{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7784,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:36.065362792Z | 42 | PC: 12ef4 | Get date 0x12ef4: cmp dl, 2 0x12ef7: jne 0x12f2f 0x12ef9: mov ah, 9 0x12efb: lea dx, word ptr [bp + 0x6b6] 0x12eff: int 0x21 0x12f01: xor ax, ax 0x12f03: mov es, ax 0x12f05: mov dx, 0xaaaa 0x12f08: mov word ptr es:[0x416], dx 0x12f0d: ror dx, 1 0x12f0f: mov cx, 0x101 0x12f12: mov ah, 5 0x12f14: int 0x16 0x12f16: mov ah, 0x10 0x12f18: int 0x16 0x12f1a: int 5 0x12f1c: mov ax, 0xa07 0x12f1f: xor bh, bh 0x12f21: mov cx, 1 0x12f24: int 0x10 |
| 2018-12-25T12:02:36.067379483Z | 127 | PC: 12f33 | UNKNOWN! |
| 2018-12-25T12:02:36.06823768Z | 74 | PC: 12fa7 | Reallocate memory |
| 2018-12-25T12:02:36.069293286Z | 75 | PC: 12fb6 | Execute program |
| 2018-12-25T12:02:36.072905262Z | 76 | PC: 12fba | Terminate with return code (Return code = '5') |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7784,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:36.122168694Z | 42 | PC: 12ef4 | Get date 0x12ef4: cmp dl, 2 0x12ef7: jne 0x12f2f 0x12ef9: mov ah, 9 0x12efb: lea dx, word ptr [bp + 0x6b6] 0x12eff: int 0x21 0x12f01: xor ax, ax 0x12f03: mov es, ax 0x12f05: mov dx, 0xaaaa 0x12f08: mov word ptr es:[0x416], dx 0x12f0d: ror dx, 1 0x12f0f: mov cx, 0x101 0x12f12: mov ah, 5 0x12f14: int 0x16 0x12f16: mov ah, 0x10 0x12f18: int 0x16 0x12f1a: int 5 0x12f1c: mov ax, 0xa07 0x12f1f: xor bh, bh 0x12f21: mov cx, 1 0x12f24: int 0x10 |
| 2018-12-25T12:02:36.125504331Z | 9 | PC: 12f01 | Display string (String= ' ASeXual Virus V0.99 - Your computer has been artificially Phucked!') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7784,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:36.408740564Z | 42 | PC: 12ef4 | Get date 0x12ef4: cmp dl, 2 0x12ef7: jne 0x12f2f 0x12ef9: mov ah, 9 0x12efb: lea dx, word ptr [bp + 0x6b6] 0x12eff: int 0x21 0x12f01: xor ax, ax 0x12f03: mov es, ax 0x12f05: mov dx, 0xaaaa 0x12f08: mov word ptr es:[0x416], dx 0x12f0d: ror dx, 1 0x12f0f: mov cx, 0x101 0x12f12: mov ah, 5 0x12f14: int 0x16 0x12f16: mov ah, 0x10 0x12f18: int 0x16 0x12f1a: int 5 0x12f1c: mov ax, 0xa07 0x12f1f: xor bh, bh 0x12f21: mov cx, 1 0x12f24: int 0x10 |
| 2018-12-25T12:02:36.411841686Z | 127 | PC: 12f33 | UNKNOWN! |
| 2018-12-25T12:02:36.412812898Z | 74 | PC: 12fa7 | Reallocate memory |
| 2018-12-25T12:02:36.414137935Z | 75 | PC: 12fb6 | Execute program |
| 2018-12-25T12:02:36.419168958Z | 76 | PC: 12fba | Terminate with return code (Return code = '5') |
{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7784,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:02:36.432545034Z | 42 | PC: 12ef4 | Get date 0x12ef4: cmp dl, 2 0x12ef7: jne 0x12f2f 0x12ef9: mov ah, 9 0x12efb: lea dx, word ptr [bp + 0x6b6] 0x12eff: int 0x21 0x12f01: xor ax, ax 0x12f03: mov es, ax 0x12f05: mov dx, 0xaaaa 0x12f08: mov word ptr es:[0x416], dx 0x12f0d: ror dx, 1 0x12f0f: mov cx, 0x101 0x12f12: mov ah, 5 0x12f14: int 0x16 0x12f16: mov ah, 0x10 0x12f18: int 0x16 0x12f1a: int 5 0x12f1c: mov ax, 0xa07 0x12f1f: xor bh, bh 0x12f21: mov cx, 1 0x12f24: int 0x10 |
| 2018-12-25T12:02:36.43562544Z | 9 | PC: 12f01 | Display string (String= ' ASeXual Virus V0.99 - Your computer has been artificially Phucked!') |