.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:48:25.630392185Z | 44 | PC: 13627 | Get time 0x13627: add dx, bp
0x13629: mov byte ptr [bp + 0x400], dh
0x1362d: mov al, 0xd
0x1362f: and al, al
0x13631: jne 0x13646
0x13633: mov ah, 0x2a
0x13635: int 0x21
0x13637: cmp dh, 2
0x1363a: jne 0x13646
0x1363c: add dh, 0xc
0x1363f: nop
0x13640: cmp dl, dh
0x13642: jne 0x13646
0x13644: jmp 0x13649
0x13646: jmp 0x136cd
0x13649: mov si, 0xcb
0x1364c: add si, di
0x1364e: call 0x1383a
0x13651: mov si, 0xaa
0x13654: add si, di
|
| 2018-12-17T22:48:25.633759025Z | 26 | PC: 136e2 | Set disk transfer address |
| 2018-12-17T22:48:25.635648551Z | 78 | PC: 136ee | Find first file |
| 2018-12-17T22:48:25.642862406Z | 79 | PC: 13706 | Find next file |
| 2018-12-17T22:48:25.64601544Z | 61 | PC: 1371d | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:48:25.653971642Z | 87 | PC: 13729 | Get or set file date and time |
| 2018-12-17T22:48:25.65555355Z | 63 | PC: 1373e | Read file or device (Read 30720 bytes on handle 5) |
| 2018-12-17T22:48:25.663390303Z | 62 | PC: 13746 | Close file |
| 2018-12-17T22:48:25.666193132Z | 60 | PC: 137eb | Create or truncate file |
| 2018-12-17T22:48:25.687271596Z | 64 | PC: 13802 | Write file or device (Write 627 bytes on handle 5) |
| 2018-12-17T22:48:25.696894882Z | 87 | PC: 13810 | Get or set file date and time |
| 2018-12-17T22:48:25.699174121Z | 62 | PC: 13814 | Close file |
| 2018-12-17T22:48:25.708779907Z | 9 | PC: 12a4b | Display string (String= 'Copyright (C) 1991 JADE Corporation
') |
| 2018-12-17T22:48:25.713914085Z | 61 | PC: 12b0d | Open file (Filename = '�') |
| 2018-12-17T22:48:25.722841561Z | 63 | PC: 12b25 | Read file or device (Read 32 bytes on handle 5) |
| 2018-12-17T22:48:25.726442003Z | 62 | PC: 12b4f | Close file |
| 2018-12-17T22:48:25.728537559Z | 9 | PC: 12b55 | Display string (String= 'Warning !!!!
Warning !!!!
Program was Infected with Virus
') |
| 2018-12-17T22:48:25.739683052Z | 76 | PC: 12b59 | Terminate with return code (Return code = '36') |
