Sample viewer

vx.netlux.org/Virus.DOS.SMEG.v0_3.Demo.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:49.814588074Z	37	PC: 12a60 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:49.816106838Z	47	PC: 12a64 \| Get disk transfer address
2018-12-17T22:59:49.818229717Z	26	PC: 12a6f \| Set disk transfer address
2018-12-17T22:59:49.819738222Z	78	PC: 12a7f \| Find first file
2018-12-17T22:59:49.826533042Z	61	PC: 12aaa \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:59:49.834383425Z	63	PC: 12abc \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:59:49.841717889Z	66	PC: 12adc \| Move file pointer
2018-12-17T22:59:49.844065831Z	64	PC: 12af2 \| Write file or device (Write 319 bytes on handle 5)
2018-12-17T22:59:49.860346077Z	66	PC: 12afa \| Move file pointer
2018-12-17T22:59:49.862168451Z	64	PC: 12b03 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:59:49.869437191Z	87	PC: 12b0e \| Get or set file date and time
2018-12-17T22:59:49.871900972Z	62	PC: 12b12 \| Close file
2018-12-17T22:59:49.880902719Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T22:59:49.892061679Z	26	PC: 12b2a \| Set disk transfer address
2018-12-17T22:59:49.896604848Z	42	PC: 12b35 \| Get date 0x12b35: cmp al, 5 0x12b37: jne 0x12b76 0x12b39: cmp dl, 0xd 0x12b3c: jne 0x12b76 0x12b3e: call 0x12b6c 0x12b41: push sp 0x12b42: push 0x7369 0x12b45: and byte ptr [bx + si + 0x72], dh 0x12b48: outsw dx, word ptr [si] 0x12b49: jb 0x12bad 0x12b4c: insw word ptr es:[di], dx 0x12b4d: and byte ptr [bp + si + 0x65], dh 0x12b50: jno 0x12bc7 0x12b52: imul si, word ptr [bp + si + 0x65], 0x2073 0x12b57: dec bp 0x12b58: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12b5d: outsw dx, word ptr [si] 0x12b5e: je 0x12b81 0x12b61: push di 0x12b62: imul bp, word ptr [bp + 0x64], 0x776f

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13344,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:06.776890372Z	37	PC: 12a60 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:06.781496289Z	47	PC: 12a64 \| Get disk transfer address
2018-12-25T12:38:06.783139916Z	26	PC: 12a6f \| Set disk transfer address
2018-12-25T12:38:06.784067123Z	78	PC: 12a7f \| Find first file
2018-12-25T12:38:06.788633725Z	61	PC: 12aaa \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:06.793502127Z	63	PC: 12abc \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:06.797573239Z	66	PC: 12adc \| Move file pointer
2018-12-25T12:38:06.799298862Z	64	PC: 12af2 \| Write file or device (Write 319 bytes on handle 5)
2018-12-25T12:38:06.810539374Z	66	PC: 12afa \| Move file pointer
2018-12-25T12:38:06.811608826Z	64	PC: 12b03 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:06.816508791Z	87	PC: 12b0e \| Get or set file date and time
2018-12-25T12:38:06.817920379Z	62	PC: 12b12 \| Close file
2018-12-25T12:38:06.823473376Z	67	PC: 12b24 \| Get or set file attributes
2018-12-25T12:38:06.831603226Z	26	PC: 12b2a \| Set disk transfer address
2018-12-25T12:38:06.833063767Z	42	PC: 12b35 \| Get date 0x12b35: cmp al, 5 0x12b37: jne 0x12b76 0x12b39: cmp dl, 0xd 0x12b3c: jne 0x12b76 0x12b3e: call 0x12b6c 0x12b41: push sp 0x12b42: push 0x7369 0x12b45: and byte ptr [bx + si + 0x72], dh 0x12b48: outsw dx, word ptr [si] 0x12b49: jb 0x12bad 0x12b4c: insw word ptr es:[di], dx 0x12b4d: and byte ptr [bp + si + 0x65], dh 0x12b50: jno 0x12bc7 0x12b52: imul si, word ptr [bp + si + 0x65], 0x2073 0x12b57: dec bp 0x12b58: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12b5d: outsw dx, word ptr [si] 0x12b5e: je 0x12b81 0x12b61: push di 0x12b62: imul bp, word ptr [bp + 0x64], 0x776f

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13344,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:06.930340963Z	37	PC: 12a60 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:06.931706593Z	47	PC: 12a64 \| Get disk transfer address
2018-12-25T12:38:06.933159241Z	26	PC: 12a6f \| Set disk transfer address
2018-12-25T12:38:06.934334643Z	78	PC: 12a7f \| Find first file
2018-12-25T12:38:06.940031143Z	61	PC: 12aaa \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:06.947544084Z	63	PC: 12abc \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:06.954382909Z	66	PC: 12adc \| Move file pointer
2018-12-25T12:38:06.955698563Z	64	PC: 12af2 \| Write file or device (Write 319 bytes on handle 5)
2018-12-25T12:38:06.971522638Z	66	PC: 12afa \| Move file pointer
2018-12-25T12:38:06.972960086Z	64	PC: 12b03 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:06.980201224Z	87	PC: 12b0e \| Get or set file date and time
2018-12-25T12:38:06.983179482Z	62	PC: 12b12 \| Close file
2018-12-25T12:38:06.991750522Z	67	PC: 12b24 \| Get or set file attributes
2018-12-25T12:38:07.002760145Z	26	PC: 12b2a \| Set disk transfer address
2018-12-25T12:38:07.004753003Z	42	PC: 12b35 \| Get date 0x12b35: cmp al, 5 0x12b37: jne 0x12b76 0x12b39: cmp dl, 0xd 0x12b3c: jne 0x12b76 0x12b3e: call 0x12b6c 0x12b41: push sp 0x12b42: push 0x7369 0x12b45: and byte ptr [bx + si + 0x72], dh 0x12b48: outsw dx, word ptr [si] 0x12b49: jb 0x12bad 0x12b4c: insw word ptr es:[di], dx 0x12b4d: and byte ptr [bp + si + 0x65], dh 0x12b50: jno 0x12bc7 0x12b52: imul si, word ptr [bp + si + 0x65], 0x2073 0x12b57: dec bp 0x12b58: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12b5d: outsw dx, word ptr [si] 0x12b5e: je 0x12b81 0x12b61: push di 0x12b62: imul bp, word ptr [bp + 0x64], 0x776f

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13344,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:07.453997109Z	37	PC: 12a60 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:07.455885774Z	47	PC: 12a64 \| Get disk transfer address
2018-12-25T12:38:07.456942461Z	26	PC: 12a6f \| Set disk transfer address
2018-12-25T12:38:07.458035818Z	78	PC: 12a7f \| Find first file
2018-12-25T12:38:07.464391788Z	61	PC: 12aaa \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:07.471156155Z	63	PC: 12abc \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:07.490401065Z	66	PC: 12adc \| Move file pointer
2018-12-25T12:38:07.492232677Z	64	PC: 12af2 \| Write file or device (Write 319 bytes on handle 5)
2018-12-25T12:38:07.506630967Z	66	PC: 12afa \| Move file pointer
2018-12-25T12:38:07.507883672Z	64	PC: 12b03 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:38:07.514261261Z	87	PC: 12b0e \| Get or set file date and time
2018-12-25T12:38:07.516128186Z	62	PC: 12b12 \| Close file
2018-12-25T12:38:07.523528657Z	67	PC: 12b24 \| Get or set file attributes
2018-12-25T12:38:07.53323612Z	26	PC: 12b2a \| Set disk transfer address
2018-12-25T12:38:07.535339053Z	42	PC: 12b35 \| Get date 0x12b35: cmp al, 5 0x12b37: jne 0x12b76 0x12b39: cmp dl, 0xd 0x12b3c: jne 0x12b76 0x12b3e: call 0x12b6c 0x12b41: push sp 0x12b42: push 0x7369 0x12b45: and byte ptr [bx + si + 0x72], dh 0x12b48: outsw dx, word ptr [si] 0x12b49: jb 0x12bad 0x12b4c: insw word ptr es:[di], dx 0x12b4d: and byte ptr [bp + si + 0x65], dh 0x12b50: jno 0x12bc7 0x12b52: imul si, word ptr [bp + si + 0x65], 0x2073 0x12b57: dec bp 0x12b58: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12b5d: outsw dx, word ptr [si] 0x12b5e: je 0x12b81 0x12b61: push di 0x12b62: imul bp, word ptr [bp + 0x64], 0x776f
2018-12-25T12:38:07.537872212Z	9	PC: 12b71 \| Display string (String= 'This program requires Microsoft Windows. ')
2018-12-25T12:38:07.543516312Z	76	PC: 12b76 \| Terminate with return code (Return code = '0')