.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:09:31.155150666Z | 53 | PC: 13f30 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:09:31.157848956Z | 37 | PC: 13f44 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:09:31.159057042Z | 47 | PC: 13f49 | Get disk transfer address |
| 2018-12-17T23:09:31.16013895Z | 26 | PC: 13f5b | Set disk transfer address |
| 2018-12-17T23:09:31.162804874Z | 25 | PC: 13f5f | Get default drive |
| 2018-12-17T23:09:31.164317164Z | 71 | PC: 13f6c | Get current directory |
| 2018-12-17T23:09:31.167426032Z | 14 | PC: 13f82 | Set default drive (Drive = 'C') |
| 2018-12-17T23:09:31.168958304Z | 59 | PC: 14114 | Change current directory |
| 2018-12-17T23:09:31.172981433Z | 44 | PC: 13f89 | Get time 0x13f89: shr dl, 1
0x13f8b: shr dl, 1
0x13f8d: add dl, 0x40
0x13f90: mov byte ptr [bp + 0x240], dl
0x13f94: xor bx, bx
0x13f96: mov ah, 0x4e
0x13f98: lea dx, word ptr [bp + 0x240]
0x13f9c: mov cx, 0x11
0x13f9f: int 0x21
0x13fa1: jae 0x13fbe
0x13fa3: mov al, byte ptr [bp + 0x240]
0x13fa7: inc al
0x13fa9: cmp al, 0x90
0x13fab: jbe 0x13faf
0x13fad: sub al, 0x26
0x13faf: mov byte ptr [bp + 0x240], al
0x13fb3: inc bh
0x13fb5: cmp bh, 0x1b
0x13fb8: je 0x13f6c
0x13fba: jmp 0x13f96
|
| 2018-12-17T23:09:31.175107849Z | 78 | PC: 13fa1 | Find first file |
| 2018-12-17T23:09:31.180413763Z | 78 | PC: 13fa1 | Find first file |
| 2018-12-17T23:09:31.186473687Z | 78 | PC: 13fa1 | Find first file |
| 2018-12-17T23:09:31.192423865Z | 78 | PC: 13fa1 | Find first file |
| 2018-12-17T23:09:31.197834169Z | 78 | PC: 13fa1 | Find first file |
| 2018-12-17T23:09:31.203840047Z | 78 | PC: 13fa1 | Find first file |
| 2018-12-17T23:09:31.209204629Z | 78 | PC: 13fa1 | Find first file |
| 2018-12-17T23:09:31.21458481Z | 78 | PC: 13fa1 | Find first file |
| 2018-12-17T23:09:31.221062081Z | 59 | PC: 13fc5 | Change current directory |
| 2018-12-17T23:09:31.229639415Z | 78 | PC: 13fd0 | Find first file |
| 2018-12-17T23:09:31.238377254Z | 67 | PC: 1402c | Get or set file attributes |
| 2018-12-17T23:09:31.244991459Z | 67 | PC: 14039 | Get or set file attributes |
| 2018-12-17T23:09:31.595776871Z | 61 | PC: 14041 | Open file (Filename = 'WIN.COM') |
| 2018-12-17T23:09:31.602954002Z | 87 | PC: 14047 | Get or set file date and time |
| 2018-12-17T23:09:31.60561638Z | 44 | PC: 1405a | Get time 0x1405a: add dx, bp
0x1405c: or dx, dx
0x1405e: je 0x14056
0x14060: mov word ptr [bp + 0x24b], dx
0x14064: mov ah, 0x3f
0x14066: lea dx, word ptr [bp + 0x237]
0x1406a: mov cx, 3
0x1406d: int 0x21
0x1406f: mov ax, 0x4202
0x14072: xor cx, cx
0x14074: cdq
0x14075: int 0x21
0x14077: sub ax, 3
0x1407a: mov word ptr cs:[0xfa79], ax
0x1407e: mov byte ptr cs:[0xfa78], 0xe9
0x14084: lea si, word ptr [bp - 5]
0x14087: mov di, 0xfb2c
0x1408a: mov cx, 0x258
0x1408d: cld
0x1408e: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T23:09:31.60869635Z | 63 | PC: 1406f | Read file or device (Read 3 bytes on handle 5) |
| 2018-12-17T23:09:31.614813197Z | 66 | PC: 14077 | Move file pointer |
| 2018-12-17T23:09:31.617586476Z | 64 | PC: 140a0 | Write file or device (Write 600 bytes on handle 5) |
| 2018-12-17T23:09:31.628432038Z | 66 | PC: 140a8 | Move file pointer |
| 2018-12-17T23:09:31.631189137Z | 64 | PC: 140b2 | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T23:09:31.634780067Z | 87 | PC: 140c7 | Get or set file date and time |
| 2018-12-17T23:09:31.637368156Z | 62 | PC: 140cb | Close file |
| 2018-12-17T23:09:31.645387092Z | 67 | PC: 140d8 | Get or set file attributes |
| 2018-12-17T23:09:31.656412832Z | 14 | PC: 1411e | Set default drive (Drive = 'A') |
| 2018-12-17T23:09:31.658722183Z | 59 | PC: 14114 | Change current directory |
| 2018-12-17T23:09:31.663320735Z | 59 | PC: 14126 | Change current directory |
| 2018-12-17T23:09:31.665474752Z | 37 | PC: 140f1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T23:09:31.667622336Z | 26 | PC: 14101 | Set disk transfer address |
| 2018-12-17T23:09:31.670180172Z | 48 | PC: 13a33 | Get DOS version |
| 2018-12-17T23:09:31.672802373Z | 254 | PC: 13cbf | UNKNOWN! |
| 2018-12-17T23:09:31.675013623Z | 254 | PC: 13cd2 | UNKNOWN! |
| 2018-12-17T23:09:31.676897994Z | 224 | PC: 13ce8 | UNKNOWN! |
| 2018-12-17T23:09:31.678606432Z | 225 | PC: 13d09 | UNKNOWN! |
| 2018-12-17T23:09:31.681308821Z | 197 | PC: 13d1d | UNKNOWN! |
| 2018-12-17T23:09:31.683021431Z | 198 | PC: 13d26 | UNKNOWN! |
| 2018-12-17T23:09:31.684719656Z | 198 | PC: 13d2f | UNKNOWN! |
| 2018-12-17T23:09:31.687780228Z | 198 | PC: 13d3c | UNKNOWN! |
| 2018-12-17T23:09:31.689614162Z | 198 | PC: 13d49 | UNKNOWN! |
| 2018-12-17T23:09:31.691408884Z | 75 | PC: 13d59 | Execute program |
| 2018-12-17T23:09:31.693765228Z | 254 | PC: 13d6a | UNKNOWN! |
| 2018-12-17T23:09:31.695522566Z | 61 | PC: 13a74 | Open file (Filename = 'A:\TEST.COM') |
| 2018-12-17T23:09:31.702844739Z | 63 | PC: 13a88 | Read file or device (Read 46 bytes on handle 5) |
| 2018-12-17T23:09:31.705916686Z | 66 | PC: 13bdf | Move file pointer |
| 2018-12-17T23:09:31.70933868Z | 62 | PC: 13be6 | Close file |
| 2018-12-17T23:09:31.711845707Z | 9 | PC: 13b60 | Display string (String= '
VSS, Viren Schutz Schild, (C)opyright 1990-93 by ROSE, Ralph Roth
') |
| 2018-12-17T23:09:31.720517666Z | 9 | PC: 13b68 | Display string (String= 'Datei: ') |
| 2018-12-17T23:09:31.723876431Z | 2 | PC: 13b79 | Character output (Char = '41') |
| 2018-12-17T23:09:31.726657403Z | 2 | PC: 13b79 | Character output (Char = '3a') |
| 2018-12-17T23:09:31.729014106Z | 2 | PC: 13b79 | Character output (Char = '5c') |
| 2018-12-17T23:09:31.732128021Z | 2 | PC: 13b79 | Character output (Char = '54') |
| 2018-12-17T23:09:31.734852031Z | 2 | PC: 13b79 | Character output (Char = '45') |
| 2018-12-17T23:09:31.737187736Z | 2 | PC: 13b79 | Character output (Char = '53') |
| 2018-12-17T23:09:31.740248201Z | 2 | PC: 13b79 | Character output (Char = '54') |
| 2018-12-17T23:09:31.742943531Z | 2 | PC: 13b79 | Character output (Char = '2e') |
| 2018-12-17T23:09:31.745271534Z | 2 | PC: 13b79 | Character output (Char = '43') |
| 2018-12-17T23:09:31.747823262Z | 2 | PC: 13b79 | Character output (Char = '4f') |
| 2018-12-17T23:09:31.751138986Z | 2 | PC: 13b79 | Character output (Char = '4d') |
| 2018-12-17T23:09:31.753454233Z | 2 | PC: 13b81 | Character output (Char = '0d') |
| 2018-12-17T23:09:31.755641559Z | 2 | PC: 13b85 | Character output (Char = '0a') |
| 2018-12-17T23:09:31.760411078Z | 2 | PC: 13b89 | Character output (Char = '0d') |
| 2018-12-17T23:09:31.762595828Z | 2 | PC: 13b8d | Character output (Char = '0a') |
| 2018-12-17T23:09:31.766559137Z | 9 | PC: 13c77 | Display string (String= 'WARNUNG:
�Das Programm wurde ver�ndert und ist wahrscheinlich infiziert!
') |
| 2018-12-17T23:09:31.773920692Z | 9 | PC: 13c80 | Display string (String= '
Checksumme wurde ver�ndert, das Programm kann nicht mehr
repariert werden! Bitte eine Taste dr�cken!
') |
| 2018-12-17T23:09:31.783059263Z | 12 | PC: 13b98 | Flush input buffer and input |
