{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":466,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:56.159282075Z | 47 | PC: 12a55 | Get disk transfer address |
| 2018-12-25T11:40:56.160573701Z | 26 | PC: 12a61 | Set disk transfer address |
| 2018-12-25T11:40:56.162630968Z | 78 | PC: 12a6b | Find first file |
| 2018-12-25T11:40:56.169485451Z | 61 | PC: 12a76 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:40:56.176866302Z | 63 | PC: 12a85 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:40:56.184907685Z | 66 | PC: 12a9d | Move file pointer |
| 2018-12-25T11:40:56.18660892Z | 64 | PC: 12ab3 | Write file or device (Write 412 bytes on handle 5) |
| 2018-12-25T11:40:56.202794594Z | 66 | PC: 12abc | Move file pointer |
| 2018-12-25T11:40:56.205440163Z | 64 | PC: 12ac7 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:40:56.213091957Z | 62 | PC: 12ad9 | Close file |
| 2018-12-25T11:40:56.222827209Z | 26 | PC: 12ae1 | Set disk transfer address |
| 2018-12-25T11:40:56.224390944Z | 42 | PC: 12ae5 | Get date 0x12ae5: cmp al, 5 0x12ae7: jne 0x12af5 0x12ae9: lea dx, word ptr [bp + 0x1c6] 0x12aed: mov ah, 9 0x12aef: int 0x21 0x12af1: xor ax, ax 0x12af3: int 0x16 0x12af5: lea si, word ptr [bp + 0x265] 0x12af9: mov di, 0x100 0x12afc: mov cx, 4 0x12aff: rep movsb byte ptr es:[di], byte ptr [si] 0x12b01: mov ax, 0x100 0x12b04: jmp ax 0x12b06: pop bx 0x12b07: and byte ptr [bx + si + 0x52], dl 0x12b0a: imul cx, word ptr [di + 0x45], 0x3220 0x12b0f: xor byte ptr cs:[bx + si], ah 0x12b12: pop bp 0x12b13: and byte ptr [bp + 0x69], dl 0x12b16: jb 0x12b8d |
{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":466,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:40:56.280901418Z | 47 | PC: 12a55 | Get disk transfer address |
| 2018-12-25T11:40:56.283477209Z | 26 | PC: 12a61 | Set disk transfer address |
| 2018-12-25T11:40:56.284893337Z | 78 | PC: 12a6b | Find first file |
| 2018-12-25T11:40:56.290778476Z | 61 | PC: 12a76 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:40:56.29761809Z | 63 | PC: 12a85 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:40:56.303698694Z | 66 | PC: 12a9d | Move file pointer |
| 2018-12-25T11:40:56.304962128Z | 64 | PC: 12ab3 | Write file or device (Write 412 bytes on handle 5) |
| 2018-12-25T11:40:56.32618662Z | 66 | PC: 12abc | Move file pointer |
| 2018-12-25T11:40:56.329179788Z | 64 | PC: 12ac7 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:40:56.335992611Z | 62 | PC: 12ad9 | Close file |
| 2018-12-25T11:40:56.343956314Z | 26 | PC: 12ae1 | Set disk transfer address |
| 2018-12-25T11:40:56.345699372Z | 42 | PC: 12ae5 | Get date 0x12ae5: cmp al, 5 0x12ae7: jne 0x12af5 0x12ae9: lea dx, word ptr [bp + 0x1c6] 0x12aed: mov ah, 9 0x12aef: int 0x21 0x12af1: xor ax, ax 0x12af3: int 0x16 0x12af5: lea si, word ptr [bp + 0x265] 0x12af9: mov di, 0x100 0x12afc: mov cx, 4 0x12aff: rep movsb byte ptr es:[di], byte ptr [si] 0x12b01: mov ax, 0x100 0x12b04: jmp ax 0x12b06: pop bx 0x12b07: and byte ptr [bx + si + 0x52], dl 0x12b0a: imul cx, word ptr [di + 0x45], 0x3220 0x12b0f: xor byte ptr cs:[bx + si], ah 0x12b12: pop bp 0x12b13: and byte ptr [bp + 0x69], dl 0x12b16: jb 0x12b8d |
| 2018-12-25T11:40:56.348012603Z | 9 | PC: 12af1 | Display string (String= '[ PRiME 2.0 ] Virus Forro by Ren Greets to the virukers of SkNetwork! *JUST* the virii authors! ...ok...Cyborg too :-) Handles RULES!!! Juap! ;) ') |