Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Australian

Time	Syscall Op	Syscall Name
2018-12-17T21:59:26.51717752Z	75	PC: 12ab4 \| Execute program
2018-12-17T21:59:26.519481963Z	75	PC: 12b04 \| Execute program
2018-12-17T21:59:26.521667844Z	74	PC: 12b4b \| Reallocate memory
2018-12-17T21:59:26.522968434Z	53	PC: 12b50 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:26.527332921Z	37	PC: 12b64 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:26.528720276Z	42	PC: 12b91 \| Get date 0x12b91: cmp dl, 0x10 0x12b94: jne 0x12b9c 0x12b96: mov byte ptr cs:[0x21], 1 0x12b9c: pop dx 0x12b9d: pop cx 0x12b9e: pop ax 0x12b9f: pushf 0x12ba0: lcall ptr cs:[0x24] 0x12ba5: push ds 0x12ba6: pop es 0x12ba7: mov ah, 0x49 0x12ba9: int 0x21 0x12bab: mov ah, 0x4d 0x12bad: int 0x21 0x12baf: mov ah, 0x31 0x12bb1: mov dx, 0x470 0x12bb4: mov cl, 4 0x12bb6: shr dx, cl 0x12bb8: add dx, 0x10 0x12bbb: int 0x21
2018-12-17T21:59:26.531050742Z	75	PC: 12ba5 \| Execute program
2018-12-17T21:59:26.547187104Z	48	PC: 13d6b \| Get DOS version
2018-12-17T21:59:26.549054404Z	9	PC: 13d77 \| Display string (String= ' Incorrect DOS version ')
2018-12-17T21:59:26.556751675Z	73	PC: 12bab \| Release memory
2018-12-17T21:59:26.55835606Z	77	PC: 12baf \| Get program return code
2018-12-17T21:59:26.560789479Z	49	PC: 12bbd \| Terminate and stay resident (Return code = '0' \| Memory size = '87')

Time	Syscall Op	Syscall Name
2018-12-25T11:42:27.874392437Z	75	PC: 12ab4 \| Execute program
2018-12-25T11:42:27.876721672Z	75	PC: 12b04 \| Execute program
2018-12-25T11:42:27.879459712Z	74	PC: 12b4b \| Reallocate memory
2018-12-25T11:42:27.881048651Z	53	PC: 12b50 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:27.883558155Z	37	PC: 12b64 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:27.889023718Z	42	PC: 12b91 \| Get date 0x12b91: cmp dl, 0x10 0x12b94: jne 0x12b9c 0x12b96: mov byte ptr cs:[0x21], 1 0x12b9c: pop dx 0x12b9d: pop cx 0x12b9e: pop ax 0x12b9f: pushf 0x12ba0: lcall ptr cs:[0x24] 0x12ba5: push ds 0x12ba6: pop es 0x12ba7: mov ah, 0x49 0x12ba9: int 0x21 0x12bab: mov ah, 0x4d 0x12bad: int 0x21 0x12baf: mov ah, 0x31 0x12bb1: mov dx, 0x470 0x12bb4: mov cl, 4 0x12bb6: shr dx, cl 0x12bb8: add dx, 0x10 0x12bbb: int 0x21
2018-12-25T11:42:27.891389158Z	75	PC: 12ba5 \| Execute program
2018-12-25T11:42:27.9068891Z	48	PC: 13d6b \| Get DOS version
2018-12-25T11:42:27.908164948Z	9	PC: 13d77 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T11:42:27.915806706Z	73	PC: 12bab \| Release memory
2018-12-25T11:42:27.916974099Z	77	PC: 12baf \| Get program return code
2018-12-25T11:42:27.918495812Z	49	PC: 12bbd \| Terminate and stay resident (Return code = '0' \| Memory size = '87')

Time	Syscall Op	Syscall Name
2018-12-25T11:42:28.010590718Z	75	PC: 12ab4 \| Execute program
2018-12-25T11:42:28.013125784Z	75	PC: 12b04 \| Execute program
2018-12-25T11:42:28.01550987Z	74	PC: 12b4b \| Reallocate memory
2018-12-25T11:42:28.01720739Z	53	PC: 12b50 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:28.028812675Z	37	PC: 12b64 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:28.030772449Z	42	PC: 12b91 \| Get date 0x12b91: cmp dl, 0x10 0x12b94: jne 0x12b9c 0x12b96: mov byte ptr cs:[0x21], 1 0x12b9c: pop dx 0x12b9d: pop cx 0x12b9e: pop ax 0x12b9f: pushf 0x12ba0: lcall ptr cs:[0x24] 0x12ba5: push ds 0x12ba6: pop es 0x12ba7: mov ah, 0x49 0x12ba9: int 0x21 0x12bab: mov ah, 0x4d 0x12bad: int 0x21 0x12baf: mov ah, 0x31 0x12bb1: mov dx, 0x470 0x12bb4: mov cl, 4 0x12bb6: shr dx, cl 0x12bb8: add dx, 0x10 0x12bbb: int 0x21
2018-12-25T11:42:28.033926256Z	75	PC: 12ba5 \| Execute program
2018-12-25T11:42:28.048627496Z	48	PC: 13d6b \| Get DOS version
2018-12-25T11:42:28.051147528Z	9	PC: 13d77 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T11:42:28.059381737Z	73	PC: 12bab \| Release memory
2018-12-25T11:42:28.061116753Z	77	PC: 12baf \| Get program return code
2018-12-25T11:42:28.063758568Z	49	PC: 12bbd \| Terminate and stay resident (Return code = '0' \| Memory size = '87')