{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6353,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:59:10.88711023Z | 42 | PC: 13209 | Get date 0x13209: cmp dl, 0xe 0x1320c: jne 0x1325c 0x1320e: pushaw 0x1320f: pushaw 0x13210: mov ah, 6 0x13212: mov al, 0 0x13214: mov cx, 0 0x13217: mov dl, 0x4f 0x13219: mov dh, 0x18 0x1321b: mov bh, 7 0x1321d: int 0x10 0x1321f: popaw 0x13220: mov cx, 1 0x13223: mov di, 1 0x13226: mov bl, 2 0x13228: cmp di, 0x43 0x1322b: jne 0x13232 0x1322d: mov bl, 4 0x1322f: mov di, 1 0x13232: mov dx, di |
| 2018-12-25T11:59:10.889680739Z | 48 | PC: 13273 | Get DOS version |
| 2018-12-25T11:59:10.89092383Z | 47 | PC: 1327f | Get disk transfer address |
| 2018-12-25T11:59:10.892101092Z | 26 | PC: 1328e | Set disk transfer address |
| 2018-12-25T11:59:10.893337509Z | 78 | PC: 13316 | Find first file |
| 2018-12-25T11:59:10.897721867Z | 67 | PC: 1334f | Get or set file attributes |
| 2018-12-25T11:59:10.903339314Z | 67 | PC: 1335f | Get or set file attributes |
| 2018-12-25T11:59:10.922020898Z | 61 | PC: 13369 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:59:10.929836822Z | 87 | PC: 13375 | Get or set file date and time |
| 2018-12-25T11:59:10.931451584Z | 63 | PC: 13387 | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-25T11:59:10.937675269Z | 66 | PC: 13399 | Move file pointer |
| 2018-12-25T11:59:10.940231571Z | 64 | PC: 133bc | Write file or device (Write 762 bytes on handle 5) |
| 2018-12-25T11:59:10.948617247Z | 66 | PC: 133ce | Move file pointer |
| 2018-12-25T11:59:10.95043044Z | 64 | PC: 133dc | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-25T11:59:10.970418173Z | 87 | PC: 133f2 | Get or set file date and time |
| 2018-12-25T11:59:10.972454731Z | 62 | PC: 133f6 | Close file |
| 2018-12-25T11:59:10.980902565Z | 67 | PC: 13403 | Get or set file attributes |
| 2018-12-25T11:59:10.991917691Z | 26 | PC: 1340d | Set disk transfer address |
| 2018-12-25T11:59:10.993114603Z | 9 | PC: 12a4c | Display string (String= '(C) 1993 American Eagle Poblications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #5 - You have just released a virus!') |
| 2018-12-25T11:59:11.00100121Z | 76 | PC: 12a51 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":14,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6353,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:59:11.042039632Z | 42 | PC: 13209 | Get date 0x13209: cmp dl, 0xe 0x1320c: jne 0x1325c 0x1320e: pushaw 0x1320f: pushaw 0x13210: mov ah, 6 0x13212: mov al, 0 0x13214: mov cx, 0 0x13217: mov dl, 0x4f 0x13219: mov dh, 0x18 0x1321b: mov bh, 7 0x1321d: int 0x10 0x1321f: popaw 0x13220: mov cx, 1 0x13223: mov di, 1 0x13226: mov bl, 2 0x13228: cmp di, 0x43 0x1322b: jne 0x13232 0x1322d: mov bl, 4 0x1322f: mov di, 1 0x13232: mov dx, di |