{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5204,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:57.903112628Z | 120 | PC: 13a3e | UNKNOWN! |
| 2018-12-25T11:53:57.904676894Z | 74 | PC: 13abc | Reallocate memory |
| 2018-12-25T11:53:57.907380212Z | 72 | PC: 13ac2 | Allocate memory |
| 2018-12-25T11:53:57.909624073Z | 53 | PC: 13ae4 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:57.911064662Z | 37 | PC: 13af3 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:57.912094795Z | 42 | PC: 13af6 | Get date 0x13af6: cmp cx, 0x7cd 0x13afa: jl 0x13b06 0x13afc: cmp dl, 0x1b 0x13aff: jne 0x13b06 0x13b01: mov ax, 0x7870 0x13b04: int 0x21 0x13b06: cmp byte ptr cs:[bp + 0x7a3], 0 0x13b0c: jne 0x13b11 0x13b0e: jmp 0x13a35 0x13b11: jmp 0x13a44 0x13b14: pushf 0x13b15: cmp ax, 0x4b00 0x13b18: je 0x13b7b 0x13b1a: cmp ax, 0x7875 0x13b1d: je 0x13b76 0x13b1f: cmp ax, 0x7870 0x13b22: jne 0x13b27 0x13b24: jmp 0x14030 0x13b27: cmp ah, 0x3e 0x13b2a: mov byte ptr cs:[0x7a0], 1 |
| 2018-12-25T11:53:57.914216503Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ') |
| 2018-12-25T11:53:57.919812244Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5204,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:58.119080391Z | 120 | PC: 13a3e | UNKNOWN! |
| 2018-12-25T11:53:58.122465861Z | 74 | PC: 13abc | Reallocate memory |
| 2018-12-25T11:53:58.131369669Z | 72 | PC: 13ac2 | Allocate memory |
| 2018-12-25T11:53:58.133100337Z | 53 | PC: 13ae4 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:58.135153951Z | 37 | PC: 13af3 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:58.136458706Z | 42 | PC: 13af6 | Get date 0x13af6: cmp cx, 0x7cd 0x13afa: jl 0x13b06 0x13afc: cmp dl, 0x1b 0x13aff: jne 0x13b06 0x13b01: mov ax, 0x7870 0x13b04: int 0x21 0x13b06: cmp byte ptr cs:[bp + 0x7a3], 0 0x13b0c: jne 0x13b11 0x13b0e: jmp 0x13a35 0x13b11: jmp 0x13a44 0x13b14: pushf 0x13b15: cmp ax, 0x4b00 0x13b18: je 0x13b7b 0x13b1a: cmp ax, 0x7875 0x13b1d: je 0x13b76 0x13b1f: cmp ax, 0x7870 0x13b22: jne 0x13b27 0x13b24: jmp 0x14030 0x13b27: cmp ah, 0x3e 0x13b2a: mov byte ptr cs:[0x7a0], 1 |
| 2018-12-25T11:53:58.138993833Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000011A0h/0000004512d bytes. ') |
| 2018-12-25T11:53:58.145608469Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":27,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5204,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:53:58.485549962Z | 120 | PC: 13a3e | UNKNOWN! |
| 2018-12-25T11:53:58.487325012Z | 74 | PC: 13abc | Reallocate memory |
| 2018-12-25T11:53:58.488746012Z | 72 | PC: 13ac2 | Allocate memory |
| 2018-12-25T11:53:58.490303727Z | 53 | PC: 13ae4 | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:58.491636707Z | 37 | PC: 13af3 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-25T11:53:58.49283474Z | 42 | PC: 13af6 | Get date 0x13af6: cmp cx, 0x7cd 0x13afa: jl 0x13b06 0x13afc: cmp dl, 0x1b 0x13aff: jne 0x13b06 0x13b01: mov ax, 0x7870 0x13b04: int 0x21 0x13b06: cmp byte ptr cs:[bp + 0x7a3], 0 0x13b0c: jne 0x13b11 0x13b0e: jmp 0x13a35 0x13b11: jmp 0x13a44 0x13b14: pushf 0x13b15: cmp ax, 0x4b00 0x13b18: je 0x13b7b 0x13b1a: cmp ax, 0x7875 0x13b1d: je 0x13b76 0x13b1f: cmp ax, 0x7870 0x13b22: jne 0x13b27 0x13b24: jmp 0x14030 0x13b27: cmp ah, 0x3e 0x13b2a: mov byte ptr cs:[0x7a0], 1 |