Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Aurora.1478

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:24.428110599Z 224 PC: 12af5 | UNKNOWN!
2018-12-17T23:01:24.429891073Z 53 PC: 12f31 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:24.43136087Z 37 PC: 12f47 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:24.432871342Z 74 PC: 12f89 | Reallocate memory
2018-12-17T23:01:24.43491049Z 75 PC: 12ff2 | Execute program
2018-12-17T23:01:24.449162059Z 238 PC: 42b25 | UNKNOWN!
2018-12-17T23:01:24.450360773Z 9 PC: 42a77 | Display string (String= 'This file is infected with Jerusalem.PiPi.Aurora! ')
2018-12-17T23:01:24.454716728Z 76 PC: 42a7c | Terminate with return code (Return code = '0')
2018-12-17T23:01:24.458188102Z 73 PC: 12ff8 | Release memory
2018-12-17T23:01:24.459445855Z 77 PC: 12ffc | Get program return code
2018-12-17T23:01:24.460693346Z 49 PC: 13003 | Terminate and stay resident (Return code = '0' | Memory size = '128')