From e0d272eda1639be26a4b1ff8a973d9842618c52a Mon Sep 17 00:00:00 2001
From: a dinosaur <dino@a-dinosaur.com>
Date: Wed, 24 Apr 2024 05:25:52 +1000
Subject: [PATCH] NASM disassembly of a common 100-byte 'sacrificial goat' COM
 file, found in many contemporary virus samples

---
 real/goat.asm | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 real/goat.asm

diff --git a/real/goat.asm b/real/goat.asm
new file mode 100644
index 0000000..44d698d
--- /dev/null
+++ b/real/goat.asm
@@ -0,0 +1,24 @@
+; 100-byte COM sacrificial goat executable (1993, author unknown)
+; Binary MD6: 195307045CC39D6B284B60442ECFD202
+;     SHA256: D1F60FCA64F1903F8D405109C5AA55A3F3B6DDE622BCFBA15CD95001CAE1DEE2
+;
+; Assemble with FASM: fasm goat.asm goat.com
+; Assemble with NASM or YASM: nasm -fbin goat.asm -o goat.com
+
+			use16
+			org 100h
+
+start:
+			jmp		short print
+			nop
+
+hello_str	db 'Hello - This is a 100   COM test file, 1993', 0Ah, 0Dh, '$'  ; Hello followed by '\n\r'
+
+			db 1Ah						; Pad with substitute
+			times 41 db 'A'				;  and 'A' * 41
+
+print:
+			mov		ah, 9				; AH: Print string
+			mov		dx, hello_str		; DS:DX: String = "Hello - This is a 100   COM test file, 1993"
+			int		21h
+			int		20h					; Return to DOS