Sample viewer

vx.netlux.org/Virus.DOS.SMEG.Duwende.2539

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:10:53.243401509Z 42 PC: 12b13 | Get date 0x12b13: mov ah, byte ptr [bx + di + 0x1f]
0x12b16: shr ax, cl
0x12b18: adc ah, 0x23
0x12b1b: test byte ptr [bp + si], bl
0x12b1d: adc ax, 0x273d
0x12b21: inc ax
0x12b22: rcr di, cl
0x12b24: test bp, 0x340c
0x12b28: add al, 2
0x12b2b: jmp 0x12b3a
0x12b2e: sbb ax, 0x1901
0x12b32: adc ah, 0x27
0x12b35: rcl bp, 1
0x12b37: rol ah, 1
0x12b39: ret
0x12b3a: adc di, 0x2339
0x12b3e: add ax, si
0x12b40: ror ax, 1
0x12b42: or al, byte ptr [bp + si + 6]
0x12b45: jl 0x12b48
2018-12-17T22:10:53.250493068Z 255 PC: 12eae | UNKNOWN!
2018-12-17T22:10:53.251421563Z 74 PC: 12eca | Reallocate memory
2018-12-17T22:10:53.252977688Z 72 PC: 12ed2 | Allocate memory
2018-12-17T22:10:53.255238154Z 53 PC: 9e767 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:53.256936761Z 37 PC: 9e776 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:53.258365968Z 9 PC: 12ad3 | Display string (String= ' Mabuhay! This program came from Bahay Kawayan at http://come.to/hexfiles Putoksa Kawayan [email protected] ')
2018-12-17T22:10:53.271990417Z 76 PC: 12ad7 | Terminate with return code (Return code = '36')