.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T23:11:19.916361775Z | 42 | PC: 14102 | Get date 0x14102: mov byte ptr ds:[bp + 0x3ae], dl
0x14107: mov byte ptr ds:[bp + 0x3ad], dh
0x1410c: mov byte ptr ds:[bp + 0x3ac], al
0x14111: cmp al, 1
0x14113: jne 0x14118
0x14115: call 0x1428c
0x14118: cmp al, 0
0x1411a: je 0x14126
0x1411c: mov di, 0x100
0x1411f: lea si, word ptr [bp + 0x2f0]
0x14123: push di
0x14124: movsw word ptr es:[di], word ptr [si]
0x14125: movsw word ptr es:[di], word ptr [si]
0x14126: lea dx, word ptr [bp + 0x3f1]
0x1412a: call 0x1423c
0x1412d: jmp 0x14227
0x14130: cmp byte ptr ds:[bp + 0x3ae], 0x1b
0x14136: jne 0x14143
0x14138: call 0x1416a
0x1413b: cmp byte ptr ds:[bp + 0x3ad], 6
|
| 2018-12-17T23:11:19.920210514Z | 67 | PC: 14294 | Get or set file attributes |
| 2018-12-17T23:11:19.922614506Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:19.924582146Z | 61 | PC: 142d0 | Open file (Filename = '') |
| 2018-12-17T23:11:19.927307833Z | 87 | PC: 142a4 | Get or set file date and time |
| 2018-12-17T23:11:19.929471071Z | 64 | PC: 142b0 | Write file or device (Write 18 bytes on handle 2) |
| 2018-12-17T23:11:19.933279615Z | 87 | PC: 142b7 | Get or set file date and time |
| 2018-12-17T23:11:19.934968341Z | 61 | PC: 142bb | Open file (Filename = '}�:u�����߀�@�') |
| 2018-12-17T23:11:19.941141842Z | 67 | PC: 142c2 | Get or set file attributes |
| 2018-12-17T23:11:19.943843693Z | 26 | PC: 14240 | Set disk transfer address |
| 2018-12-17T23:11:19.945945416Z | 78 | PC: 14232 | Find first file |
| 2018-12-17T23:11:19.959860949Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T23:11:19.966528259Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:19.985124114Z | 61 | PC: 142d0 | Open file (Filename = 'SLEEP.COM') |
| 2018-12-17T23:11:19.993421851Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T23:11:19.995256081Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:11:20.002751829Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T23:11:20.005433633Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T23:11:20.007322355Z | 64 | PC: 14281 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:11:20.010773627Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T23:11:20.014413282Z | 44 | PC: 141d8 | Get time 0x141d8: mov word ptr ds:[bp + 0x3dc], dx
0x141dd: mov cx, 0x12
0x141e0: lea di, word ptr [bp + 0x41c]
0x141e4: lea si, word ptr [bp + 0x3de]
0x141e8: push cx
0x141e9: push si
0x141ea: rep movsb byte ptr es:[di], byte ptr [si]
0x141ec: cmp byte ptr ds:[bp + 0x3ac], 0
0x141f2: jne 0x14200
0x141f4: mov cx, 0xd
0x141f7: lea si, word ptr [bp + 0x270]
0x141fb: rep movsb byte ptr es:[di], byte ptr [si]
0x141fd: jmp 0x14209
0x141ff: nop
0x14200: mov cx, 0xb
0x14203: lea si, word ptr [bp + 0x175]
0x14207: rep movsb byte ptr es:[di], byte ptr [si]
0x14209: pop si
0x1420a: pop cx
0x1420b: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T23:11:20.017528161Z | 64 | PC: 1441a | Write file or device (Write 749 bytes on handle 5) |
| 2018-12-17T23:11:20.027616394Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T23:11:20.030372418Z | 62 | PC: 1421e | Close file |
| 2018-12-17T23:11:20.038887803Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.049998891Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T23:11:20.053249705Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T23:11:20.060157097Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.071134183Z | 61 | PC: 142d0 | Open file (Filename = 'PRINT.COM') |
| 2018-12-17T23:11:20.084986517Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T23:11:20.087687597Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:11:20.095195778Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T23:11:20.097164811Z | 62 | PC: 1421e | Close file |
| 2018-12-17T23:11:20.105643758Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.116877507Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T23:11:20.119905703Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T23:11:20.127247441Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.137848259Z | 61 | PC: 142d0 | Open file (Filename = 'HELLO.COM') |
| 2018-12-17T23:11:20.150792134Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T23:11:20.153711966Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:11:20.161016744Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T23:11:20.16307699Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T23:11:20.165982805Z | 64 | PC: 14281 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:11:20.169368122Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T23:11:20.171084079Z | 44 | PC: 141d8 | Get time 0x141d8: mov word ptr ds:[bp + 0x3dc], dx
0x141dd: mov cx, 0x12
0x141e0: lea di, word ptr [bp + 0x41c]
0x141e4: lea si, word ptr [bp + 0x3de]
0x141e8: push cx
0x141e9: push si
0x141ea: rep movsb byte ptr es:[di], byte ptr [si]
0x141ec: cmp byte ptr ds:[bp + 0x3ac], 0
0x141f2: jne 0x14200
0x141f4: mov cx, 0xd
0x141f7: lea si, word ptr [bp + 0x270]
0x141fb: rep movsb byte ptr es:[di], byte ptr [si]
0x141fd: jmp 0x14209
0x141ff: nop
0x14200: mov cx, 0xb
0x14203: lea si, word ptr [bp + 0x175]
0x14207: rep movsb byte ptr es:[di], byte ptr [si]
0x14209: pop si
0x1420a: pop cx
0x1420b: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T23:11:20.174458576Z | 64 | PC: 1441a | Write file or device (Write 749 bytes on handle 5) |
| 2018-12-17T23:11:20.18357378Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T23:11:20.185403892Z | 62 | PC: 1421e | Close file |
| 2018-12-17T23:11:20.194281399Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.205430628Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T23:11:20.208429659Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T23:11:20.214749185Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.226552655Z | 61 | PC: 142d0 | Open file (Filename = 'PHANG.COM') |
| 2018-12-17T23:11:20.234224294Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T23:11:20.236199489Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:11:20.244052839Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T23:11:20.246540468Z | 62 | PC: 1421e | Close file |
| 2018-12-17T23:11:20.255068397Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.267161693Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T23:11:20.270285278Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T23:11:20.276600606Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.291073897Z | 61 | PC: 142d0 | Open file (Filename = 'PRINTA~1.COM') |
| 2018-12-17T23:11:20.299177578Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T23:11:20.301402293Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:11:20.308138512Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T23:11:20.310741177Z | 62 | PC: 1421e | Close file |
| 2018-12-17T23:11:20.31823418Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.328909308Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T23:11:20.33283982Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T23:11:20.339262701Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.352780225Z | 61 | PC: 142d0 | Open file (Filename = 'MANDEL.COM') |
| 2018-12-17T23:11:20.360652471Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T23:11:20.362229487Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:11:20.369594689Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T23:11:20.372047954Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T23:11:20.374145389Z | 64 | PC: 14281 | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-17T23:11:20.377342702Z | 66 | PC: 14246 | Move file pointer |
| 2018-12-17T23:11:20.379504738Z | 44 | PC: 141d8 | Get time 0x141d8: mov word ptr ds:[bp + 0x3dc], dx
0x141dd: mov cx, 0x12
0x141e0: lea di, word ptr [bp + 0x41c]
0x141e4: lea si, word ptr [bp + 0x3de]
0x141e8: push cx
0x141e9: push si
0x141ea: rep movsb byte ptr es:[di], byte ptr [si]
0x141ec: cmp byte ptr ds:[bp + 0x3ac], 0
0x141f2: jne 0x14200
0x141f4: mov cx, 0xd
0x141f7: lea si, word ptr [bp + 0x270]
0x141fb: rep movsb byte ptr es:[di], byte ptr [si]
0x141fd: jmp 0x14209
0x141ff: nop
0x14200: mov cx, 0xb
0x14203: lea si, word ptr [bp + 0x175]
0x14207: rep movsb byte ptr es:[di], byte ptr [si]
0x14209: pop si
0x1420a: pop cx
0x1420b: rep movsb byte ptr es:[di], byte ptr [si]
|
| 2018-12-17T23:11:20.38399869Z | 64 | PC: 1441a | Write file or device (Write 749 bytes on handle 5) |
| 2018-12-17T23:11:20.393816325Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T23:11:20.396168099Z | 62 | PC: 1421e | Close file |
| 2018-12-17T23:11:20.40452157Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.415186138Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T23:11:20.419083297Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T23:11:20.442113373Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.452738366Z | 61 | PC: 142d0 | Open file (Filename = 'PAH.COM') |
| 2018-12-17T23:11:20.460075997Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T23:11:20.462579105Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:11:20.469778645Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T23:11:20.471502558Z | 62 | PC: 1421e | Close file |
| 2018-12-17T23:11:20.479597974Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.491447781Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T23:11:20.494921946Z | 67 | PC: 14188 | Get or set file attributes |
| 2018-12-17T23:11:20.501732776Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.512927701Z | 61 | PC: 142d0 | Open file (Filename = 'TEST.COM') |
| 2018-12-17T23:11:20.519800687Z | 87 | PC: 14198 | Get or set file date and time |
| 2018-12-17T23:11:20.522415445Z | 63 | PC: 141a5 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T23:11:20.52995184Z | 87 | PC: 1421a | Get or set file date and time |
| 2018-12-17T23:11:20.531779498Z | 62 | PC: 1421e | Close file |
| 2018-12-17T23:11:20.539900431Z | 67 | PC: 142c8 | Get or set file attributes |
| 2018-12-17T23:11:20.554226746Z | 79 | PC: 14232 | Find next file |
| 2018-12-17T23:11:20.557214736Z | 26 | PC: 14240 | Set disk transfer address |
| 2018-12-17T23:11:20.558939921Z | 48 | PC: 12a63 | Get DOS version |
| 2018-12-17T23:11:20.561628478Z | 9 | PC: 12a7a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T23:11:20.571382733Z | 61 | PC: 12cb7 | Open file (Filename = '�') |
| 2018-12-17T23:11:20.578648349Z | 9 | PC: 12a88 | Display string (String= 'Self test: ') |
| 2018-12-17T23:11:20.583421526Z | 93 | PC: 12b24 | File sharing functions |
| 2018-12-17T23:11:20.58536959Z | 9 | PC: 12b03 | Display string (String= 'Size change=+02EDh/00749d. Virus might be activ?
��') |
| 2018-12-17T23:11:20.589636746Z | 76 | PC: 12b09 | Terminate with return code (Return code = '1') |
