Sample viewer

vx.netlux.org/Virus.DOS.Mephisto.4.1134

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:44.527966704Z 53 PC: 14ceb | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:44.529320919Z 71 PC: 14b6a | Get current directory
2018-12-17T23:07:44.533306168Z 26 PC: 14b81 | Set disk transfer address
2018-12-17T23:07:44.534792604Z 78 PC: 14b8d | Find first file
2018-12-17T23:07:44.547694492Z 67 PC: 14d24 | Get or set file attributes
2018-12-17T23:07:44.554486215Z 37 PC: 14d16 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:44.556084479Z 67 PC: 14d33 | Get or set file attributes
2018-12-17T23:07:44.574407747Z 37 PC: 14d06 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:07:44.576795796Z 61 PC: 14d40 | Open file (Filename = 'TEST.EXE')
2018-12-17T23:07:44.584231445Z 63 PC: 14d52 | Read file or device (Read 27 bytes on handle 5)
2018-12-17T23:07:44.587350843Z 87 PC: 14d5c | Get or set file date and time
2018-12-17T23:07:44.590059632Z 44 PC: 14dae | Get time 0x14dae: mov byte ptr cs:[bp + 0x54a], cl
0x14db3: mov word ptr cs:[bp + 0x54b], dx
0x14db8: inc word ptr cs:[bp + 0x154]
0x14dbd: mov al, 2
0x14dbf: call 0x24c49
0x14dc2: push ax
0x14dc3: push dx
0x14dc4: mov cx, 0x200
0x14dc7: div cx
0x14dc9: lea si, word ptr cs:[bp + 0x5ce]
0x14dce: lodsw ax, word ptr [si]
0x14dcf: cmp ax, dx
0x14dd1: pop dx
0x14dd2: pop ax
0x14dd3: je 0x14dd8
0x14dd5: jmp 0x14ab8
0x14dd8: cmp dx, 0xf
0x14ddb: jbe 0x14de0
0x14ddd: jmp 0x14ab8
0x14de0: lea di, word ptr cs:[bp + 0x5e0]
2018-12-17T23:07:44.59281588Z 66 PC: 14c50 | Move file pointer
2018-12-17T23:07:44.595111912Z 64 PC: 14e1c | Write file or device (Write 1134 bytes on handle 5)
2018-12-17T23:07:44.605222678Z 66 PC: 14c50 | Move file pointer
2018-12-17T23:07:44.607261773Z 66 PC: 14c50 | Move file pointer
2018-12-17T23:07:44.609183537Z 64 PC: 14ab8 | Write file or device (Write 27 bytes on handle 5)
2018-12-17T23:07:44.612699846Z 87 PC: 14ae5 | Get or set file date and time
2018-12-17T23:07:44.616961679Z 62 PC: 14ae9 | Close file
2018-12-17T23:07:44.625401725Z 67 PC: 14af8 | Get or set file attributes
2018-12-17T23:07:44.636354735Z 59 PC: 14b01 | Change current directory
2018-12-17T23:07:44.63878773Z 26 PC: 14b1f | Set disk transfer address
2018-12-17T23:07:44.640075187Z 76 PC: 14870 | Terminate with return code (Return code = '6')