Sample viewer

vx.netlux.org/Virus.DOS.AAV.8224.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:28.95964273Z 53 PC: 13233 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:11:28.96137206Z 37 PC: 13245 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:11:28.962463396Z 53 PC: 131c8 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T23:11:28.963531062Z 37 PC: 131da | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T23:11:28.965081413Z 53 PC: 133c7 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:28.966254068Z 53 PC: 130ed | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T23:11:28.967232539Z 37 PC: 130ff | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T23:11:28.968553752Z 75 PC: 12dde | Execute program
2018-12-17T23:11:28.983962246Z 42 PC: 18230 | Get date 0x18230: cmp cx, 0x7ca
0x18234: jb 0x1825b
0x18236: call 0x1825c
0x18239: cmp byte ptr cs:[0x268], 0
0x1823f: je 0x1825b
0x18241: mov ah, 0x2a
0x18243: int 0x21
0x18245: cmp dh, 2
0x18248: jl 0x1825b
0x1824a: mov ah, 0x2c
0x1824c: int 0x21
0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
2018-12-17T23:11:28.985982326Z 61 PC: 1826a | Open file (Filename = 'A:\TEST.EXE')
2018-12-17T23:11:28.992521382Z 66 PC: 18279 | Move file pointer
2018-12-17T23:11:28.99528664Z 62 PC: 182a3 | Close file
2018-12-17T23:11:28.997195513Z 42 PC: 18245 | Get date 0x18245: cmp dh, 2
0x18248: jl 0x1825b
0x1824a: mov ah, 0x2c
0x1824c: int 0x21
0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
0x18268: int 0x21
0x1826a: mov bx, ax
0x1826c: mov word ptr cs:[0x109], ax
0x18270: mov ax, 0x4202
0x18273: xor cx, cx
0x18275: mov dx, cx
0x18277: int 0x21
2018-12-17T23:11:28.99975019Z 44 PC: 1824e | Get time 0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
0x18268: int 0x21
0x1826a: mov bx, ax
0x1826c: mov word ptr cs:[0x109], ax
0x18270: mov ax, 0x4202
0x18273: xor cx, cx
0x18275: mov dx, cx
0x18277: int 0x21
0x18279: add ax, 0x10
0x1827c: adc dx, 0
0x1827f: and ax, 0xfff0
0x18282: sub ax, word ptr cs:[0x24c]
2018-12-17T23:11:29.009240006Z 9 PC: 14bf2 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-17T23:11:29.011689164Z 76 PC: 14bf6 | Terminate with return code (Return code = '36')
2018-12-17T23:11:29.014351665Z 76 PC: 12df0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17202,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:11.415714231Z 53 PC: 13233 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:11.417597837Z 37 PC: 13245 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:11.418924175Z 53 PC: 131c8 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:11.42022279Z 37 PC: 131da | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:11.422117987Z 53 PC: 133c7 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:11.4235176Z 53 PC: 130ed | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:11.425177744Z 37 PC: 130ff | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:11.426984684Z 75 PC: 12dde | Execute program
2018-12-25T12:55:11.444242242Z 42 PC: 18230 | Get date 0x18230: cmp cx, 0x7ca
0x18234: jb 0x1825b
0x18236: call 0x1825c
0x18239: cmp byte ptr cs:[0x268], 0
0x1823f: je 0x1825b
0x18241: mov ah, 0x2a
0x18243: int 0x21
0x18245: cmp dh, 2
0x18248: jl 0x1825b
0x1824a: mov ah, 0x2c
0x1824c: int 0x21
0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
2018-12-25T12:55:11.446766934Z 9 PC: 14bf2 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-25T12:55:11.453642377Z 76 PC: 14bf6 | Terminate with return code (Return code = '36')
2018-12-25T12:55:11.456933527Z 76 PC: 12df0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17202,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:11.610521819Z 53 PC: 13233 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:11.61519177Z 37 PC: 13245 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:11.616168218Z 53 PC: 131c8 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:11.617063904Z 37 PC: 131da | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:11.620128731Z 53 PC: 133c7 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:11.621694283Z 53 PC: 130ed | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:11.623093752Z 37 PC: 130ff | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:11.625698168Z 75 PC: 12dde | Execute program
2018-12-25T12:55:11.643478863Z 42 PC: 18230 | Get date 0x18230: cmp cx, 0x7ca
0x18234: jb 0x1825b
0x18236: call 0x1825c
0x18239: cmp byte ptr cs:[0x268], 0
0x1823f: je 0x1825b
0x18241: mov ah, 0x2a
0x18243: int 0x21
0x18245: cmp dh, 2
0x18248: jl 0x1825b
0x1824a: mov ah, 0x2c
0x1824c: int 0x21
0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
2018-12-25T12:55:11.646062935Z 9 PC: 14bf2 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-25T12:55:11.652557908Z 76 PC: 14bf6 | Terminate with return code (Return code = '36')
2018-12-25T12:55:11.656800881Z 76 PC: 12df0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":17202,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:11.645938831Z 53 PC: 13233 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:11.647321688Z 37 PC: 13245 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:11.648146823Z 53 PC: 131c8 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:11.648872774Z 37 PC: 131da | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:11.649951438Z 53 PC: 133c7 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:11.650758945Z 53 PC: 130ed | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:11.651518429Z 37 PC: 130ff | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:11.652714626Z 75 PC: 12dde | Execute program
2018-12-25T12:55:11.668493777Z 42 PC: 18230 | Get date 0x18230: cmp cx, 0x7ca
0x18234: jb 0x1825b
0x18236: call 0x1825c
0x18239: cmp byte ptr cs:[0x268], 0
0x1823f: je 0x1825b
0x18241: mov ah, 0x2a
0x18243: int 0x21
0x18245: cmp dh, 2
0x18248: jl 0x1825b
0x1824a: mov ah, 0x2c
0x1824c: int 0x21
0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
2018-12-25T12:55:11.670612044Z 9 PC: 14bf2 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-25T12:55:11.676552649Z 76 PC: 14bf6 | Terminate with return code (Return code = '36')
2018-12-25T12:55:11.680134979Z 76 PC: 12df0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":45,"TimeBased":true,"OriginalID":17202,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:12.159466031Z 53 PC: 13233 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:12.161917023Z 37 PC: 13245 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:12.163354063Z 53 PC: 131c8 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:12.165112753Z 37 PC: 131da | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:12.166925281Z 53 PC: 133c7 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:12.169085254Z 53 PC: 130ed | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:12.170367096Z 37 PC: 130ff | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:12.171610422Z 75 PC: 12dde | Execute program
2018-12-25T12:55:12.189671911Z 42 PC: 18230 | Get date 0x18230: cmp cx, 0x7ca
0x18234: jb 0x1825b
0x18236: call 0x1825c
0x18239: cmp byte ptr cs:[0x268], 0
0x1823f: je 0x1825b
0x18241: mov ah, 0x2a
0x18243: int 0x21
0x18245: cmp dh, 2
0x18248: jl 0x1825b
0x1824a: mov ah, 0x2c
0x1824c: int 0x21
0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
2018-12-25T12:55:12.192140317Z 9 PC: 14bf2 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-25T12:55:12.198697229Z 76 PC: 14bf6 | Terminate with return code (Return code = '36')
2018-12-25T12:55:12.203741971Z 76 PC: 12df0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":45,"TimeBased":true,"OriginalID":17202,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:12.268143793Z 53 PC: 13233 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:12.27019997Z 37 PC: 13245 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:12.27163682Z 53 PC: 131c8 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:12.272817866Z 37 PC: 131da | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:12.275539676Z 53 PC: 133c7 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:12.277632037Z 53 PC: 130ed | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:12.279385666Z 37 PC: 130ff | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:12.287098491Z 75 PC: 12dde | Execute program
2018-12-25T12:55:12.304553667Z 42 PC: 18230 | Get date 0x18230: cmp cx, 0x7ca
0x18234: jb 0x1825b
0x18236: call 0x1825c
0x18239: cmp byte ptr cs:[0x268], 0
0x1823f: je 0x1825b
0x18241: mov ah, 0x2a
0x18243: int 0x21
0x18245: cmp dh, 2
0x18248: jl 0x1825b
0x1824a: mov ah, 0x2c
0x1824c: int 0x21
0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
2018-12-25T12:55:12.307147765Z 9 PC: 14bf2 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-25T12:55:12.314932737Z 76 PC: 14bf6 | Terminate with return code (Return code = '36')
2018-12-25T12:55:12.318286645Z 76 PC: 12df0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":45,"TimeBased":true,"OriginalID":17202,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:12.871234955Z 53 PC: 13233 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:12.873346454Z 37 PC: 13245 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:12.874678044Z 53 PC: 131c8 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:12.876043075Z 37 PC: 131da | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:12.878385738Z 53 PC: 133c7 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:12.880299234Z 53 PC: 130ed | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:12.882126696Z 37 PC: 130ff | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:12.884029014Z 75 PC: 12dde | Execute program
2018-12-25T12:55:12.904042457Z 42 PC: 18230 | Get date 0x18230: cmp cx, 0x7ca
0x18234: jb 0x1825b
0x18236: call 0x1825c
0x18239: cmp byte ptr cs:[0x268], 0
0x1823f: je 0x1825b
0x18241: mov ah, 0x2a
0x18243: int 0x21
0x18245: cmp dh, 2
0x18248: jl 0x1825b
0x1824a: mov ah, 0x2c
0x1824c: int 0x21
0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
2018-12-25T12:55:12.906725441Z 9 PC: 14bf2 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-25T12:55:12.914567871Z 76 PC: 14bf6 | Terminate with return code (Return code = '36')
2018-12-25T12:55:12.919502758Z 76 PC: 12df0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":30,"Second":45,"TimeBased":true,"OriginalID":17202,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:13.113759837Z 53 PC: 13233 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:13.130718702Z 37 PC: 13245 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:13.131954568Z 53 PC: 131c8 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:13.133226125Z 37 PC: 131da | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:13.13496324Z 53 PC: 133c7 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:13.135857588Z 53 PC: 130ed | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:13.136864188Z 37 PC: 130ff | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:13.138560112Z 75 PC: 12dde | Execute program
2018-12-25T12:55:13.154194729Z 42 PC: 18230 | Get date 0x18230: cmp cx, 0x7ca
0x18234: jb 0x1825b
0x18236: call 0x1825c
0x18239: cmp byte ptr cs:[0x268], 0
0x1823f: je 0x1825b
0x18241: mov ah, 0x2a
0x18243: int 0x21
0x18245: cmp dh, 2
0x18248: jl 0x1825b
0x1824a: mov ah, 0x2c
0x1824c: int 0x21
0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
2018-12-25T12:55:13.156493446Z 9 PC: 14bf2 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-25T12:55:13.162543832Z 76 PC: 14bf6 | Terminate with return code (Return code = '36')
2018-12-25T12:55:13.165743693Z 76 PC: 12df0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":30,"Second":45,"TimeBased":true,"OriginalID":17202,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:13.081632887Z 53 PC: 13233 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:13.083057986Z 37 PC: 13245 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:13.084418756Z 53 PC: 131c8 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:13.085954943Z 37 PC: 131da | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:13.088062605Z 53 PC: 133c7 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:13.089310883Z 53 PC: 130ed | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:13.090327965Z 37 PC: 130ff | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:13.092072063Z 75 PC: 12dde | Execute program
2018-12-25T12:55:13.108735424Z 42 PC: 18230 | Get date 0x18230: cmp cx, 0x7ca
0x18234: jb 0x1825b
0x18236: call 0x1825c
0x18239: cmp byte ptr cs:[0x268], 0
0x1823f: je 0x1825b
0x18241: mov ah, 0x2a
0x18243: int 0x21
0x18245: cmp dh, 2
0x18248: jl 0x1825b
0x1824a: mov ah, 0x2c
0x1824c: int 0x21
0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
2018-12-25T12:55:13.111007778Z 9 PC: 14bf2 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-25T12:55:13.12537117Z 76 PC: 14bf6 | Terminate with return code (Return code = '36')
2018-12-25T12:55:13.129688026Z 76 PC: 12df0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":30,"Second":45,"TimeBased":true,"OriginalID":17202,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:13.151716337Z 53 PC: 13233 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:13.153459221Z 37 PC: 13245 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:55:13.154497264Z 53 PC: 131c8 | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:13.155513831Z 37 PC: 131da | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:55:13.157083661Z 53 PC: 133c7 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:55:13.158306616Z 53 PC: 130ed | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:13.159447417Z 37 PC: 130ff | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T12:55:13.161416921Z 75 PC: 12dde | Execute program
2018-12-25T12:55:13.176715513Z 42 PC: 18230 | Get date 0x18230: cmp cx, 0x7ca
0x18234: jb 0x1825b
0x18236: call 0x1825c
0x18239: cmp byte ptr cs:[0x268], 0
0x1823f: je 0x1825b
0x18241: mov ah, 0x2a
0x18243: int 0x21
0x18245: cmp dh, 2
0x18248: jl 0x1825b
0x1824a: mov ah, 0x2c
0x1824c: int 0x21
0x1824e: cmp dh, 0x2d
0x18251: jl 0x1825b
0x18253: cmp cl, 0x1e
0x18256: jl 0x1825b
0x18258: call 0x182c2
0x1825b: ret
0x1825c: mov byte ptr cs:[0x268], 0xff
0x18262: mov dx, 0x13e
0x18265: mov ax, 0x3d00
2018-12-25T12:55:13.179395615Z 9 PC: 14bf2 | Display string (String= 'Goat file (EXE). Size=00002968h/0000010600d bytes. ')
2018-12-25T12:55:13.186218285Z 76 PC: 14bf6 | Terminate with return code (Return code = '36')
2018-12-25T12:55:13.189066156Z 76 PC: 12df0 | Terminate with return code (Return code = '1')