Sample viewer




Time Syscall Op Syscall Name
2018-12-17T22:21:49.305999192Z 44 PC: 140f1 | Get time 0x140f1: mov bl, dl
0x140f3: mov ah, 0xb
0x140f5: int 0x21
0x140f7: cmp ah, 0
0x140fa: jne 0x14103
0x140fc: add bx, bp
0x140fe: cmp al, byte ptr cs:[bx]
0x14101: je 0x14161
0x14103: push ds
0x14104: push es
0x14105: mov ah, 0x2c
0x14107: xor ah, 0x66
0x1410a: mov bx, 0xffff
0x1410d: int 0x21
0x1410f: sub bx, 0x1d
0x14112: mov ax, 0x2c00
0x14115: xor ax, 0x6600
0x14118: int 0x21
0x1411a: mov ax, 0x2c00
0x1411d: xor ax, 0x6400
2018-12-17T22:21:49.310437627Z 11 PC: 140f7 | Get input status
2018-12-17T22:21:49.31345991Z 74 PC: 1410f | Reallocate memory
2018-12-17T22:21:49.315806536Z 74 PC: 1411a | Reallocate memory
2018-12-17T22:21:49.320012347Z 72 PC: 14125 | Allocate memory
2018-12-17T22:21:49.321647491Z 37 PC: 1415f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:21:49.322957806Z 48 PC: 12a63 | Get DOS version
2018-12-17T22:21:49.324691641Z 9 PC: 12a7a | Display string (String= ' --=[ Selfchecking AntiStealth Goat COM/EXE file, 01/06/01 ]=------------------ (c) 1995-2001 by ROSE SWE, Dipl.-Ing. Ralph Roth - Version 1.18 - Freeware ')
2018-12-17T22:21:49.334829454Z 61 PC: 12cb7 | Open file (Filename = '')
2018-12-17T22:21:49.341822943Z 9 PC: 12a88 | Display string (String= 'Self test: ')
2018-12-17T22:21:49.344571664Z 93 PC: 12b24 | File sharing functions
2018-12-17T22:21:49.346927684Z 9 PC: 12b03 | Display string (String= 'Size change=+01BBh/00443d. Virus might be activ? ')
2018-12-17T22:21:49.352143372Z 76 PC: 12b09 | Terminate with return code (Return code = '1')