.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:51:22.175971112Z | 42 | PC: 14102 | Get date 0x14102: mov byte ptr ds:[bp + 0x3ae], dl
0x14107: mov byte ptr ds:[bp + 0x3ad], dh
0x1410c: mov byte ptr ds:[bp + 0x3ac], al
0x14111: cmp al, 1
0x14113: jne 0x14118
0x14115: call 0x1428c
0x14118: cmp al, 0
0x1411a: je 0x14126
0x1411c: mov di, 0x100
0x1411f: lea si, word ptr [bp + 0x2f0]
0x14123: push di
0x14124: movsw word ptr es:[di], word ptr [si]
0x14125: movsw word ptr es:[di], word ptr [si]
0x14126: lea dx, word ptr [bp + 0x3f1]
0x1412a: call 0x1423c
0x1412d: jmp 0x14227
0x14130: cmp byte ptr ds:[bp + 0x3ae], 0x1b
0x14136: jne 0x14143
0x14138: call 0x1416a
0x1413b: cmp byte ptr ds:[bp + 0x3ad], 6
|
| 2018-12-17T22:51:22.178813685Z | 67 | PC: 14294 | Get or set file attributes |
| 2018-12-17T22:51:22.180515055Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.182137126Z | 61 | PC: 142d0 | Open file (Filename = '') |
| 2018-12-17T22:51:22.18512569Z | 87 | PC: 142a4 | Get or set file date and time |
| 2018-12-17T22:51:22.193514019Z | 64 | PC: 142b0 | Write file or device (Write 18 bytes on handle 2) |
| 2018-12-17T22:51:22.196144896Z | 87 | PC: 142b7 | Get or set file date and time |
| 2018-12-17T22:51:22.198033785Z | 61 | PC: 142bb | Open file (Filename = '}�:u�����߀�@�') |
| 2018-12-17T22:51:22.203233095Z | 67 | PC: 142c2 | Get or set file attributes |
| 2018-12-17T22:51:22.205071299Z | 26 | PC: 14240 | Set disk transfer address |
| 2018-12-17T22:51:22.206495115Z | 78 | PC: 14232 | Find first file |
| 2018-12-17T22:51:22.21313805Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T22:51:22.223841749Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.238778311Z | 61 | PC: 142d0 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T22:51:22.245717164Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T22:51:22.252457697Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:51:22.259126358Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T22:51:22.261338123Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T22:51:22.262709526Z | 64 | PC: 14281 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:51:22.265260473Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T22:51:22.268484875Z | 44 | PC: 141d8 | Get time 0x141d8: mov word ptr ds:[bp + 0x3dc], dx
0x141dd: mov cx, 0x12
0x141e0: lea di, word ptr [bp + 0x41c]
0x141e4: lea si, word ptr [bp + 0x3de]
0x141e8: push cx
0x141e9: push si
0x141ea: rep movsb byte ptr es:[di], byte ptr [si]
0x141ec: cmp byte ptr ds:[bp + 0x3ac], 0
0x141f2: jne 0x14200
0x141f4: mov cx, 0xd
0x141f7: lea si, word ptr [bp + 0x270]
0x141fb: rep movsb byte ptr es:[di], byte ptr [si]
0x141fd: jmp 0x14209
0x141ff: nop
0x14200: mov cx, 0xb
0x14203: lea si, word ptr [bp + 0x175]
0x14207: rep movsb byte ptr es:[di], byte ptr [si]
0x14209: pop si
0x1420a: pop cx
0x1420b: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T22:51:22.270940037Z | 64 | PC: 1441a | Write file or device (Write 749 bytes on handle 5) |
| 2018-12-17T22:51:22.279329257Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T22:51:22.281381976Z | 62 | PC: 1421e | Close file |
| 2018-12-17T22:51:22.289339511Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.3042872Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T22:51:22.307995378Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T22:51:22.31358233Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.32317341Z | 61 | PC: 142d0 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T22:51:22.330189862Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T22:51:22.331631549Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:51:22.337960622Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T22:51:22.339578225Z | 62 | PC: 1421e | Close file |
| 2018-12-17T22:51:22.346738378Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.358583812Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T22:51:22.3603772Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T22:51:22.365913846Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.3753511Z | 61 | PC: 142d0 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T22:51:22.379389528Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T22:51:22.380734242Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:51:22.38533031Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T22:51:22.386211704Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T22:51:22.387823179Z | 64 | PC: 14281 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:51:22.390162653Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T22:51:22.391519002Z | 44 | PC: 141d8 | Get time 0x141d8: mov word ptr ds:[bp + 0x3dc], dx
0x141dd: mov cx, 0x12
0x141e0: lea di, word ptr [bp + 0x41c]
0x141e4: lea si, word ptr [bp + 0x3de]
0x141e8: push cx
0x141e9: push si
0x141ea: rep movsb byte ptr es:[di], byte ptr [si]
0x141ec: cmp byte ptr ds:[bp + 0x3ac], 0
0x141f2: jne 0x14200
0x141f4: mov cx, 0xd
0x141f7: lea si, word ptr [bp + 0x270]
0x141fb: rep movsb byte ptr es:[di], byte ptr [si]
0x141fd: jmp 0x14209
0x141ff: nop
0x14200: mov cx, 0xb
0x14203: lea si, word ptr [bp + 0x175]
0x14207: rep movsb byte ptr es:[di], byte ptr [si]
0x14209: pop si
0x1420a: pop cx
0x1420b: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T22:51:22.394472635Z | 64 | PC: 1441a | Write file or device (Write 749 bytes on handle 5) |
| 2018-12-17T22:51:22.402308411Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T22:51:22.403635043Z | 62 | PC: 1421e | Close file |
| 2018-12-17T22:51:22.411504151Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.42369574Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T22:51:22.426129617Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T22:51:22.431992961Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.441296449Z | 61 | PC: 142d0 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T22:51:22.447551174Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T22:51:22.449662235Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:51:22.455766881Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T22:51:22.45708035Z | 62 | PC: 1421e | Close file |
| 2018-12-17T22:51:22.464179296Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.475872643Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T22:51:22.478250515Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T22:51:22.489280208Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.49858625Z | 61 | PC: 142d0 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T22:51:22.504919086Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T22:51:22.506613175Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:51:22.511072641Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T22:51:22.512393848Z | 62 | PC: 1421e | Close file |
| 2018-12-17T22:51:22.519598929Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.529191327Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T22:51:22.53157162Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T22:51:22.542133493Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.551908157Z | 61 | PC: 142d0 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T22:51:22.558182096Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T22:51:22.559862621Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:51:22.565925889Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T22:51:22.567136393Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T22:51:22.568762228Z | 64 | PC: 14281 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T22:51:22.571143345Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T22:51:22.572318753Z | 44 | PC: 141d8 | Get time 0x141d8: mov word ptr ds:[bp + 0x3dc], dx
0x141dd: mov cx, 0x12
0x141e0: lea di, word ptr [bp + 0x41c]
0x141e4: lea si, word ptr [bp + 0x3de]
0x141e8: push cx
0x141e9: push si
0x141ea: rep movsb byte ptr es:[di], byte ptr [si]
0x141ec: cmp byte ptr ds:[bp + 0x3ac], 0
0x141f2: jne 0x14200
0x141f4: mov cx, 0xd
0x141f7: lea si, word ptr [bp + 0x270]
0x141fb: rep movsb byte ptr es:[di], byte ptr [si]
0x141fd: jmp 0x14209
0x141ff: nop
0x14200: mov cx, 0xb
0x14203: lea si, word ptr [bp + 0x175]
0x14207: rep movsb byte ptr es:[di], byte ptr [si]
0x14209: pop si
0x1420a: pop cx
0x1420b: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T22:51:22.574977471Z | 64 | PC: 1441a | Write file or device (Write 749 bytes on handle 5) |
| 2018-12-17T22:51:22.583195832Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T22:51:22.584580126Z | 62 | PC: 1421e | Close file |
| 2018-12-17T22:51:22.592129427Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.601663031Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T22:51:22.604041716Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T22:51:22.61015823Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.619695255Z | 61 | PC: 142d0 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T22:51:22.625968308Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T22:51:22.627335387Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:51:22.633437669Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T22:51:22.634725153Z | 62 | PC: 1421e | Close file |
| 2018-12-17T22:51:22.641743502Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.651515667Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T22:51:22.653919647Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T22:51:22.659389169Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.672041148Z | 61 | PC: 142d0 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T22:51:22.678611698Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T22:51:22.680253118Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:51:22.687403136Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T22:51:22.688834097Z | 62 | PC: 1421e | Close file |
| 2018-12-17T22:51:22.69578355Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T22:51:22.705608422Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T22:51:22.707820556Z | 26 | PC: 14240 | Set disk transfer address |
| 2018-12-17T22:51:22.708866014Z | 48 | PC: 12a63 | Get DOS version |
| 2018-12-17T22:51:22.710445701Z | 9 | PC: 12a7a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T22:51:22.720013799Z | 61 | PC: 12cb7 | Open file (Filename = '�') |
| 2018-12-17T22:51:22.726633018Z | 9 | PC: 12a88 | Display string (String= 'Self test: ') |
| 2018-12-17T22:51:22.731236789Z | 93 | PC: 12b24 | File sharing functions |
| 2018-12-17T22:51:22.73375042Z | 9 | PC: 12b03 | Display string (String= 'Size change=+02EDh/00749d. Virus might be activ?
��') |
| 2018-12-17T22:51:22.737779771Z | 76 | PC: 12b09 | Terminate with return code (Return code = '1') |
