Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Doomsday.1455

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:00:30.151064793Z	240	PC: 17dec \| UNKNOWN!
2018-12-17T22:00:30.152536034Z	74	PC: 12b3d \| Reallocate memory
2018-12-17T22:00:30.154162282Z	53	PC: 12b4d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:30.155551588Z	37	PC: 12b61 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:30.157471821Z	42	PC: 12b65 \| Get date 0x12b65: cmp dh, 4 0x12b68: jne 0x12b91 0x12b6a: cmp dl, 5 0x12b6d: ja 0x12b91 0x12b6f: mov byte ptr cs:[0x10b], 1 0x12b75: mov ax, 0x3508 0x12b78: int 0x21 0x12b7a: mov word ptr cs:[0x110], bx 0x12b7f: mov word ptr cs:[0x112], es 0x12b84: push cs 0x12b85: pop ds 0x12b86: mov dx, 0x2c0 0x12b89: mov ax, 0x2508 0x12b8c: int 0x21 0x12b8e: jmp 0x12b97 0x12b90: nop 0x12b91: mov byte ptr cs:[0x10b], 0 0x12b97: mov es, word ptr cs:[0x128] 0x12b9c: mov es, word ptr es:[0x2c] 0x12ba1: xor di, di
2018-12-17T22:00:30.159726567Z	75	PC: 12bd1 \| Execute program
2018-12-17T22:00:30.176894001Z	74	PC: 13186 \| Reallocate memory
2018-12-17T22:00:30.179837507Z	43	PC: 13ccf \| Set date
2018-12-17T22:00:30.186985225Z	72	PC: 13830 \| Allocate memory
2018-12-17T22:00:30.188654863Z	72	PC: 13843 \| Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1172,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:56.450878923Z	240	PC: 17dec \| UNKNOWN!
2018-12-25T11:42:56.45263916Z	74	PC: 12b3d \| Reallocate memory
2018-12-25T11:42:56.461824807Z	53	PC: 12b4d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:56.462918167Z	37	PC: 12b61 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:56.464163126Z	42	PC: 12b65 \| Get date 0x12b65: cmp dh, 4 0x12b68: jne 0x12b91 0x12b6a: cmp dl, 5 0x12b6d: ja 0x12b91 0x12b6f: mov byte ptr cs:[0x10b], 1 0x12b75: mov ax, 0x3508 0x12b78: int 0x21 0x12b7a: mov word ptr cs:[0x110], bx 0x12b7f: mov word ptr cs:[0x112], es 0x12b84: push cs 0x12b85: pop ds 0x12b86: mov dx, 0x2c0 0x12b89: mov ax, 0x2508 0x12b8c: int 0x21 0x12b8e: jmp 0x12b97 0x12b90: nop 0x12b91: mov byte ptr cs:[0x10b], 0 0x12b97: mov es, word ptr cs:[0x128] 0x12b9c: mov es, word ptr es:[0x2c] 0x12ba1: xor di, di
2018-12-25T11:42:56.466827878Z	75	PC: 12bd1 \| Execute program
2018-12-25T11:42:56.484140776Z	74	PC: 13186 \| Reallocate memory
2018-12-25T11:42:56.486556204Z	43	PC: 13ccf \| Set date
2018-12-25T11:42:56.494911404Z	72	PC: 13830 \| Allocate memory
2018-12-25T11:42:56.497014456Z	72	PC: 13843 \| Allocate memory

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1172,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:56.383642024Z	240	PC: 17dec \| UNKNOWN!
2018-12-25T11:42:56.384935877Z	74	PC: 12b3d \| Reallocate memory
2018-12-25T11:42:56.386372038Z	53	PC: 12b4d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:56.387526245Z	37	PC: 12b61 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:56.391839033Z	42	PC: 12b65 \| Get date 0x12b65: cmp dh, 4 0x12b68: jne 0x12b91 0x12b6a: cmp dl, 5 0x12b6d: ja 0x12b91 0x12b6f: mov byte ptr cs:[0x10b], 1 0x12b75: mov ax, 0x3508 0x12b78: int 0x21 0x12b7a: mov word ptr cs:[0x110], bx 0x12b7f: mov word ptr cs:[0x112], es 0x12b84: push cs 0x12b85: pop ds 0x12b86: mov dx, 0x2c0 0x12b89: mov ax, 0x2508 0x12b8c: int 0x21 0x12b8e: jmp 0x12b97 0x12b90: nop 0x12b91: mov byte ptr cs:[0x10b], 0 0x12b97: mov es, word ptr cs:[0x128] 0x12b9c: mov es, word ptr es:[0x2c] 0x12ba1: xor di, di
2018-12-25T11:42:56.394146245Z	53	PC: 12b7a \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:42:56.395187621Z	37	PC: 12b8e \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:42:56.396372339Z	75	PC: 12bd1 \| Execute program
2018-12-25T11:42:56.416508504Z	74	PC: 13186 \| Reallocate memory
2018-12-25T11:42:56.418573208Z	43	PC: 13ccf \| Set date
2018-12-25T11:42:56.426641756Z	72	PC: 13830 \| Allocate memory
2018-12-25T11:42:56.428593409Z	72	PC: 13843 \| Allocate memory

{"DateBased":true,"Day":6,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1172,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:56.496721136Z	240	PC: 17dec \| UNKNOWN!
2018-12-25T11:42:56.498064347Z	74	PC: 12b3d \| Reallocate memory
2018-12-25T11:42:56.499491171Z	53	PC: 12b4d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:56.500657525Z	37	PC: 12b61 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:56.501901126Z	42	PC: 12b65 \| Get date 0x12b65: cmp dh, 4 0x12b68: jne 0x12b91 0x12b6a: cmp dl, 5 0x12b6d: ja 0x12b91 0x12b6f: mov byte ptr cs:[0x10b], 1 0x12b75: mov ax, 0x3508 0x12b78: int 0x21 0x12b7a: mov word ptr cs:[0x110], bx 0x12b7f: mov word ptr cs:[0x112], es 0x12b84: push cs 0x12b85: pop ds 0x12b86: mov dx, 0x2c0 0x12b89: mov ax, 0x2508 0x12b8c: int 0x21 0x12b8e: jmp 0x12b97 0x12b90: nop 0x12b91: mov byte ptr cs:[0x10b], 0 0x12b97: mov es, word ptr cs:[0x128] 0x12b9c: mov es, word ptr es:[0x2c] 0x12ba1: xor di, di
2018-12-25T11:42:56.504317317Z	75	PC: 12bd1 \| Execute program
2018-12-25T11:42:56.524240469Z	74	PC: 13186 \| Reallocate memory
2018-12-25T11:42:56.526331812Z	43	PC: 13ccf \| Set date
2018-12-25T11:42:56.534697747Z	72	PC: 13830 \| Allocate memory
2018-12-25T11:42:56.536539013Z	72	PC: 13843 \| Allocate memory