Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Plastique.3004.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:25.94919705Z	64	PC: 13311 \| Write file or device (Write 255 bytes on handle 0)
2018-12-17T23:01:25.963999049Z	64	PC: 13362 \| Write file or device (Write 255 bytes on handle 0)
2018-12-17T23:01:26.051612593Z	74	PC: 13416 \| Reallocate memory
2018-12-17T23:01:26.052888768Z	53	PC: 1341b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:26.054549089Z	37	PC: 1342f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:26.055746734Z	42	PC: 13461 \| Get date 0x13461: sub cx, 0x7bc 0x13465: mov ax, cx 0x13467: mov bx, dx 0x13469: mov cx, 0x168 0x1346c: mul cx 0x1346e: xchg ax, bx 0x1346f: add bl, al 0x13471: adc bh, 0 0x13474: mov al, ah 0x13476: mov cl, 0x1e 0x13478: mul cl 0x1347a: add ax, bx 0x1347c: sub ax, word ptr [0x30] 0x13480: ja 0x13485 0x13482: jmp 0x13508 0x13485: add word ptr [0x30], ax 0x13489: cmp ax, 7 0x1348c: ja 0x13491 0x1348e: jmp 0x13508 0x13490: nop
2018-12-17T23:01:26.05791009Z	53	PC: 13496 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:01:26.059650648Z	44	PC: 134a4 \| Get time 0x134a4: mov cl, dh 0x134a6: and cl, 1 0x134a9: cmp cl, 0 0x134ac: mov dx, 0x2ae 0x134af: mov byte ptr [0x69], 0 0x134b4: jne 0x134be 0x134b6: mov dx, 0x2d2 0x134b9: mov byte ptr [0x69], 1 0x134be: mov word ptr [3], 1 0x134c4: mov word ptr [0x122], 0 0x134ca: mov byte ptr [0x121], 1 0x134cf: mov byte ptr [0x68], 0 0x134d4: mov byte ptr [0x6a], 0 0x134d9: mov ax, 0x2508 0x134dc: int 0x21 0x134de: mov ax, 0x3509 0x134e1: int 0x21 0x134e3: mov word ptr [6], bx 0x134e7: mov word ptr [8], es 0x134eb: mov ax, 0x2509
2018-12-17T23:01:26.062000354Z	37	PC: 134de \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:01:26.063174785Z	53	PC: 134e3 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:01:26.069222975Z	37	PC: 134f3 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:01:26.070506166Z	53	PC: 134f8 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:01:26.071948865Z	37	PC: 13508 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:01:26.074276856Z	75	PC: 13514 \| Execute program
2018-12-17T23:01:26.089205653Z	75	PC: 14128 \| Execute program