.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:00:21.188402462Z | 26 | PC: 14107 | Set disk transfer address |
| 2018-12-17T23:00:21.190327179Z | 78 | PC: 14113 | Find first file |
| 2018-12-17T23:00:21.19699071Z | 67 | PC: 14158 | Get or set file attributes |
| 2018-12-17T23:00:21.594198964Z | 61 | PC: 14161 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T23:00:21.602055958Z | 87 | PC: 14167 | Get or set file date and time |
| 2018-12-17T23:00:21.604549925Z | 63 | PC: 1417a | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T23:00:21.612025984Z | 66 | PC: 141a3 | Move file pointer |
| 2018-12-17T23:00:21.613849571Z | 64 | PC: 141af | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T23:00:21.618162105Z | 66 | PC: 141b8 | Move file pointer |
| 2018-12-17T23:00:21.620001943Z | 44 | PC: 141bc | Get time 0x141bc: xchg cl, ch
0x141be: add dx, cx
0x141c0: xor dx, word ptr [bp + 0x26b]
0x141c4: mov word ptr [bp + 0x26b], dx
0x141c8: lea si, word ptr [bp + 0x242]
0x141cc: lea di, word ptr [bp + 0x2a4]
0x141d0: mov cx, 0x18
0x141d3: rep movsb byte ptr es:[di], byte ptr [si]
0x141d5: mov ah, 0x40
0x141d7: mov cx, 0x16c
0x141da: nop
0x141db: lea dx, word ptr [bp + 0x103]
0x141df: pushaw
0x141e0: call 0x14286
0x141e3: mov ax, 0x5700
0x141e6: mov dx, word ptr [bp + 0x29d]
0x141ea: mov cx, word ptr [bp + 0x29b]
0x141ee: add ax, 1
0x141f1: int 0x21
0x141f3: mov ah, 0x3e
|
| 2018-12-17T23:00:21.62294348Z | 64 | PC: 14293 | Write file or device (Write 364 bytes on handle 5) |
| 2018-12-17T23:00:21.634805571Z | 87 | PC: 141f3 | Get or set file date and time |
| 2018-12-17T23:00:21.63656612Z | 62 | PC: 141f7 | Close file |
| 2018-12-17T23:00:21.649911869Z | 67 | PC: 14207 | Get or set file attributes |
| 2018-12-17T23:00:21.661842369Z | 26 | PC: 14133 | Set disk transfer address |
| 2018-12-17T23:00:21.664107706Z | 48 | PC: 12a63 | Get DOS version |
| 2018-12-17T23:00:21.665896828Z | 9 | PC: 12a7a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T23:00:21.676762177Z | 61 | PC: 12cb7 | Open file (Filename = '�') |
| 2018-12-17T23:00:21.685923422Z | 9 | PC: 12a88 | Display string (String= 'Self test: ') |
| 2018-12-17T23:00:21.688686184Z | 93 | PC: 12b24 | File sharing functions |
| 2018-12-17T23:00:21.69082343Z | 9 | PC: 12b03 | Display string (String= 'Size change=+016Ch/00364d. Virus might be activ?
��') |
| 2018-12-17T23:00:21.698204281Z | 76 | PC: 12b09 | Terminate with return code (Return code = '1') |
