{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5119,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:43.158356769Z | 48 | PC: 12b2f | Get DOS version |
| 2018-12-25T11:53:43.160473516Z | 53 | PC: 12b38 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T11:53:43.162181924Z | 53 | PC: 12b59 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:43.163744855Z | 75 | PC: 12b76 | Execute program |
| 2018-12-25T11:53:43.16613713Z | 80 | PC: 9f873 | Set current PSP |
| 2018-12-25T11:53:43.168248055Z | 26 | PC: 9f87f | Set disk transfer address |
| 2018-12-25T11:53:43.170810573Z | 37 | PC: 9f8ca | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:43.173216157Z | 42 | PC: 9f8ce | Get date 0x9f8ce: cmp dh, 3 0x9f8d1: jne 0x9f8fb 0x9f8d3: cmp dh, dl 0x9f8d5: jne 0x9f8fb 0x9f8d7: mov si, 0x18c 0x9f8da: mov cx, 0x43 0x9f8dd: mov es, word ptr [0x558] 0x9f8e1: sub di, di 0x9f8e3: mov ah, 4 0x9f8e5: nop 0x9f8e6: nop 0x9f8e7: lodsb al, byte ptr [si] 0x9f8e8: xor al, 0xff 0x9f8ea: stosw word ptr es:[di], ax 0x9f8eb: loop 0x9f8e7 0x9f8ed: mov word ptr [0x54c], 0xfd20 0x9f8f3: mov dx, 0x3ec 0x9f8f6: mov ax, 0x2508 0x9f8f9: int 0x21 0x9f8fb: mov bx, ss |
| 2018-12-25T11:53:43.177075411Z | 9 | PC: 12fe7 | Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T11:53:43.18539342Z | 76 | PC: 12fec | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5119,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:43.155632828Z | 48 | PC: 12b2f | Get DOS version |
| 2018-12-25T11:53:43.156978059Z | 53 | PC: 12b38 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T11:53:43.158270328Z | 53 | PC: 12b59 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:43.159382527Z | 75 | PC: 12b76 | Execute program |
| 2018-12-25T11:53:43.161578492Z | 80 | PC: 9f873 | Set current PSP |
| 2018-12-25T11:53:43.162242171Z | 26 | PC: 9f87f | Set disk transfer address |
| 2018-12-25T11:53:43.163195337Z | 37 | PC: 9f8ca | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:43.170617753Z | 42 | PC: 9f8ce | Get date 0x9f8ce: cmp dh, 3 0x9f8d1: jne 0x9f8fb 0x9f8d3: cmp dh, dl 0x9f8d5: jne 0x9f8fb 0x9f8d7: mov si, 0x18c 0x9f8da: mov cx, 0x43 0x9f8dd: mov es, word ptr [0x558] 0x9f8e1: sub di, di 0x9f8e3: mov ah, 4 0x9f8e5: nop 0x9f8e6: nop 0x9f8e7: lodsb al, byte ptr [si] 0x9f8e8: xor al, 0xff 0x9f8ea: stosw word ptr es:[di], ax 0x9f8eb: loop 0x9f8e7 0x9f8ed: mov word ptr [0x54c], 0xfd20 0x9f8f3: mov dx, 0x3ec 0x9f8f6: mov ax, 0x2508 0x9f8f9: int 0x21 0x9f8fb: mov bx, ss |
| 2018-12-25T11:53:43.172732663Z | 9 | PC: 12fe7 | Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T11:53:43.180527677Z | 76 | PC: 12fec | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":3,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5119,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:43.217697813Z | 48 | PC: 12b2f | Get DOS version |
| 2018-12-25T11:53:43.218885608Z | 53 | PC: 12b38 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T11:53:43.220802832Z | 53 | PC: 12b59 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:43.222097554Z | 75 | PC: 12b76 | Execute program |
| 2018-12-25T11:53:43.224068993Z | 80 | PC: 9f873 | Set current PSP |
| 2018-12-25T11:53:43.226696826Z | 26 | PC: 9f87f | Set disk transfer address |
| 2018-12-25T11:53:43.228206137Z | 37 | PC: 9f8ca | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:43.229603197Z | 42 | PC: 9f8ce | Get date 0x9f8ce: cmp dh, 3 0x9f8d1: jne 0x9f8fb 0x9f8d3: cmp dh, dl 0x9f8d5: jne 0x9f8fb 0x9f8d7: mov si, 0x18c 0x9f8da: mov cx, 0x43 0x9f8dd: mov es, word ptr [0x558] 0x9f8e1: sub di, di 0x9f8e3: mov ah, 4 0x9f8e5: nop 0x9f8e6: nop 0x9f8e7: lodsb al, byte ptr [si] 0x9f8e8: xor al, 0xff 0x9f8ea: stosw word ptr es:[di], ax 0x9f8eb: loop 0x9f8e7 0x9f8ed: mov word ptr [0x54c], 0xfd20 0x9f8f3: mov dx, 0x3ec 0x9f8f6: mov ax, 0x2508 0x9f8f9: int 0x21 0x9f8fb: mov bx, ss |
| 2018-12-25T11:53:43.232441834Z | 37 | PC: 9f8fb | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo') |
| 2018-12-25T11:53:43.233555156Z | 9 | PC: 12fe7 | Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!') |
| 2018-12-25T11:53:43.241760733Z | 76 | PC: 12fec | Terminate with return code (Return code = '0') |