{"DateBased":true,"Day":1,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4493,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:53.668853418Z | 42 | PC: 13064 | Get date 0x13064: xor ah, ah 0x13066: cmp cx, 0x7ce 0x1306a: jb 0x13075 0x1306c: jne 0x13073 0x1306e: cmp dh, 8 0x13071: jb 0x13075 0x13073: dec ah 0x13075: mov byte ptr es:[0x8c], ah 0x1307a: pop si 0x1307b: xor ax, ax 0x1307d: mov ds, ax 0x1307f: mov ax, word ptr [0x70] 0x13082: mov word ptr es:[0x3e7], ax 0x13086: mov ax, word ptr [0x72] 0x13089: mov word ptr es:[0x3e9], ax 0x1308d: mov ax, es 0x1308f: mov word ptr [0x72], ax 0x13092: mov ax, 0x380 0x13095: mov word ptr [0x70], ax 0x13098: mov ax, word ptr [0x4c] |
| 2018-12-25T11:51:53.671982538Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:51:53.677283626Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":8,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4493,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:53.672995311Z | 42 | PC: 13064 | Get date 0x13064: xor ah, ah 0x13066: cmp cx, 0x7ce 0x1306a: jb 0x13075 0x1306c: jne 0x13073 0x1306e: cmp dh, 8 0x13071: jb 0x13075 0x13073: dec ah 0x13075: mov byte ptr es:[0x8c], ah 0x1307a: pop si 0x1307b: xor ax, ax 0x1307d: mov ds, ax 0x1307f: mov ax, word ptr [0x70] 0x13082: mov word ptr es:[0x3e7], ax 0x13086: mov ax, word ptr [0x72] 0x13089: mov word ptr es:[0x3e9], ax 0x1308d: mov ax, es 0x1308f: mov word ptr [0x72], ax 0x13092: mov ax, 0x380 0x13095: mov word ptr [0x70], ax 0x13098: mov ax, word ptr [0x4c] |
| 2018-12-25T11:51:53.67488374Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:51:53.677979903Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1999,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4493,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:53.751547055Z | 42 | PC: 13064 | Get date 0x13064: xor ah, ah 0x13066: cmp cx, 0x7ce 0x1306a: jb 0x13075 0x1306c: jne 0x13073 0x1306e: cmp dh, 8 0x13071: jb 0x13075 0x13073: dec ah 0x13075: mov byte ptr es:[0x8c], ah 0x1307a: pop si 0x1307b: xor ax, ax 0x1307d: mov ds, ax 0x1307f: mov ax, word ptr [0x70] 0x13082: mov word ptr es:[0x3e7], ax 0x13086: mov ax, word ptr [0x72] 0x13089: mov word ptr es:[0x3e9], ax 0x1308d: mov ax, es 0x1308f: mov word ptr [0x72], ax 0x13092: mov ax, 0x380 0x13095: mov word ptr [0x70], ax 0x13098: mov ax, word ptr [0x4c] |
| 2018-12-25T11:51:53.754329944Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:51:53.760819831Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4493,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:51:54.446020364Z | 42 | PC: 13064 | Get date 0x13064: xor ah, ah 0x13066: cmp cx, 0x7ce 0x1306a: jb 0x13075 0x1306c: jne 0x13073 0x1306e: cmp dh, 8 0x13071: jb 0x13075 0x13073: dec ah 0x13075: mov byte ptr es:[0x8c], ah 0x1307a: pop si 0x1307b: xor ax, ax 0x1307d: mov ds, ax 0x1307f: mov ax, word ptr [0x70] 0x13082: mov word ptr es:[0x3e7], ax 0x13086: mov ax, word ptr [0x72] 0x13089: mov word ptr es:[0x3e9], ax 0x1308d: mov ax, es 0x1308f: mov word ptr [0x72], ax 0x13092: mov ax, 0x380 0x13095: mov word ptr [0x70], ax 0x13098: mov ax, word ptr [0x4c] |
| 2018-12-25T11:51:54.449944049Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:51:54.456307161Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |