Sample viewer

vx.netlux.org/Virus.DOS.Elf.3458

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:46.705731711Z 81 PC: 15a52 | Get current PSP
2018-12-17T22:49:46.708178832Z 44 PC: 15a96 | Get time 0x15a96: and bp, word ptr cs:[0xd2e7]
0x15a9b: test di, ax
0x15a9d: mov bx, 0x1ac3
0x15aa0: sbb di, word ptr cs:[0x36c]
0x15aa5: call 0x15ab8
0x15aa8: mov bp, ax
0x15aaa: shl si, 1
0x15aac: ror bh, 1
0x15aae: xor cx, sp
0x15ab0: clc
0x15ab1: xor bh, bh
0x15ab3: or bp, cx
0x15ab5: test si, ax
0x15ab7: mov dx, 0x43c3
0x15aba: adc bh, dl
0x15abc: xor si, word ptr [0x8b71]
0x15ac0: test dx, di
0x15ac2: mov ax, 0xe617
0x15ac5: mov bl, ch
0x15ac7: xor ax, 0xc5bb
2018-12-17T22:49:46.71015608Z 35 PC: 15af1 | Get file size in records
2018-12-17T22:49:46.711262953Z 53 PC: 15b1d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:46.712597483Z 42 PC: 15c2b | Get date 0x15c2b: and bh, byte ptr cs:[0x75fc]
0x15c30: call 0x15c40
0x15c33: and cl, byte ptr ss:[0x6d45]
0x15c38: sub bp, bp
0x15c3a: sub dx, word ptr cs:[0x21d1]
0x15c3f: mov dx, 0xd1c3
0x15c42: and cx, word ptr cs:[0x596f]
0x15c47: adc bp, word ptr [0x970f]
0x15c4b: xor bp, word ptr es:[0x82a4]
0x15c50: mov bl, byte ptr ss:[0x9ef]
0x15c55: mov dh, 0xbd
0x15c57: call 0x15c60
0x15c5a: or di, word ptr es:[0xbbe9]
0x15c5f: mov cx, 0x8cc3
0x15c62: rol di, 1
0x15c64: lea si, word ptr [0x8782]
0x15c68: sub word ptr cs:[si - 0x53fa], 0x84d6
0x15c6f: call 0x15c80
0x15c72: xor dl, bl
0x15c74: cmp bl, byte ptr ss:[0x63f9]
2018-12-17T22:49:46.71504484Z 53 PC: 163f3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:46.716243168Z 98 PC: 15cfd | Get current PSP
2018-12-17T22:49:46.716995553Z 74 PC: 15d06 | Reallocate memory
2018-12-17T22:49:46.719021219Z 74 PC: 15d0e | Reallocate memory
2018-12-17T22:49:46.720760289Z 72 PC: 15d15 | Allocate memory
2018-12-17T22:49:46.72262454Z 53 PC: 15dee | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:46.72412358Z 82 PC: 15dfa | Get DOS internal pointers (SYSVARS)
2018-12-17T22:49:46.725384184Z 37 PC: 15e36 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:46.729604518Z 98 PC: 15d9b | Get current PSP
2018-12-17T22:49:46.73638394Z 98 PC: 151d8 | Get current PSP
2018-12-17T22:49:46.737516965Z 74 PC: 15217 | Reallocate memory
2018-12-17T22:49:46.739615645Z 82 PC: 1521d | Get DOS internal pointers (SYSVARS)
2018-12-17T22:49:46.741889486Z 25 PC: 162ca | Get default drive
2018-12-17T22:49:46.743390201Z 13 PC: 16258 | Disk reset
2018-12-17T22:49:46.745901008Z 99 PC: 13b6b | Get DBCS lead byte table pointer
2018-12-17T22:49:46.748218993Z 68 PC: 13b85 | I/O control for devices (Set for = '')
2018-12-17T22:49:46.749742782Z 68 PC: 13b90 | I/O control for devices (Set for = '')
2018-12-17T22:49:46.751547577Z 68 PC: 13b9b | I/O control for devices (Set for = '')
2018-12-17T22:49:46.753252131Z 68 PC: 13ba3 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T22:49:46.755621316Z 48 PC: 13ba8 | Get DOS version
2018-12-17T22:49:46.757451452Z 64 PC: 13e21 | Write file or device (Write 23 bytes on handle 2)
2018-12-17T22:49:46.763226542Z 64 PC: 13e21 | Write file or device (Write 25 bytes on handle 1)
2018-12-17T22:49:46.769102461Z 64 PC: 13e21 | Write file or device (Write 169 bytes on handle 1)
2018-12-17T22:49:46.777703492Z 76 PC: 162a8 | Terminate with return code (Return code = '0')