cx, 0x101 0x12aae: mov ah, 5 0x12ab0: int 0x16 0x12ab2: mov ah, 0x10 0x12ab4: int 0x16 0x12ab6: int 5 0x12ab8: mov ax, 0xa07 0x12abb: xor bh, bh 0x12abd: mov cx, 1 0x12ac0: int 0x10 |
| 2018-12-25T11:44:00.361139209Z | 9 | PC: 12a9d | Display string (String= ' O��spring Virus V0.89') |