Sample viewer

vx.netlux.org/Virus.DOS.Ocean.2571

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:51.634765817Z 42 PC: 13bf8 | Get date 0x13bf8: cmp dx, 0x314
0x13bfc: jne 0x13c04
0x13bfe: mov byte ptr cs:[bp + 0x834], 1
0x13c04: mov bx, 0x1313
0x13c07: mov cx, 0x3112
0x13c0a: mov dx, 0x604
0x13c0d: mov ah, 0x19
0x13c0f: mov al, 3
0x13c11: int 0x21
0x13c13: xor ax, bx
0x13c15: cmp ax, 0xffff
0x13c18: jne 0x13c1d
0x13c1a: jmp 0x13c2d
0x13c1d: push cs
0x13c1e: pop ds
0x13c1f: call 0x23b33
0x13c22: call 0x23943
0x13c25: jb 0x13c2d
0x13c27: call 0x23aa6
0x13c2a: call 0x23ac9
2018-12-17T23:09:51.638062393Z 25 PC: 13c13 | Get default drive
2018-12-17T23:09:51.639286734Z 44 PC: 13b3c | Get time 0x13b3c: cmp ch, cl
0x13b3e: jne 0x13b5f
0x13b40: lea dx, word ptr [bp + 0x38c]
0x13b44: mov si, 0x36
0x13b47: call 0x232af
0x13b4a: lea dx, word ptr [bp + 0x38c]
0x13b4e: mov ah, 9
0x13b50: int 0x21
0x13b52: lea dx, word ptr [bp + 0x38c]
0x13b56: mov si, 0x36
0x13b59: call 0x232af
0x13b5c: jmp 0x13b78
0x13b5f: cmp dh, 0xa
0x13b62: jae 0x13b78
0x13b64: lea dx, word ptr [bp + 0x5d6]
0x13b68: mov si, 0x3d
0x13b6b: call 0x232af
0x13b6e: mov ah, 9
0x13b70: int 0x21
0x13b72: mov si, 0x3d
2018-12-17T23:09:51.641573281Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T23:09:51.645826364Z 48 PC: 12a8f | Get DOS version
2018-12-17T23:09:51.647375586Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T23:09:51.655964387Z 93 PC: 12afe | File sharing functions
2018-12-17T23:09:51.658060536Z 9 PC: 12a86 | Display string (String= 'Size change=0A23h/02595d. ')
2018-12-17T23:09:51.663382047Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16666,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:38.517311926Z 42 PC: 13bf8 | Get date 0x13bf8: cmp dx, 0x314
0x13bfc: jne 0x13c04
0x13bfe: mov byte ptr cs:[bp + 0x834], 1
0x13c04: mov bx, 0x1313
0x13c07: mov cx, 0x3112
0x13c0a: mov dx, 0x604
0x13c0d: mov ah, 0x19
0x13c0f: mov al, 3
0x13c11: int 0x21
0x13c13: xor ax, bx
0x13c15: cmp ax, 0xffff
0x13c18: jne 0x13c1d
0x13c1a: jmp 0x13c2d
0x13c1d: push cs
0x13c1e: pop ds
0x13c1f: call 0x23b33
0x13c22: call 0x23943
0x13c25: jb 0x13c2d
0x13c27: call 0x23aa6
0x13c2a: call 0x23ac9
2018-12-25T12:53:38.520647331Z 25 PC: 13c13 | Get default drive
2018-12-25T12:53:38.521665145Z 44 PC: 13b3c | Get time 0x13b3c: cmp ch, cl
0x13b3e: jne 0x13b5f
0x13b40: lea dx, word ptr [bp + 0x38c]
0x13b44: mov si, 0x36
0x13b47: call 0x232af
0x13b4a: lea dx, word ptr [bp + 0x38c]
0x13b4e: mov ah, 9
0x13b50: int 0x21
0x13b52: lea dx, word ptr [bp + 0x38c]
0x13b56: mov si, 0x36
0x13b59: call 0x232af
0x13b5c: jmp 0x13b78
0x13b5f: cmp dh, 0xa
0x13b62: jae 0x13b78
0x13b64: lea dx, word ptr [bp + 0x5d6]
0x13b68: mov si, 0x3d
0x13b6b: call 0x232af
0x13b6e: mov ah, 9
0x13b70: int 0x21
0x13b72: mov si, 0x3d
2018-12-25T12:53:38.523739014Z 9 PC: 13b52 | Display string (String= 'This is an Atlantic Ocean I Virus (C) 1997 by #13 ')
2018-12-25T12:53:38.530247872Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:53:38.535878518Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:53:38.537399644Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:53:38.545304804Z 93 PC: 12afe | File sharing functions
2018-12-25T12:53:38.547340881Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:53:38.550115931Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16666,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:38.549405969Z 42 PC: 13bf8 | Get date 0x13bf8: cmp dx, 0x314
0x13bfc: jne 0x13c04
0x13bfe: mov byte ptr cs:[bp + 0x834], 1
0x13c04: mov bx, 0x1313
0x13c07: mov cx, 0x3112
0x13c0a: mov dx, 0x604
0x13c0d: mov ah, 0x19
0x13c0f: mov al, 3
0x13c11: int 0x21
0x13c13: xor ax, bx
0x13c15: cmp ax, 0xffff
0x13c18: jne 0x13c1d
0x13c1a: jmp 0x13c2d
0x13c1d: push cs
0x13c1e: pop ds
0x13c1f: call 0x23b33
0x13c22: call 0x23943
0x13c25: jb 0x13c2d
0x13c27: call 0x23aa6
0x13c2a: call 0x23ac9
2018-12-25T12:53:38.552236752Z 25 PC: 13c13 | Get default drive
2018-12-25T12:53:38.553268483Z 44 PC: 13b3c | Get time 0x13b3c: cmp ch, cl
0x13b3e: jne 0x13b5f
0x13b40: lea dx, word ptr [bp + 0x38c]
0x13b44: mov si, 0x36
0x13b47: call 0x232af
0x13b4a: lea dx, word ptr [bp + 0x38c]
0x13b4e: mov ah, 9
0x13b50: int 0x21
0x13b52: lea dx, word ptr [bp + 0x38c]
0x13b56: mov si, 0x36
0x13b59: call 0x232af
0x13b5c: jmp 0x13b78
0x13b5f: cmp dh, 0xa
0x13b62: jae 0x13b78
0x13b64: lea dx, word ptr [bp + 0x5d6]
0x13b68: mov si, 0x3d
0x13b6b: call 0x232af
0x13b6e: mov ah, 9
0x13b70: int 0x21
0x13b72: mov si, 0x3d
2018-12-25T12:53:38.555708969Z 9 PC: 13b52 | Display string (String= 'This is an Atlantic Ocean I Virus (C) 1997 by #13 ')
2018-12-25T12:53:38.562130673Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:53:38.568490796Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:53:38.569619586Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:53:38.576626088Z 93 PC: 12afe | File sharing functions
2018-12-25T12:53:38.578343529Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:53:38.582120588Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16666,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:38.649346676Z 42 PC: 13bf8 | Get date 0x13bf8: cmp dx, 0x314
0x13bfc: jne 0x13c04
0x13bfe: mov byte ptr cs:[bp + 0x834], 1
0x13c04: mov bx, 0x1313
0x13c07: mov cx, 0x3112
0x13c0a: mov dx, 0x604
0x13c0d: mov ah, 0x19
0x13c0f: mov al, 3
0x13c11: int 0x21
0x13c13: xor ax, bx
0x13c15: cmp ax, 0xffff
0x13c18: jne 0x13c1d
0x13c1a: jmp 0x13c2d
0x13c1d: push cs
0x13c1e: pop ds
0x13c1f: call 0x23b33
0x13c22: call 0x23943
0x13c25: jb 0x13c2d
0x13c27: call 0x23aa6
0x13c2a: call 0x23ac9
2018-12-25T12:53:38.652079986Z 25 PC: 13c13 | Get default drive
2018-12-25T12:53:38.653343358Z 44 PC: 13b3c | Get time 0x13b3c: cmp ch, cl
0x13b3e: jne 0x13b5f
0x13b40: lea dx, word ptr [bp + 0x38c]
0x13b44: mov si, 0x36
0x13b47: call 0x232af
0x13b4a: lea dx, word ptr [bp + 0x38c]
0x13b4e: mov ah, 9
0x13b50: int 0x21
0x13b52: lea dx, word ptr [bp + 0x38c]
0x13b56: mov si, 0x36
0x13b59: call 0x232af
0x13b5c: jmp 0x13b78
0x13b5f: cmp dh, 0xa
0x13b62: jae 0x13b78
0x13b64: lea dx, word ptr [bp + 0x5d6]
0x13b68: mov si, 0x3d
0x13b6b: call 0x232af
0x13b6e: mov ah, 9
0x13b70: int 0x21
0x13b72: mov si, 0x3d
2018-12-25T12:53:38.655474344Z 9 PC: 13b52 | Display string (String= 'This is an Atlantic Ocean I Virus (C) 1997 by #13 ')
2018-12-25T12:53:38.66150961Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:53:38.665102927Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:53:38.666044069Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:53:38.67225086Z 93 PC: 12afe | File sharing functions
2018-12-25T12:53:38.674228365Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:53:38.678893549Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":16666,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:38.63329514Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:53:38.652530817Z 41 PC: 94fae | Parse filename
2018-12-25T12:53:38.666141485Z 41 PC: 9502f | Parse filename
2018-12-25T12:53:38.668321172Z 41 PC: 9504c | Parse filename
2018-12-25T12:53:38.670983056Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T12:53:38.673195688Z 71 PC: 986f3 | Get current directory
2018-12-25T12:53:38.677526789Z 78 PC: 986fe | Find first file
2018-12-25T12:53:38.689025224Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T12:53:38.692612063Z 78 PC: 986fe | Find first file (See above)
2018-12-25T12:53:38.7042757Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T12:53:38.71043645Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:53:38.713001805Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:53:38.7153307Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:38.717075672Z 62 PC: 122ab | Close file
2018-12-25T12:53:38.718391401Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.720192489Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.721384056Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.722555562Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.725121536Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.726836406Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.728000812Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.729749875Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.731328865Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.732717336Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.734477123Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.735993346Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.737233773Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.739045725Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:53:38.740493469Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T12:53:38.741659052Z 56 PC: 94df9 | Get or set country info
2018-12-25T12:53:38.74808838Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:53:38.759335292Z 25 PC: 94e62 | Get default drive
2018-12-25T12:53:38.761716208Z 71 PC: 970dd | Get current directory
2018-12-25T12:53:38.766218281Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:53:38.774574659Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T12:53:38.777631515Z 93 PC: 94f20 | File sharing functions
2018-12-25T12:53:38.780075087Z 93 PC: 94f27 | File sharing functions
2018-12-25T12:53:38.783762377Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T12:53:53.681129523Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:53:55.035661978Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:53:55.138134262Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:53:55.144870586Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T12:53:55.147844307Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T12:53:55.151305323Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T12:53:55.154009892Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T12:53:55.156787204Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T12:53:55.165661068Z 78 PC: 986fe | Find first file (See above)
2018-12-25T12:53:55.176075728Z 71 PC: 9856c | Get current directory
2018-12-25T12:53:55.181553216Z 73 PC: 97c09 | Release memory
2018-12-25T12:53:55.183846068Z 75 PC: 11821 | Execute program
2018-12-25T12:53:55.202238874Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T12:53:55.207144385Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":16666,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:39.785842175Z 42 PC: 13bf8 | Get date 0x13bf8: cmp dx, 0x314
0x13bfc: jne 0x13c04
0x13bfe: mov byte ptr cs:[bp + 0x834], 1
0x13c04: mov bx, 0x1313
0x13c07: mov cx, 0x3112
0x13c0a: mov dx, 0x604
0x13c0d: mov ah, 0x19
0x13c0f: mov al, 3
0x13c11: int 0x21
0x13c13: xor ax, bx
0x13c15: cmp ax, 0xffff
0x13c18: jne 0x13c1d
0x13c1a: jmp 0x13c2d
0x13c1d: push cs
0x13c1e: pop ds
0x13c1f: call 0x23b33
0x13c22: call 0x23943
0x13c25: jb 0x13c2d
0x13c27: call 0x23aa6
0x13c2a: call 0x23ac9
2018-12-25T12:53:39.789372133Z 25 PC: 13c13 | Get default drive
2018-12-25T12:53:39.79084847Z 44 PC: 13b3c | Get time 0x13b3c: cmp ch, cl
0x13b3e: jne 0x13b5f
0x13b40: lea dx, word ptr [bp + 0x38c]
0x13b44: mov si, 0x36
0x13b47: call 0x232af
0x13b4a: lea dx, word ptr [bp + 0x38c]
0x13b4e: mov ah, 9
0x13b50: int 0x21
0x13b52: lea dx, word ptr [bp + 0x38c]
0x13b56: mov si, 0x36
0x13b59: call 0x232af
0x13b5c: jmp 0x13b78
0x13b5f: cmp dh, 0xa
0x13b62: jae 0x13b78
0x13b64: lea dx, word ptr [bp + 0x5d6]
0x13b68: mov si, 0x3d
0x13b6b: call 0x232af
0x13b6e: mov ah, 9
0x13b70: int 0x21
0x13b72: mov si, 0x3d
2018-12-25T12:53:39.793596791Z 9 PC: 13b72 | Display string (String= 'Listen to Radio RAGTIME 106.6 FM! [and use MSDOS 95 to keep #" 3rzevN')
2018-12-25T12:53:39.79960674Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:53:39.808385719Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:53:39.810142995Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:53:39.818416249Z 93 PC: 12afe | File sharing functions
2018-12-25T12:53:39.821351459Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:53:39.827466928Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":16666,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:38.711187763Z 42 PC: 13bf8 | Get date 0x13bf8: cmp dx, 0x314
0x13bfc: jne 0x13c04
0x13bfe: mov byte ptr cs:[bp + 0x834], 1
0x13c04: mov bx, 0x1313
0x13c07: mov cx, 0x3112
0x13c0a: mov dx, 0x604
0x13c0d: mov ah, 0x19
0x13c0f: mov al, 3
0x13c11: int 0x21
0x13c13: xor ax, bx
0x13c15: cmp ax, 0xffff
0x13c18: jne 0x13c1d
0x13c1a: jmp 0x13c2d
0x13c1d: push cs
0x13c1e: pop ds
0x13c1f: call 0x23b33
0x13c22: call 0x23943
0x13c25: jb 0x13c2d
0x13c27: call 0x23aa6
0x13c2a: call 0x23ac9
2018-12-25T12:53:38.713647062Z 25 PC: 13c13 | Get default drive
2018-12-25T12:53:38.714583043Z 44 PC: 13b3c | Get time 0x13b3c: cmp ch, cl
0x13b3e: jne 0x13b5f
0x13b40: lea dx, word ptr [bp + 0x38c]
0x13b44: mov si, 0x36
0x13b47: call 0x232af
0x13b4a: lea dx, word ptr [bp + 0x38c]
0x13b4e: mov ah, 9
0x13b50: int 0x21
0x13b52: lea dx, word ptr [bp + 0x38c]
0x13b56: mov si, 0x36
0x13b59: call 0x232af
0x13b5c: jmp 0x13b78
0x13b5f: cmp dh, 0xa
0x13b62: jae 0x13b78
0x13b64: lea dx, word ptr [bp + 0x5d6]
0x13b68: mov si, 0x3d
0x13b6b: call 0x232af
0x13b6e: mov ah, 9
0x13b70: int 0x21
0x13b72: mov si, 0x3d
2018-12-25T12:53:38.716621727Z 9 PC: 13b72 | Display string (String= 'Listen to Radio RAGTIME 106.6 FM! [and use MSDOS 95 to keep #" 3rzevN')
2018-12-25T12:53:38.721283143Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:53:38.728308742Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:53:38.729459046Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:53:38.736360714Z 93 PC: 12afe | File sharing functions
2018-12-25T12:53:38.738124776Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:53:38.743175634Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":11,"TimeBased":true,"OriginalID":16666,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:38.745738804Z 42 PC: 13bf8 | Get date 0x13bf8: cmp dx, 0x314
0x13bfc: jne 0x13c04
0x13bfe: mov byte ptr cs:[bp + 0x834], 1
0x13c04: mov bx, 0x1313
0x13c07: mov cx, 0x3112
0x13c0a: mov dx, 0x604
0x13c0d: mov ah, 0x19
0x13c0f: mov al, 3
0x13c11: int 0x21
0x13c13: xor ax, bx
0x13c15: cmp ax, 0xffff
0x13c18: jne 0x13c1d
0x13c1a: jmp 0x13c2d
0x13c1d: push cs
0x13c1e: pop ds
0x13c1f: call 0x23b33
0x13c22: call 0x23943
0x13c25: jb 0x13c2d
0x13c27: call 0x23aa6
0x13c2a: call 0x23ac9
2018-12-25T12:53:38.748732361Z 25 PC: 13c13 | Get default drive
2018-12-25T12:53:38.750649674Z 44 PC: 13b3c | Get time 0x13b3c: cmp ch, cl
0x13b3e: jne 0x13b5f
0x13b40: lea dx, word ptr [bp + 0x38c]
0x13b44: mov si, 0x36
0x13b47: call 0x232af
0x13b4a: lea dx, word ptr [bp + 0x38c]
0x13b4e: mov ah, 9
0x13b50: int 0x21
0x13b52: lea dx, word ptr [bp + 0x38c]
0x13b56: mov si, 0x36
0x13b59: call 0x232af
0x13b5c: jmp 0x13b78
0x13b5f: cmp dh, 0xa
0x13b62: jae 0x13b78
0x13b64: lea dx, word ptr [bp + 0x5d6]
0x13b68: mov si, 0x3d
0x13b6b: call 0x232af
0x13b6e: mov ah, 9
0x13b70: int 0x21
0x13b72: mov si, 0x3d
2018-12-25T12:53:38.755304241Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:53:38.761506638Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:53:38.7633677Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:53:38.772420221Z 93 PC: 12afe | File sharing functions
2018-12-25T12:53:38.77456468Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:53:38.779923399Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":11,"TimeBased":true,"OriginalID":16666,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:38.824871377Z 42 PC: 13bf8 | Get date 0x13bf8: cmp dx, 0x314
0x13bfc: jne 0x13c04
0x13bfe: mov byte ptr cs:[bp + 0x834], 1
0x13c04: mov bx, 0x1313
0x13c07: mov cx, 0x3112
0x13c0a: mov dx, 0x604
0x13c0d: mov ah, 0x19
0x13c0f: mov al, 3
0x13c11: int 0x21
0x13c13: xor ax, bx
0x13c15: cmp ax, 0xffff
0x13c18: jne 0x13c1d
0x13c1a: jmp 0x13c2d
0x13c1d: push cs
0x13c1e: pop ds
0x13c1f: call 0x23b33
0x13c22: call 0x23943
0x13c25: jb 0x13c2d
0x13c27: call 0x23aa6
0x13c2a: call 0x23ac9
2018-12-25T12:53:38.827202298Z 25 PC: 13c13 | Get default drive
2018-12-25T12:53:38.828978685Z 44 PC: 13b3c | Get time 0x13b3c: cmp ch, cl
0x13b3e: jne 0x13b5f
0x13b40: lea dx, word ptr [bp + 0x38c]
0x13b44: mov si, 0x36
0x13b47: call 0x232af
0x13b4a: lea dx, word ptr [bp + 0x38c]
0x13b4e: mov ah, 9
0x13b50: int 0x21
0x13b52: lea dx, word ptr [bp + 0x38c]
0x13b56: mov si, 0x36
0x13b59: call 0x232af
0x13b5c: jmp 0x13b78
0x13b5f: cmp dh, 0xa
0x13b62: jae 0x13b78
0x13b64: lea dx, word ptr [bp + 0x5d6]
0x13b68: mov si, 0x3d
0x13b6b: call 0x232af
0x13b6e: mov ah, 9
0x13b70: int 0x21
0x13b72: mov si, 0x3d
2018-12-25T12:53:38.832445271Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:53:38.838622716Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:53:38.840222276Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:53:38.847647094Z 93 PC: 12afe | File sharing functions
2018-12-25T12:53:38.849027907Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:53:38.854810274Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":1,"Second":11,"TimeBased":true,"OriginalID":16666,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:38.908794982Z 42 PC: 13bf8 | Get date 0x13bf8: cmp dx, 0x314
0x13bfc: jne 0x13c04
0x13bfe: mov byte ptr cs:[bp + 0x834], 1
0x13c04: mov bx, 0x1313
0x13c07: mov cx, 0x3112
0x13c0a: mov dx, 0x604
0x13c0d: mov ah, 0x19
0x13c0f: mov al, 3
0x13c11: int 0x21
0x13c13: xor ax, bx
0x13c15: cmp ax, 0xffff
0x13c18: jne 0x13c1d
0x13c1a: jmp 0x13c2d
0x13c1d: push cs
0x13c1e: pop ds
0x13c1f: call 0x23b33
0x13c22: call 0x23943
0x13c25: jb 0x13c2d
0x13c27: call 0x23aa6
0x13c2a: call 0x23ac9
2018-12-25T12:53:38.912490655Z 25 PC: 13c13 | Get default drive
2018-12-25T12:53:38.914327156Z 44 PC: 13b3c | Get time 0x13b3c: cmp ch, cl
0x13b3e: jne 0x13b5f
0x13b40: lea dx, word ptr [bp + 0x38c]
0x13b44: mov si, 0x36
0x13b47: call 0x232af
0x13b4a: lea dx, word ptr [bp + 0x38c]
0x13b4e: mov ah, 9
0x13b50: int 0x21
0x13b52: lea dx, word ptr [bp + 0x38c]
0x13b56: mov si, 0x36
0x13b59: call 0x232af
0x13b5c: jmp 0x13b78
0x13b5f: cmp dh, 0xa
0x13b62: jae 0x13b78
0x13b64: lea dx, word ptr [bp + 0x5d6]
0x13b68: mov si, 0x3d
0x13b6b: call 0x232af
0x13b6e: mov ah, 9
0x13b70: int 0x21
0x13b72: mov si, 0x3d
2018-12-25T12:53:38.917844487Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:53:38.92446239Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:53:38.940723317Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:53:38.948633194Z 93 PC: 12afe | File sharing functions
2018-12-25T12:53:38.950996936Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:53:38.956827738Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')