Sample viewer

vx.netlux.org/Virus.DOS.Lexotran.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:16:19.15050516Z	47	PC: 1688f \| Get disk transfer address
2018-12-17T23:16:19.152913191Z	53	PC: 168ab \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:16:19.154412222Z	72	PC: 16aec \| Allocate memory
2018-12-17T23:16:19.156188977Z	42	PC: 1790b \| Get date 0x1790b: mov si, 0x334a 0x1790e: mov si, 0x2a26 0x17911: mov word ptr [0], cx 0x17915: mov bp, 0x351e 0x17918: mov ax, 0x22cc 0x1791b: mov si, 0x30e4 0x1791e: mov bx, 0x2e9d 0x17921: mov di, 0x3378 0x17924: mov word ptr [2], dx 0x17928: mov bp, 0x37fb 0x1792b: mov di, 0x2597 0x1792e: mov bx, 0x266f 0x17931: mov bx, 0x307f 0x17934: mov ah, 0x2c 0x17936: mov di, 0x37d6 0x17939: mov bx, 0x3116 0x1793c: mov di, 0x363f 0x1793f: mov di, 0x2596 0x17942: int 0x21 0x17944: mov bp, 0x350f
2018-12-17T23:16:19.159633196Z	44	PC: 17944 \| Get time 0x17944: mov bp, 0x350f 0x17947: sbb word ptr [0], cx 0x1794b: xor word ptr [2], dx 0x1794f: mov bp, 0x2c69 0x17952: mov ax, 0x2fe2 0x17955: mov bx, 0x2032 0x17958: mov di, 0x2178 0x1795b: popaw 0x1795c: nop 0x1795d: nop 0x1795e: nop 0x1795f: nop 0x17960: nop 0x17961: ret 0x17962: pushaw 0x17963: nop 0x17964: nop 0x17965: nop 0x17966: mov cx, ax 0x17968: mov di, 0x30c4
2018-12-17T23:16:19.161963333Z	37	PC: 16919 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:16:19.163199565Z	26	PC: 16935 \| Set disk transfer address
2018-12-17T23:16:19.164833811Z	78	PC: 16b8e \| Find first file
2018-12-17T23:16:19.171717837Z	67	PC: 18235 \| Get or set file attributes
2018-12-17T23:16:19.188965354Z	61	PC: 18270 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:16:19.196596997Z	63	PC: 182aa \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T23:16:19.200426433Z	87	PC: 18719 \| Get or set file date and time
2018-12-17T23:16:19.201972228Z	62	PC: 18738 \| Close file
2018-12-17T23:16:19.210261734Z	67	PC: 18761 \| Get or set file attributes
2018-12-17T23:16:19.223053325Z	79	PC: 16b8e \| Find next file
2018-12-17T23:16:19.226139876Z	73	PC: 16ac4 \| Release memory
2018-12-17T23:16:19.227634074Z	37	PC: 169e9 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:16:19.229846843Z	26	PC: 16a0d \| Set disk transfer address
2018-12-17T23:16:19.231024909Z	42	PC: 179e4 \| Get date 0x179e4: cmp dx, 0x918 0x179e8: mov bp, 0x3303 0x179eb: mov bx, 0x31d6 0x179ee: mov bp, 0x35e5 0x179f1: mov cx, 0x3574 0x179f4: mov bx, 0x2959 0x179f7: jne 0x17f65 0x179fb: mov bp, 0x2c7b 0x179fe: mov si, 0x24b1 0x17a01: mov ax, 2 0x17a04: mov bx, 0x340d 0x17a07: mov di, 0x3c9e 0x17a0a: mov bx, 0x2b8c 0x17a0d: mov bp, 0x2bb0 0x17a10: test ax, 1 0x17a13: jne 0x17f65 0x17a17: mov cx, 0x2b6c 0x17a1a: mov di, 0x20be 0x17a1d: mov bx, 0x3175 0x17a20: mov ax, 3
2018-12-17T23:16:19.233557623Z	9	PC: 12aeb \| Display string (Could not find end pointer)
2018-12-17T23:16:19.242496844Z	76	PC: 12af0 \| Terminate with return code (Return code = '0')