Sample viewer

vx.netlux.org/Trojan.DOS.Smile.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:52:43.075542456Z 82 PC: 12c30 | Get DOS internal pointers (SYSVARS)
2018-12-17T21:52:43.081077006Z 81 PC: 12c40 | Get current PSP
2018-12-17T21:52:43.094354063Z 11 PC: 12c81 | Get input status
2018-12-17T21:52:43.100718505Z 82 PC: 12ca9 | Get DOS internal pointers (SYSVARS)
2018-12-17T21:52:43.101904119Z 53 PC: 12caf | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T21:52:43.107517087Z 84 PC: 12dc3 | Get verify flag
2018-12-17T21:52:43.112321271Z 25 PC: 12dca | Get default drive
2018-12-17T21:52:43.113666256Z 25 PC: 12dd4 | Get default drive
2018-12-17T21:52:43.114966352Z 84 PC: 12dd8 | Get verify flag
2018-12-17T21:52:43.119332718Z 25 PC: 12e05 | Get default drive
2018-12-17T21:52:43.12041729Z 42 PC: 12e3a | Get date 0x12e3a: adc al, byte ptr ds:[bx]
0x12e3d: sbb bh, byte ptr [bp + si]
0x12e3f: adc dl, bh
0x12e41: call 0x22d43
0x12e44: mul dh
0x12e46: clc
0x12e47: stc
0x12e48: call 0x22c84
0x12e4b: neg ch
0x12e4d: call 0x12e53
0x12e51: sub bp, word ptr [bx + di - 0xb]
0x12e54: nop
0x12e55: std
0x12e57: call 0x22cb5
0x12e5a: pop si
0x12e5b: add si, 0x66
0x12e5f: mov di, 0x51
0x12e62: push di
0x12e63: push si
0x12e64: xor si, si
2018-12-17T21:52:43.127948064Z 9 PC: 12a49 | Display string (String= 'Make my smile, plz! ')