.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:07:39.942632095Z | 48 | PC: 12b2d | Get DOS version |
| 2018-12-17T23:07:39.944851245Z | 80 | PC: 12b4e | Set current PSP |
| 2018-12-17T23:07:39.945686009Z | 26 | PC: 12b58 | Set disk transfer address |
| 2018-12-17T23:07:39.947326518Z | 53 | PC: 12f9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:39.949056286Z | 37 | PC: 12f9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:39.950502135Z | 48 | PC: 12f9e | Get DOS version |
| 2018-12-17T23:07:39.951969462Z | 53 | PC: 12f9e | Get interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T23:07:39.95427567Z | 37 | PC: 12f9e | Set interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T23:07:39.956061329Z | 61 | PC: 12f9e | Open file (Filename = '�') |
| 2018-12-17T23:07:39.962709382Z | 66 | PC: 12f9e | Move file pointer |
| 2018-12-17T23:07:39.964879218Z | 66 | PC: 12f9e | Move file pointer |
| 2018-12-17T23:07:39.966241202Z | 63 | PC: 12f9e | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:07:39.968337186Z | 62 | PC: 12f9e | Close file |
| 2018-12-17T23:07:39.970177762Z | 67 | PC: 12f9e | Get or set file attributes |
| 2018-12-17T23:07:39.97421522Z | 67 | PC: 12f9e | Get or set file attributes |
| 2018-12-17T23:07:40.795234463Z | 61 | PC: 12f9e | Open file (Filename = '�') |
| 2018-12-17T23:07:40.80155242Z | 87 | PC: 12f9e | Get or set file date and time |
| 2018-12-17T23:07:40.803823513Z | 66 | PC: 12f9e | Move file pointer |
| 2018-12-17T23:07:40.805289406Z | 63 | PC: 12f9e | Read file or device (Read 14 bytes on handle 5) |
| 2018-12-17T23:07:40.807928755Z | 66 | PC: 12f9e | Move file pointer |
| 2018-12-17T23:07:40.810068689Z | 63 | PC: 12f9e | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:07:40.812505637Z | 66 | PC: 12f9e | Move file pointer |
| 2018-12-17T23:07:40.813880641Z | 64 | PC: 12f9e | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:07:40.817491626Z | 66 | PC: 12f9e | Move file pointer |
| 2018-12-17T23:07:40.819816857Z | 64 | PC: 12f9e | Write file or device (Write 1400 bytes on handle 5) |
| 2018-12-17T23:07:40.829868006Z | 87 | PC: 12f9e | Get or set file date and time |
| 2018-12-17T23:07:40.832735426Z | 62 | PC: 12f9e | Close file |
| 2018-12-17T23:07:40.839488465Z | 67 | PC: 12f9e | Get or set file attributes |
| 2018-12-17T23:07:40.848290998Z | 37 | PC: 12f9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:40.851622203Z | 37 | PC: 12f9e | Set interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T23:07:40.85306201Z | 48 | PC: 13e73 | Get DOS version |
| 2018-12-17T23:07:40.854274278Z | 9 | PC: 13e8a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T23:07:40.864569663Z | 53 | PC: 12f9e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:40.866072068Z | 37 | PC: 12f9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:40.867253567Z | 48 | PC: 12f9e | Get DOS version |
| 2018-12-17T23:07:40.869616257Z | 53 | PC: 12f9e | Get interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T23:07:40.871153143Z | 37 | PC: 12f9e | Set interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T23:07:40.872599512Z | 61 | PC: 12f9e | Open file (Filename = '�W') |
| 2018-12-17T23:07:40.880453082Z | 66 | PC: 12f9e | Move file pointer |
| 2018-12-17T23:07:40.882184845Z | 66 | PC: 12f9e | Move file pointer |
| 2018-12-17T23:07:40.883797415Z | 63 | PC: 12f9e | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:07:40.887210172Z | 62 | PC: 12f9e | Close file |
| 2018-12-17T23:07:40.890780261Z | 37 | PC: 12f9e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:07:40.897700685Z | 37 | PC: 12f9e | Set interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T23:07:40.899487457Z | 61 | PC: 140c7 | Open file (Filename = '�') |
| 2018-12-17T23:07:40.90794922Z | 9 | PC: 13e98 | Display string (String= 'Self test: ') |
| 2018-12-17T23:07:40.910498813Z | 93 | PC: 13f34 | File sharing functions |
| 2018-12-17T23:07:40.912685166Z | 9 | PC: 13f13 | Display string (String= 'Size change=+0578h/01400d. Virus might be activ?
��') |
| 2018-12-17T23:07:40.919218201Z | 76 | PC: 13f19 | Terminate with return code (Return code = '1') |
