Sample viewer

vx.netlux.org/Virus.DOS.SMEG.v0_3.Demo.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:46.397594327Z	37	PC: 12a79 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:46.399313138Z	47	PC: 12a7e \| Get disk transfer address
2018-12-17T22:29:46.400122188Z	26	PC: 12a8c \| Set disk transfer address
2018-12-17T22:29:46.400913134Z	78	PC: 12a9c \| Find first file
2018-12-17T22:29:46.405244611Z	61	PC: 12ac7 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:29:46.411591161Z	63	PC: 12ada \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:46.417626305Z	66	PC: 12afb \| Move file pointer
2018-12-17T22:29:46.419050543Z	64	PC: 12b14 \| Write file or device (Write 9 bytes on handle 5)
2018-12-17T22:29:46.421876726Z	44	PC: 1338d \| Get time 0x1338d: mov ax, 0x3e1 0x13390: mul dx 0x13392: add ax, cx 0x13394: xchg ax, cx 0x13395: in ax, 0x40 0x13397: add ax, cx 0x13399: mov word ptr [bp + 0xe], ax 0x1339c: ret 0x1339d: push bx 0x1339e: push cx 0x1339f: push dx 0x133a0: mov ax, word ptr [bp + 0xe] 0x133a3: mov cx, 0x3e1 0x133a6: mul cx 0x133a8: mov cx, ax 0x133aa: xor dx, dx 0x133ac: mov bx, 0x35 0x133af: div bx 0x133b1: add dx, cx 0x133b3: js 0x133b9
2018-12-17T22:29:46.42400331Z	44	PC: 1338d \| Get time 0x1338d: mov ax, 0x3e1 0x13390: mul dx 0x13392: add ax, cx 0x13394: xchg ax, cx 0x13395: in ax, 0x40 0x13397: add ax, cx 0x13399: mov word ptr [bp + 0xe], ax 0x1339c: ret 0x1339d: push bx 0x1339e: push cx 0x1339f: push dx 0x133a0: mov ax, word ptr [bp + 0xe] 0x133a3: mov cx, 0x3e1 0x133a6: mul cx 0x133a8: mov cx, ax 0x133aa: xor dx, dx 0x133ac: mov bx, 0x35 0x133af: div bx 0x133b1: add dx, cx 0x133b3: js 0x133b9
2018-12-17T22:29:46.429644932Z	64	PC: 12b41 \| Write file or device (Write 528 bytes on handle 5)
2018-12-17T22:29:46.44614981Z	64	PC: 12b4a \| Write file or device (Write 2444 bytes on handle 5)
2018-12-17T22:29:46.455207191Z	64	PC: 12b51 \| Write file or device (Write 529 bytes on handle 5)
2018-12-17T22:29:46.463219599Z	66	PC: 12b59 \| Move file pointer
2018-12-17T22:29:46.472953316Z	64	PC: 12b62 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:29:46.479410107Z	87	PC: 12b6d \| Get or set file date and time
2018-12-17T22:29:46.480922979Z	62	PC: 12b71 \| Close file
2018-12-17T22:29:46.489272019Z	67	PC: 12b83 \| Get or set file attributes
2018-12-17T22:29:46.498864946Z	42	PC: 12b87 \| Get date 0x12b87: cmp al, 5 0x12b89: jne 0x12bc8 0x12b8b: cmp dl, 0xd 0x12b8e: jne 0x12bc8 0x12b90: call 0x12bbe 0x12b93: push sp 0x12b94: push 0x7369 0x12b97: and byte ptr [bx + si + 0x72], dh 0x12b9a: outsw dx, word ptr [si] 0x12b9b: jb 0x12bff 0x12b9e: insw word ptr es:[di], dx 0x12b9f: and byte ptr [bp + si + 0x65], dh 0x12ba2: jno 0x12c19 0x12ba4: imul si, word ptr [bp + si + 0x65], 0x2073 0x12ba9: dec bp 0x12baa: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12baf: outsw dx, word ptr [si] 0x12bb0: je 0x12bd3 0x12bb3: push di 0x12bb4: imul bp, word ptr [bp + 0x64], 0x776f
2018-12-17T22:29:46.500860364Z	26	PC: 12bce \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5324,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:14.224820959Z	37	PC: 12a79 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:14.225942633Z	47	PC: 12a7e \| Get disk transfer address
2018-12-25T11:54:14.227347206Z	26	PC: 12a8c \| Set disk transfer address
2018-12-25T11:54:14.228515347Z	78	PC: 12a9c \| Find first file
2018-12-25T11:54:14.235872347Z	61	PC: 12ac7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:14.244531316Z	63	PC: 12ada \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:14.252555404Z	66	PC: 12afb \| Move file pointer
2018-12-25T11:54:14.254556017Z	64	PC: 12b14 \| Write file or device (Write 9 bytes on handle 5)
2018-12-25T11:54:14.258563968Z	44	PC: 1338d \| Get time 0x1338d: mov ax, 0x3e1 0x13390: mul dx 0x13392: add ax, cx 0x13394: xchg ax, cx 0x13395: in ax, 0x40 0x13397: add ax, cx 0x13399: mov word ptr [bp + 0xe], ax 0x1339c: ret 0x1339d: push bx 0x1339e: push cx 0x1339f: push dx 0x133a0: mov ax, word ptr [bp + 0xe] 0x133a3: mov cx, 0x3e1 0x133a6: mul cx 0x133a8: mov cx, ax 0x133aa: xor dx, dx 0x133ac: mov bx, 0x35 0x133af: div bx 0x133b1: add dx, cx 0x133b3: js 0x133b9
2018-12-25T11:54:14.261211146Z	44	PC: 1338d \| Get time (See above)
2018-12-25T11:54:14.268686056Z	64	PC: 12b41 \| Write file or device (Write 736 bytes on handle 5)
2018-12-25T11:54:14.286850553Z	64	PC: 12b4a \| Write file or device (Write 2444 bytes on handle 5)
2018-12-25T11:54:14.29745683Z	64	PC: 12b51 \| Write file or device (Write 287 bytes on handle 5)
2018-12-25T11:54:14.300881812Z	66	PC: 12b59 \| Move file pointer
2018-12-25T11:54:14.303756992Z	64	PC: 12b62 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:14.311261553Z	87	PC: 12b6d \| Get or set file date and time
2018-12-25T11:54:14.312842162Z	62	PC: 12b71 \| Close file
2018-12-25T11:54:14.321541337Z	67	PC: 12b83 \| Get or set file attributes
2018-12-25T11:54:14.332518007Z	42	PC: 12b87 \| Get date 0x12b87: cmp al, 5 0x12b89: jne 0x12bc8 0x12b8b: cmp dl, 0xd 0x12b8e: jne 0x12bc8 0x12b90: call 0x12bbe 0x12b93: push sp 0x12b94: push 0x7369 0x12b97: and byte ptr [bx + si + 0x72], dh 0x12b9a: outsw dx, word ptr [si] 0x12b9b: jb 0x12bff 0x12b9e: insw word ptr es:[di], dx 0x12b9f: and byte ptr [bp + si + 0x65], dh 0x12ba2: jno 0x12c19 0x12ba4: imul si, word ptr [bp + si + 0x65], 0x2073 0x12ba9: dec bp 0x12baa: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12baf: outsw dx, word ptr [si] 0x12bb0: je 0x12bd3 0x12bb3: push di 0x12bb4: imul bp, word ptr [bp + 0x64], 0x776f
2018-12-25T11:54:14.334934179Z	26	PC: 12bce \| Set disk transfer address

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5324,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:14.337838393Z	37	PC: 12a79 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:14.339369583Z	47	PC: 12a7e \| Get disk transfer address
2018-12-25T11:54:14.341887612Z	26	PC: 12a8c \| Set disk transfer address
2018-12-25T11:54:14.343354839Z	78	PC: 12a9c \| Find first file
2018-12-25T11:54:14.35008317Z	61	PC: 12ac7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:14.35844688Z	63	PC: 12ada \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:14.365469781Z	66	PC: 12afb \| Move file pointer
2018-12-25T11:54:14.367044344Z	64	PC: 12b14 \| Write file or device (Write 9 bytes on handle 5)
2018-12-25T11:54:14.371186948Z	44	PC: 1338d \| Get time 0x1338d: mov ax, 0x3e1 0x13390: mul dx 0x13392: add ax, cx 0x13394: xchg ax, cx 0x13395: in ax, 0x40 0x13397: add ax, cx 0x13399: mov word ptr [bp + 0xe], ax 0x1339c: ret 0x1339d: push bx 0x1339e: push cx 0x1339f: push dx 0x133a0: mov ax, word ptr [bp + 0xe] 0x133a3: mov cx, 0x3e1 0x133a6: mul cx 0x133a8: mov cx, ax 0x133aa: xor dx, dx 0x133ac: mov bx, 0x35 0x133af: div bx 0x133b1: add dx, cx 0x133b3: js 0x133b9
2018-12-25T11:54:14.373867301Z	44	PC: 1338d \| Get time (See above)
2018-12-25T11:54:14.381745121Z	64	PC: 12b41 \| Write file or device (Write 896 bytes on handle 5)
2018-12-25T11:54:14.674769719Z	64	PC: 12b4a \| Write file or device (Write 2444 bytes on handle 5)
2018-12-25T11:54:14.687665989Z	64	PC: 12b51 \| Write file or device (Write 801 bytes on handle 5)
2018-12-25T11:54:14.705124222Z	66	PC: 12b59 \| Move file pointer
2018-12-25T11:54:14.707268255Z	64	PC: 12b62 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:14.715451895Z	87	PC: 12b6d \| Get or set file date and time
2018-12-25T11:54:14.71758341Z	62	PC: 12b71 \| Close file
2018-12-25T11:54:14.726802489Z	67	PC: 12b83 \| Get or set file attributes
2018-12-25T11:54:14.744839245Z	42	PC: 12b87 \| Get date 0x12b87: cmp al, 5 0x12b89: jne 0x12bc8 0x12b8b: cmp dl, 0xd 0x12b8e: jne 0x12bc8 0x12b90: call 0x12bbe 0x12b93: push sp 0x12b94: push 0x7369 0x12b97: and byte ptr [bx + si + 0x72], dh 0x12b9a: outsw dx, word ptr [si] 0x12b9b: jb 0x12bff 0x12b9e: insw word ptr es:[di], dx 0x12b9f: and byte ptr [bp + si + 0x65], dh 0x12ba2: jno 0x12c19 0x12ba4: imul si, word ptr [bp + si + 0x65], 0x2073 0x12ba9: dec bp 0x12baa: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12baf: outsw dx, word ptr [si] 0x12bb0: je 0x12bd3 0x12bb3: push di 0x12bb4: imul bp, word ptr [bp + 0x64], 0x776f
2018-12-25T11:54:14.749049342Z	26	PC: 12bce \| Set disk transfer address

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5324,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:14.72099057Z	37	PC: 12a79 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:14.722754398Z	47	PC: 12a7e \| Get disk transfer address
2018-12-25T11:54:14.723906305Z	26	PC: 12a8c \| Set disk transfer address
2018-12-25T11:54:14.72497252Z	78	PC: 12a9c \| Find first file
2018-12-25T11:54:14.729826083Z	61	PC: 12ac7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:14.734805617Z	63	PC: 12ada \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:14.740386141Z	66	PC: 12afb \| Move file pointer
2018-12-25T11:54:14.741754561Z	64	PC: 12b14 \| Write file or device (Write 9 bytes on handle 5)
2018-12-25T11:54:14.744093916Z	44	PC: 1338d \| Get time 0x1338d: mov ax, 0x3e1 0x13390: mul dx 0x13392: add ax, cx 0x13394: xchg ax, cx 0x13395: in ax, 0x40 0x13397: add ax, cx 0x13399: mov word ptr [bp + 0xe], ax 0x1339c: ret 0x1339d: push bx 0x1339e: push cx 0x1339f: push dx 0x133a0: mov ax, word ptr [bp + 0xe] 0x133a3: mov cx, 0x3e1 0x133a6: mul cx 0x133a8: mov cx, ax 0x133aa: xor dx, dx 0x133ac: mov bx, 0x35 0x133af: div bx 0x133b1: add dx, cx 0x133b3: js 0x133b9
2018-12-25T11:54:14.746451387Z	44	PC: 1338d \| Get time (See above)
2018-12-25T11:54:14.753530625Z	64	PC: 12b41 \| Write file or device (Write 1088 bytes on handle 5)
2018-12-25T11:54:14.770772157Z	64	PC: 12b4a \| Write file or device (Write 2444 bytes on handle 5)
2018-12-25T11:54:14.778636882Z	64	PC: 12b51 \| Write file or device (Write 413 bytes on handle 5)
2018-12-25T11:54:14.800941715Z	66	PC: 12b59 \| Move file pointer
2018-12-25T11:54:14.804927093Z	64	PC: 12b62 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:14.810408232Z	87	PC: 12b6d \| Get or set file date and time
2018-12-25T11:54:14.811674084Z	62	PC: 12b71 \| Close file
2018-12-25T11:54:14.818080634Z	67	PC: 12b83 \| Get or set file attributes
2018-12-25T11:54:14.82462533Z	42	PC: 12b87 \| Get date 0x12b87: cmp al, 5 0x12b89: jne 0x12bc8 0x12b8b: cmp dl, 0xd 0x12b8e: jne 0x12bc8 0x12b90: call 0x12bbe 0x12b93: push sp 0x12b94: push 0x7369 0x12b97: and byte ptr [bx + si + 0x72], dh 0x12b9a: outsw dx, word ptr [si] 0x12b9b: jb 0x12bff 0x12b9e: insw word ptr es:[di], dx 0x12b9f: and byte ptr [bp + si + 0x65], dh 0x12ba2: jno 0x12c19 0x12ba4: imul si, word ptr [bp + si + 0x65], 0x2073 0x12ba9: dec bp 0x12baa: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12baf: outsw dx, word ptr [si] 0x12bb0: je 0x12bd3 0x12bb3: push di 0x12bb4: imul bp, word ptr [bp + 0x64], 0x776f
2018-12-25T11:54:14.826560918Z	9	PC: 12bc3 \| Display string (String= 'This program requires Microsoft Windows. ')
2018-12-25T11:54:14.831149602Z	76	PC: 12bc8 \| Terminate with return code (Return code = '0')