{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3475,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:15.926147262Z | 102 | PC: 12c9f | Get or set code page |
| 2018-12-25T11:49:15.929905617Z | 42 | PC: 13070 | Get date 0x13070: cmp dx, 0xa1f 0x13074: jne 0x130e7 0x13076: push cs 0x13077: pop ds 0x13078: mov ah, 3 0x1307a: xor bx, bx 0x1307c: int 0x10 0x1307e: push dx 0x1307f: mov ah, 2 0x13081: mov dx, 0xc14 0x13084: int 0x10 0x13086: mov ax, 0x920 0x13089: mov bl, 0x1e 0x1308b: mov cx, 0x28 0x1308e: int 0x10 0x13090: lea bx, word ptr [bp + 9] 0x13093: add bx, word ptr [bx] 0x13095: add bx, 0x1e 0x13098: mov si, 0x89 0x1309b: mov dx, 0xc14 |
| 2018-12-25T11:49:15.934534466Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:49:15.943664462Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":31,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3475,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:49:16.262474512Z | 102 | PC: 12c9f | Get or set code page |
| 2018-12-25T11:49:16.26521225Z | 42 | PC: 13070 | Get date 0x13070: cmp dx, 0xa1f 0x13074: jne 0x130e7 0x13076: push cs 0x13077: pop ds 0x13078: mov ah, 3 0x1307a: xor bx, bx 0x1307c: int 0x10 0x1307e: push dx 0x1307f: mov ah, 2 0x13081: mov dx, 0xc14 0x13084: int 0x10 0x13086: mov ax, 0x920 0x13089: mov bl, 0x1e 0x1308b: mov cx, 0x28 0x1308e: int 0x10 0x13090: lea bx, word ptr [bp + 9] 0x13093: add bx, word ptr [bx] 0x13095: add bx, 0x1e 0x13098: mov si, 0x89 0x1309b: mov dx, 0xc14 |