Sample viewer

vx.netlux.org/Virus.DOS.Lewd.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:00:33.537677654Z 222 PC: 13c32 | UNKNOWN!
2018-12-17T22:00:33.539669665Z 44 PC: 13c60 | Get time 0x13c60: jmp 0x13c67
0x13c62: nop
0x13c63: clc
0x13c64: inc ax
0x13c65: sbb word ptr [bx + si], ax
0x13c67: mov dh, 0
0x13c69: shl dx, 4
0x13c6c: mov word ptr [0x717], dx
0x13c70: mov ax, es
0x13c72: dec ax
0x13c73: mov es, ax
0x13c75: mov ax, word ptr es:[3]
0x13c79: mov bx, word ptr [0x13d]
0x13c7d: sub ax, bx
0x13c7f: mov word ptr es:[3], ax
0x13c83: mov bx, word ptr es:[1]
0x13c88: add bx, ax
0x13c8a: mov si, bx
0x13c8c: xor ax, ax
0x13c8e: mov es, ax
2018-12-17T22:00:33.542335807Z 42 PC: 13cf4 | Get date 0x13cf4: jmp 0x13cfb
0x13cf6: nop
0x13cf7: add al, 1
0x13cf9: dec ax
0x13cfa: lahf
0x13cfb: mov dh, dl
0x13cfd: shr dl, 1
0x13cff: shl dl, 1
0x13d01: cmp dh, dl
0x13d03: je 0x13d39
0x13d05: nop
0x13d06: nop
0x13d07: mov ax, 0x6f8
0x13d0a: cli
0x13d0b: mov word ptr es:[0x24], ax
0x13d0f: mov word ptr es:[0x26], si
0x13d14: sti
0x13d15: jmp 0x13d39
0x13d17: nop
0x13d18: pushf
2018-12-17T22:00:33.544847011Z 44 PC: 13d59 | Get time 0x13d59: jmp 0x13d60
0x13d5b: nop
0x13d5c: add al, 1
0x13d5e: dec ax
0x13d5f: lahf
0x13d60: cmp dl, 0
0x13d63: jne 0x13d91
0x13d65: nop
0x13d66: nop
0x13d67: mov ah, 9
0x13d69: mov dx, 0x145
0x13d6c: push ax
0x13d6d: push es
0x13d6e: xor ax, ax
0x13d70: mov es, ax
0x13d72: mov ax, word ptr es:[0x84]
0x13d76: mov word ptr cs:[0x76d], ax
0x13d7a: mov ax, word ptr es:[0x86]
0x13d7e: mov word ptr cs:[0x76f], ax
0x13d82: pop es
2018-12-17T22:00:33.548341852Z 9 PC: 12a82 | Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T22:00:33.552707363Z 76 PC: 12a86 | Terminate with return code (Return code = '36')
2018-12-17T22:00:33.556006883Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:00:33.557497301Z 98 PC: 9f633 | Get current PSP
2018-12-17T22:00:33.558861802Z 72 PC: 12174 | Allocate memory
2018-12-17T22:00:33.560252338Z 98 PC: 9f633 | Get current PSP
2018-12-17T22:00:33.561008814Z 72 PC: 1218d | Allocate memory
2018-12-17T22:00:33.563723311Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:00:33.564710747Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:00:33.565995801Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:00:33.567698587Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.569162518Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.570618746Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.572567341Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.574034908Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.575463561Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.577453467Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.579143116Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.58063445Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.58279776Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.584481879Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.586157461Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.589124051Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.590645471Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.592112453Z 62 PC: 122ab | Close file
2018-12-17T22:00:33.595528602Z 99 PC: 99e57 | Get DBCS lead byte table pointer
2018-12-17T22:00:33.597278802Z 56 PC: 94679 | Get or set country info
2018-12-17T22:00:33.599494151Z 64 PC: 9a0c8 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:00:33.604704258Z 25 PC: 946e2 | Get default drive
2018-12-17T22:00:33.606216697Z 71 PC: 9695d | Get current directory
2018-12-17T22:00:33.610189927Z 64 PC: 9a0c8 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:00:33.615939527Z 2 PC: 96932 | Character output (Char = '3e')
2018-12-17T22:00:33.618249211Z 93 PC: 947a0 | File sharing functions
2018-12-17T22:00:33.619754719Z 93 PC: 947a7 | File sharing functions
2018-12-17T22:00:33.621975886Z 10 PC: 947b9 | Buffered keyboard input
2018-12-17T22:00:48.527336464Z 0 PC: 0 | Program terminate
2018-12-17T22:00:49.88144706Z 0 PC: 0 | Program terminate
2018-12-17T22:00:49.983622762Z 64 PC: 9a0c8 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:00:49.989049819Z 41 PC: 9482e | Parse filename
2018-12-17T22:00:49.991520056Z 41 PC: 948af | Parse filename
2018-12-17T22:00:49.992853738Z 41 PC: 948cc | Parse filename
2018-12-17T22:00:49.99474118Z 26 PC: 97d77 | Set disk transfer address
2018-12-17T22:00:49.998726937Z 71 PC: 97f73 | Get current directory
2018-12-17T22:00:50.007023286Z 78 PC: 97f7e | Find first file
2018-12-17T22:00:50.025485042Z 71 PC: 97dec | Get current directory
2018-12-17T22:00:50.029746134Z 73 PC: 97489 | Release memory
2018-12-17T22:00:50.032436623Z 67 PC: 9f6d3 | Get or set file attributes
2018-12-17T22:00:50.038580589Z 67 PC: 9f704 | Get or set file attributes
2018-12-17T22:00:50.055872845Z 61 PC: 9f72d | Open file (Filename = '���W���A�CP3���&��')
2018-12-17T22:00:50.063926201Z 87 PC: 9f772 | Get or set file date and time
2018-12-17T22:00:50.065715572Z 63 PC: 9f7ab | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:00:50.072367418Z 87 PC: 9f9e5 | Get or set file date and time
2018-12-17T22:00:50.075354699Z 62 PC: 9fa10 | Close file
2018-12-17T22:00:50.082764168Z 67 PC: 9fa4c | Get or set file attributes
2018-12-17T22:00:50.092650744Z 75 PC: 11821 | Execute program
2018-12-17T22:00:50.105571487Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-17T22:00:50.109835811Z 76 PC: 12a4b | Terminate with return code (Return code = '36')
2018-12-17T22:00:50.113213455Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:00:50.115564722Z 98 PC: 9f633 | Get current PSP
2018-12-17T22:00:50.116783098Z 72 PC: 12174 | Allocate memory
2018-12-17T22:00:50.118639469Z 98 PC: 9f633 | Get current PSP
2018-12-17T22:00:50.121028993Z 72 PC: 1218d | Allocate memory
2018-12-17T22:00:50.123167959Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:00:50.124344482Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:00:50.126593617Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:00:50.127877361Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.129467785Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.134136787Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.135680996Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.137141357Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.14020548Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.142074049Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.143753317Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.146376496Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.147884845Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.149430373Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.151504786Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.153350242Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.155077485Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.15745704Z 62 PC: 122ab | Close file
2018-12-17T22:00:50.160572376Z 99 PC: 99e57 | Get DBCS lead byte table pointer
2018-12-17T22:00:50.162041354Z 56 PC: 94679 | Get or set country info
2018-12-17T22:00:50.164505582Z 64 PC: 9a0c8 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:00:50.172779335Z 25 PC: 946e2 | Get default drive
2018-12-17T22:00:50.174798688Z 71 PC: 9695d | Get current directory
2018-12-17T22:00:50.180172176Z 64 PC: 9a0c8 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:00:50.183386071Z 2 PC: 96932 | Character output (Char = '3e')
2018-12-17T22:00:50.186382591Z 93 PC: 947a0 | File sharing functions
2018-12-17T22:00:50.189980803Z 93 PC: 947a7 | File sharing functions
2018-12-17T22:00:50.191989153Z 10 PC: 947b9 | Buffered keyboard input