{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15941,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:54.394994603Z | 240 | PC: 13dc4 | UNKNOWN! |
| 2018-12-25T12:44:54.39625644Z | 255 | PC: 13df2 | UNKNOWN! |
| 2018-12-25T12:44:54.407736654Z | 74 | PC: 12ed5 | Reallocate memory |
| 2018-12-25T12:44:54.409302853Z | 75 | PC: 12f3b | Execute program |
| 2018-12-25T12:44:54.426192613Z | 9 | PC: 13272 | Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ') |
| 2018-12-25T12:44:54.433372593Z | 76 | PC: 13276 | Terminate with return code (Return code = '36') |
| 2018-12-25T12:44:54.436789834Z | 73 | PC: 12f41 | Release memory |
| 2018-12-25T12:44:54.438382096Z | 77 | PC: 12f45 | Get program return code |
| 2018-12-25T12:44:54.44054675Z | 42 | PC: 12f49 | Get date 0x12f49: cmp al, 0 0x12f4b: jne 0x12f56 0x12f4d: mov ah, 0x2c 0x12f4f: int 0x21 0x12f51: cmp cl, 0x2c 0x12f54: je 0x12f5e 0x12f56: mov ah, 0x31 0x12f58: mov dx, 0x75 0x12f5b: call 0x22aa0 0x12f5e: mov ah, 0x19 0x12f60: int 0x21 0x12f62: mov dl, al 0x12f64: cmp dl, 2 0x12f67: jb 0x12f6b 0x12f69: add al, 0x7e 0x12f6b: mov ax, 0x309 0x12f6e: mov bx, 0x61e 0x12f71: mov cx, 1 0x12f74: mov dh, 0 0x12f76: int 0x13 |
| 2018-12-25T12:44:54.443408617Z | 44 | PC: 12f51 | Get time 0x12f51: cmp cl, 0x2c 0x12f54: je 0x12f5e 0x12f56: mov ah, 0x31 0x12f58: mov dx, 0x75 0x12f5b: call 0x22aa0 0x12f5e: mov ah, 0x19 0x12f60: int 0x21 0x12f62: mov dl, al 0x12f64: cmp dl, 2 0x12f67: jb 0x12f6b 0x12f69: add al, 0x7e 0x12f6b: mov ax, 0x309 0x12f6e: mov bx, 0x61e 0x12f71: mov cx, 1 0x12f74: mov dh, 0 0x12f76: int 0x13 0x12f78: mov cx, 0x40 0x12f7b: mov al, cl 0x12f7d: out 0x70, al 0x12f7f: mov al, 0xff |
| 2018-12-25T12:44:54.445786623Z | 25 | PC: 12f62 | Get default drive |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15941,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T12:44:54.765704567Z | 240 | PC: 13dc4 | UNKNOWN! |
| 2018-12-25T12:44:54.767135209Z | 255 | PC: 13df2 | UNKNOWN! |
| 2018-12-25T12:44:54.775155589Z | 74 | PC: 12ed5 | Reallocate memory |
| 2018-12-25T12:44:54.7769019Z | 75 | PC: 12f3b | Execute program |
| 2018-12-25T12:44:54.792089729Z | 9 | PC: 13272 | Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ') |
| 2018-12-25T12:44:54.79779608Z | 76 | PC: 13276 | Terminate with return code (Return code = '36') |
| 2018-12-25T12:44:54.800964368Z | 73 | PC: 12f41 | Release memory |
| 2018-12-25T12:44:54.80287317Z | 77 | PC: 12f45 | Get program return code |
| 2018-12-25T12:44:54.80442937Z | 42 | PC: 12f49 | Get date 0x12f49: cmp al, 0 0x12f4b: jne 0x12f56 0x12f4d: mov ah, 0x2c 0x12f4f: int 0x21 0x12f51: cmp cl, 0x2c 0x12f54: je 0x12f5e 0x12f56: mov ah, 0x31 0x12f58: mov dx, 0x75 0x12f5b: call 0x22aa0 0x12f5e: mov ah, 0x19 0x12f60: int 0x21 0x12f62: mov dl, al 0x12f64: cmp dl, 2 0x12f67: jb 0x12f6b 0x12f69: add al, 0x7e 0x12f6b: mov ax, 0x309 0x12f6e: mov bx, 0x61e 0x12f71: mov cx, 1 0x12f74: mov dh, 0 0x12f76: int 0x13 |
| 2018-12-25T12:44:54.80647379Z | 49 | PC: 12aa6 | Terminate and stay resident (Return code = '2' | Memory size = '117') |