{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8285,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:07.073673755Z | 42 | PC: 12b77 | Get date 0x12b77: cmp dl, 9 0x12b7a: jne 0x12bb2 0x12b7c: mov ah, 9 0x12b7e: lea dx, word ptr [bp + 0x4f3] 0x12b82: int 0x21 0x12b84: xor ax, ax 0x12b86: mov es, ax 0x12b88: mov dx, 0xaaaa 0x12b8b: mov word ptr es:[0x416], dx 0x12b90: ror dx, 1 0x12b92: mov cx, 0x101 0x12b95: mov ah, 5 0x12b97: int 0x16 0x12b99: mov ah, 0x10 0x12b9b: int 0x16 0x12b9d: int 5 0x12b9f: mov ax, 0xa07 0x12ba2: xor bh, bh 0x12ba4: mov cx, 1 0x12ba7: int 0x10 |
| 2018-12-25T12:04:07.076375689Z | 125 | PC: 12bf1 | UNKNOWN! |
| 2018-12-25T12:04:07.077325711Z | 74 | PC: 12bc8 | Reallocate memory |
| 2018-12-25T12:04:07.07914951Z | 75 | PC: 12bd5 | Execute program |
| 2018-12-25T12:04:07.08458812Z | 76 | PC: 12bd9 | Terminate with return code (Return code = '5') |
{"DateBased":true,"Day":9,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8285,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:04:08.008258809Z | 42 | PC: 12b77 | Get date 0x12b77: cmp dl, 9 0x12b7a: jne 0x12bb2 0x12b7c: mov ah, 9 0x12b7e: lea dx, word ptr [bp + 0x4f3] 0x12b82: int 0x21 0x12b84: xor ax, ax 0x12b86: mov es, ax 0x12b88: mov dx, 0xaaaa 0x12b8b: mov word ptr es:[0x416], dx 0x12b90: ror dx, 1 0x12b92: mov cx, 0x101 0x12b95: mov ah, 5 0x12b97: int 0x16 0x12b99: mov ah, 0x10 0x12b9b: int 0x16 0x12b9d: int 5 0x12b9f: mov ax, 0xa07 0x12ba2: xor bh, bh 0x12ba4: mov cx, 1 0x12ba7: int 0x10 |
| 2018-12-25T12:04:08.018518754Z | 9 | PC: 12b84 | Display string (Could not find end pointer) |