.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:49:47.06307721Z | 42 | PC: 140f4 | Get date 0x140f4: mov byte ptr ds:[bp + 0x37b], dl
0x140f9: mov byte ptr ds:[bp + 0x37a], dh
0x140fe: mov byte ptr ds:[bp + 0x379], al
0x14103: cmp al, 1
0x14105: jne 0x1410a
0x14107: call 0x1427e
0x1410a: cmp al, 0
0x1410c: je 0x14118
0x1410e: mov di, 0x100
0x14111: lea si, word ptr [bp + 0x2e6]
0x14115: push di
0x14116: movsw word ptr es:[di], word ptr [si]
0x14117: movsw word ptr es:[di], word ptr [si]
0x14118: lea dx, word ptr [bp + 0x3bc]
0x1411c: call 0x1422e
0x1411f: jmp 0x14219
0x14122: cmp byte ptr ds:[bp + 0x37b], 0x1b
0x14128: jne 0x14135
0x1412a: call 0x1415c
0x1412d: cmp byte ptr ds:[bp + 0x37a], 6
|
| 2018-12-17T22:49:47.065849395Z | 67 | PC: 14286 | Get or set file attributes |
| 2018-12-17T22:49:47.0691904Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.071241932Z | 61 | PC: 142c2 | Open file (Filename = '') |
| 2018-12-17T22:49:47.073626501Z | 87 | PC: 14296 | Get or set file date and time |
| 2018-12-17T22:49:47.09457939Z | 64 | PC: 142a2 | Write file or device (Write 16 bytes on handle 2) |
| 2018-12-17T22:49:47.09757106Z | 87 | PC: 142a9 | Get or set file date and time |
| 2018-12-17T22:49:47.099174227Z | 61 | PC: 142ad | Open file (Filename = '}�:u�����߀�@�') |
| 2018-12-17T22:49:47.104737247Z | 67 | PC: 142b4 | Get or set file attributes |
| 2018-12-17T22:49:47.10634629Z | 26 | PC: 14232 | Set disk transfer address |
| 2018-12-17T22:49:47.107353184Z | 78 | PC: 14224 | Find first file |
| 2018-12-17T22:49:47.113046779Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T22:49:47.117242242Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.138947991Z | 61 | PC: 142c2 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:49:47.148073001Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T22:49:47.150359974Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:49:47.165535905Z | 66 | PC: 14238 | Move file pointer |
| 2018-12-17T22:49:47.167204731Z | 66 | PC: 14238 | Move file pointer |
| 2018-12-17T22:49:47.169430929Z | 64 | PC: 14273 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:49:47.173003463Z | 66 | PC: 14238 | Move file pointer |
| 2018-12-17T22:49:47.17468926Z | 44 | PC: 141ca | Get time 0x141ca: mov word ptr ds:[bp + 0x3a7], dx
0x141cf: mov cx, 0x12
0x141d2: lea di, word ptr [bp + 0x3e7]
0x141d6: lea si, word ptr [bp + 0x3a9]
0x141da: push cx
0x141db: push si
0x141dc: rep movsb byte ptr es:[di], byte ptr [si]
0x141de: cmp byte ptr ds:[bp + 0x379], 0
0x141e4: jne 0x141f2
0x141e6: mov cx, 0xd
0x141e9: lea si, word ptr [bp + 0x266]
0x141ed: rep movsb byte ptr es:[di], byte ptr [si]
0x141ef: jmp 0x141fb
0x141f1: nop
0x141f2: mov cx, 0xb
0x141f5: lea si, word ptr [bp + 0x16b]
0x141f9: rep movsb byte ptr es:[di], byte ptr [si]
0x141fb: pop si
0x141fc: pop cx
0x141fd: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T22:49:47.18157968Z | 64 | PC: 143e1 | Write file or device (Write 692 bytes on handle 5) |
| 2018-12-17T22:49:47.19061862Z | 87 | PC: 1420c | Get or set file date and time |
| 2018-12-17T22:49:47.192105741Z | 62 | PC: 14210 | Close file |
| 2018-12-17T22:49:47.201360585Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.212037832Z | 79 | PC: 14224 | Find next file |
| 2018-12-17T22:49:47.215350294Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T22:49:47.222788402Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.233740892Z | 61 | PC: 142c2 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:49:47.247044408Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T22:49:47.249399045Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:49:47.256559688Z | 87 | PC: 1420c | Get or set file date and time |
| 2018-12-17T22:49:47.258204978Z | 62 | PC: 14210 | Close file |
| 2018-12-17T22:49:47.564781484Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.575874368Z | 79 | PC: 14224 | Find next file |
| 2018-12-17T22:49:47.57887921Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T22:49:47.585466831Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.596645433Z | 61 | PC: 142c2 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:49:47.604993416Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T22:49:47.607175062Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:49:47.615435776Z | 66 | PC: 14238 | Move file pointer |
| 2018-12-17T22:49:47.617318633Z | 66 | PC: 14238 | Move file pointer |
| 2018-12-17T22:49:47.619308723Z | 64 | PC: 14273 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:49:47.623671951Z | 66 | PC: 14238 | Move file pointer |
| 2018-12-17T22:49:47.62552306Z | 44 | PC: 141ca | Get time 0x141ca: mov word ptr ds:[bp + 0x3a7], dx
0x141cf: mov cx, 0x12
0x141d2: lea di, word ptr [bp + 0x3e7]
0x141d6: lea si, word ptr [bp + 0x3a9]
0x141da: push cx
0x141db: push si
0x141dc: rep movsb byte ptr es:[di], byte ptr [si]
0x141de: cmp byte ptr ds:[bp + 0x379], 0
0x141e4: jne 0x141f2
0x141e6: mov cx, 0xd
0x141e9: lea si, word ptr [bp + 0x266]
0x141ed: rep movsb byte ptr es:[di], byte ptr [si]
0x141ef: jmp 0x141fb
0x141f1: nop
0x141f2: mov cx, 0xb
0x141f5: lea si, word ptr [bp + 0x16b]
0x141f9: rep movsb byte ptr es:[di], byte ptr [si]
0x141fb: pop si
0x141fc: pop cx
0x141fd: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T22:49:47.628230753Z | 64 | PC: 143e1 | Write file or device (Write 692 bytes on handle 5) |
| 2018-12-17T22:49:47.638577672Z | 87 | PC: 1420c | Get or set file date and time |
| 2018-12-17T22:49:47.640184562Z | 62 | PC: 14210 | Close file |
| 2018-12-17T22:49:47.648952639Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.661200992Z | 79 | PC: 14224 | Find next file |
| 2018-12-17T22:49:47.665018146Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T22:49:47.672538241Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.683177426Z | 61 | PC: 142c2 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T22:49:47.689237511Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T22:49:47.690943869Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:49:47.697704728Z | 87 | PC: 1420c | Get or set file date and time |
| 2018-12-17T22:49:47.699790273Z | 62 | PC: 14210 | Close file |
| 2018-12-17T22:49:47.71236546Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.730307722Z | 79 | PC: 14224 | Find next file |
| 2018-12-17T22:49:47.736101842Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T22:49:47.746097618Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.758710002Z | 61 | PC: 142c2 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T22:49:47.768773661Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T22:49:47.770641353Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:49:47.778543796Z | 87 | PC: 1420c | Get or set file date and time |
| 2018-12-17T22:49:47.780556002Z | 62 | PC: 14210 | Close file |
| 2018-12-17T22:49:47.789211928Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.80084243Z | 79 | PC: 14224 | Find next file |
| 2018-12-17T22:49:47.803789354Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T22:49:47.811990016Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.823224022Z | 61 | PC: 142c2 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T22:49:47.831203184Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T22:49:47.834226546Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:49:47.842824143Z | 66 | PC: 14238 | Move file pointer |
| 2018-12-17T22:49:47.844997148Z | 66 | PC: 14238 | Move file pointer |
| 2018-12-17T22:49:47.847733184Z | 64 | PC: 14273 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:49:47.851410844Z | 66 | PC: 14238 | Move file pointer |
| 2018-12-17T22:49:47.853410025Z | 44 | PC: 141ca | Get time 0x141ca: mov word ptr ds:[bp + 0x3a7], dx
0x141cf: mov cx, 0x12
0x141d2: lea di, word ptr [bp + 0x3e7]
0x141d6: lea si, word ptr [bp + 0x3a9]
0x141da: push cx
0x141db: push si
0x141dc: rep movsb byte ptr es:[di], byte ptr [si]
0x141de: cmp byte ptr ds:[bp + 0x379], 0
0x141e4: jne 0x141f2
0x141e6: mov cx, 0xd
0x141e9: lea si, word ptr [bp + 0x266]
0x141ed: rep movsb byte ptr es:[di], byte ptr [si]
0x141ef: jmp 0x141fb
0x141f1: nop
0x141f2: mov cx, 0xb
0x141f5: lea si, word ptr [bp + 0x16b]
0x141f9: rep movsb byte ptr es:[di], byte ptr [si]
0x141fb: pop si
0x141fc: pop cx
0x141fd: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T22:49:47.857338169Z | 64 | PC: 143e1 | Write file or device (Write 692 bytes on handle 5) |
| 2018-12-17T22:49:47.868699179Z | 87 | PC: 1420c | Get or set file date and time |
| 2018-12-17T22:49:47.870741821Z | 62 | PC: 14210 | Close file |
| 2018-12-17T22:49:47.879941246Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.891774875Z | 79 | PC: 14224 | Find next file |
| 2018-12-17T22:49:47.894856831Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T22:49:47.901413215Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.912959496Z | 61 | PC: 142c2 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T22:49:47.925832578Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T22:49:47.927786177Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:49:47.936272458Z | 87 | PC: 1420c | Get or set file date and time |
| 2018-12-17T22:49:47.938059787Z | 62 | PC: 14210 | Close file |
| 2018-12-17T22:49:47.947047567Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.959018761Z | 79 | PC: 14224 | Find next file |
| 2018-12-17T22:49:47.96312789Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T22:49:47.969815813Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:47.981306552Z | 61 | PC: 142c2 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T22:49:47.994301564Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T22:49:47.997312518Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:49:48.006553928Z | 87 | PC: 1420c | Get or set file date and time |
| 2018-12-17T22:49:48.010111636Z | 62 | PC: 14210 | Close file |
| 2018-12-17T22:49:48.018386109Z | 67 | PC: 142ba | Get or set file attributes |
| 2018-12-17T22:49:48.160295208Z | 79 | PC: 14224 | Find next file |
| 2018-12-17T22:49:48.166687478Z | 26 | PC: 14232 | Set disk transfer address |
| 2018-12-17T22:49:48.169183349Z | 48 | PC: 12a63 | Get DOS version |
| 2018-12-17T22:49:48.171072442Z | 9 | PC: 12a7a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T22:49:48.183170843Z | 61 | PC: 12cb7 | Open file (Filename = '�') |
| 2018-12-17T22:49:48.19142968Z | 9 | PC: 12a88 | Display string (String= 'Self test: ') |
| 2018-12-17T22:49:48.195611617Z | 93 | PC: 12b24 | File sharing functions |
| 2018-12-17T22:49:48.198930704Z | 9 | PC: 12b03 | Display string (String= 'Size change=+02B4h/00692d. Virus might be activ?
��') |
| 2018-12-17T22:49:48.204295612Z | 76 | PC: 12b09 | Terminate with return code (Return code = '1') |
