Sample viewer

vx.netlux.org/Virus.DOS.Smile_II.1113

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:19.052182714Z	53	PC: 12df4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:19.062660197Z	53	PC: 12e01 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:43:19.06396672Z	74	PC: 12e14 \| Reallocate memory
2018-12-17T22:43:19.065605699Z	74	PC: 12e1c \| Reallocate memory
2018-12-17T22:43:19.067239415Z	72	PC: 12e23 \| Allocate memory
2018-12-17T22:43:19.0692881Z	37	PC: 12e48 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:19.071048325Z	42	PC: 12e4c \| Get date 0x12e4c: mov dl, dh 0x12e4e: xor dh, dh 0x12e50: mov ax, dx 0x12e52: mov bl, 3 0x12e54: div bl 0x12e56: cmp ah, 1 0x12e59: jne 0x12e66 0x12e5b: nop 0x12e5c: nop 0x12e5d: nop 0x12e5e: mov ax, 0x251c 0x12e61: mov dx, 0x2fc 0x12e64: int 0x21 0x12e66: mov ax, word ptr cs:[si + 0x3f9] 0x12e6b: mov ds, ax 0x12e6d: mov es, ax 0x12e6f: add ax, 0x10 0x12e72: add word ptr cs:[si + 0xc1], ax 0x12e77: add word ptr cs:[si + 0x26a], ax 0x12e7c: mov ss, word ptr cs:[si + 0x26a]
2018-12-17T22:43:19.075060199Z	48	PC: 12cae \| Get DOS version
2018-12-17T22:43:19.078529461Z	9	PC: 12b0b \| Display string (String= '��~j��!� win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-17T22:43:19.081632711Z	9	PC: 12b13 \| Display string (String= 'l��!� win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-17T22:43:19.084856172Z	9	PC: 12b1b \| Display string (Could not find end pointer)
2018-12-17T22:43:19.089083258Z	9	PC: 12b23 \| Display string (Could not find end pointer)
2018-12-17T22:43:19.095176001Z	9	PC: 12b2b \| Display string (String= ' win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-17T22:43:19.101042348Z	76	PC: 12b7b \| Terminate with return code (Return code = '0')