{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8834,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:53.729825963Z | 74 | PC: 12a6e | Reallocate memory |
| 2018-12-25T12:21:53.731741001Z | 26 | PC: 12ac4 | Set disk transfer address |
| 2018-12-25T12:21:53.73510628Z | 72 | PC: 12acf | Allocate memory |
| 2018-12-25T12:21:53.736463244Z | 42 | PC: 12adc | Get date 0x12adc: cmp dh, 0xc 0x12adf: jne 0x12af3 0x12ae1: cmp dl, 1 0x12ae4: jne 0x12af3 0x12ae6: mov ah, 9 0x12ae8: lea dx, word ptr [bp + 0x381] 0x12aec: int 0x21 0x12aee: mov ax, 0x4c00 0x12af1: int 0x21 0x12af3: xor dl, dl 0x12af5: lea si, word ptr [bp + 0x42a] 0x12af9: mov ah, 0x47 0x12afb: int 0x21 0x12afd: xor cx, cx 0x12aff: lea dx, word ptr [bp + 0x378] 0x12b03: mov ah, 0x4e 0x12b05: int 0x21 0x12b07: jae 0x12b0c 0x12b09: jmp 0x12c48 0x12b0c: lea dx, word ptr [bp + 0x41b] |
| 2018-12-25T12:21:53.738565422Z | 71 | PC: 12afd | Get current directory |
| 2018-12-25T12:21:53.741611186Z | 78 | PC: 12b07 | Find first file |
| 2018-12-25T12:21:53.747196045Z | 59 | PC: 12c50 | Change current directory |
| 2018-12-25T12:21:53.755949128Z | 59 | PC: 12c5d | Change current directory |
| 2018-12-25T12:21:53.758978853Z | 73 | PC: 12c65 | Release memory |
| 2018-12-25T12:21:53.764499009Z | 76 | PC: 0 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8834,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:53.84575023Z | 74 | PC: 12a6e | Reallocate memory |
| 2018-12-25T12:21:53.847837047Z | 26 | PC: 12ac4 | Set disk transfer address |
| 2018-12-25T12:21:53.849255862Z | 72 | PC: 12acf | Allocate memory |
| 2018-12-25T12:21:53.851400742Z | 42 | PC: 12adc | Get date 0x12adc: cmp dh, 0xc 0x12adf: jne 0x12af3 0x12ae1: cmp dl, 1 0x12ae4: jne 0x12af3 0x12ae6: mov ah, 9 0x12ae8: lea dx, word ptr [bp + 0x381] 0x12aec: int 0x21 0x12aee: mov ax, 0x4c00 0x12af1: int 0x21 0x12af3: xor dl, dl 0x12af5: lea si, word ptr [bp + 0x42a] 0x12af9: mov ah, 0x47 0x12afb: int 0x21 0x12afd: xor cx, cx 0x12aff: lea dx, word ptr [bp + 0x378] 0x12b03: mov ah, 0x4e 0x12b05: int 0x21 0x12b07: jae 0x12b0c 0x12b09: jmp 0x12c48 0x12b0c: lea dx, word ptr [bp + 0x41b] |
| 2018-12-25T12:21:53.854163699Z | 9 | PC: 12aee | Display string (String= '-THUNDER STRUCK- (c) SX Written in RSA.') |
| 2018-12-25T12:21:53.859256663Z | 76 | PC: 12af3 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":2,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8834,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:21:54.03374764Z | 74 | PC: 12a6e | Reallocate memory |
| 2018-12-25T12:21:54.035842296Z | 26 | PC: 12ac4 | Set disk transfer address |
| 2018-12-25T12:21:54.036937265Z | 72 | PC: 12acf | Allocate memory |
| 2018-12-25T12:21:54.038333262Z | 42 | PC: 12adc | Get date 0x12adc: cmp dh, 0xc 0x12adf: jne 0x12af3 0x12ae1: cmp dl, 1 0x12ae4: jne 0x12af3 0x12ae6: mov ah, 9 0x12ae8: lea dx, word ptr [bp + 0x381] 0x12aec: int 0x21 0x12aee: mov ax, 0x4c00 0x12af1: int 0x21 0x12af3: xor dl, dl 0x12af5: lea si, word ptr [bp + 0x42a] 0x12af9: mov ah, 0x47 0x12afb: int 0x21 0x12afd: xor cx, cx 0x12aff: lea dx, word ptr [bp + 0x378] 0x12b03: mov ah, 0x4e 0x12b05: int 0x21 0x12b07: jae 0x12b0c 0x12b09: jmp 0x12c48 0x12b0c: lea dx, word ptr [bp + 0x41b] |
| 2018-12-25T12:21:54.040708795Z | 71 | PC: 12afd | Get current directory |
| 2018-12-25T12:21:54.043800622Z | 78 | PC: 12b07 | Find first file |
| 2018-12-25T12:21:54.049695158Z | 59 | PC: 12c50 | Change current directory |
| 2018-12-25T12:21:54.05442787Z | 59 | PC: 12c5d | Change current directory |
| 2018-12-25T12:21:54.056460692Z | 73 | PC: 12c65 | Release memory |
| 2018-12-25T12:21:54.062329775Z | 76 | PC: 0 | Terminate with return code (Return code = '0') |