Sample viewer

vx.netlux.org/Virus.DOS.SMEG.Duwende.2534.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:23:44.955856812Z 48 PC: 12b10 | Get DOS version
2018-12-17T22:23:44.958315134Z 42 PC: 12b33 | Get date 0x12b33: ror dh, cl
0x12b35: mov dl, byte ptr [bp + di + 0x3a]
0x12b38: adc dx, di
0x12b3a: jne 0x12b3e
0x12b3c: and dl, byte ptr [bx + si]
0x12b3e: xor bp, 0x125
0x12b42: mov dl, byte ptr [si + 9]
0x12b45: and dx, 0x2d31
0x12b49: mov ah, 0x30
0x12b4b: int 0x21
0x12b4d: adc dl, 0x17
0x12b50: test dx, cx
0x12b52: or dl, 4
0x12b55: and bp, word ptr [0x230b]
0x12b59: or dx, 0x3807
0x12b5d: xor dx, 0x3202
0x12b61: test dl, 0x3d
0x12b64: sbb dh, dh
0x12b66: adc bp, 0x3422
0x12b6a: test byte ptr [bp + si + 0x1a], al
2018-12-17T22:23:44.962724671Z 48 PC: 12b4d | Get DOS version
2018-12-17T22:23:44.963836378Z 42 PC: 12b79 | Get date 0x12b79: jns 0x12b7e
0x12b7b: adc dh, byte ptr [bp + si + 0x33]
0x12b7e: sar dh, 1
0x12b80: js 0x12b84
0x12b82: not dh
0x12b84: or dh, 0x2b
0x12b87: not dh
0x12b89: sbb dh, byte ptr [bx + si]
0x12b8b: cmp dh, 0x18
0x12b8e: cld
0x12b8f: call 0x12ba9
0x12b92: jne 0x12b96
0x12b94: rcr dl, 1
0x12b96: jle 0x12b9c
0x12b98: or bp, 0x1619
0x12b9c: sbb dx, 0x3839
0x12ba0: mov dl, byte ptr [bx + si + 0x1e12]
0x12ba4: shr bp, 1
0x12ba6: jmp 0x12bc1
0x12ba9: xor dh, byte ptr [bx + 0x808]
2018-12-17T22:23:44.969193463Z 255 PC: 12e4e | UNKNOWN!
2018-12-17T22:23:44.969949319Z 74 PC: 12e69 | Reallocate memory
2018-12-17T22:23:44.971167582Z 72 PC: 12e71 | Allocate memory
2018-12-17T22:23:44.972978392Z 53 PC: 9e766 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:23:44.974345065Z 37 PC: 9e775 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:23:44.975690794Z 9 PC: 12ad3 | Display string (String= ' Mabuhay! This program came from Bahay Kawayan at http://come.to/hexfiles Putoksa Kawayan [email protected] ')
2018-12-17T22:23:45.000609303Z 76 PC: 12ad7 | Terminate with return code (Return code = '36')