{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7590,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:54.853960079Z | 42 | PC: 14f97 | Get date 0x14f97: cmp dx, 0x305 0x14f9b: jne 0x14fa6 0x14f9d: mov ah, 9 0x14f9f: mov dx, 0x285 0x14fa2: int 0x21 0x14fa4: jmp 0x14fa4 0x14fa6: push cs 0x14fa7: pop es 0x14fa8: mov ah, 0x1a 0x14faa: mov dx, 0x384 0x14fad: int 0x21 0x14faf: mov ah, 0x4e 0x14fb1: mov cx, 3 0x14fb4: mov dx, 0x2fd 0x14fb7: int 0x21 0x14fb9: jae 0x14fc8 0x14fbb: jmp 0x1509d 0x14fbe: call 0x150c4 0x14fc1: mov ah, 0x4f 0x14fc3: call 0x15187 |
| 2018-12-25T12:01:54.859965226Z | 26 | PC: 14faf | Set disk transfer address |
| 2018-12-25T12:01:54.861342006Z | 78 | PC: 14fb9 | Find first file |
| 2018-12-25T12:01:54.867092081Z | 67 | PC: 1518d | Get or set file attributes |
| 2018-12-25T12:01:54.883458064Z | 61 | PC: 14fdd | Open file (Filename = 'TEST.EXE') |
| 2018-12-25T12:01:54.890243561Z | 63 | PC: 1518d | Read file or device (See above) |
| 2018-12-25T12:01:54.893142682Z | 66 | PC: 1518d | Move file pointer (See above) |
| 2018-12-25T12:01:54.895201102Z | 63 | PC: 1518d | Read file or device (See above) |
| 2018-12-25T12:01:54.898779911Z | 62 | PC: 1518d | Close file (See above) |
| 2018-12-25T12:01:54.901046279Z | 67 | PC: 1518d | Get or set file attributes (See above) |
| 2018-12-25T12:01:54.914391658Z | 67 | PC: 1518d | Get or set file attributes (See above) |
| 2018-12-25T12:01:54.924343001Z | 79 | PC: 1518d | Find next file (See above) |
| 2018-12-25T12:01:54.926979364Z | 76 | PC: 14f4d | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":5,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7590,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:01:54.942239027Z | 42 | PC: 14f97 | Get date 0x14f97: cmp dx, 0x305 0x14f9b: jne 0x14fa6 0x14f9d: mov ah, 9 0x14f9f: mov dx, 0x285 0x14fa2: int 0x21 0x14fa4: jmp 0x14fa4 0x14fa6: push cs 0x14fa7: pop es 0x14fa8: mov ah, 0x1a 0x14faa: mov dx, 0x384 0x14fad: int 0x21 0x14faf: mov ah, 0x4e 0x14fb1: mov cx, 3 0x14fb4: mov dx, 0x2fd 0x14fb7: int 0x21 0x14fb9: jae 0x14fc8 0x14fbb: jmp 0x1509d 0x14fbe: call 0x150c4 0x14fc1: mov ah, 0x4f 0x14fc3: call 0x15187 |
| 2018-12-25T12:01:54.946553441Z | 9 | PC: 14fa4 | Display string (Could not find end pointer) |