{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5387,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:25.821126013Z | 42 | PC: 12e1c | Get date 0x12e1c: cmp dl, 0x17 0x12e1f: jne 0x12e5c 0x12e21: cmp dh, 0xa 0x12e24: jne 0x12e50 0x12e26: mov ax, 0x5f08 0x12e29: mov dl, 0 0x12e2b: int 0x21 0x12e2d: mov ax, 0x5f08 0x12e30: mov dl, 1 0x12e32: int 0x21 0x12e34: mov ax, 0x5f08 0x12e37: mov dl, 3 0x12e39: int 0x21 0x12e3b: mov ax, 0x5f08 0x12e3e: mov dl, 4 0x12e40: int 0x21 0x12e42: mov ax, 0x5f08 0x12e45: mov dl, 5 0x12e47: int 0x21 0x12e49: mov ax, 0x5f08 |
| 2018-12-25T11:54:25.823851156Z | 26 | PC: 12c8d | Set disk transfer address |
| 2018-12-25T11:54:25.825003294Z | 78 | PC: 12c98 | Find first file |
| 2018-12-25T11:54:25.831577396Z | 67 | PC: 12ca6 | Get or set file attributes |
| 2018-12-25T11:54:25.837934865Z | 67 | PC: 12caf | Get or set file attributes |
| 2018-12-25T11:54:25.854624685Z | 61 | PC: 12cb4 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:54:25.861798807Z | 87 | PC: 12cbf | Get or set file date and time |
| 2018-12-25T11:54:25.863117434Z | 63 | PC: 12ccc | Read file or device (Read 28 bytes on handle 5) |
| 2018-12-25T11:54:25.865959564Z | 87 | PC: 12dc4 | Get or set file date and time |
| 2018-12-25T11:54:25.867427856Z | 62 | PC: 12dc8 | Close file |
| 2018-12-25T11:54:25.877385315Z | 67 | PC: 12dcf | Get or set file attributes |
| 2018-12-25T11:54:25.900538808Z | 79 | PC: 12c98 | Find next file (See above) |
| 2018-12-25T11:54:25.903019171Z | 26 | PC: 12def | Set disk transfer address |
{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5387,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:25.991616162Z | 42 | PC: 12e1c | Get date 0x12e1c: cmp dl, 0x17 0x12e1f: jne 0x12e5c 0x12e21: cmp dh, 0xa 0x12e24: jne 0x12e50 0x12e26: mov ax, 0x5f08 0x12e29: mov dl, 0 0x12e2b: int 0x21 0x12e2d: mov ax, 0x5f08 0x12e30: mov dl, 1 0x12e32: int 0x21 0x12e34: mov ax, 0x5f08 0x12e37: mov dl, 3 0x12e39: int 0x21 0x12e3b: mov ax, 0x5f08 0x12e3e: mov dl, 4 0x12e40: int 0x21 0x12e42: mov ax, 0x5f08 0x12e45: mov dl, 5 0x12e47: int 0x21 0x12e49: mov ax, 0x5f08 |
| 2018-12-25T11:54:25.994819917Z | 9 | PC: 12e58 | Display string (String= ' Infected with Lacimehc, coded by KilJaeden of the Codebreakers 1998 on 17/06/98 ') |
{"DateBased":true,"Day":23,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5387,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:54:26.640258886Z | 42 | PC: 12e1c | Get date 0x12e1c: cmp dl, 0x17 0x12e1f: jne 0x12e5c 0x12e21: cmp dh, 0xa 0x12e24: jne 0x12e50 0x12e26: mov ax, 0x5f08 0x12e29: mov dl, 0 0x12e2b: int 0x21 0x12e2d: mov ax, 0x5f08 0x12e30: mov dl, 1 0x12e32: int 0x21 0x12e34: mov ax, 0x5f08 0x12e37: mov dl, 3 0x12e39: int 0x21 0x12e3b: mov ax, 0x5f08 0x12e3e: mov dl, 4 0x12e40: int 0x21 0x12e42: mov ax, 0x5f08 0x12e45: mov dl, 5 0x12e47: int 0x21 0x12e49: mov ax, 0x5f08 |
| 2018-12-25T11:54:26.64432608Z | 95 | PC: 12e2d | Network redirection functions |
| 2018-12-25T11:54:26.645795639Z | 95 | PC: 12e34 | Network redirection functions |
| 2018-12-25T11:54:26.647348289Z | 95 | PC: 12e3b | Network redirection functions |
| 2018-12-25T11:54:26.649289429Z | 95 | PC: 12e42 | Network redirection functions |
| 2018-12-25T11:54:26.651434027Z | 95 | PC: 12e49 | Network redirection functions |
| 2018-12-25T11:54:26.652741217Z | 95 | PC: 12e50 | Network redirection functions |
| 2018-12-25T11:54:26.654035552Z | 9 | PC: 12e58 | Display string (String= ' Infected with Lacimehc, coded by KilJaeden of the Codebreakers 1998 on 17/06/98 ') |