{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5993,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:13.137545545Z | 84 | PC: 12c73 | Get verify flag |
| 2018-12-25T11:58:13.139760929Z | 42 | PC: 9f6b9 | Get date 0x9f6b9: cmp al, 0 0x9f6bb: jne 0x9f6c2 0x9f6bd: mov byte ptr [si + 0x512], 1 0x9f6c2: xor ax, ax 0x9f6c4: mov bx, ax 0x9f6c6: mov cx, ax 0x9f6c8: mov dx, ax 0x9f6ca: mov di, ax 0x9f6cc: mov es, bp 0x9f6ce: cmp byte ptr [si + 0x131], 1 0x9f6d3: je 0x9f6e1 0x9f6d5: mov ds, bp 0x9f6d7: push bp 0x9f6d8: mov bp, 0x100 0x9f6db: push bp 0x9f6dc: mov bp, ax 0x9f6de: mov si, ax 0x9f6e0: retf 0x9f6e1: add bp, 0x10 0x9f6e4: add si, 0x128 |
| 2018-12-25T11:58:13.141914897Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:58:13.147317602Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5993,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:13.887523339Z | 84 | PC: 12c73 | Get verify flag |
| 2018-12-25T11:58:13.889272643Z | 42 | PC: 9f6b9 | Get date 0x9f6b9: cmp al, 0 0x9f6bb: jne 0x9f6c2 0x9f6bd: mov byte ptr [si + 0x512], 1 0x9f6c2: xor ax, ax 0x9f6c4: mov bx, ax 0x9f6c6: mov cx, ax 0x9f6c8: mov dx, ax 0x9f6ca: mov di, ax 0x9f6cc: mov es, bp 0x9f6ce: cmp byte ptr [si + 0x131], 1 0x9f6d3: je 0x9f6e1 0x9f6d5: mov ds, bp 0x9f6d7: push bp 0x9f6d8: mov bp, 0x100 0x9f6db: push bp 0x9f6dc: mov bp, ax 0x9f6de: mov si, ax 0x9f6e0: retf 0x9f6e1: add bp, 0x10 0x9f6e4: add si, 0x128 |
| 2018-12-25T11:58:13.890803156Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:58:13.895003736Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5993,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:13.899785256Z | 84 | PC: 12c73 | Get verify flag |
| 2018-12-25T11:58:13.901272807Z | 42 | PC: 9f6b9 | Get date 0x9f6b9: cmp al, 0 0x9f6bb: jne 0x9f6c2 0x9f6bd: mov byte ptr [si + 0x512], 1 0x9f6c2: xor ax, ax 0x9f6c4: mov bx, ax 0x9f6c6: mov cx, ax 0x9f6c8: mov dx, ax 0x9f6ca: mov di, ax 0x9f6cc: mov es, bp 0x9f6ce: cmp byte ptr [si + 0x131], 1 0x9f6d3: je 0x9f6e1 0x9f6d5: mov ds, bp 0x9f6d7: push bp 0x9f6d8: mov bp, 0x100 0x9f6db: push bp 0x9f6dc: mov bp, ax 0x9f6de: mov si, ax 0x9f6e0: retf 0x9f6e1: add bp, 0x10 0x9f6e4: add si, 0x128 |
| 2018-12-25T11:58:13.915576091Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:58:13.919028589Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |
{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5993,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:58:14.442028674Z | 84 | PC: 12c73 | Get verify flag |
| 2018-12-25T11:58:14.454539071Z | 42 | PC: 9f6b9 | Get date 0x9f6b9: cmp al, 0 0x9f6bb: jne 0x9f6c2 0x9f6bd: mov byte ptr [si + 0x512], 1 0x9f6c2: xor ax, ax 0x9f6c4: mov bx, ax 0x9f6c6: mov cx, ax 0x9f6c8: mov dx, ax 0x9f6ca: mov di, ax 0x9f6cc: mov es, bp 0x9f6ce: cmp byte ptr [si + 0x131], 1 0x9f6d3: je 0x9f6e1 0x9f6d5: mov ds, bp 0x9f6d7: push bp 0x9f6d8: mov bp, 0x100 0x9f6db: push bp 0x9f6dc: mov bp, ax 0x9f6de: mov si, ax 0x9f6e0: retf 0x9f6e1: add bp, 0x10 0x9f6e4: add si, 0x128 |
| 2018-12-25T11:58:14.456740579Z | 9 | PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:58:14.461840759Z | 76 | PC: 12a86 | Terminate with return code (Return code = '36') |