.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:05:36.90969901Z | 53 | PC: 140f9 | Get interrupt vector (Interrupt = '133' AKA 'UNKNOWN!') |
| 2018-12-17T22:05:36.911228256Z | 37 | PC: 1410f | Set interrupt vector (Interrupt = '133' AKA 'UNKNOWN!') |
| 2018-12-17T22:05:36.913435009Z | 80 | PC: 12aeb | Set current PSP |
| 2018-12-17T22:05:36.914135004Z | 26 | PC: 12af2 | Set disk transfer address |
| 2018-12-17T22:05:36.915523202Z | 53 | PC: 12afa | Get interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:05:36.916568382Z | 37 | PC: 12b09 | Set interrupt vector (Interrupt = '33' AKA 'Random read') |
| 2018-12-17T22:05:36.918024784Z | 53 | PC: 12c08 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:05:36.920495234Z | 37 | PC: 12c17 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:05:36.921594276Z | 48 | PC: 12c1b | Get DOS version |
| 2018-12-17T22:05:36.922566821Z | 53 | PC: 12c22 | Get interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T22:05:36.924370673Z | 37 | PC: 12c4f | Set interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T22:05:36.936020264Z | 67 | PC: 12c5e | Get or set file attributes |
| 2018-12-17T22:05:36.941251475Z | 67 | PC: 12c6d | Get or set file attributes |
| 2018-12-17T22:05:37.265674547Z | 61 | PC: 12c74 | Open file (Filename = '���WSR��.�>�') |
| 2018-12-17T22:05:37.270613621Z | 87 | PC: 12c7f | Get or set file date and time |
| 2018-12-17T22:05:37.272030214Z | 66 | PC: 12c8c | Move file pointer |
| 2018-12-17T22:05:37.27339104Z | 66 | PC: 12ca2 | Move file pointer |
| 2018-12-17T22:05:37.275417578Z | 63 | PC: 12cad | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T22:05:37.278260592Z | 66 | PC: 12cc3 | Move file pointer |
| 2018-12-17T22:05:37.279500531Z | 63 | PC: 12ccc | Read file or device (Read 14 bytes on handle 5) |
| 2018-12-17T22:05:37.282584157Z | 66 | PC: 12d63 | Move file pointer |
| 2018-12-17T22:05:37.283864401Z | 63 | PC: 12d6c | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:05:37.286556029Z | 66 | PC: 12d75 | Move file pointer |
| 2018-12-17T22:05:37.288561217Z | 64 | PC: 12d8c | Write file or device (Write 3 bytes on handle 5) |
| 2018-12-17T22:05:37.29124801Z | 66 | PC: 12d95 | Move file pointer |
| 2018-12-17T22:05:37.292996792Z | 64 | PC: 12d9f | Write file or device (Write 1000 bytes on handle 5) |
| 2018-12-17T22:05:37.3028084Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-17T22:05:37.304057878Z | 62 | PC: 12cec | Close file |
| 2018-12-17T22:05:37.309696916Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-17T22:05:37.3190295Z | 37 | PC: 12d0c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:05:37.320254273Z | 37 | PC: 12d1a | Set interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T22:05:37.321641862Z | 48 | PC: 13273 | Get DOS version |
| 2018-12-17T22:05:37.323898322Z | 9 | PC: 1328a | Display string (String= '
--=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------
(c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware
') |
| 2018-12-17T22:05:37.329446678Z | 53 | PC: 12c08 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:05:37.330394492Z | 37 | PC: 12c17 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:05:37.332409394Z | 48 | PC: 12c1b | Get DOS version |
| 2018-12-17T22:05:37.333714331Z | 53 | PC: 12c22 | Get interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T22:05:37.334871594Z | 37 | PC: 12c4f | Set interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T22:05:37.33636621Z | 67 | PC: 12c5e | Get or set file attributes |
| 2018-12-17T22:05:37.342112914Z | 67 | PC: 12c6d | Get or set file attributes |
| 2018-12-17T22:05:37.358962348Z | 61 | PC: 12c74 | Open file (Filename = '�u!��s�Z[_���&�E�') |
| 2018-12-17T22:05:37.366744776Z | 87 | PC: 12c7f | Get or set file date and time |
| 2018-12-17T22:05:37.36842019Z | 66 | PC: 12c8c | Move file pointer |
| 2018-12-17T22:05:37.369882593Z | 66 | PC: 12ca2 | Move file pointer |
| 2018-12-17T22:05:37.372004431Z | 63 | PC: 12cad | Read file or device (Read 2 bytes on handle 5) |
| 2018-12-17T22:05:37.375078708Z | 87 | PC: 12ce8 | Get or set file date and time |
| 2018-12-17T22:05:37.377807971Z | 62 | PC: 12cec | Close file |
| 2018-12-17T22:05:37.390257847Z | 67 | PC: 12cfd | Get or set file attributes |
| 2018-12-17T22:05:37.400773837Z | 37 | PC: 12d0c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:05:37.402261787Z | 37 | PC: 12d1a | Set interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T22:05:37.40508256Z | 61 | PC: 134c7 | Open file (Filename = '�') |
| 2018-12-17T22:05:37.411915952Z | 9 | PC: 13298 | Display string (String= 'Self test: ') |
| 2018-12-17T22:05:37.41442941Z | 93 | PC: 13334 | File sharing functions |
| 2018-12-17T22:05:37.417177196Z | 9 | PC: 13313 | Display string (String= 'Size change=+03E8h/01000d. Virus might be activ?
��') |
| 2018-12-17T22:05:37.422594043Z | 76 | PC: 13319 | Terminate with return code (Return code = '1') |
