{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1815,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:25.83692046Z | 75 | PC: 1512c | Execute program |
| 2018-12-25T11:44:25.839886028Z | 82 | PC: 152bc | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:44:25.84189Z | 53 | PC: 12d31 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:44:25.843704486Z | 37 | PC: 12d44 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:44:25.845849088Z | 42 | PC: 12d4d | Get date 0x12d4d: cmp dx, 0x909 0x12d51: jne 0x12d58 0x12d53: mov byte ptr [0x91], 1 0x12d58: mov es, word ptr [0x47] 0x12d5c: jmp 0x12bf4 0x12d5f: xor ax, ax 0x12d61: xor bx, bx 0x12d63: xor cx, cx 0x12d65: xor dx, dx 0x12d67: xor si, si 0x12d69: xor di, di 0x12d6b: xor bp, bp 0x12d6d: ret 0x12d6e: mov ax, 0x1203 0x12d71: int 0x2f 0x12d73: mov word ptr cs:[0x2e], ds 0x12d78: mov ah, 0x52 0x12d7a: int 0x21 0x12d7c: mov word ptr cs:[0x2c], es 0x12d81: mov es, word ptr es:[bx - 2] |
| 2018-12-25T11:44:25.849190975Z | 53 | PC: 13107 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:25.850546361Z | 37 | PC: 13117 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:25.860358646Z | 75 | PC: 12cf3 | Execute program |
| 2018-12-25T11:44:25.883491098Z | 9 | PC: 15b87 | Display string (String= 'VIRUS!! VIRUS!! VIRUS!! VIRUS!! VIRUS!! ') |
{"DateBased":true,"Day":9,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1815,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:44:26.111913786Z | 75 | PC: 1512c | Execute program |
| 2018-12-25T11:44:26.117115013Z | 82 | PC: 152bc | Get DOS internal pointers (SYSVARS) |
| 2018-12-25T11:44:26.119300412Z | 53 | PC: 12d31 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:44:26.121270901Z | 37 | PC: 12d44 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:44:26.123119902Z | 42 | PC: 12d4d | Get date 0x12d4d: cmp dx, 0x909 0x12d51: jne 0x12d58 0x12d53: mov byte ptr [0x91], 1 0x12d58: mov es, word ptr [0x47] 0x12d5c: jmp 0x12bf4 0x12d5f: xor ax, ax 0x12d61: xor bx, bx 0x12d63: xor cx, cx 0x12d65: xor dx, dx 0x12d67: xor si, si 0x12d69: xor di, di 0x12d6b: xor bp, bp 0x12d6d: ret 0x12d6e: mov ax, 0x1203 0x12d71: int 0x2f 0x12d73: mov word ptr cs:[0x2e], ds 0x12d78: mov ah, 0x52 0x12d7a: int 0x21 0x12d7c: mov word ptr cs:[0x2c], es 0x12d81: mov es, word ptr es:[bx - 2] |
| 2018-12-25T11:44:26.126721749Z | 53 | PC: 13107 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:26.1280288Z | 37 | PC: 13117 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-25T11:44:26.138270053Z | 75 | PC: 12cf3 | Execute program |
| 2018-12-25T11:44:26.161855308Z | 9 | PC: 15b87 | Display string (String= 'VIRUS!! VIRUS!! VIRUS!! VIRUS!! VIRUS!! ') |