{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9943,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:26:45.387694605Z | 42 | PC: 13a1d | Get date 0x13a1d: cmp dl, 7 0x13a20: je 0x13a25 0x13a22: jmp 0x13b8b 0x13a25: mov ah, 0x2c 0x13a27: int 0x21 0x13a29: cmp cl, 0x14 0x13a2c: jg 0x13a31 0x13a2e: jmp 0x13b8b 0x13a31: jmp 0x13b1d 0x13a34: or cl, byte ptr [di] 0x13a36: or cl, byte ptr [di] 0x13a38: or cl, byte ptr [di] 0x13a3a: or cl, byte ptr [di] 0x13a3c: or cl, byte ptr [di] 0x13a3e: or cl, byte ptr [di] 0x13a40: and byte ptr [bx + 0x65], dl 0x13a43: insb byte ptr es:[di], dx 0x13a44: insb byte ptr es:[di], dx 0x13a45: sub al, 0x20 0x13a47: je 0x13ab1 |
| 2018-12-25T12:26:45.399074576Z | 94 | PC: 12e06 | Network functions |
| 2018-12-25T12:26:45.401821006Z | 88 | PC: 12e2d | case 0xGet or set allocation strateg: |
| 2018-12-25T12:26:45.404385366Z | 88 | PC: 12e37 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:26:45.407205057Z | 88 | PC: 12e44 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:26:45.42535789Z | 88 | PC: 12e4c | case 0xGet or set allocation strateg: |
| 2018-12-25T12:26:45.430265754Z | 88 | PC: 12edc | case 0xGet or set allocation strateg: |
| 2018-12-25T12:26:45.432093355Z | 88 | PC: 12ee8 | case 0xGet or set allocation strateg: |
| 2018-12-25T12:26:45.444070614Z | 74 | PC: 12efe | Reallocate memory |
| 2018-12-25T12:26:45.446268053Z | 74 | PC: 12f0c | Reallocate memory |
| 2018-12-25T12:26:45.448681867Z | 25 | PC: 12fb0 | Get default drive |
| 2018-12-25T12:26:45.451959343Z | 76 | PC: 130c9 | Terminate with return code (Return code = '0') |
{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9943,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:26:45.830608541Z | 42 | PC: 13a1d | Get date 0x13a1d: cmp dl, 7 0x13a20: je 0x13a25 0x13a22: jmp 0x13b8b 0x13a25: mov ah, 0x2c 0x13a27: int 0x21 0x13a29: cmp cl, 0x14 0x13a2c: jg 0x13a31 0x13a2e: jmp 0x13b8b 0x13a31: jmp 0x13b1d 0x13a34: or cl, byte ptr [di] 0x13a36: or cl, byte ptr [di] 0x13a38: or cl, byte ptr [di] 0x13a3a: or cl, byte ptr [di] 0x13a3c: or cl, byte ptr [di] 0x13a3e: or cl, byte ptr [di] 0x13a40: and byte ptr [bx + 0x65], dl 0x13a43: insb byte ptr es:[di], dx 0x13a44: insb byte ptr es:[di], dx 0x13a45: sub al, 0x20 0x13a47: je 0x13ab1 |
| 2018-12-25T12:26:45.833374634Z | 44 | PC: 13a29 | Get time 0x13a29: cmp cl, 0x14 0x13a2c: jg 0x13a31 0x13a2e: jmp 0x13b8b 0x13a31: jmp 0x13b1d 0x13a34: or cl, byte ptr [di] 0x13a36: or cl, byte ptr [di] 0x13a38: or cl, byte ptr [di] 0x13a3a: or cl, byte ptr [di] 0x13a3c: or cl, byte ptr [di] 0x13a3e: or cl, byte ptr [di] 0x13a40: and byte ptr [bx + 0x65], dl 0x13a43: insb byte ptr es:[di], dx 0x13a44: insb byte ptr es:[di], dx 0x13a45: sub al, 0x20 0x13a47: je 0x13ab1 0x13a49: imul si, word ptr [bp + di + 0x20], 0x756a 0x13a4e: jae 0x13ac4 0x13a50: and byte ptr [bx + di + 0x69], ah 0x13a53: outsb dx, byte ptr [si] 0x13a54: daa |
| 2018-12-25T12:26:45.843866483Z | 9 | PC: 13b5d | Display string (String= ' Well, this just ain't your lucky day ! You are blessed with WHIPLASH V.2.0. Beta release Variant A written and compiled in Bucharest, Romania by Lord Julus (c) ') |