{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":610,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:22.948868374Z | 53 | PC: 12abc | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:41:22.952093486Z | 37 | PC: 12b36 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:41:22.960323536Z | 42 | PC: 12b41 | Get date 0x12b41: cmp dl, 1 0x12b44: jne 0x12b4f 0x12b46: mov al, 2 0x12b48: mov cx, 0x270 0x12b4b: cdq 0x12b4c: int 0x26 0x12b4e: popf 0x12b4f: jmp 0x12a99 0x12b52: int 0x12 0x12b54: jmp 0x12b65 0x12b56: nop 0x12b57: dec bp 0x12b58: push bp 0x12b59: dec sp 0x12b5a: push sp 0x12b5b: dec cx 0x12b5c: sub ax, 0x4c46 0x12b5f: push bp 0x12b60: and byte ptr [bp + 0x31], dh 0x12b63: xor byte ptr cs:[bx + di + 0x400], bh |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":610,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:22.878066488Z | 53 | PC: 12abc | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:41:22.880406278Z | 37 | PC: 12b36 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:41:22.883513759Z | 42 | PC: 12b41 | Get date 0x12b41: cmp dl, 1 0x12b44: jne 0x12b4f 0x12b46: mov al, 2 0x12b48: mov cx, 0x270 0x12b4b: cdq 0x12b4c: int 0x26 0x12b4e: popf 0x12b4f: jmp 0x12a99 0x12b52: int 0x12 0x12b54: jmp 0x12b65 0x12b56: nop 0x12b57: dec bp 0x12b58: push bp 0x12b59: dec sp 0x12b5a: push sp 0x12b5b: dec cx 0x12b5c: sub ax, 0x4c46 0x12b5f: push bp 0x12b60: and byte ptr [bp + 0x31], dh 0x12b63: xor byte ptr cs:[bx + di + 0x400], bh |