{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6080,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:26.659507669Z | 26 | PC: 12b95 | Set disk transfer address |
| 2018-12-25T11:58:26.661326498Z | 78 | PC: 12bce | Find first file |
| 2018-12-25T11:58:26.667139703Z | 61 | PC: 12bf0 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:58:26.673609457Z | 87 | PC: 12bfe | Get or set file date and time |
| 2018-12-25T11:58:26.67574991Z | 63 | PC: 12c13 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T11:58:26.677467275Z | 66 | PC: 12c9a | Move file pointer |
| 2018-12-25T11:58:26.678413476Z | 66 | PC: 12cf6 | Move file pointer |
| 2018-12-25T11:58:26.68019178Z | 64 | PC: 12d01 | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T11:58:26.68267197Z | 66 | PC: 12d0c | Move file pointer |
| 2018-12-25T11:58:26.68413747Z | 64 | PC: 12b81 | Write file or device (Write 717 bytes on handle 5) |
| 2018-12-25T11:58:26.698799768Z | 87 | PC: 12d23 | Get or set file date and time |
| 2018-12-25T11:58:26.700217453Z | 62 | PC: 12d27 | Close file |
| 2018-12-25T11:58:26.708090719Z | 26 | PC: 12d2e | Set disk transfer address |
| 2018-12-25T11:58:26.709000135Z | 42 | PC: 12d32 | Get date 0x12d32: cmp dl, 2 0x12d35: jne 0x12d49 0x12d37: cmp dh, 0xb 0x12d3a: jne 0x12d49 0x12d3c: mov ah, 9 0x12d3e: lea dx, word ptr [bp + 0x38d] 0x12d42: int 0x21 0x12d44: mov cx, 1 0x12d47: jmp 0x12d44 0x12d49: cmp bp, 0 0x12d4c: je 0x12d71 0x12d4e: pop ds 0x12d4f: pop es 0x12d50: mov ax, es 0x12d52: add ax, 0x10 0x12d55: add word ptr cs:[bp + 0x32b], ax 0x12d5a: cli 0x12d5b: add ax, word ptr cs:[bp + 0x32d] 0x12d60: mov ax, ss 0x12d62: mov sp, word ptr cs:[bp + 0x32f] |
| 2018-12-25T11:58:26.711136558Z | 76 | PC: 12d75 | Terminate with return code (Return code = '2') |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6080,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:26.687448736Z | 26 | PC: 12b95 | Set disk transfer address |
| 2018-12-25T11:58:26.688845309Z | 78 | PC: 12bce | Find first file |
| 2018-12-25T11:58:26.692609251Z | 61 | PC: 12bf0 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:58:26.699274104Z | 87 | PC: 12bfe | Get or set file date and time |
| 2018-12-25T11:58:26.701660165Z | 63 | PC: 12c13 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T11:58:26.703697073Z | 66 | PC: 12c9a | Move file pointer |
| 2018-12-25T11:58:26.705126183Z | 66 | PC: 12cf6 | Move file pointer |
| 2018-12-25T11:58:26.706598456Z | 64 | PC: 12d01 | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T11:58:26.709777585Z | 66 | PC: 12d0c | Move file pointer |
| 2018-12-25T11:58:26.711675618Z | 64 | PC: 12b81 | Write file or device (Write 717 bytes on handle 5) |
| 2018-12-25T11:58:26.725712317Z | 87 | PC: 12d23 | Get or set file date and time |
| 2018-12-25T11:58:26.732050867Z | 62 | PC: 12d27 | Close file |
| 2018-12-25T11:58:26.740267966Z | 26 | PC: 12d2e | Set disk transfer address |
| 2018-12-25T11:58:26.741501763Z | 42 | PC: 12d32 | Get date 0x12d32: cmp dl, 2 0x12d35: jne 0x12d49 0x12d37: cmp dh, 0xb 0x12d3a: jne 0x12d49 0x12d3c: mov ah, 9 0x12d3e: lea dx, word ptr [bp + 0x38d] 0x12d42: int 0x21 0x12d44: mov cx, 1 0x12d47: jmp 0x12d44 0x12d49: cmp bp, 0 0x12d4c: je 0x12d71 0x12d4e: pop ds 0x12d4f: pop es 0x12d50: mov ax, es 0x12d52: add ax, 0x10 0x12d55: add word ptr cs:[bp + 0x32b], ax 0x12d5a: cli 0x12d5b: add ax, word ptr cs:[bp + 0x32d] 0x12d60: mov ax, ss 0x12d62: mov sp, word ptr cs:[bp + 0x32f] |
| 2018-12-25T11:58:26.744604054Z | 76 | PC: 12d75 | Terminate with return code (Return code = '3') |
{"DateBased":true,"Day":2,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6080,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:26.714104704Z | 26 | PC: 12b95 | Set disk transfer address |
| 2018-12-25T11:58:26.715417717Z | 78 | PC: 12bce | Find first file |
| 2018-12-25T11:58:26.724619801Z | 61 | PC: 12bf0 | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T11:58:26.73203947Z | 87 | PC: 12bfe | Get or set file date and time |
| 2018-12-25T11:58:26.73377481Z | 63 | PC: 12c13 | Read file or device (Read 26 bytes on handle 5) |
| 2018-12-25T11:58:26.748618757Z | 66 | PC: 12c9a | Move file pointer |
| 2018-12-25T11:58:26.750172694Z | 66 | PC: 12cf6 | Move file pointer |
| 2018-12-25T11:58:26.751446994Z | 64 | PC: 12d01 | Write file or device (Write 26 bytes on handle 5) |
| 2018-12-25T11:58:26.754759486Z | 66 | PC: 12d0c | Move file pointer |
| 2018-12-25T11:58:26.757128555Z | 64 | PC: 12b81 | Write file or device (Write 717 bytes on handle 5) |
| 2018-12-25T11:58:26.773195668Z | 87 | PC: 12d23 | Get or set file date and time |
| 2018-12-25T11:58:26.77651462Z | 62 | PC: 12d27 | Close file |
| 2018-12-25T11:58:26.785407585Z | 26 | PC: 12d2e | Set disk transfer address |
| 2018-12-25T11:58:26.786945211Z | 42 | PC: 12d32 | Get date 0x12d32: cmp dl, 2 0x12d35: jne 0x12d49 0x12d37: cmp dh, 0xb 0x12d3a: jne 0x12d49 0x12d3c: mov ah, 9 0x12d3e: lea dx, word ptr [bp + 0x38d] 0x12d42: int 0x21 0x12d44: mov cx, 1 0x12d47: jmp 0x12d44 0x12d49: cmp bp, 0 0x12d4c: je 0x12d71 0x12d4e: pop ds 0x12d4f: pop es 0x12d50: mov ax, es 0x12d52: add ax, 0x10 0x12d55: add word ptr cs:[bp + 0x32b], ax 0x12d5a: cli 0x12d5b: add ax, word ptr cs:[bp + 0x32d] 0x12d60: mov ax, ss 0x12d62: mov sp, word ptr cs:[bp + 0x32f] |
| 2018-12-25T11:58:26.79033153Z | 9 | PC: 12d44 | Display string (String= ' Message of BeLiAL: My Last Temptation is now also yours... ') |