Sample viewer

vx.netlux.org/Virus.DOS.SMEG.Duwende.2514.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:43:28.752207938Z 25 PC: 12aed | Get default drive
2018-12-17T22:43:28.753987841Z 42 PC: 12b2b | Get date 0x12b2b: call 0x12b3c
0x12b2e: test dh, bl
0x12b30: dec si
0x12b31: rol di, cl
0x12b33: rol di, cl
0x12b35: test byte ptr [di + 0x31e], bh
0x12b39: jmp 0x12b4b
0x12b3c: rcr di, 1
0x12b3e: clc
0x12b3f: rol bp, cl
0x12b41: test byte ptr [si + 0x24], bl
0x12b44: and di, 0x3233
0x12b48: not di
0x12b4a: ret
0x12b4b: rcr di, cl
0x12b4d: add si, 0x3810
0x12b51: jnp 0x12b57
0x12b53: mov si, 0x1f02
0x12b57: or di, word ptr [0x427]
0x12b5b: shl di, cl
2018-12-17T22:43:28.7597904Z 255 PC: 12cf5 | UNKNOWN!
2018-12-17T22:43:28.761100149Z 74 PC: 12d10 | Reallocate memory
2018-12-17T22:43:28.762961996Z 72 PC: 12d18 | Allocate memory
2018-12-17T22:43:28.765704878Z 53 PC: 9e796 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:28.768268142Z 37 PC: 9e7a5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:28.769954129Z 9 PC: 12ad3 | Display string (String= ' Mabuhay! This program came from Bahay Kawayan at http://come.to/hexfiles Putoksa Kawayan [email protected] ')
2018-12-17T22:43:28.788908859Z 76 PC: 12ad7 | Terminate with return code (Return code = '36')