.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:50:33.476859733Z | 44 | PC: 140f6 | Get time 0x140f6: mov bl, dl
0x140f8: mov ah, 0xb
0x140fa: int 0x21
0x140fc: cmp ah, 0
0x140ff: jne 0x14108
0x14101: add bx, bp
0x14103: cmp al, byte ptr cs:[bx]
0x14106: je 0x14167
0x14108: push ds
0x14109: push es
0x1410a: mov ah, 0x2c
0x1410c: xor ah, 0x66
0x1410f: mov bx, 0xffff
0x14112: int 0x21
0x14114: sub bx, 0x20
0x14118: mov ax, 0x2c00
0x1411b: xor ax, 0x6600
0x1411e: int 0x21
0x14120: mov ax, 0x2c00
0x14123: xor ax, 0x6400
|
| 2018-12-17T22:50:33.479777554Z | 11 | PC: 140fc | Get input status |
| 2018-12-17T22:50:33.482478639Z | 74 | PC: 14114 | Reallocate memory |
| 2018-12-17T22:50:33.484084692Z | 74 | PC: 14120 | Reallocate memory |
| 2018-12-17T22:50:33.485882871Z | 72 | PC: 1412b | Allocate memory |
| 2018-12-17T22:50:33.488431251Z | 37 | PC: 14165 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:50:33.49436582Z | 48 | PC: 12a63 | Get DOS version |
| 2018-12-17T22:50:33.495601972Z | 9 | PC: 12a7a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T22:50:33.505604874Z | 61 | PC: 12cb7 | Open file (Filename = '�') |
| 2018-12-17T22:50:33.512187059Z | 9 | PC: 12a88 | Display string (String= 'Self test: ') |
| 2018-12-17T22:50:33.514576515Z | 93 | PC: 12b24 | File sharing functions |
| 2018-12-17T22:50:33.517135405Z | 9 | PC: 12b03 | Display string (String= 'Size change=+01F0h/00496d. Virus might be activ?
��') |
| 2018-12-17T22:50:33.520437426Z | 76 | PC: 12b09 | Terminate with return code (Return code = '1') |
