Sample viewer

vx.netlux.org/Virus.DOS.Bowl.903

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:13:00.818118849Z 26 PC: 14108 | Set disk transfer address
2018-12-17T22:13:00.819375603Z 71 PC: 14112 | Get current directory
2018-12-17T22:13:00.821992946Z 78 PC: 14128 | Find first file
2018-12-17T22:13:00.828076999Z 67 PC: 14159 | Get or set file attributes
2018-12-17T22:13:00.833966282Z 67 PC: 14169 | Get or set file attributes
2018-12-17T22:13:00.915328929Z 61 PC: 14172 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:13:00.921866349Z 87 PC: 14178 | Get or set file date and time
2018-12-17T22:13:00.923672216Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:00.930049903Z 66 PC: 141f2 | Move file pointer
2018-12-17T22:13:00.931330329Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:00.934564298Z 66 PC: 14205 | Move file pointer
2018-12-17T22:13:00.936078161Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-17T22:13:00.944411361Z 87 PC: 141af | Get or set file date and time
2018-12-17T22:13:00.946450532Z 67 PC: 141bd | Get or set file attributes
2018-12-17T22:13:00.958734128Z 62 PC: 141c1 | Close file
2018-12-17T22:13:00.966223226Z 78 PC: 1426f | Find first file
2018-12-17T22:13:00.972606185Z 78 PC: 14297 | Find first file
2018-12-17T22:13:00.979505889Z 78 PC: 142bd | Find first file
2018-12-17T22:13:00.985119131Z 79 PC: 1414c | Find next file
2018-12-17T22:13:00.987591805Z 67 PC: 14159 | Get or set file attributes
2018-12-17T22:13:00.993991534Z 67 PC: 14169 | Get or set file attributes
2018-12-17T22:13:01.005845543Z 61 PC: 14172 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:13:01.017101248Z 87 PC: 14178 | Get or set file date and time
2018-12-17T22:13:01.019967652Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:01.024649547Z 66 PC: 141f2 | Move file pointer
2018-12-17T22:13:01.025676808Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:01.029787441Z 66 PC: 14205 | Move file pointer
2018-12-17T22:13:01.031040096Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-17T22:13:01.039100542Z 87 PC: 141af | Get or set file date and time
2018-12-17T22:13:01.041738422Z 67 PC: 141bd | Get or set file attributes
2018-12-17T22:13:01.052743772Z 62 PC: 141c1 | Close file
2018-12-17T22:13:01.059559643Z 78 PC: 1426f | Find first file
2018-12-17T22:13:01.066194399Z 78 PC: 14297 | Find first file
2018-12-17T22:13:01.071682181Z 78 PC: 142bd | Find first file
2018-12-17T22:13:01.081929948Z 79 PC: 1414c | Find next file
2018-12-17T22:13:01.085021036Z 67 PC: 14159 | Get or set file attributes
2018-12-17T22:13:01.095524949Z 67 PC: 14169 | Get or set file attributes
2018-12-17T22:13:01.10467143Z 61 PC: 14172 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:13:01.111395514Z 87 PC: 14178 | Get or set file date and time
2018-12-17T22:13:01.113361904Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:01.119511964Z 66 PC: 141f2 | Move file pointer
2018-12-17T22:13:01.12079141Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:01.123813346Z 66 PC: 14205 | Move file pointer
2018-12-17T22:13:01.125027748Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-17T22:13:01.133113799Z 87 PC: 141af | Get or set file date and time
2018-12-17T22:13:01.13534291Z 67 PC: 141bd | Get or set file attributes
2018-12-17T22:13:01.145608033Z 62 PC: 141c1 | Close file
2018-12-17T22:13:01.152337521Z 78 PC: 1426f | Find first file
2018-12-17T22:13:01.159519468Z 78 PC: 14297 | Find first file
2018-12-17T22:13:01.165344891Z 78 PC: 142bd | Find first file
2018-12-17T22:13:01.171164242Z 79 PC: 1414c | Find next file
2018-12-17T22:13:01.174936561Z 67 PC: 14159 | Get or set file attributes
2018-12-17T22:13:01.180494606Z 67 PC: 14169 | Get or set file attributes
2018-12-17T22:13:01.189965757Z 61 PC: 14172 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:13:01.197199534Z 87 PC: 14178 | Get or set file date and time
2018-12-17T22:13:01.198747685Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:01.204893629Z 66 PC: 141f2 | Move file pointer
2018-12-17T22:13:01.206778331Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:01.209252547Z 66 PC: 14205 | Move file pointer
2018-12-17T22:13:01.210516474Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-17T22:13:01.231860111Z 87 PC: 141af | Get or set file date and time
2018-12-17T22:13:01.234231298Z 67 PC: 141bd | Get or set file attributes
2018-12-17T22:13:01.245699441Z 62 PC: 141c1 | Close file
2018-12-17T22:13:01.253779636Z 78 PC: 1426f | Find first file
2018-12-17T22:13:01.259680242Z 78 PC: 14297 | Find first file
2018-12-17T22:13:01.265960494Z 78 PC: 142bd | Find first file
2018-12-17T22:13:01.273512904Z 79 PC: 1414c | Find next file
2018-12-17T22:13:01.276112883Z 67 PC: 14159 | Get or set file attributes
2018-12-17T22:13:01.287597237Z 67 PC: 14169 | Get or set file attributes
2018-12-17T22:13:01.299544864Z 61 PC: 14172 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:13:01.306123853Z 87 PC: 14178 | Get or set file date and time
2018-12-17T22:13:01.307586834Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:01.314279754Z 66 PC: 141f2 | Move file pointer
2018-12-17T22:13:01.316328507Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:01.318683338Z 66 PC: 14205 | Move file pointer
2018-12-17T22:13:01.320149134Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-17T22:13:01.328691676Z 87 PC: 141af | Get or set file date and time
2018-12-17T22:13:01.330019436Z 67 PC: 141bd | Get or set file attributes
2018-12-17T22:13:01.340603117Z 62 PC: 141c1 | Close file
2018-12-17T22:13:01.348235762Z 78 PC: 1426f | Find first file
2018-12-17T22:13:01.354490358Z 78 PC: 14297 | Find first file
2018-12-17T22:13:01.360339183Z 78 PC: 142bd | Find first file
2018-12-17T22:13:01.367048099Z 79 PC: 1414c | Find next file
2018-12-17T22:13:01.369706649Z 67 PC: 14159 | Get or set file attributes
2018-12-17T22:13:01.37544988Z 67 PC: 14169 | Get or set file attributes
2018-12-17T22:13:01.385747542Z 61 PC: 14172 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:13:01.392411514Z 87 PC: 14178 | Get or set file date and time
2018-12-17T22:13:01.393962203Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:01.401541015Z 66 PC: 141f2 | Move file pointer
2018-12-17T22:13:01.40305118Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:01.406327589Z 66 PC: 14205 | Move file pointer
2018-12-17T22:13:01.40873648Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-17T22:13:01.417416752Z 87 PC: 141af | Get or set file date and time
2018-12-17T22:13:01.418851987Z 67 PC: 141bd | Get or set file attributes
2018-12-17T22:13:01.435845049Z 62 PC: 141c1 | Close file
2018-12-17T22:13:01.4425217Z 78 PC: 1426f | Find first file
2018-12-17T22:13:01.448151094Z 78 PC: 14297 | Find first file
2018-12-17T22:13:01.454285477Z 78 PC: 142bd | Find first file
2018-12-17T22:13:01.465593615Z 79 PC: 1414c | Find next file
2018-12-17T22:13:01.46802719Z 67 PC: 14159 | Get or set file attributes
2018-12-17T22:13:01.479206288Z 67 PC: 14169 | Get or set file attributes
2018-12-17T22:13:01.505341273Z 61 PC: 14172 | Open file (Filename = 'PAH.COM')
2018-12-17T22:13:01.511803116Z 87 PC: 14178 | Get or set file date and time
2018-12-17T22:13:01.51376466Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:01.520242229Z 66 PC: 141f2 | Move file pointer
2018-12-17T22:13:01.521450772Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:13:01.524552976Z 66 PC: 14205 | Move file pointer
2018-12-17T22:13:01.52588384Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-17T22:13:01.551685848Z 87 PC: 141af | Get or set file date and time
2018-12-17T22:13:01.554862726Z 67 PC: 141bd | Get or set file attributes
2018-12-17T22:13:01.62790369Z 62 PC: 141c1 | Close file
2018-12-17T22:13:01.65513528Z 78 PC: 1426f | Find first file
2018-12-17T22:13:01.663260165Z 78 PC: 14297 | Find first file
2018-12-17T22:13:01.669285938Z 78 PC: 142bd | Find first file
2018-12-17T22:13:01.675399936Z 79 PC: 1414c | Find next file
2018-12-17T22:13:01.679010557Z 67 PC: 14159 | Get or set file attributes
2018-12-17T22:13:01.684672679Z 67 PC: 14169 | Get or set file attributes
2018-12-17T22:13:01.716079205Z 61 PC: 14172 | Open file (Filename = 'TEST.COM')
2018-12-17T22:13:01.723989981Z 87 PC: 14178 | Get or set file date and time
2018-12-17T22:13:01.72624714Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:13:01.733746648Z 87 PC: 141af | Get or set file date and time
2018-12-17T22:13:01.735934127Z 67 PC: 141bd | Get or set file attributes
2018-12-17T22:13:01.796833004Z 62 PC: 141c1 | Close file
2018-12-17T22:13:01.835502649Z 78 PC: 1426f | Find first file
2018-12-17T22:13:01.841847449Z 78 PC: 14297 | Find first file
2018-12-17T22:13:01.848119037Z 78 PC: 142bd | Find first file
2018-12-17T22:13:01.853793906Z 79 PC: 1414c | Find next file
2018-12-17T22:13:01.8568376Z 78 PC: 1426f | Find first file
2018-12-17T22:13:01.879236859Z 78 PC: 14297 | Find first file
2018-12-17T22:13:01.889711187Z 78 PC: 142bd | Find first file
2018-12-17T22:13:01.900986693Z 59 PC: 14248 | Change current directory
2018-12-17T22:13:01.90584942Z 78 PC: 1426f | Find first file
2018-12-17T22:13:01.911690385Z 78 PC: 14297 | Find first file
2018-12-17T22:13:01.917569534Z 78 PC: 142bd | Find first file
2018-12-17T22:13:01.924714303Z 59 PC: 14223 | Change current directory
2018-12-17T22:13:01.926923417Z 42 PC: 14227 | Get date 0x14227: cmp dh, 0xa
0x1422a: cmp dh, 0xb
0x1422d: cmp dh, 0xc
0x14230: jne 0x1423f
0x14232: cmp dl, 1
0x14235: cmp dl, 0xf
0x14238: cmp dl, 0x19
0x1423b: jne 0x1423f
0x1423d: jmp 0x1424d
0x1423f: ret
0x14240: mov ah, 0x3b
0x14242: lea dx, word ptr [bp + 0x43f]
0x14246: int 0x21
0x14248: jb 0x14217
0x1424a: jmp 0x14118
0x1424d: mov al, 2
0x1424f: mov cx, 0x29a
0x14252: mov dx, 0
0x14255: mov bx, 0x2f2
0x14258: int 0x26
2018-12-17T22:13:01.929639636Z 48 PC: 12a63 | Get DOS version
2018-12-17T22:13:01.931887571Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:13:01.941461507Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-17T22:13:01.953078857Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-17T22:13:01.956119972Z 93 PC: 12b24 | File sharing functions
2018-12-17T22:13:01.958204582Z 9 PC: 12b03 | Display string (String= 'Size change=+0387h/00903d. Virus might be activ? ')
2018-12-17T22:13:01.964440374Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:02.391228948Z 26 PC: 14108 | Set disk transfer address
2018-12-25T11:46:02.396203864Z 71 PC: 14112 | Get current directory
2018-12-25T11:46:02.399521805Z 78 PC: 14128 | Find first file
2018-12-25T11:46:02.406649244Z 67 PC: 14159 | Get or set file attributes
2018-12-25T11:46:02.41335026Z 67 PC: 14169 | Get or set file attributes
2018-12-25T11:46:02.700719553Z 61 PC: 14172 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:02.707884914Z 87 PC: 14178 | Get or set file date and time
2018-12-25T11:46:02.709401868Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:02.717069651Z 66 PC: 141f2 | Move file pointer
2018-12-25T11:46:02.718828259Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:02.722046016Z 66 PC: 14205 | Move file pointer
2018-12-25T11:46:02.724872299Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-25T11:46:02.732489777Z 87 PC: 141af | Get or set file date and time
2018-12-25T11:46:02.733646Z 67 PC: 141bd | Get or set file attributes
2018-12-25T11:46:02.742155771Z 62 PC: 141c1 | Close file
2018-12-25T11:46:02.747453669Z 78 PC: 1426f | Find first file
2018-12-25T11:46:02.751778335Z 78 PC: 14297 | Find first file
2018-12-25T11:46:02.75633453Z 78 PC: 142bd | Find first file
2018-12-25T11:46:02.766800346Z 79 PC: 1414c | Find next file
2018-12-25T11:46:02.769661554Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.781891777Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.797144638Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.805063127Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.806756062Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.814865714Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.816613308Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.819513579Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.824395112Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.833402427Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.835506118Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:02.849117621Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:02.864781491Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:02.872095954Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:02.879185818Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:02.886180103Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:02.889318541Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.896184048Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.92038037Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.928458923Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.930401226Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.939286305Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.941183629Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.944432216Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.94687668Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.956186494Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.958135197Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:02.970533051Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:02.978375866Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:02.985986071Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:02.993250882Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:02.999969378Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.002821047Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.009872941Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.021205034Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.030262509Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.032370902Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.043839537Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.045683344Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.049767959Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.052847676Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.062055071Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.064489261Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.078514185Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.087184289Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.094167182Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.101848516Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.11511936Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.118384889Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.1253435Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.137378461Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.145264539Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.147288863Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.156091497Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.158067445Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.161442695Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.164311124Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.178336189Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.180477897Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.193599416Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.202158975Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.209211819Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.216838198Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.224909193Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.228192042Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.240482781Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.25328152Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.260895106Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.262557287Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.270415056Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.272507111Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.275771351Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.277887339Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.287281201Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.29144795Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.304673774Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.31433366Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.321333478Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.32912201Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.336001092Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.339233366Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.346207353Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.360543654Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.374254142Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.376697636Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.384570373Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.386349353Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.389704035Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.392280299Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.401338762Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.402682392Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.412066621Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.417783794Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.422014991Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.426800706Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.435132558Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.437062841Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.442006729Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.449158161Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.457719298Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.460627669Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.467990124Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.469445529Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.484025967Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.492025731Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.498676082Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.512757182Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.517420693Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.51947378Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.524473416Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.529156736Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.533008964Z 59 PC: 14248 | Change current directory
2018-12-25T11:46:03.538641839Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.545818769Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.557342134Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.578968148Z 59 PC: 14223 | Change current directory
2018-12-25T11:46:03.589225507Z 42 PC: 14227 | Get date 0x14227: cmp dh, 0xa
0x1422a: cmp dh, 0xb
0x1422d: cmp dh, 0xc
0x14230: jne 0x1423f
0x14232: cmp dl, 1
0x14235: cmp dl, 0xf
0x14238: cmp dl, 0x19
0x1423b: jne 0x1423f
0x1423d: jmp 0x1424d
0x1423f: ret
0x14240: mov ah, 0x3b
0x14242: lea dx, word ptr [bp + 0x43f]
0x14246: int 0x21
0x14248: jb 0x14217
0x1424a: jmp 0x14118
0x1424d: mov al, 2
0x1424f: mov cx, 0x29a
0x14252: mov dx, 0
0x14255: mov bx, 0x2f2
0x14258: int 0x26
2018-12-25T11:46:03.592732762Z 9 PC: 14262 | Display string (String= '..... ........ .......')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:02.462617469Z 26 PC: 14108 | Set disk transfer address
2018-12-25T11:46:02.463899376Z 71 PC: 14112 | Get current directory
2018-12-25T11:46:02.466929466Z 78 PC: 14128 | Find first file
2018-12-25T11:46:02.473388946Z 67 PC: 14159 | Get or set file attributes
2018-12-25T11:46:02.479835738Z 67 PC: 14169 | Get or set file attributes
2018-12-25T11:46:02.70115223Z 61 PC: 14172 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:02.70822039Z 87 PC: 14178 | Get or set file date and time
2018-12-25T11:46:02.710213258Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:02.717771873Z 66 PC: 141f2 | Move file pointer
2018-12-25T11:46:02.71925379Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:02.723141524Z 66 PC: 14205 | Move file pointer
2018-12-25T11:46:02.725352154Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-25T11:46:02.735676411Z 87 PC: 141af | Get or set file date and time
2018-12-25T11:46:02.737663531Z 67 PC: 141bd | Get or set file attributes
2018-12-25T11:46:02.751206596Z 62 PC: 141c1 | Close file
2018-12-25T11:46:02.759463309Z 78 PC: 1426f | Find first file
2018-12-25T11:46:02.766073244Z 78 PC: 14297 | Find first file
2018-12-25T11:46:02.774107646Z 78 PC: 142bd | Find first file
2018-12-25T11:46:02.786444986Z 79 PC: 1414c | Find next file
2018-12-25T11:46:02.789597096Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.804221954Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.816167506Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.826825744Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.829575359Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.837760195Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.839725203Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.848294468Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.849910071Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.859034835Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.860901627Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:02.873409655Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:02.881281556Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:02.888120743Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:02.895475851Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:02.902562341Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:02.905929482Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.919239003Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.933653096Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.941474367Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.944509591Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.952486824Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.954458916Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.958152672Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.96050712Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.969686211Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.97203165Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:02.987977006Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:02.99637144Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.003151329Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.011748712Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.020419912Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.023391011Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.030611355Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.044544751Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.058305305Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.061379528Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.068690014Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.07053506Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.074077271Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.07697059Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.086189188Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.088288564Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.101235234Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.109145647Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.115845744Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.123935083Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.131231516Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.134778296Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.142899484Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.154536401Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.163663309Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.16704051Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.174530089Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.175956144Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.178888572Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.180506979Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.190268118Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.192108444Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.20509996Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.213431819Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.220590291Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.228237566Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.241161235Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.244486289Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.257957757Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.268968501Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.276671469Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.279056307Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.286373155Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.288077812Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.291636518Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.294193189Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.304194961Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.30632187Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.320181913Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.328190691Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.335196931Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.343304847Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.35021407Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.353499165Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.366646265Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.381431944Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.38928465Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.391781355Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.399432612Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.401176795Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.404255712Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.406890152Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.416088546Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.418275167Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.431215384Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.439368803Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.447143429Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.45497147Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.462240895Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.465465146Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.472437517Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.483708177Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.491538939Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.494335846Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.499778876Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.501109841Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.508477873Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.515434986Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.522790448Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.530671103Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.537254852Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.539873928Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.547769163Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.559860626Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.572325964Z 59 PC: 14248 | Change current directory
2018-12-25T11:46:03.578607814Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.58490738Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.591421746Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.598560894Z 59 PC: 14223 | Change current directory
2018-12-25T11:46:03.600411976Z 42 PC: 14227 | Get date 0x14227: cmp dh, 0xa
0x1422a: cmp dh, 0xb
0x1422d: cmp dh, 0xc
0x14230: jne 0x1423f
0x14232: cmp dl, 1
0x14235: cmp dl, 0xf
0x14238: cmp dl, 0x19
0x1423b: jne 0x1423f
0x1423d: jmp 0x1424d
0x1423f: ret
0x14240: mov ah, 0x3b
0x14242: lea dx, word ptr [bp + 0x43f]
0x14246: int 0x21
0x14248: jb 0x14217
0x1424a: jmp 0x14118
0x1424d: mov al, 2
0x1424f: mov cx, 0x29a
0x14252: mov dx, 0
0x14255: mov bx, 0x2f2
0x14258: int 0x26
2018-12-25T11:46:03.602739166Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:46:03.604689219Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:46:03.615908562Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:46:03.623396166Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:46:03.628436905Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:46:03.631255169Z 9 PC: 12b03 | Display string (String= 'Size change=+0387h/00903d. Virus might be activ? ')
2018-12-25T11:46:03.635954763Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:02.51794498Z 26 PC: 14108 | Set disk transfer address
2018-12-25T11:46:02.520109269Z 71 PC: 14112 | Get current directory
2018-12-25T11:46:02.522792399Z 78 PC: 14128 | Find first file
2018-12-25T11:46:02.528409923Z 67 PC: 14159 | Get or set file attributes
2018-12-25T11:46:02.539934441Z 67 PC: 14169 | Get or set file attributes
2018-12-25T11:46:02.559194104Z 61 PC: 14172 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:02.56567246Z 87 PC: 14178 | Get or set file date and time
2018-12-25T11:46:02.566948815Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:02.573824735Z 66 PC: 141f2 | Move file pointer
2018-12-25T11:46:02.575087767Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:02.577612911Z 66 PC: 14205 | Move file pointer
2018-12-25T11:46:02.579319457Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-25T11:46:02.588215111Z 87 PC: 141af | Get or set file date and time
2018-12-25T11:46:02.589722061Z 67 PC: 141bd | Get or set file attributes
2018-12-25T11:46:02.600657277Z 62 PC: 141c1 | Close file
2018-12-25T11:46:02.607993152Z 78 PC: 1426f | Find first file
2018-12-25T11:46:02.613845356Z 78 PC: 14297 | Find first file
2018-12-25T11:46:02.625617141Z 78 PC: 142bd | Find first file
2018-12-25T11:46:02.629524535Z 79 PC: 1414c | Find next file
2018-12-25T11:46:02.63134899Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.635470208Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.641931012Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.648337229Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.6500969Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.65873136Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.659972366Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.662927706Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.66418006Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.669751429Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.672217229Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:02.682538885Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:02.691898244Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:02.698261153Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:02.703909945Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:02.709430402Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:02.712297084Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.717974898Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.729728389Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.741318473Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.743855394Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.75040389Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.752770061Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.756575306Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.757893013Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.765642827Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.767958142Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:02.778569454Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:02.785737377Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:02.793462421Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:02.799897475Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:02.810743791Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:02.814485772Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.821367414Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.83117225Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.838811836Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.840673554Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.847250496Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.849561537Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.852586046Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.854200403Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.863618898Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.8655284Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:02.875468847Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:02.882624629Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:02.889640653Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:02.895129364Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:02.900731105Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:02.904250136Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.910231386Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.919802203Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.932239916Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.933482689Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.939573674Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.941403288Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.944020329Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.945454562Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.953788859Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.955192864Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:02.965398237Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:02.972985021Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:02.978995892Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:02.984928814Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:02.996013258Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:02.998657527Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.009490772Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.019755136Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.026320408Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.027628338Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.034244839Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.035511277Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.037923442Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.04014976Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.048539667Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.049977071Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.060672907Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.067330642Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.073594772Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.079618094Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.085421884Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.087809419Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.093950331Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.103073191Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.10922804Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.110622641Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.116614561Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.118176346Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.120853399Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.122001536Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.129366514Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.131161157Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.141406524Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.149731377Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.15647475Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.161975239Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.167466753Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.170323927Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.180558625Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.192292588Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.204121585Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.205597628Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.21231919Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.214457349Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.22453947Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.231598533Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.238702744Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.244599688Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.255992673Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.258038986Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.264655718Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.270070902Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.275968957Z 59 PC: 14248 | Change current directory
2018-12-25T11:46:03.279771603Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.285182073Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.295982847Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.307251904Z 59 PC: 14223 | Change current directory
2018-12-25T11:46:03.308809325Z 42 PC: 14227 | Get date 0x14227: cmp dh, 0xa
0x1422a: cmp dh, 0xb
0x1422d: cmp dh, 0xc
0x14230: jne 0x1423f
0x14232: cmp dl, 1
0x14235: cmp dl, 0xf
0x14238: cmp dl, 0x19
0x1423b: jne 0x1423f
0x1423d: jmp 0x1424d
0x1423f: ret
0x14240: mov ah, 0x3b
0x14242: lea dx, word ptr [bp + 0x43f]
0x14246: int 0x21
0x14248: jb 0x14217
0x1424a: jmp 0x14118
0x1424d: mov al, 2
0x1424f: mov cx, 0x29a
0x14252: mov dx, 0
0x14255: mov bx, 0x2f2
0x14258: int 0x26
2018-12-25T11:46:03.311457106Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:46:03.312547441Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:46:03.322171986Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:46:03.329142991Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:46:03.332553484Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:46:03.334298264Z 9 PC: 12b03 | Display string (String= 'Size change=+0387h/00903d. Virus might be activ? ')
2018-12-25T11:46:03.338423805Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:02.549100784Z 26 PC: 14108 | Set disk transfer address
2018-12-25T11:46:02.550579909Z 71 PC: 14112 | Get current directory
2018-12-25T11:46:02.553425709Z 78 PC: 14128 | Find first file
2018-12-25T11:46:02.559170685Z 67 PC: 14159 | Get or set file attributes
2018-12-25T11:46:02.570184313Z 67 PC: 14169 | Get or set file attributes
2018-12-25T11:46:02.588595115Z 61 PC: 14172 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:02.594881567Z 87 PC: 14178 | Get or set file date and time
2018-12-25T11:46:02.596049142Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:02.602505365Z 66 PC: 141f2 | Move file pointer
2018-12-25T11:46:02.604016013Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:02.606830535Z 66 PC: 14205 | Move file pointer
2018-12-25T11:46:02.608780858Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-25T11:46:02.617140147Z 87 PC: 141af | Get or set file date and time
2018-12-25T11:46:02.618816649Z 67 PC: 141bd | Get or set file attributes
2018-12-25T11:46:02.629909276Z 62 PC: 141c1 | Close file
2018-12-25T11:46:02.636857936Z 78 PC: 1426f | Find first file
2018-12-25T11:46:02.642374714Z 78 PC: 14297 | Find first file
2018-12-25T11:46:02.65348151Z 78 PC: 142bd | Find first file
2018-12-25T11:46:02.659285198Z 79 PC: 1414c | Find next file
2018-12-25T11:46:02.661936854Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.668640416Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.676913121Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.682510077Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.684365401Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.690544606Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.691793185Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.695182224Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.696534271Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.704232406Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.706562718Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:02.717473411Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:02.724590654Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:02.730465082Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:02.736204218Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:02.741947722Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:02.745550066Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.756091012Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.768675805Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.780276699Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.781894866Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.788004105Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.789205551Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.792391487Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.793899474Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.801945508Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.80467353Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:02.815188512Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:02.822756509Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:02.829693244Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:02.83557259Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:02.842085351Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:02.845775289Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.851904828Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.863182385Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.870728286Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.872725544Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.879095995Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.88117953Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.884208486Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.885596685Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.893564601Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.895632958Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:02.906934138Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:02.913761361Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:02.920020827Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:02.925560204Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:02.931675453Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:02.935057517Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.945601925Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.957771356Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.970319716Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.971964865Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.978427204Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.980331227Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.982901548Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.984240726Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.993321775Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.994741473Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.005072286Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.012479871Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.018117919Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.023578179Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.035013283Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.037585639Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.043359628Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.053807065Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.060852627Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.062443935Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.068656767Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.069694197Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.07168638Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.07320774Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.078628326Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.079792424Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.087033572Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.092887243Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.099111483Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.105132125Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.111125846Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.113280951Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.118700424Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.128487789Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.135130687Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.136563383Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.142920577Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.144363063Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.14796237Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.149365277Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.157670822Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.159399233Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.170904906Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.177654528Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.183375968Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.189218452Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.199483197Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.201762641Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.212036278Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.224528819Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.231222729Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.233476256Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.239592565Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.240953914Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.251117167Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.258610139Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.264274775Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.27507846Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.28572998Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.28817738Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.294224426Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.300012123Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.305037051Z 59 PC: 14248 | Change current directory
2018-12-25T11:46:03.310072849Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.319563225Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.330388628Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.342218265Z 59 PC: 14223 | Change current directory
2018-12-25T11:46:03.34387268Z 42 PC: 14227 | Get date 0x14227: cmp dh, 0xa
0x1422a: cmp dh, 0xb
0x1422d: cmp dh, 0xc
0x14230: jne 0x1423f
0x14232: cmp dl, 1
0x14235: cmp dl, 0xf
0x14238: cmp dl, 0x19
0x1423b: jne 0x1423f
0x1423d: jmp 0x1424d
0x1423f: ret
0x14240: mov ah, 0x3b
0x14242: lea dx, word ptr [bp + 0x43f]
0x14246: int 0x21
0x14248: jb 0x14217
0x1424a: jmp 0x14118
0x1424d: mov al, 2
0x1424f: mov cx, 0x29a
0x14252: mov dx, 0
0x14255: mov bx, 0x2f2
0x14258: int 0x26
2018-12-25T11:46:03.345925116Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:46:03.347829336Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:46:03.357137213Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:46:03.363922769Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:46:03.367781209Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:46:03.369443002Z 9 PC: 12b03 | Display string (String= 'Size change=+0387h/00903d. Virus might be activ? ')
2018-12-25T11:46:03.373285349Z 76 PC: 12b09 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:02.795444497Z 26 PC: 14108 | Set disk transfer address
2018-12-25T11:46:02.797314005Z 71 PC: 14112 | Get current directory
2018-12-25T11:46:02.800542071Z 78 PC: 14128 | Find first file
2018-12-25T11:46:02.807285838Z 67 PC: 14159 | Get or set file attributes
2018-12-25T11:46:02.820058621Z 67 PC: 14169 | Get or set file attributes
2018-12-25T11:46:02.841344916Z 61 PC: 14172 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:02.848800869Z 87 PC: 14178 | Get or set file date and time
2018-12-25T11:46:02.850344337Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:02.858195651Z 66 PC: 141f2 | Move file pointer
2018-12-25T11:46:02.859309963Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:02.861880017Z 66 PC: 14205 | Move file pointer
2018-12-25T11:46:02.863477123Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-25T11:46:02.869516486Z 87 PC: 141af | Get or set file date and time
2018-12-25T11:46:02.870840608Z 67 PC: 141bd | Get or set file attributes
2018-12-25T11:46:02.880126917Z 62 PC: 141c1 | Close file
2018-12-25T11:46:02.903646978Z 78 PC: 1426f | Find first file
2018-12-25T11:46:02.911042497Z 78 PC: 14297 | Find first file
2018-12-25T11:46:02.918579428Z 78 PC: 142bd | Find first file
2018-12-25T11:46:02.925318125Z 79 PC: 1414c | Find next file
2018-12-25T11:46:02.928187496Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.935104947Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.950318613Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.963901644Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.965985715Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.973404984Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.974910376Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.978037008Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.980244589Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.990284092Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.992576811Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.004981153Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.014411109Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.02244657Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.034236435Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.040638845Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.043776582Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.050715749Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.062321097Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.070118744Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.073282524Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.081044363Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.082816924Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.086752517Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.088418692Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.098356993Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.100787966Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.112996234Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.121026154Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.127819166Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.135551931Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.147542702Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.150733553Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.158925133Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.169974411Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.17436524Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.176414825Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.183589916Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.185038308Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.188331707Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.190072414Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.198977489Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.201280936Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.212843896Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.218024163Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.222779238Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.227339165Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.231200041Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.233044542Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.237193552Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.248158372Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.25545996Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.258167398Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.265857443Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.267736594Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.271449208Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.272651709Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.281598454Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.284167204Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.296459353Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.304260662Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.312035691Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.317929444Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.321829134Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.323610456Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.338770025Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.3515292Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.356313432Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.358999532Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.366050054Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.367419515Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.371169211Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.372826244Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.382923836Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.385236003Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.397174438Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.402554074Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.40988805Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.417403477Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.423628802Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.426493487Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.43284464Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.443315959Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.450466367Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.452479969Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.459750017Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.461611493Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.465802363Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.467820925Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.477648788Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.480670235Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.492445138Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.499977456Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.52422554Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.53134841Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.545418767Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.54881362Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.556554844Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.567712893Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.573664506Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.576448585Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.595963775Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.59771181Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.610231585Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.619311815Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.625910219Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.633083022Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.63941438Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.641829593Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.655163338Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.668192541Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.674656222Z 59 PC: 14248 | Change current directory
2018-12-25T11:46:03.680241939Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.684376012Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.688538256Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.696173085Z 59 PC: 14223 | Change current directory
2018-12-25T11:46:03.697548687Z 42 PC: 14227 | Get date 0x14227: cmp dh, 0xa
0x1422a: cmp dh, 0xb
0x1422d: cmp dh, 0xc
0x14230: jne 0x1423f
0x14232: cmp dl, 1
0x14235: cmp dl, 0xf
0x14238: cmp dl, 0x19
0x1423b: jne 0x1423f
0x1423d: jmp 0x1424d
0x1423f: ret
0x14240: mov ah, 0x3b
0x14242: lea dx, word ptr [bp + 0x43f]
0x14246: int 0x21
0x14248: jb 0x14217
0x1424a: jmp 0x14118
0x1424d: mov al, 2
0x1424f: mov cx, 0x29a
0x14252: mov dx, 0
0x14255: mov bx, 0x2f2
0x14258: int 0x26
2018-12-25T11:46:03.699566679Z 9 PC: 14262 | Display string (String= '..... ........ .......')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:02.830833375Z 26 PC: 14108 | Set disk transfer address
2018-12-25T11:46:02.832528986Z 71 PC: 14112 | Get current directory
2018-12-25T11:46:02.835254074Z 78 PC: 14128 | Find first file
2018-12-25T11:46:02.840994175Z 67 PC: 14159 | Get or set file attributes
2018-12-25T11:46:02.847612197Z 67 PC: 14169 | Get or set file attributes
2018-12-25T11:46:02.863364526Z 61 PC: 14172 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:02.874459376Z 87 PC: 14178 | Get or set file date and time
2018-12-25T11:46:02.876432735Z 63 PC: 1418d | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:46:02.883154731Z 66 PC: 141f2 | Move file pointer
2018-12-25T11:46:02.884874499Z 64 PC: 141fd | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:46:02.888885759Z 66 PC: 14205 | Move file pointer
2018-12-25T11:46:02.891322213Z 64 PC: 14210 | Write file or device (Write 903 bytes on handle 5)
2018-12-25T11:46:02.901186057Z 87 PC: 141af | Get or set file date and time
2018-12-25T11:46:02.903685939Z 67 PC: 141bd | Get or set file attributes
2018-12-25T11:46:02.914638922Z 62 PC: 141c1 | Close file
2018-12-25T11:46:02.922928209Z 78 PC: 1426f | Find first file
2018-12-25T11:46:02.927754367Z 78 PC: 14297 | Find first file
2018-12-25T11:46:02.933976174Z 78 PC: 142bd | Find first file
2018-12-25T11:46:02.940898339Z 79 PC: 1414c | Find next file
2018-12-25T11:46:02.942644503Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:02.949266024Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:02.956794178Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:02.960717939Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:02.974776113Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:02.980904628Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:02.98207288Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:02.985090562Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:02.986343194Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:02.99423052Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:02.996863013Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.006988806Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.013669612Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.019689862Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.03037734Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.035912777Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.038983577Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.04434779Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.053957586Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.061454636Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.062998954Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.069468211Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.07162389Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.074852497Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.076410285Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.085126822Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.086534501Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.097018073Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.104551601Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.110279711Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.116753045Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.123410245Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.12582895Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.135937965Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.148608417Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.160425001Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.161690297Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.168254004Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.169862842Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.172619522Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.174599956Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.182334006Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.183692192Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.194517155Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.202126966Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.207785575Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.214255321Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.225504274Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.228019911Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.233497978Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.243173244Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.249576191Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.250861053Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.25796391Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.259225276Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.261692586Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.264048522Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.271787449Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.273193685Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.284565441Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.29136494Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.296966754Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.303653909Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.309515678Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.312346062Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.3236321Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.494957527Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.506623356Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.508710536Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.514932702Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.51648268Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.519716311Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.522558587Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.570942644Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.57230218Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.595856442Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.610828459Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.61658412Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.623131785Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.634281411Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.637133804Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.64380494Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.653547236Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.660015592Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.662188637Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.668391596Z 66 PC: 141f2 | Move file pointer (See above)
2018-12-25T11:46:03.669668078Z 64 PC: 141fd | Write file or device (See above)
2018-12-25T11:46:03.673104346Z 66 PC: 14205 | Move file pointer (See above)
2018-12-25T11:46:03.674531706Z 64 PC: 14210 | Write file or device (See above)
2018-12-25T11:46:03.68225925Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.684892903Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.695196297Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.702715526Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.709042066Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.714720042Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.720347514Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.723420373Z 67 PC: 14159 | Get or set file attributes (See above)
2018-12-25T11:46:03.728913614Z 67 PC: 14169 | Get or set file attributes (See above)
2018-12-25T11:46:03.740840571Z 61 PC: 14172 | Open file (See above)
2018-12-25T11:46:03.752143718Z 87 PC: 14178 | Get or set file date and time (See above)
2018-12-25T11:46:03.754179262Z 63 PC: 1418d | Read file or device (See above)
2018-12-25T11:46:03.760726573Z 87 PC: 141af | Get or set file date and time (See above)
2018-12-25T11:46:03.762095439Z 67 PC: 141bd | Get or set file attributes (See above)
2018-12-25T11:46:03.773717318Z 62 PC: 141c1 | Close file (See above)
2018-12-25T11:46:03.780463198Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.786496405Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.793183012Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.803531703Z 79 PC: 1414c | Find next file (See above)
2018-12-25T11:46:03.805841538Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.817718914Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.828723693Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.834598962Z 59 PC: 14248 | Change current directory
2018-12-25T11:46:03.839165804Z 78 PC: 1426f | Find first file (See above)
2018-12-25T11:46:03.845005887Z 78 PC: 14297 | Find first file (See above)
2018-12-25T11:46:03.850732257Z 78 PC: 142bd | Find first file (See above)
2018-12-25T11:46:03.861984658Z 59 PC: 14223 | Change current directory
2018-12-25T11:46:03.863690568Z 42 PC: 14227 | Get date 0x14227: cmp dh, 0xa
0x1422a: cmp dh, 0xb
0x1422d: cmp dh, 0xc
0x14230: jne 0x1423f
0x14232: cmp dl, 1
0x14235: cmp dl, 0xf
0x14238: cmp dl, 0x19
0x1423b: jne 0x1423f
0x1423d: jmp 0x1424d
0x1423f: ret
0x14240: mov ah, 0x3b
0x14242: lea dx, word ptr [bp + 0x43f]
0x14246: int 0x21
0x14248: jb 0x14217
0x1424a: jmp 0x14118
0x1424d: mov al, 2
0x1424f: mov cx, 0x29a
0x14252: mov dx, 0
0x14255: mov bx, 0x2f2
0x14258: int 0x26
2018-12-25T11:46:03.865822896Z 48 PC: 12a63 | Get DOS version
2018-12-25T11:46:03.867734063Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-25T11:46:03.877477329Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-25T11:46:03.889862445Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-25T11:46:03.894107651Z 93 PC: 12b24 | File sharing functions
2018-12-25T11:46:03.895952138Z 9 PC: 12b03 | Display string (String= 'Size change=+0387h/00903d. Virus might be activ? ')
2018-12-25T11:46:03.900422304Z 76 PC: 12b09 | Terminate with return code (Return code = '1')