{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":977,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:20.405156087Z | 42 | PC: 12c3b | Get date 0x12c3b: cmp dl, 0xc 0x12c3e: jne 0x12c65 0x12c40: push ds 0x12c41: push cs 0x12c42: pop ds 0x12c43: mov bx, 1 0x12c46: lea dx, word ptr [si + 0x26b] 0x12c4a: mov cx, 0x29 0x12c4d: mov ah, 0x40 0x12c4f: int 0x21 0x12c51: xor ax, ax 0x12c53: push ax 0x12c54: xor bx, bx 0x12c56: mov dx, bx 0x12c58: mov cx, 0x32 0x12c5b: int 0x26 0x12c5d: pop dx 0x12c5e: pop ax 0x12c5f: inc ax 0x12c60: cmp al, 6 |
| 2018-12-25T11:42:20.408179243Z | 207 | PC: 12c77 | UNKNOWN! |
| 2018-12-25T11:42:20.409527955Z | 9 | PC: 9f8fd | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ') |
| 2018-12-25T11:42:20.415293998Z | 76 | PC: 9f8fd | Terminate with return code (See above) |
{"DateBased":true,"Day":12,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":977,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:42:20.915619034Z | 42 | PC: 12c3b | Get date 0x12c3b: cmp dl, 0xc 0x12c3e: jne 0x12c65 0x12c40: push ds 0x12c41: push cs 0x12c42: pop ds 0x12c43: mov bx, 1 0x12c46: lea dx, word ptr [si + 0x26b] 0x12c4a: mov cx, 0x29 0x12c4d: mov ah, 0x40 0x12c4f: int 0x21 0x12c51: xor ax, ax 0x12c53: push ax 0x12c54: xor bx, bx 0x12c56: mov dx, bx 0x12c58: mov cx, 0x32 0x12c5b: int 0x26 0x12c5d: pop dx 0x12c5e: pop ax 0x12c5f: inc ax 0x12c60: cmp al, 6 |
| 2018-12-25T11:42:20.91739442Z | 64 | PC: 12c51 | Write file or device (Write 41 bytes on handle 1) |