.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T21:51:49.076779902Z | 67 | PC: 151cf | Get or set file attributes |
| 2018-12-17T21:51:49.0826939Z | 67 | PC: 151d9 | Get or set file attributes |
| 2018-12-17T21:51:49.096737761Z | 61 | PC: 151e0 | Open file (Filename = '�') |
| 2018-12-17T21:51:49.103589545Z | 66 | PC: 151eb | Move file pointer |
| 2018-12-17T21:51:49.105775059Z | 42 | PC: 1553b | Get date 0x1553b: call 0x15540
0x1553e: pop bx
0x1553f: ret
0x15540: cmp cx, 0x7d0
0x15544: jne 0x1554e
0x15546: cmp dh, 0xc
0x15549: jne 0x1554e
0x1554b: cmp dl, 0x15
0x1554e: ret
0x1554f: mov al, 3
0x15551: iret
0x15552: adc ax, 0xbd04
0x15555: adc al, 0x3d
0x15557: and al, 0x46
0x15559: jne 0x1555f
0x1555b: mov ax, 0x3434
0x1555e: iret
0x1555f: cmp ax, 0x4b00
0x15562: je 0x15566
0x15564: jmp 0x155d4
|
| 2018-12-17T21:51:49.107999507Z | 62 | PC: 15208 | Close file |
| 2018-12-17T21:51:49.110138487Z | 67 | PC: 15210 | Get or set file attributes |
| 2018-12-17T21:51:49.122456306Z | 70 | PC: 1521a | Redirect handle |
| 2018-12-17T21:51:49.126264739Z | 42 | PC: 1553b | Get date 0x1553b: call 0x15540
0x1553e: pop bx
0x1553f: ret
0x15540: cmp cx, 0x7d0
0x15544: jne 0x1554e
0x15546: cmp dh, 0xc
0x15549: jne 0x1554e
0x1554b: cmp dl, 0x15
0x1554e: ret
0x1554f: mov al, 3
0x15551: iret
0x15552: adc ax, 0xbd04
0x15555: adc al, 0x3d
0x15557: and al, 0x46
0x15559: jne 0x1555f
0x1555b: mov ax, 0x3434
0x1555e: iret
0x1555f: cmp ax, 0x4b00
0x15562: je 0x15566
0x15564: jmp 0x155d4
|
| 2018-12-17T21:51:49.12894293Z | 9 | PC: 12aa4 | Display string (String= '
This file is infected with a virus!
Pre infection file size = 10,000
') |
| 2018-12-17T21:51:49.138288752Z | 76 | PC: 12aa9 | Terminate with return code (Return code = '1') |
