{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1782,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:17.658850395Z | 48 | PC: 12b2b | Get DOS version |
| 2018-12-25T11:44:17.6606764Z | 47 | PC: 12b37 | Get disk transfer address |
| 2018-12-25T11:44:17.662417528Z | 26 | PC: 12b4a | Set disk transfer address |
| 2018-12-25T11:44:17.664958966Z | 78 | PC: 12bd6 | Find first file |
| 2018-12-25T11:44:17.672540258Z | 67 | PC: 12c14 | Get or set file attributes |
| 2018-12-25T11:44:17.678283404Z | 67 | PC: 12c26 | Get or set file attributes |
| 2018-12-25T11:44:17.696716287Z | 61 | PC: 12c31 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:44:17.704355861Z | 87 | PC: 12c3d | Get or set file date and time |
| 2018-12-25T11:44:17.705595058Z | 44 | PC: 12c49 | Get time 0x12c49: and dh, 7 0x12c4c: jne 0x12c5e 0x12c4e: mov ah, 0x40 0x12c50: mov cx, 5 0x12c53: mov dx, si 0x12c55: add dx, 0x89 0x12c59: int 0x21 0x12c5b: jmp 0x12cc2 0x12c5d: nop 0x12c5e: mov ah, 0x3f 0x12c60: mov cx, 3 0x12c63: mov dx, 0xa 0x12c66: nop 0x12c67: add dx, si 0x12c69: int 0x21 0x12c6b: jb 0x12cc2 0x12c6d: cmp ax, 3 0x12c70: jne 0x12cc2 0x12c72: mov ax, 0x4202 0x12c75: mov cx, 0 |
| 2018-12-25T11:44:17.707739519Z | 63 | PC: 12c6b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:44:17.714344518Z | 66 | PC: 12c7d | Move file pointer |
| 2018-12-25T11:44:17.715728549Z | 64 | PC: 12ca1 | Write file or device (Write 644 bytes on handle 5) |
| 2018-12-25T11:44:17.723873134Z | 66 | PC: 12cb3 | Move file pointer |
| 2018-12-25T11:44:17.726545726Z | 64 | PC: 12cc2 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:44:17.73281938Z | 87 | PC: 12cd5 | Get or set file date and time |
| 2018-12-25T11:44:17.734142645Z | 62 | PC: 12cd9 | Close file |
| 2018-12-25T11:44:17.741762572Z | 67 | PC: 12ce8 | Get or set file attributes |
| 2018-12-25T11:44:17.751346878Z | 26 | PC: 12cf5 | Set disk transfer address |
| 2018-12-25T11:44:17.752226862Z | 9 | PC: 12a47 | Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T11:44:17.756873549Z | 76 | PC: 12a4c | Terminate with return code (Return code = '0') |
{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":1782,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:17.974287901Z | 48 | PC: 12b2b | Get DOS version |
| 2018-12-25T11:44:17.976439053Z | 47 | PC: 12b37 | Get disk transfer address |
| 2018-12-25T11:44:17.977474423Z | 26 | PC: 12b4a | Set disk transfer address |
| 2018-12-25T11:44:17.978548958Z | 78 | PC: 12bd6 | Find first file |
| 2018-12-25T11:44:17.985285514Z | 67 | PC: 12c14 | Get or set file attributes |
| 2018-12-25T11:44:17.990727828Z | 67 | PC: 12c26 | Get or set file attributes |
| 2018-12-25T11:44:18.003750139Z | 61 | PC: 12c31 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:44:18.010537325Z | 87 | PC: 12c3d | Get or set file date and time |
| 2018-12-25T11:44:18.011908387Z | 44 | PC: 12c49 | Get time 0x12c49: and dh, 7 0x12c4c: jne 0x12c5e 0x12c4e: mov ah, 0x40 0x12c50: mov cx, 5 0x12c53: mov dx, si 0x12c55: add dx, 0x89 0x12c59: int 0x21 0x12c5b: jmp 0x12cc2 0x12c5d: nop 0x12c5e: mov ah, 0x3f 0x12c60: mov cx, 3 0x12c63: mov dx, 0xa 0x12c66: nop 0x12c67: add dx, si 0x12c69: int 0x21 0x12c6b: jb 0x12cc2 0x12c6d: cmp ax, 3 0x12c70: jne 0x12cc2 0x12c72: mov ax, 0x4202 0x12c75: mov cx, 0 |
| 2018-12-25T11:44:18.014187893Z | 63 | PC: 12c6b | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:44:18.022375113Z | 66 | PC: 12c7d | Move file pointer |
| 2018-12-25T11:44:18.024703264Z | 64 | PC: 12ca1 | Write file or device (Write 644 bytes on handle 5) |
| 2018-12-25T11:44:18.033287921Z | 66 | PC: 12cb3 | Move file pointer |
| 2018-12-25T11:44:18.035124785Z | 64 | PC: 12cc2 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:44:18.042849259Z | 87 | PC: 12cd5 | Get or set file date and time |
| 2018-12-25T11:44:18.044575606Z | 62 | PC: 12cd9 | Close file |
| 2018-12-25T11:44:18.053355882Z | 67 | PC: 12ce8 | Get or set file attributes |
| 2018-12-25T11:44:18.064212263Z | 26 | PC: 12cf5 | Set disk transfer address |
| 2018-12-25T11:44:18.065461778Z | 9 | PC: 12a47 | Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T11:44:18.073435121Z | 76 | PC: 12a4c | Terminate with return code (Return code = '0') |