Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Annihilator.711

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:03:01.882966637Z 26 PC: 14113 | Set disk transfer address
2018-12-17T22:03:01.884631176Z 78 PC: 14127 | Find first file
2018-12-17T22:03:01.890563174Z 61 PC: 14134 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:03:01.897084454Z 66 PC: 14210 | Move file pointer
2018-12-17T22:03:01.899275437Z 62 PC: 1415b | Close file
2018-12-17T22:03:01.901247538Z 79 PC: 14127 | Find next file
2018-12-17T22:03:01.903804676Z 61 PC: 14134 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:03:01.918619655Z 66 PC: 14210 | Move file pointer
2018-12-17T22:03:01.919839797Z 62 PC: 1415b | Close file
2018-12-17T22:03:01.921205983Z 79 PC: 14127 | Find next file
2018-12-17T22:03:01.923516852Z 61 PC: 14134 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:03:01.928226854Z 66 PC: 14210 | Move file pointer
2018-12-17T22:03:01.929832339Z 62 PC: 1415b | Close file
2018-12-17T22:03:01.932230108Z 79 PC: 14127 | Find next file
2018-12-17T22:03:01.934919306Z 61 PC: 14134 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:03:01.941210648Z 66 PC: 14210 | Move file pointer
2018-12-17T22:03:01.943536602Z 62 PC: 1415b | Close file
2018-12-17T22:03:01.946053366Z 79 PC: 14127 | Find next file
2018-12-17T22:03:01.948653564Z 61 PC: 14134 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:03:01.956714145Z 66 PC: 14210 | Move file pointer
2018-12-17T22:03:01.958282843Z 62 PC: 1415b | Close file
2018-12-17T22:03:01.960292307Z 79 PC: 14127 | Find next file
2018-12-17T22:03:01.963491376Z 61 PC: 14134 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:03:01.970223076Z 66 PC: 14210 | Move file pointer
2018-12-17T22:03:01.972019254Z 62 PC: 1415b | Close file
2018-12-17T22:03:01.974772117Z 79 PC: 14127 | Find next file
2018-12-17T22:03:01.977265432Z 61 PC: 14134 | Open file (Filename = 'PAH.COM')
2018-12-17T22:03:01.983579104Z 66 PC: 14210 | Move file pointer
2018-12-17T22:03:01.985751435Z 62 PC: 1415b | Close file
2018-12-17T22:03:01.987470076Z 79 PC: 14127 | Find next file
2018-12-17T22:03:01.990280128Z 61 PC: 14134 | Open file (Filename = 'TEST.COM')
2018-12-17T22:03:01.996862384Z 66 PC: 14210 | Move file pointer
2018-12-17T22:03:02.000894967Z 87 PC: 1414b | Get or set file date and time
2018-12-17T22:03:02.003497057Z 44 PC: 1416b | Get time 0x1416b: or dx, dx
0x1416d: je 0x14167
0x1416f: mov word ptr [bp + 0x3c9], dx
0x14173: mov ax, 0x4200
0x14176: call 0x1420a
0x14179: mov ah, 0x3f
0x1417b: lea dx, word ptr [bp + 0x234]
0x1417f: mov cx, 3
0x14182: int 0x21
0x14184: cmp byte ptr [bp + 0x234], 0x4d
0x14189: je 0x14157
0x1418b: cmp byte ptr [bp + 0x234], 0x5a
0x14190: je 0x14157
0x14192: mov ax, 0x4202
0x14195: call 0x1420a
0x14198: sub ax, 3
0x1419b: mov word ptr cs:[bp + 0x232], ax
0x141a0: lea si, word ptr [bp + 0x105]
0x141a4: mov di, 0xfb90
0x141a7: mov cx, 0x2c7
2018-12-17T22:03:02.006393495Z 66 PC: 14210 | Move file pointer
2018-12-17T22:03:02.007790818Z 63 PC: 14184 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:03:02.013948292Z 66 PC: 14210 | Move file pointer
2018-12-17T22:03:02.015646469Z 64 PC: 141bd | Write file or device (Write 711 bytes on handle 5)
2018-12-17T22:03:02.030899249Z 66 PC: 14210 | Move file pointer
2018-12-17T22:03:02.032542909Z 64 PC: 141ce | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:03:02.035541095Z 87 PC: 141d5 | Get or set file date and time
2018-12-17T22:03:02.037856456Z 62 PC: 141d9 | Close file
2018-12-17T22:03:02.045704377Z 42 PC: 141dd | Get date 0x141dd: add dl, 5
0x141e0: cmp dh, dl
0x141e2: jne 0x141fe
0x141e4: cmp al, 4
0x141e6: jb 0x141fe
0x141e8: mov ah, 0x2c
0x141ea: int 0x21
0x141ec: and dh, 7
0x141ef: jne 0x141fe
0x141f1: call 0x1421d
0x141f4: mov ah, 9
0x141f6: lea dx, word ptr [bp + 0x374]
0x141fa: int 0x21
0x141fc: cli
0x141fd: hlt
0x141fe: mov ah, 0x1a
0x14200: mov dx, 0x80
0x14203: int 0x21
0x14205: mov ax, 0x100
0x14208: push ax
2018-12-17T22:03:02.048098978Z 26 PC: 14205 | Set disk transfer address
2018-12-17T22:03:02.05009551Z 48 PC: 12a63 | Get DOS version
2018-12-17T22:03:02.051478813Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:03:02.060929028Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-17T22:03:02.06822231Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-17T22:03:02.071057767Z 93 PC: 12b24 | File sharing functions
2018-12-17T22:03:02.072987946Z 9 PC: 12b03 | Display string (String= 'Size change=+058Eh/01422d. Virus might be activ? ')
2018-12-17T22:03:02.079369666Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1453,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:45.157485619Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:43:45.165159533Z 41 PC: 94fae | Parse filename
2018-12-25T11:43:45.168541061Z 41 PC: 9502f | Parse filename
2018-12-25T11:43:45.170067729Z 41 PC: 9504c | Parse filename
2018-12-25T11:43:45.171928708Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T11:43:45.174766735Z 71 PC: 986f3 | Get current directory
2018-12-25T11:43:45.176975186Z 78 PC: 986fe | Find first file
2018-12-25T11:43:45.18280798Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:43:45.185046059Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:43:45.19853715Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:43:45.202431732Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:43:45.204331732Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:43:45.205429971Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:45.206650035Z 62 PC: 122ab | Close file
2018-12-25T11:43:45.215559769Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.217042298Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.218343274Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.219801806Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.221928977Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.222957854Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.223903426Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.22583603Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.228369202Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.229778096Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.237868769Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.239215144Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.240527543Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.242910889Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:43:45.245154016Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T11:43:45.246400891Z 56 PC: 94df9 | Get or set country info
2018-12-25T11:43:45.250182094Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:43:45.25483081Z 25 PC: 94e62 | Get default drive
2018-12-25T11:43:45.256679537Z 71 PC: 970dd | Get current directory
2018-12-25T11:43:45.261930608Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:43:45.264971256Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T11:43:45.267085506Z 93 PC: 94f20 | File sharing functions
2018-12-25T11:43:45.269318626Z 93 PC: 94f27 | File sharing functions
2018-12-25T11:43:45.271044991Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T11:44:00.204335719Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:44:01.557237496Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:44:01.659207499Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:44:01.66507767Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T11:44:01.666702921Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T11:44:01.667950663Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T11:44:01.670401138Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T11:44:01.673094195Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:44:01.681339496Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:44:01.691275306Z 71 PC: 9856c | Get current directory
2018-12-25T11:44:01.694124646Z 73 PC: 97c09 | Release memory
2018-12-25T11:44:01.695323598Z 75 PC: 11821 | Execute program
2018-12-25T11:44:01.708836028Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T11:44:01.712662799Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1453,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:45.292529411Z 26 PC: 14113 | Set disk transfer address
2018-12-25T11:43:45.294978697Z 78 PC: 14127 | Find first file
2018-12-25T11:43:45.300968992Z 61 PC: 14134 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:45.307477985Z 66 PC: 14210 | Move file pointer
2018-12-25T11:43:45.30963572Z 62 PC: 1415b | Close file
2018-12-25T11:43:45.311403151Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.313689066Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.320697143Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.323773869Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.325805086Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.328388854Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.337078873Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.339049793Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.340990962Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.344957127Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.352193224Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.353597545Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.355937557Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.358492258Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.364808938Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.366768489Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.36866909Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.371356631Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.378826631Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.380440925Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.382135933Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.38591021Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.392566559Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.394119903Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.397140953Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.399581981Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.405980815Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.408070355Z 87 PC: 1414b | Get or set file date and time
2018-12-25T11:43:45.410396564Z 44 PC: 1416b | Get time 0x1416b: or dx, dx
0x1416d: je 0x14167
0x1416f: mov word ptr [bp + 0x3c9], dx
0x14173: mov ax, 0x4200
0x14176: call 0x1420a
0x14179: mov ah, 0x3f
0x1417b: lea dx, word ptr [bp + 0x234]
0x1417f: mov cx, 3
0x14182: int 0x21
0x14184: cmp byte ptr [bp + 0x234], 0x4d
0x14189: je 0x14157
0x1418b: cmp byte ptr [bp + 0x234], 0x5a
0x14190: je 0x14157
0x14192: mov ax, 0x4202
0x14195: call 0x1420a
0x14198: sub ax, 3
0x1419b: mov word ptr cs:[bp + 0x232], ax
0x141a0: lea si, word ptr [bp + 0x105]
0x141a4: mov di, 0xfb90
0x141a7: mov cx, 0x2c7
2018-12-25T11:43:45.412414692Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.414706214Z 63 PC: 14184 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:45.417512188Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.419296659Z 64 PC: 141bd | Write file or device (Write 711 bytes on handle 5)
2018-12-25T11:43:45.435232756Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.437209628Z 64 PC: 141ce | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:45.440617545Z 87 PC: 141d5 | Get or set file date and time
2018-12-25T11:43:45.442400599Z 62 PC: 141d9 | Close file
2018-12-25T11:43:45.450514003Z 42 PC: 141dd | Get date 0x141dd: add dl, 5
0x141e0: cmp dh, dl
0x141e2: jne 0x141fe
0x141e4: cmp al, 4
0x141e6: jb 0x141fe
0x141e8: mov ah, 0x2c
0x141ea: int 0x21
0x141ec: and dh, 7
0x141ef: jne 0x141fe
0x141f1: call 0x1421d
0x141f4: mov ah, 9
0x141f6: lea dx, word ptr [bp + 0x374]
0x141fa: int 0x21
0x141fc: cli
0x141fd: hlt
0x141fe: mov ah, 0x1a
0x14200: mov dx, 0x80
0x14203: int 0x21
0x14205: mov ax, 0x100
0x14208: push ax
2018-12-25T11:43:45.452567913Z 26 PC: 14205 | Set disk transfer address
2018-12-25T11:43:45.45361762Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:43:45.455377099Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:43:45.47365571Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:43:45.480154329Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:43:45.484187251Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:43:45.485964943Z 9 PC: 12b03 | Display string (String= 'Size change=+058Eh/01422d. Virus might be activ? ')
2018-12-25T11:43:45.49009449Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":4,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1453,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:45.580966118Z 26 PC: 14113 | Set disk transfer address
2018-12-25T11:43:45.583349346Z 78 PC: 14127 | Find first file
2018-12-25T11:43:45.589823865Z 61 PC: 14134 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:45.596178573Z 66 PC: 14210 | Move file pointer
2018-12-25T11:43:45.598528095Z 62 PC: 1415b | Close file
2018-12-25T11:43:45.600239971Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.602709821Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.615764398Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.617367303Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.619170611Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.621613579Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.628851498Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.630145194Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.63227886Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.635557474Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.641824357Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.643101494Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.649864553Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.652767825Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.659545507Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.662030542Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.663939649Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.666525854Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.673549151Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.6749131Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.676741313Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.67984321Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.691407258Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.692656723Z 62 PC: 1415b | Close file (See above)
2018-12-25T11:43:45.694822847Z 79 PC: 14127 | Find next file (See above)
2018-12-25T11:43:45.697315794Z 61 PC: 14134 | Open file (See above)
2018-12-25T11:43:45.703581293Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.705183886Z 87 PC: 1414b | Get or set file date and time
2018-12-25T11:43:45.706809Z 44 PC: 1416b | Get time 0x1416b: or dx, dx
0x1416d: je 0x14167
0x1416f: mov word ptr [bp + 0x3c9], dx
0x14173: mov ax, 0x4200
0x14176: call 0x1420a
0x14179: mov ah, 0x3f
0x1417b: lea dx, word ptr [bp + 0x234]
0x1417f: mov cx, 3
0x14182: int 0x21
0x14184: cmp byte ptr [bp + 0x234], 0x4d
0x14189: je 0x14157
0x1418b: cmp byte ptr [bp + 0x234], 0x5a
0x14190: je 0x14157
0x14192: mov ax, 0x4202
0x14195: call 0x1420a
0x14198: sub ax, 3
0x1419b: mov word ptr cs:[bp + 0x232], ax
0x141a0: lea si, word ptr [bp + 0x105]
0x141a4: mov di, 0xfb90
0x141a7: mov cx, 0x2c7
2018-12-25T11:43:45.708776233Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.710276194Z 63 PC: 14184 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:45.716998509Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.71871221Z 64 PC: 141bd | Write file or device (Write 711 bytes on handle 5)
2018-12-25T11:43:45.745016616Z 66 PC: 14210 | Move file pointer (See above)
2018-12-25T11:43:45.746446702Z 64 PC: 141ce | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:45.749049764Z 87 PC: 141d5 | Get or set file date and time
2018-12-25T11:43:45.751135302Z 62 PC: 141d9 | Close file
2018-12-25T11:43:45.759276046Z 42 PC: 141dd | Get date 0x141dd: add dl, 5
0x141e0: cmp dh, dl
0x141e2: jne 0x141fe
0x141e4: cmp al, 4
0x141e6: jb 0x141fe
0x141e8: mov ah, 0x2c
0x141ea: int 0x21
0x141ec: and dh, 7
0x141ef: jne 0x141fe
0x141f1: call 0x1421d
0x141f4: mov ah, 9
0x141f6: lea dx, word ptr [bp + 0x374]
0x141fa: int 0x21
0x141fc: cli
0x141fd: hlt
0x141fe: mov ah, 0x1a
0x14200: mov dx, 0x80
0x14203: int 0x21
0x14205: mov ax, 0x100
0x14208: push ax
2018-12-25T11:43:45.761176786Z 44 PC: 141ec | Get time 0x141ec: and dh, 7
0x141ef: jne 0x141fe
0x141f1: call 0x1421d
0x141f4: mov ah, 9
0x141f6: lea dx, word ptr [bp + 0x374]
0x141fa: int 0x21
0x141fc: cli
0x141fd: hlt
0x141fe: mov ah, 0x1a
0x14200: mov dx, 0x80
0x14203: int 0x21
0x14205: mov ax, 0x100
0x14208: push ax
0x14209: ret
0x1420a: xor cx, cx
0x1420c: xor dx, dx
0x1420e: int 0x21
0x14210: ret
0x14211: jmp 0x15b7d
0x14214: jmp 0x158b9
2018-12-25T11:43:45.763139534Z 26 PC: 14205 | Set disk transfer address
2018-12-25T11:43:45.764484153Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:43:45.765776863Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:43:45.770837345Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:43:45.774980895Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:43:45.778492801Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:43:45.780102988Z 9 PC: 12b03 | Display string (String= 'Size change=+058Eh/01422d. Virus might be activ? ')
2018-12-25T11:43:45.784312222Z 76 PC: 12b09 | Terminate with return code (Return code = '1')