Sample viewer

vx.netlux.org/Virus.DOS.Mephisto.3.937

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:07.945923916Z	53	PC: 12b7d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:07.948314061Z	47	PC: 12c01 \| Get disk transfer address
2018-12-17T22:56:07.949871029Z	25	PC: 12c0d \| Get default drive
2018-12-17T22:56:07.951719535Z	71	PC: 12c20 \| Get current directory
2018-12-17T22:56:07.956398874Z	26	PC: 12c44 \| Set disk transfer address
2018-12-17T22:56:07.958788447Z	78	PC: 12c4f \| Find first file
2018-12-17T22:56:07.965789873Z	67	PC: 12d0e \| Get or set file attributes
2018-12-17T22:56:07.972194797Z	37	PC: 12ba4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:07.974531211Z	67	PC: 12d1c \| Get or set file attributes
2018-12-17T22:56:07.991923756Z	37	PC: 12b95 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:07.993534335Z	61	PC: 12d2d \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:56:08.002080616Z	44	PC: 12d42 \| Get time 0x12d42: mov word ptr [bp + 0x481], dx 0x12d46: mov word ptr [bp + 0x483], cx 0x12d4a: xor dh, ch 0x12d4c: xor cl, dl 0x12d4e: mov ch, dh 0x12d50: mov word ptr [bp + 0x485], cx 0x12d54: mov ax, 0x5700 0x12d57: mov bx, word ptr [bp + 0x179] 0x12d5b: int 0x21 0x12d5d: mov word ptr [bp + 0x17c], dx 0x12d61: mov word ptr [bp + 0x17a], cx 0x12d65: mov ah, 0x3f 0x12d67: mov cx, 3 0x12d6a: lea dx, word ptr [bp + 0x15c] 0x12d6e: int 0x21 0x12d70: add word ptr [bp + 0x180], 1 0x12d75: mov ax, 0x4202 0x12d78: mov cx, 0 0x12d7b: mov dx, 0 0x12d7e: int 0x21
2018-12-17T22:56:08.00474205Z	87	PC: 12d5d \| Get or set file date and time
2018-12-17T22:56:08.006673292Z	63	PC: 12d70 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:08.022313071Z	66	PC: 12d80 \| Move file pointer
2018-12-17T22:56:08.02436023Z	66	PC: 12d94 \| Move file pointer
2018-12-17T22:56:08.026207704Z	64	PC: 12da0 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:56:08.029973736Z	66	PC: 12dab \| Move file pointer
2018-12-17T22:56:08.032083974Z	64	PC: 12de3 \| Write file or device (Write 937 bytes on handle 5)
2018-12-17T22:56:08.04187176Z	87	PC: 12bba \| Get or set file date and time
2018-12-17T22:56:08.044178287Z	62	PC: 12bbe \| Close file
2018-12-17T22:56:08.052689582Z	67	PC: 12bcb \| Get or set file attributes
2018-12-17T22:56:08.063727358Z	59	PC: 12bd3 \| Change current directory
2018-12-17T22:56:08.06660551Z	26	PC: 12be4 \| Set disk transfer address
2018-12-17T22:56:08.06839215Z	0	PC: 12a43 \| Program terminate