Sample viewer

vx.netlux.org/Virus.DOS.SMEG.v0_3.Demo.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:22:42.821363503Z	37	PC: 12a79 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:22:42.823138668Z	47	PC: 12a7e \| Get disk transfer address
2018-12-17T22:22:42.824314207Z	26	PC: 12a8c \| Set disk transfer address
2018-12-17T22:22:42.825926691Z	78	PC: 12a9c \| Find first file
2018-12-17T22:22:42.832377482Z	61	PC: 12ac7 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:22:42.838854596Z	63	PC: 12ada \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:42.844917597Z	66	PC: 12afb \| Move file pointer
2018-12-17T22:22:42.846384848Z	64	PC: 12b0d \| Write file or device (Write 9 bytes on handle 5)
2018-12-17T22:22:42.849436912Z	44	PC: 13386 \| Get time 0x13386: mov ax, 0x3e1 0x13389: mul dx 0x1338b: add ax, cx 0x1338d: xchg ax, cx 0x1338e: in ax, 0x40 0x13390: add ax, cx 0x13392: mov word ptr [bp + 0xe], ax 0x13395: ret 0x13396: push bx 0x13397: push cx 0x13398: push dx 0x13399: mov ax, word ptr [bp + 0xe] 0x1339c: mov cx, 0x3e1 0x1339f: mul cx 0x133a1: mov cx, ax 0x133a3: xor dx, dx 0x133a5: mov bx, 0x35 0x133a8: div bx 0x133aa: add dx, cx 0x133ac: js 0x133b2
2018-12-17T22:22:42.8517759Z	44	PC: 13386 \| Get time 0x13386: mov ax, 0x3e1 0x13389: mul dx 0x1338b: add ax, cx 0x1338d: xchg ax, cx 0x1338e: in ax, 0x40 0x13390: add ax, cx 0x13392: mov word ptr [bp + 0xe], ax 0x13395: ret 0x13396: push bx 0x13397: push cx 0x13398: push dx 0x13399: mov ax, word ptr [bp + 0xe] 0x1339c: mov cx, 0x3e1 0x1339f: mul cx 0x133a1: mov cx, ax 0x133a3: xor dx, dx 0x133a5: mov bx, 0x35 0x133a8: div bx 0x133aa: add dx, cx 0x133ac: js 0x133b2
2018-12-17T22:22:42.857831812Z	64	PC: 12b3a \| Write file or device (Write 1408 bytes on handle 5)
2018-12-17T22:22:42.873073516Z	64	PC: 12b43 \| Write file or device (Write 2437 bytes on handle 5)
2018-12-17T22:22:42.881936304Z	64	PC: 12b4a \| Write file or device (Write 306 bytes on handle 5)
2018-12-17T22:22:42.884554023Z	66	PC: 12b52 \| Move file pointer
2018-12-17T22:22:42.887054236Z	64	PC: 12b5b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:42.893864281Z	87	PC: 12b66 \| Get or set file date and time
2018-12-17T22:22:42.895182282Z	62	PC: 12b6a \| Close file
2018-12-17T22:22:42.913260843Z	67	PC: 12b7c \| Get or set file attributes
2018-12-17T22:22:42.925236426Z	42	PC: 12b80 \| Get date 0x12b80: cmp al, 5 0x12b82: jne 0x12bc1 0x12b84: cmp dl, 0xd 0x12b87: jne 0x12bc1 0x12b89: call 0x12bb7 0x12b8c: push sp 0x12b8d: push 0x7369 0x12b90: and byte ptr [bx + si + 0x72], dh 0x12b93: outsw dx, word ptr [si] 0x12b94: jb 0x12bf8 0x12b97: insw word ptr es:[di], dx 0x12b98: and byte ptr [bp + si + 0x65], dh 0x12b9b: jno 0x12c12 0x12b9d: imul si, word ptr [bp + si + 0x65], 0x2073 0x12ba2: dec bp 0x12ba3: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12ba8: outsw dx, word ptr [si] 0x12ba9: je 0x12bcc 0x12bac: push di 0x12bad: imul bp, word ptr [bp + 0x64], 0x776f
2018-12-17T22:22:42.927531048Z	26	PC: 12bc7 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3976,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:34.589745941Z	37	PC: 12a79 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:34.595683616Z	47	PC: 12a7e \| Get disk transfer address
2018-12-25T11:50:34.59677832Z	26	PC: 12a8c \| Set disk transfer address
2018-12-25T11:50:34.598348645Z	78	PC: 12a9c \| Find first file
2018-12-25T11:50:34.604991406Z	61	PC: 12ac7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:34.611287537Z	63	PC: 12ada \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:34.617294506Z	66	PC: 12afb \| Move file pointer
2018-12-25T11:50:34.618888723Z	64	PC: 12b0d \| Write file or device (Write 9 bytes on handle 5)
2018-12-25T11:50:34.621516176Z	44	PC: 13386 \| Get time 0x13386: mov ax, 0x3e1 0x13389: mul dx 0x1338b: add ax, cx 0x1338d: xchg ax, cx 0x1338e: in ax, 0x40 0x13390: add ax, cx 0x13392: mov word ptr [bp + 0xe], ax 0x13395: ret 0x13396: push bx 0x13397: push cx 0x13398: push dx 0x13399: mov ax, word ptr [bp + 0xe] 0x1339c: mov cx, 0x3e1 0x1339f: mul cx 0x133a1: mov cx, ax 0x133a3: xor dx, dx 0x133a5: mov bx, 0x35 0x133a8: div bx 0x133aa: add dx, cx 0x133ac: js 0x133b2
2018-12-25T11:50:34.623680699Z	44	PC: 13386 \| Get time (See above)
2018-12-25T11:50:34.62923962Z	64	PC: 12b3a \| Write file or device (Write 880 bytes on handle 5)
2018-12-25T11:50:34.731450466Z	64	PC: 12b43 \| Write file or device (Write 2437 bytes on handle 5)
2018-12-25T11:50:34.741632583Z	64	PC: 12b4a \| Write file or device (Write 1040 bytes on handle 5)
2018-12-25T11:50:34.752307145Z	66	PC: 12b52 \| Move file pointer
2018-12-25T11:50:34.754010945Z	64	PC: 12b5b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:34.761296873Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:50:34.763413282Z	62	PC: 12b6a \| Close file
2018-12-25T11:50:34.771805686Z	67	PC: 12b7c \| Get or set file attributes
2018-12-25T11:50:34.785053007Z	42	PC: 12b80 \| Get date 0x12b80: cmp al, 5 0x12b82: jne 0x12bc1 0x12b84: cmp dl, 0xd 0x12b87: jne 0x12bc1 0x12b89: call 0x12bb7 0x12b8c: push sp 0x12b8d: push 0x7369 0x12b90: and byte ptr [bx + si + 0x72], dh 0x12b93: outsw dx, word ptr [si] 0x12b94: jb 0x12bf8 0x12b97: insw word ptr es:[di], dx 0x12b98: and byte ptr [bp + si + 0x65], dh 0x12b9b: jno 0x12c12 0x12b9d: imul si, word ptr [bp + si + 0x65], 0x2073 0x12ba2: dec bp 0x12ba3: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12ba8: outsw dx, word ptr [si] 0x12ba9: je 0x12bcc 0x12bac: push di 0x12bad: imul bp, word ptr [bp + 0x64], 0x776f
2018-12-25T11:50:34.787954638Z	26	PC: 12bc7 \| Set disk transfer address

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3976,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:34.631785607Z	37	PC: 12a79 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:34.633236786Z	47	PC: 12a7e \| Get disk transfer address
2018-12-25T11:50:34.634179514Z	26	PC: 12a8c \| Set disk transfer address
2018-12-25T11:50:34.635057774Z	78	PC: 12a9c \| Find first file
2018-12-25T11:50:34.639663813Z	61	PC: 12ac7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:34.644022302Z	63	PC: 12ada \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:34.651366982Z	66	PC: 12afb \| Move file pointer
2018-12-25T11:50:34.652721034Z	64	PC: 12b0d \| Write file or device (Write 9 bytes on handle 5)
2018-12-25T11:50:34.656225852Z	44	PC: 13386 \| Get time 0x13386: mov ax, 0x3e1 0x13389: mul dx 0x1338b: add ax, cx 0x1338d: xchg ax, cx 0x1338e: in ax, 0x40 0x13390: add ax, cx 0x13392: mov word ptr [bp + 0xe], ax 0x13395: ret 0x13396: push bx 0x13397: push cx 0x13398: push dx 0x13399: mov ax, word ptr [bp + 0xe] 0x1339c: mov cx, 0x3e1 0x1339f: mul cx 0x133a1: mov cx, ax 0x133a3: xor dx, dx 0x133a5: mov bx, 0x35 0x133a8: div bx 0x133aa: add dx, cx 0x133ac: js 0x133b2
2018-12-25T11:50:34.659224563Z	44	PC: 13386 \| Get time (See above)
2018-12-25T11:50:34.666332189Z	64	PC: 12b3a \| Write file or device (Write 1088 bytes on handle 5)
2018-12-25T11:50:34.679250353Z	64	PC: 12b43 \| Write file or device (Write 2437 bytes on handle 5)
2018-12-25T11:50:34.689685633Z	64	PC: 12b4a \| Write file or device (Write 314 bytes on handle 5)
2018-12-25T11:50:34.698852666Z	66	PC: 12b52 \| Move file pointer
2018-12-25T11:50:34.700863643Z	64	PC: 12b5b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:34.705270547Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:50:34.706886471Z	62	PC: 12b6a \| Close file
2018-12-25T11:50:34.716403155Z	67	PC: 12b7c \| Get or set file attributes
2018-12-25T11:50:34.728347527Z	42	PC: 12b80 \| Get date 0x12b80: cmp al, 5 0x12b82: jne 0x12bc1 0x12b84: cmp dl, 0xd 0x12b87: jne 0x12bc1 0x12b89: call 0x12bb7 0x12b8c: push sp 0x12b8d: push 0x7369 0x12b90: and byte ptr [bx + si + 0x72], dh 0x12b93: outsw dx, word ptr [si] 0x12b94: jb 0x12bf8 0x12b97: insw word ptr es:[di], dx 0x12b98: and byte ptr [bp + si + 0x65], dh 0x12b9b: jno 0x12c12 0x12b9d: imul si, word ptr [bp + si + 0x65], 0x2073 0x12ba2: dec bp 0x12ba3: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12ba8: outsw dx, word ptr [si] 0x12ba9: je 0x12bcc 0x12bac: push di 0x12bad: imul bp, word ptr [bp + 0x64], 0x776f
2018-12-25T11:50:34.730927216Z	26	PC: 12bc7 \| Set disk transfer address

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3976,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:34.913402843Z	37	PC: 12a79 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:34.91547033Z	47	PC: 12a7e \| Get disk transfer address
2018-12-25T11:50:34.916450692Z	26	PC: 12a8c \| Set disk transfer address
2018-12-25T11:50:34.917463934Z	78	PC: 12a9c \| Find first file
2018-12-25T11:50:34.922039464Z	61	PC: 12ac7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:34.937420632Z	63	PC: 12ada \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:34.943954796Z	66	PC: 12afb \| Move file pointer
2018-12-25T11:50:34.946282029Z	64	PC: 12b0d \| Write file or device (Write 9 bytes on handle 5)
2018-12-25T11:50:34.949023236Z	44	PC: 13386 \| Get time 0x13386: mov ax, 0x3e1 0x13389: mul dx 0x1338b: add ax, cx 0x1338d: xchg ax, cx 0x1338e: in ax, 0x40 0x13390: add ax, cx 0x13392: mov word ptr [bp + 0xe], ax 0x13395: ret 0x13396: push bx 0x13397: push cx 0x13398: push dx 0x13399: mov ax, word ptr [bp + 0xe] 0x1339c: mov cx, 0x3e1 0x1339f: mul cx 0x133a1: mov cx, ax 0x133a3: xor dx, dx 0x133a5: mov bx, 0x35 0x133a8: div bx 0x133aa: add dx, cx 0x133ac: js 0x133b2
2018-12-25T11:50:34.951312221Z	44	PC: 13386 \| Get time (See above)
2018-12-25T11:50:34.958790649Z	64	PC: 12b3a \| Write file or device (Write 1104 bytes on handle 5)
2018-12-25T11:50:34.973636995Z	64	PC: 12b43 \| Write file or device (Write 2437 bytes on handle 5)
2018-12-25T11:50:34.983333587Z	64	PC: 12b4a \| Write file or device (Write 1117 bytes on handle 5)
2018-12-25T11:50:34.994512144Z	66	PC: 12b52 \| Move file pointer
2018-12-25T11:50:34.996384147Z	64	PC: 12b5b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:35.000875632Z	87	PC: 12b66 \| Get or set file date and time
2018-12-25T11:50:35.002674291Z	62	PC: 12b6a \| Close file
2018-12-25T11:50:35.28060759Z	67	PC: 12b7c \| Get or set file attributes
2018-12-25T11:50:35.529632063Z	42	PC: 12b80 \| Get date 0x12b80: cmp al, 5 0x12b82: jne 0x12bc1 0x12b84: cmp dl, 0xd 0x12b87: jne 0x12bc1 0x12b89: call 0x12bb7 0x12b8c: push sp 0x12b8d: push 0x7369 0x12b90: and byte ptr [bx + si + 0x72], dh 0x12b93: outsw dx, word ptr [si] 0x12b94: jb 0x12bf8 0x12b97: insw word ptr es:[di], dx 0x12b98: and byte ptr [bp + si + 0x65], dh 0x12b9b: jno 0x12c12 0x12b9d: imul si, word ptr [bp + si + 0x65], 0x2073 0x12ba2: dec bp 0x12ba3: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12ba8: outsw dx, word ptr [si] 0x12ba9: je 0x12bcc 0x12bac: push di 0x12bad: imul bp, word ptr [bp + 0x64], 0x776f
2018-12-25T11:50:35.531746175Z	9	PC: 12bbc \| Display string (String= 'This program requires Microsoft Windows. ')
2018-12-25T11:50:35.536960061Z	76	PC: 12bc1 \| Terminate with return code (Return code = '0')