.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:03:39.927323901Z | 42 | PC: 140f4 | Get date 0x140f4: mov byte ptr ds:[bp + 0x37a], dl
0x140f9: mov byte ptr ds:[bp + 0x379], dh
0x140fe: mov byte ptr ds:[bp + 0x378], al
0x14103: cmp al, 1
0x14105: jne 0x1410a
0x14107: call 0x1427d
0x1410a: cmp al, 0
0x1410c: je 0x14118
0x1410e: mov di, 0x100
0x14111: lea si, word ptr [bp + 0x2e5]
0x14115: push di
0x14116: movsw word ptr es:[di], word ptr [si]
0x14117: movsw word ptr es:[di], word ptr [si]
0x14118: lea dx, word ptr [bp + 0x3bb]
0x1411c: call 0x1422d
0x1411f: jmp 0x14218
0x14122: cmp byte ptr ds:[bp + 0x37a], 0x1b
0x14128: jne 0x14135
0x1412a: call 0x1415c
0x1412d: cmp byte ptr ds:[bp + 0x379], 6
|
| 2018-12-17T23:03:39.930353141Z | 67 | PC: 14285 | Get or set file attributes |
| 2018-12-17T23:03:39.932135073Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:39.934114884Z | 61 | PC: 142c1 | Open file (Filename = '') |
| 2018-12-17T23:03:39.93709384Z | 87 | PC: 14295 | Get or set file date and time |
| 2018-12-17T23:03:39.938749537Z | 64 | PC: 142a1 | Write file or device (Write 16 bytes on handle 2) |
| 2018-12-17T23:03:39.941938351Z | 87 | PC: 142a8 | Get or set file date and time |
| 2018-12-17T23:03:39.944733954Z | 61 | PC: 142ac | Open file (Filename = '}�:u�����߀�@�') |
| 2018-12-17T23:03:39.950898216Z | 67 | PC: 142b3 | Get or set file attributes |
| 2018-12-17T23:03:39.953265417Z | 26 | PC: 14231 | Set disk transfer address |
| 2018-12-17T23:03:39.955395591Z | 78 | PC: 14223 | Find first file |
| 2018-12-17T23:03:39.962049835Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T23:03:39.968348344Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:39.988323843Z | 61 | PC: 142c1 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T23:03:39.996074498Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T23:03:39.998006287Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:03:40.007833614Z | 66 | PC: 14237 | Move file pointer |
| 2018-12-17T23:03:40.009973596Z | 66 | PC: 14237 | Move file pointer |
| 2018-12-17T23:03:40.011540321Z | 64 | PC: 14272 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:03:40.016565672Z | 66 | PC: 14237 | Move file pointer |
| 2018-12-17T23:03:40.020294287Z | 44 | PC: 141ca | Get time 0x141ca: mov word ptr ds:[bp + 0x3a6], dx
0x141cf: mov cx, 0x12
0x141d2: lea di, word ptr [bp + 0x3e6]
0x141d6: lea si, word ptr [bp + 0x3a8]
0x141da: push cx
0x141db: push si
0x141dc: rep movsb byte ptr es:[di], byte ptr [si]
0x141de: cmp byte ptr ds:[bp + 0x378], 0
0x141e4: jne 0x141f1
0x141e6: mov cx, 0xd
0x141e9: lea si, word ptr [bp + 0x265]
0x141ed: rep movsb byte ptr es:[di], byte ptr [si]
0x141ef: jmp 0x141fa
0x141f1: mov cx, 0xb
0x141f4: lea si, word ptr [bp + 0x16b]
0x141f8: rep movsb byte ptr es:[di], byte ptr [si]
0x141fa: pop si
0x141fb: pop cx
0x141fc: rep movsb byte ptr es:[di], byte ptr [si]
0x141fe: mov al, 0xc3
|
| 2018-12-17T23:03:40.023115291Z | 64 | PC: 143e0 | Write file or device (Write 691 bytes on handle 5) |
| 2018-12-17T23:03:40.034869915Z | 87 | PC: 1420b | Get or set file date and time |
| 2018-12-17T23:03:40.037552633Z | 62 | PC: 1420f | Close file |
| 2018-12-17T23:03:40.046084516Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.057234166Z | 79 | PC: 14223 | Find next file |
| 2018-12-17T23:03:40.061172159Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T23:03:40.065077147Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.075902559Z | 61 | PC: 142c1 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T23:03:40.089420182Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T23:03:40.091030933Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:03:40.09811569Z | 87 | PC: 1420b | Get or set file date and time |
| 2018-12-17T23:03:40.099912534Z | 62 | PC: 1420f | Close file |
| 2018-12-17T23:03:40.108592676Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.119411291Z | 79 | PC: 14223 | Find next file |
| 2018-12-17T23:03:40.122199223Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T23:03:40.128861357Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.139569591Z | 61 | PC: 142c1 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T23:03:40.153035125Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T23:03:40.155137456Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:03:40.162270334Z | 66 | PC: 14237 | Move file pointer |
| 2018-12-17T23:03:40.163799269Z | 66 | PC: 14237 | Move file pointer |
| 2018-12-17T23:03:40.166356469Z | 64 | PC: 14272 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:03:40.169378544Z | 66 | PC: 14237 | Move file pointer |
| 2018-12-17T23:03:40.170949162Z | 44 | PC: 141ca | Get time 0x141ca: mov word ptr ds:[bp + 0x3a6], dx
0x141cf: mov cx, 0x12
0x141d2: lea di, word ptr [bp + 0x3e6]
0x141d6: lea si, word ptr [bp + 0x3a8]
0x141da: push cx
0x141db: push si
0x141dc: rep movsb byte ptr es:[di], byte ptr [si]
0x141de: cmp byte ptr ds:[bp + 0x378], 0
0x141e4: jne 0x141f1
0x141e6: mov cx, 0xd
0x141e9: lea si, word ptr [bp + 0x265]
0x141ed: rep movsb byte ptr es:[di], byte ptr [si]
0x141ef: jmp 0x141fa
0x141f1: mov cx, 0xb
0x141f4: lea si, word ptr [bp + 0x16b]
0x141f8: rep movsb byte ptr es:[di], byte ptr [si]
0x141fa: pop si
0x141fb: pop cx
0x141fc: rep movsb byte ptr es:[di], byte ptr [si]
0x141fe: mov al, 0xc3
|
| 2018-12-17T23:03:40.174715086Z | 64 | PC: 143e0 | Write file or device (Write 691 bytes on handle 5) |
| 2018-12-17T23:03:40.183799047Z | 87 | PC: 1420b | Get or set file date and time |
| 2018-12-17T23:03:40.185388769Z | 62 | PC: 1420f | Close file |
| 2018-12-17T23:03:40.194234719Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.205785961Z | 79 | PC: 14223 | Find next file |
| 2018-12-17T23:03:40.208646226Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T23:03:40.215423007Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.226289951Z | 61 | PC: 142c1 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T23:03:40.233810458Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T23:03:40.23572212Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:03:40.243292453Z | 87 | PC: 1420b | Get or set file date and time |
| 2018-12-17T23:03:40.244898479Z | 62 | PC: 1420f | Close file |
| 2018-12-17T23:03:40.434580552Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.543245353Z | 79 | PC: 14223 | Find next file |
| 2018-12-17T23:03:40.546357216Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T23:03:40.553009015Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.56531208Z | 61 | PC: 142c1 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T23:03:40.572629385Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T23:03:40.57426562Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:03:40.582581867Z | 87 | PC: 1420b | Get or set file date and time |
| 2018-12-17T23:03:40.584205126Z | 62 | PC: 1420f | Close file |
| 2018-12-17T23:03:40.591865881Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.603230373Z | 79 | PC: 14223 | Find next file |
| 2018-12-17T23:03:40.606618186Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T23:03:40.61323164Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.627337751Z | 61 | PC: 142c1 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T23:03:40.634893467Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T23:03:40.636519911Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:03:40.64374029Z | 66 | PC: 14237 | Move file pointer |
| 2018-12-17T23:03:40.646609929Z | 66 | PC: 14237 | Move file pointer |
| 2018-12-17T23:03:40.648635166Z | 64 | PC: 14272 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:03:40.651842549Z | 66 | PC: 14237 | Move file pointer |
| 2018-12-17T23:03:40.654526515Z | 44 | PC: 141ca | Get time 0x141ca: mov word ptr ds:[bp + 0x3a6], dx
0x141cf: mov cx, 0x12
0x141d2: lea di, word ptr [bp + 0x3e6]
0x141d6: lea si, word ptr [bp + 0x3a8]
0x141da: push cx
0x141db: push si
0x141dc: rep movsb byte ptr es:[di], byte ptr [si]
0x141de: cmp byte ptr ds:[bp + 0x378], 0
0x141e4: jne 0x141f1
0x141e6: mov cx, 0xd
0x141e9: lea si, word ptr [bp + 0x265]
0x141ed: rep movsb byte ptr es:[di], byte ptr [si]
0x141ef: jmp 0x141fa
0x141f1: mov cx, 0xb
0x141f4: lea si, word ptr [bp + 0x16b]
0x141f8: rep movsb byte ptr es:[di], byte ptr [si]
0x141fa: pop si
0x141fb: pop cx
0x141fc: rep movsb byte ptr es:[di], byte ptr [si]
0x141fe: mov al, 0xc3
|
| 2018-12-17T23:03:40.657561875Z | 64 | PC: 143e0 | Write file or device (Write 691 bytes on handle 5) |
| 2018-12-17T23:03:40.667442861Z | 87 | PC: 1420b | Get or set file date and time |
| 2018-12-17T23:03:40.670365707Z | 62 | PC: 1420f | Close file |
| 2018-12-17T23:03:40.679200463Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.691009897Z | 79 | PC: 14223 | Find next file |
| 2018-12-17T23:03:40.695076457Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T23:03:40.701923896Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.713455095Z | 61 | PC: 142c1 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T23:03:40.72193354Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T23:03:40.72508757Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:03:40.733257613Z | 87 | PC: 1420b | Get or set file date and time |
| 2018-12-17T23:03:40.735172684Z | 62 | PC: 1420f | Close file |
| 2018-12-17T23:03:40.744147648Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.759182249Z | 79 | PC: 14223 | Find next file |
| 2018-12-17T23:03:40.762431429Z | 67 | PC: 1417a | Get or set file attributes |
| 2018-12-17T23:03:40.769833735Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.780938697Z | 61 | PC: 142c1 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T23:03:40.788344021Z | 87 | PC: 1418a | Get or set file date and time |
| 2018-12-17T23:03:40.791083766Z | 63 | PC: 14197 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:03:40.798438687Z | 87 | PC: 1420b | Get or set file date and time |
| 2018-12-17T23:03:40.800599537Z | 62 | PC: 1420f | Close file |
| 2018-12-17T23:03:40.809750407Z | 67 | PC: 142b9 | Get or set file attributes |
| 2018-12-17T23:03:40.824010626Z | 79 | PC: 14223 | Find next file |
| 2018-12-17T23:03:40.82693373Z | 26 | PC: 14231 | Set disk transfer address |
| 2018-12-17T23:03:40.828477473Z | 48 | PC: 12a63 | Get DOS version |
| 2018-12-17T23:03:40.831019Z | 9 | PC: 12a7a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T23:03:40.842185624Z | 61 | PC: 12cb7 | Open file (Filename = '�') |
| 2018-12-17T23:03:40.849701924Z | 9 | PC: 12a88 | Display string (String= 'Self test: ') |
| 2018-12-17T23:03:40.870404716Z | 93 | PC: 12b24 | File sharing functions |
| 2018-12-17T23:03:40.873265572Z | 9 | PC: 12b03 | Display string (String= 'Size change=+02B3h/00691d. Virus might be activ?
��') |
| 2018-12-17T23:03:40.88667136Z | 76 | PC: 12b09 | Terminate with return code (Return code = '1') |
