{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1182,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:57.54290966Z | 71 | PC: 12c35 | Get current directory |
| 2018-12-25T11:42:57.559453144Z | 53 | PC: 12c43 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:57.561817871Z | 74 | PC: 12c60 | Reallocate memory |
| 2018-12-25T11:42:57.564052698Z | 72 | PC: 12c67 | Allocate memory |
| 2018-12-25T11:42:57.566644933Z | 37 | PC: 12c8a | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:57.56899765Z | 42 | PC: 12c91 | Get date 0x12c91: cmp dh, 9 0x12c94: jne 0x12cac 0x12c96: nop 0x12c97: nop 0x12c98: nop 0x12c99: cmp dl, 5 0x12c9c: jne 0x12cac 0x12c9e: nop 0x12c9f: nop 0x12ca0: nop 0x12ca1: push ds 0x12ca2: push cs 0x12ca3: pop ds 0x12ca4: mov ah, 9 0x12ca6: mov dx, 0x1cf 0x12ca9: int 0x21 0x12cab: pop ds 0x12cac: mov ax, ds 0x12cae: add ax, word ptr cs:[0x1bd] 0x12cb3: add ax, 0x10 |
| 2018-12-25T11:42:57.572293396Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:42:57.579070674Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1182,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:57.585399Z | 71 | PC: 12c35 | Get current directory |
| 2018-12-25T11:42:57.588210305Z | 53 | PC: 12c43 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:57.590424773Z | 74 | PC: 12c60 | Reallocate memory |
| 2018-12-25T11:42:57.591968027Z | 72 | PC: 12c67 | Allocate memory |
| 2018-12-25T11:42:57.593796186Z | 37 | PC: 12c8a | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:57.595597109Z | 42 | PC: 12c91 | Get date 0x12c91: cmp dh, 9 0x12c94: jne 0x12cac 0x12c96: nop 0x12c97: nop 0x12c98: nop 0x12c99: cmp dl, 5 0x12c9c: jne 0x12cac 0x12c9e: nop 0x12c9f: nop 0x12ca0: nop 0x12ca1: push ds 0x12ca2: push cs 0x12ca3: pop ds 0x12ca4: mov ah, 9 0x12ca6: mov dx, 0x1cf 0x12ca9: int 0x21 0x12cab: pop ds 0x12cac: mov ax, ds 0x12cae: add ax, word ptr cs:[0x1bd] 0x12cb3: add ax, 0x10 |
| 2018-12-25T11:42:57.598268727Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:42:57.604996712Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":5,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1182,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:57.668751693Z | 71 | PC: 12c35 | Get current directory |
| 2018-12-25T11:42:57.670916053Z | 53 | PC: 12c43 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:57.676323053Z | 74 | PC: 12c60 | Reallocate memory |
| 2018-12-25T11:42:57.678262898Z | 72 | PC: 12c67 | Allocate memory |
| 2018-12-25T11:42:57.68046161Z | 37 | PC: 12c8a | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:42:57.683823853Z | 42 | PC: 12c91 | Get date 0x12c91: cmp dh, 9 0x12c94: jne 0x12cac 0x12c96: nop 0x12c97: nop 0x12c98: nop 0x12c99: cmp dl, 5 0x12c9c: jne 0x12cac 0x12c9e: nop 0x12c9f: nop 0x12ca0: nop 0x12ca1: push ds 0x12ca2: push cs 0x12ca3: pop ds 0x12ca4: mov ah, 9 0x12ca6: mov dx, 0x1cf 0x12ca9: int 0x21 0x12cab: pop ds 0x12cac: mov ax, ds 0x12cae: add ax, word ptr cs:[0x1bd] 0x12cb3: add ax, 0x10 |
| 2018-12-25T11:42:57.686734512Z | 9 | PC: 12cab | Display string (Could not find end pointer) |
| 2018-12-25T11:42:57.695785336Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:42:57.702729156Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |