{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17177,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:07.653198934Z | 132 | PC: 12eaf | UNKNOWN! |
| 2018-12-25T12:55:07.654552863Z | 42 | PC: 12ec4 | Get date 0x12ec4: cmp dx, 0xa0a 0x12ec8: jne 0x12e79 0x12eca: jmp 0x1303a 0x12ecd: push es 0x12ece: mov ax, 0x3521 0x12ed1: int 0x21 0x12ed3: pop ds 0x12ed4: mov word ptr [0x4b6], bx 0x12ed8: mov word ptr [0x4b8], es 0x12edc: mov ax, 0x2521 0x12edf: mov dx, 0x1b0 0x12ee2: int 0x21 0x12ee4: mov bx, word ptr [0x4ba] 0x12ee8: jmp 0x12eb9 0x12eea: mov word ptr [bp + 0x3ba], cs 0x12eee: jmp 0x12eaa 0x12ef0: pushf 0x12ef1: cmp ax, 0x8484 0x12ef4: jne 0x12efb 0x12ef6: popf |
| 2018-12-25T12:55:07.657826277Z | 53 | PC: 9f893 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:55:07.659346973Z | 37 | PC: 9f8a4 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T12:55:07.661215857Z | 9 | PC: 12a4c | Display string (String= 'VIRUS TIYO 193') |
{"DateBased":true,"Day":10,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17177,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:55:07.684698149Z | 132 | PC: 12eaf | UNKNOWN! |
| 2018-12-25T12:55:07.687536005Z | 42 | PC: 12ec4 | Get date 0x12ec4: cmp dx, 0xa0a 0x12ec8: jne 0x12e79 0x12eca: jmp 0x1303a 0x12ecd: push es 0x12ece: mov ax, 0x3521 0x12ed1: int 0x21 0x12ed3: pop ds 0x12ed4: mov word ptr [0x4b6], bx 0x12ed8: mov word ptr [0x4b8], es 0x12edc: mov ax, 0x2521 0x12edf: mov dx, 0x1b0 0x12ee2: int 0x21 0x12ee4: mov bx, word ptr [0x4ba] 0x12ee8: jmp 0x12eb9 0x12eea: mov word ptr [bp + 0x3ba], cs 0x12eee: jmp 0x12eaa 0x12ef0: pushf 0x12ef1: cmp ax, 0x8484 0x12ef4: jne 0x12efb 0x12ef6: popf |
| 2018-12-25T12:55:07.690635013Z | 64 | PC: 1305a | Write file or device (Write 388 bytes on handle 0) |