.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:52:04.973333356Z | 48 | PC: 1410f | Get DOS version |
| 2018-12-17T22:52:04.975754471Z | 37 | PC: 141a3 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:52:04.977394496Z | 48 | PC: 12a63 | Get DOS version |
| 2018-12-17T22:52:04.979273345Z | 9 | PC: 12a7a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T22:52:04.991129518Z | 53 | PC: 9ef4c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:52:04.993878187Z | 37 | PC: 9ef4c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:52:04.995214021Z | 67 | PC: 9ef4c | Get or set file attributes |
| 2018-12-17T22:52:05.001758325Z | 67 | PC: 9ef4c | Get or set file attributes |
| 2018-12-17T22:52:05.018733226Z | 61 | PC: 9ef4c | Open file (Filename = '4 Microsoft Corp Licensed Material - Property of Microsoft All rights reserved �') |
| 2018-12-17T22:52:05.026672566Z | 87 | PC: 9ef4c | Get or set file date and time |
| 2018-12-17T22:52:05.028211441Z | 66 | PC: 9ef4c | Move file pointer |
| 2018-12-17T22:52:05.030370953Z | 66 | PC: 9ef4c | Move file pointer |
| 2018-12-17T22:52:05.031954694Z | 63 | PC: 9ef4c | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T22:52:05.038836014Z | 66 | PC: 9ef4c | Move file pointer |
| 2018-12-17T22:52:05.041055582Z | 63 | PC: 9ef4c | Read file or device (Read 16 bytes on handle 5) |
| 2018-12-17T22:52:05.047011503Z | 62 | PC: 9ef4c | Close file |
| 2018-12-17T22:52:05.049087636Z | 42 | PC: 9ef4c | Get date 0x9ef4c: ret
0x9ef4d: push ds
0x9ef4e: pop es
0x9ef4f: push ds
0x9ef50: pop word ptr cs:[0xdec]
0x9ef55: mov word ptr cs:[0xdea], dx
0x9ef5a: mov ax, 0x4300
0x9ef5d: call 0xaef46
0x9ef60: jb 0x9ef37
0x9ef62: test cx, 0x1e
0x9ef66: jne 0x9ef37
0x9ef68: mov word ptr cs:[0xdf0], cx
0x9ef6d: and cx, 0xfe
0x9ef71: mov dx, word ptr cs:[0xdea]
0x9ef76: mov ax, 0x4301
0x9ef79: call 0xaef46
0x9ef7c: jb 0x9ef37
0x9ef7e: mov dx, word ptr cs:[0xdea]
0x9ef83: mov di, dx
0x9ef85: xor al, al
|
| 2018-12-17T22:52:05.051870485Z | 37 | PC: 9ef4c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:52:05.05431178Z | 61 | PC: 12cb7 | Open file (Filename = '�') |
| 2018-12-17T22:52:05.063161929Z | 9 | PC: 12a88 | Display string (String= 'Self test: ') |
| 2018-12-17T22:52:05.065717404Z | 93 | PC: 12b24 | File sharing functions |
| 2018-12-17T22:52:05.068305358Z | 9 | PC: 12b03 | Display string (String= 'Size change=+0CD7h/03287d. Virus might be activ?
��') |
| 2018-12-17T22:52:05.07447197Z | 76 | PC: 12b09 | Terminate with return code (Return code = '1') |
