Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Raquel.3000

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:41.006945941Z	75	PC: 13891 \| Execute program
2018-12-17T22:50:41.111994348Z	74	PC: 1337e \| Reallocate memory
2018-12-17T22:50:41.11334853Z	53	PC: 13383 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:41.114508839Z	37	PC: 13397 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:41.116474348Z	42	PC: 133e4 \| Get date 0x133e4: sub cx, 0x7bc 0x133e8: mov ax, cx 0x133ea: mov bx, dx 0x133ec: mov cx, 0x168 0x133ef: mul cx 0x133f1: xchg ax, bx 0x133f2: add bl, al 0x133f4: adc bh, 0 0x133f7: mov al, ah 0x133f9: mov cl, 0x1e 0x133fb: mul cl 0x133fd: add ax, bx 0x133ff: sub ax, word ptr [0x31] 0x13403: ja 0x13408 0x13405: jmp 0x13470 0x13407: nop 0x13408: add word ptr [0x31], ax 0x1340c: cmp ax, 0x1e 0x1340f: ja 0x13414 0x13411: jmp 0x13470
2018-12-17T22:50:41.119047563Z	53	PC: 13419 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:50:41.120301931Z	44	PC: 13427 \| Get time 0x13427: mov cl, dh 0x13429: and cl, 1 0x1342c: cmp cl, 0 0x1342f: mov dx, 0x253 0x13432: mov byte ptr [0x7e], 0 0x13437: jne 0x13441 0x13439: mov dx, 0x276 0x1343c: mov byte ptr [0x7e], 1 0x13441: mov ax, 0x2508 0x13444: int 0x21 0x13446: mov ax, 0x3509 0x13449: int 0x21 0x1344b: mov word ptr [6], bx 0x1344f: mov word ptr [8], es 0x13453: mov dx, 0x300 0x13456: mov ax, 0x2509 0x13459: int 0x21 0x1345b: mov ax, 0x3513 0x1345e: int 0x21 0x13460: mov word ptr [0xa], bx
2018-12-17T22:50:41.123157333Z	37	PC: 13446 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:50:41.124388153Z	53	PC: 1344b \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:41.125546861Z	37	PC: 1345b \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:50:41.127201586Z	53	PC: 13460 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:50:41.12882334Z	37	PC: 13470 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:50:41.130380323Z	75	PC: 1347c \| Execute program
2018-12-17T22:50:41.145558971Z	76	PC: 13da7 \| Terminate with return code (Return code = '0')
2018-12-17T22:50:41.149257052Z	73	PC: 13482 \| Release memory
2018-12-17T22:50:41.151058996Z	77	PC: 13486 \| Get program return code
2018-12-17T22:50:41.152938331Z	49	PC: 13494 \| Terminate and stay resident (Return code = '0' \| Memory size = '197')