{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4778,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:51.336991962Z | 205 | PC: 12bc3 | UNKNOWN! |
| 2018-12-25T11:52:51.338814958Z | 53 | PC: 12bd1 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:51.345689509Z | 74 | PC: 12c30 | Reallocate memory |
| 2018-12-25T11:52:51.347552064Z | 72 | PC: 12c37 | Allocate memory |
| 2018-12-25T11:52:51.349940387Z | 37 | PC: 12c63 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:51.358689384Z | 42 | PC: 12c6b | Get date 0x12c6b: cmp dh, 4 0x12c6e: jne 0x12c7d 0x12c70: cmp dl, 5 0x12c73: jb 0x12c7d 0x12c75: cmp dl, 8 0x12c78: ja 0x12c7d 0x12c7a: jmp 0x130b3 0x12c7d: cmp byte ptr [bp + 0x70c], 0x43 0x12c82: je 0x12cae 0x12c84: push es 0x12c85: pop ds 0x12c86: mov bx, bp 0x12c88: mov ax, es 0x12c8a: add ax, 0x10 0x12c8d: add word ptr cs:[bx + 0x11b], ax 0x12c92: cli 0x12c93: add ax, word ptr cs:[bx + 0x21f] 0x12c98: push cs 0x12c99: shr byte ptr [0xa78b], 1 0x12c9d: sbb ax, 0xfb01 |
| 2018-12-25T11:52:51.365580306Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T11:52:51.372260426Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4778,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:52.404397926Z | 205 | PC: 12bc3 | UNKNOWN! |
| 2018-12-25T11:52:52.405737171Z | 53 | PC: 12bd1 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:52.408771015Z | 74 | PC: 12c30 | Reallocate memory |
| 2018-12-25T11:52:52.41255857Z | 72 | PC: 12c37 | Allocate memory |
| 2018-12-25T11:52:52.416256906Z | 37 | PC: 12c63 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:52.426173947Z | 42 | PC: 12c6b | Get date 0x12c6b: cmp dh, 4 0x12c6e: jne 0x12c7d 0x12c70: cmp dl, 5 0x12c73: jb 0x12c7d 0x12c75: cmp dl, 8 0x12c78: ja 0x12c7d 0x12c7a: jmp 0x130b3 0x12c7d: cmp byte ptr [bp + 0x70c], 0x43 0x12c82: je 0x12cae 0x12c84: push es 0x12c85: pop ds 0x12c86: mov bx, bp 0x12c88: mov ax, es 0x12c8a: add ax, 0x10 0x12c8d: add word ptr cs:[bx + 0x11b], ax 0x12c92: cli 0x12c93: add ax, word ptr cs:[bx + 0x21f] 0x12c98: push cs 0x12c99: shr byte ptr [0xa78b], 1 0x12c9d: sbb ax, 0xfb01 |
| 2018-12-25T11:52:52.440736379Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T11:52:52.44778055Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":5,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4778,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:54.136156825Z | 205 | PC: 12bc3 | UNKNOWN! |
| 2018-12-25T11:52:54.136893735Z | 53 | PC: 12bd1 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:54.138097647Z | 74 | PC: 12c30 | Reallocate memory |
| 2018-12-25T11:52:54.13976545Z | 72 | PC: 12c37 | Allocate memory |
| 2018-12-25T11:52:54.141580472Z | 37 | PC: 12c63 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:54.142961889Z | 42 | PC: 12c6b | Get date 0x12c6b: cmp dh, 4 0x12c6e: jne 0x12c7d 0x12c70: cmp dl, 5 0x12c73: jb 0x12c7d 0x12c75: cmp dl, 8 0x12c78: ja 0x12c7d 0x12c7a: jmp 0x130b3 0x12c7d: cmp byte ptr [bp + 0x70c], 0x43 0x12c82: je 0x12cae 0x12c84: push es 0x12c85: pop ds 0x12c86: mov bx, bp 0x12c88: mov ax, es 0x12c8a: add ax, 0x10 0x12c8d: add word ptr cs:[bx + 0x11b], ax 0x12c92: cli 0x12c93: add ax, word ptr cs:[bx + 0x21f] 0x12c98: push cs 0x12c99: shr byte ptr [0xa78b], 1 0x12c9d: sbb ax, 0xfb01 |
| 2018-12-25T11:52:54.144944155Z | 59 | PC: 130be | Change current directory |
| 2018-12-25T11:52:54.537898128Z | 9 | PC: 13127 | Display string (String= ' This program was written in the City of Luque - Paraguay - South America. Dedicated to the memory of Kurt Cobain. COBAIN! Virus, programmed by Int13h. ') |
{"DateBased":true,"Day":9,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4778,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:52:54.415030672Z | 205 | PC: 12bc3 | UNKNOWN! |
| 2018-12-25T11:52:54.416231364Z | 53 | PC: 12bd1 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:54.419183443Z | 74 | PC: 12c30 | Reallocate memory |
| 2018-12-25T11:52:54.420972528Z | 72 | PC: 12c37 | Allocate memory |
| 2018-12-25T11:52:54.423123691Z | 37 | PC: 12c63 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:52:54.424914139Z | 42 | PC: 12c6b | Get date 0x12c6b: cmp dh, 4 0x12c6e: jne 0x12c7d 0x12c70: cmp dl, 5 0x12c73: jb 0x12c7d 0x12c75: cmp dl, 8 0x12c78: ja 0x12c7d 0x12c7a: jmp 0x130b3 0x12c7d: cmp byte ptr [bp + 0x70c], 0x43 0x12c82: je 0x12cae 0x12c84: push es 0x12c85: pop ds 0x12c86: mov bx, bp 0x12c88: mov ax, es 0x12c8a: add ax, 0x10 0x12c8d: add word ptr cs:[bx + 0x11b], ax 0x12c92: cli 0x12c93: add ax, word ptr cs:[bx + 0x21f] 0x12c98: push cs 0x12c99: shr byte ptr [0xa78b], 1 0x12c9d: sbb ax, 0xfb01 |
| 2018-12-25T11:52:54.429013166Z | 9 | PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ') |
| 2018-12-25T11:52:54.4355036Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |