Sample viewer

vx.netlux.org/Virus.DOS.Lexotran.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:04.085193296Z	47	PC: 1507f \| Get disk transfer address
2018-12-17T22:55:04.086942148Z	53	PC: 1509a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:04.088034519Z	72	PC: 15323 \| Allocate memory
2018-12-17T22:55:04.089843791Z	42	PC: 1657c \| Get date 0x1657c: push ds 0x1657d: pop bx 0x1657e: mov word ptr [1], cx 0x16582: mov si, word ptr [0x939] 0x16586: mov word ptr [3], dx 0x1658a: push cx 0x1658b: add bl, bh 0x1658d: and cl, 0xac 0x16590: mov si, sp 0x16592: mov di, ax 0x16594: pop cx 0x16595: mov ah, byte ptr ss:[0x866] 0x1659a: push 0x5800 0x1659d: pop ax 0x1659e: push si 0x1659f: pop bp 0x165a0: sub di, 0x4d2 0x165a4: push ds 0x165a5: pop di 0x165a6: add di, 0xa20
2018-12-17T22:55:04.092171577Z	44	PC: 165b9 \| Get time 0x165b9: sbb word ptr [1], cx 0x165bd: xor word ptr [3], dx 0x165c1: sbb ax, 0x8b4 0x165c5: mov al, 0xc3 0x165c7: sub bx, 0xfb2 0x165cb: mov bh, byte ptr [0x1261] 0x165cf: mov bx, 0x5e3 0x165d2: popaw 0x165d3: ret 0x165d4: pushaw 0x165d5: mov cx, ax 0x165d7: mov si, 0xbb43 0x165da: mov si, ss 0x165dc: mov di, 0xb337 0x165df: or di, 0xe17d 0x165e3: mov si, 0x109a 0x165e6: mov bx, word ptr [1] 0x165ea: in ax, 0x40 0x165ec: mov si, word ptr cs:[0xfe86] 0x165f1: sub ax, word ptr [3]
2018-12-17T22:55:04.093754288Z	37	PC: 15166 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:04.094645547Z	26	PC: 1519e \| Set disk transfer address
2018-12-17T22:55:04.096439509Z	78	PC: 153cd \| Find first file
2018-12-17T22:55:04.100547684Z	50	PC: 184dd \| Get disk parameter block for specified drive
2018-12-17T22:55:04.103319408Z	54	PC: 18523 \| Get free disk space
2018-12-17T22:55:04.11545069Z	67	PC: 185d2 \| Get or set file attributes
2018-12-17T22:55:04.13238727Z	61	PC: 185e7 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:55:04.136689178Z	63	PC: 1860d \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:55:04.139611142Z	87	PC: 18918 \| Get or set file date and time
2018-12-17T22:55:04.140958854Z	62	PC: 18934 \| Close file
2018-12-17T22:55:04.14891885Z	67	PC: 1895d \| Get or set file attributes
2018-12-17T22:55:04.160397025Z	79	PC: 153cd \| Find next file
2018-12-17T22:55:04.16548022Z	73	PC: 1530d \| Release memory
2018-12-17T22:55:04.167394141Z	37	PC: 1527a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:04.169071928Z	26	PC: 15285 \| Set disk transfer address
2018-12-17T22:55:04.171093395Z	42	PC: 1667b \| Get date 0x1667b: pushf 0x1667c: mov si, 0x2082 0x1667f: mov bh, cl 0x16681: add si, 0xecb3 0x16685: and cl, dl 0x16687: pop cx 0x16688: mov cx, es 0x1668a: mov ch, 0xd 0x1668c: sub si, 0xec4e 0x16690: mov cl, 0xd2 0x16692: cmp dx, 0x918 0x16696: mov bh, 0x37 0x16698: jne 0x17096 0x1669c: push ax 0x1669d: pop ax 0x1669e: mov cx, cx 0x166a0: mov ax, 1 0x166a3: mov bh, byte ptr [0xa94] 0x166a7: mov dh, byte ptr cs:[0xa4b] 0x166ac: mov di, bx
2018-12-17T22:55:04.173999254Z	9	PC: 12a82 \| Display string (String= 'Goat file (EXE). Size=00002711h/0000010001d bytes. ')
2018-12-17T22:55:04.17984387Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')