Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.d

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:53.450715408Z	255	PC: 12ab7 \| UNKNOWN!
2018-12-17T23:01:53.451970497Z	53	PC: 12ac2 \| Get interrupt vector (Interrupt = '241' AKA 'UNKNOWN!')
2018-12-17T23:01:53.453191938Z	42	PC: 12ace \| Get date 0x12ace: cmp dh, 0xc 0x12ad1: je 0x12af7 0x12ad3: cmp dh, 1 0x12ad6: je 0x12af7 0x12ad8: mov ah, 0xe1 0x12ada: int 0x21 0x12adc: cmp ah, 0xe1 0x12adf: jae 0x12b1e 0x12ae1: cmp ah, 3 0x12ae4: jb 0x12b1e 0x12ae6: mov ah, 0xdd 0x12ae8: mov di, 0x100 0x12aeb: mov si, 0x6b3 0x12aee: add si, di 0x12af0: mov cx, word ptr cs:[di + 8] 0x12af5: int 0x21 0x12af7: xor ax, ax 0x12af9: mov es, ax 0x12afb: mov di, 0x560 0x12afe: mov si, 0x362

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14016,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:42.845264222Z	255	PC: 12ab7 \| UNKNOWN!
2018-12-25T12:39:42.84733911Z	53	PC: 12ac2 \| Get interrupt vector (Interrupt = '241' AKA 'UNKNOWN!')
2018-12-25T12:39:42.848574432Z	42	PC: 12ace \| Get date 0x12ace: cmp dh, 0xc 0x12ad1: je 0x12af7 0x12ad3: cmp dh, 1 0x12ad6: je 0x12af7 0x12ad8: mov ah, 0xe1 0x12ada: int 0x21 0x12adc: cmp ah, 0xe1 0x12adf: jae 0x12b1e 0x12ae1: cmp ah, 3 0x12ae4: jb 0x12b1e 0x12ae6: mov ah, 0xdd 0x12ae8: mov di, 0x100 0x12aeb: mov si, 0x6b3 0x12aee: add si, di 0x12af0: mov cx, word ptr cs:[di + 8] 0x12af5: int 0x21 0x12af7: xor ax, ax 0x12af9: mov es, ax 0x12afb: mov di, 0x560 0x12afe: mov si, 0x362

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14016,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:42.949379672Z	255	PC: 12ab7 \| UNKNOWN!
2018-12-25T12:39:42.950392071Z	53	PC: 12ac2 \| Get interrupt vector (Interrupt = '241' AKA 'UNKNOWN!')
2018-12-25T12:39:42.955879899Z	42	PC: 12ace \| Get date 0x12ace: cmp dh, 0xc 0x12ad1: je 0x12af7 0x12ad3: cmp dh, 1 0x12ad6: je 0x12af7 0x12ad8: mov ah, 0xe1 0x12ada: int 0x21 0x12adc: cmp ah, 0xe1 0x12adf: jae 0x12b1e 0x12ae1: cmp ah, 3 0x12ae4: jb 0x12b1e 0x12ae6: mov ah, 0xdd 0x12ae8: mov di, 0x100 0x12aeb: mov si, 0x6b3 0x12aee: add si, di 0x12af0: mov cx, word ptr cs:[di + 8] 0x12af5: int 0x21 0x12af7: xor ax, ax 0x12af9: mov es, ax 0x12afb: mov di, 0x560 0x12afe: mov si, 0x362
2018-12-25T12:39:42.959089464Z	225	PC: 12adc \| UNKNOWN!
2018-12-25T12:39:42.960355858Z	255	PC: 12b58 \| UNKNOWN!
2018-12-25T12:39:42.964779942Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '241' AKA 'UNKNOWN!')
2018-12-25T12:39:42.967488091Z	42	PC: 12b6f \| Get date 0x12b6f: cmp dh, 0xc 0x12b72: je 0x12b85 0x12b74: cmp dh, 1 0x12b77: je 0x12b85 0x12b79: mov ah, 0xe1 0x12b7b: int 0x21 0x12b7d: cmp ah, 0xe1 0x12b80: jae 0x12b95 0x12b82: cmp ah, 3 0x12b85: pop es 0x12b86: mov ss, word ptr cs:[0x26] 0x12b8b: mov sp, word ptr cs:[0x24] 0x12b90: ljmp ptr cs:[0x28] 0x12b95: xor ax, ax 0x12b97: mov es, ax 0x12b99: mov ax, word ptr es:[0x3fc] 0x12b9d: mov word ptr cs:[0x2c], ax 0x12ba1: mov al, byte ptr es:[0x3fe] 0x12ba5: mov byte ptr cs:[0x2e], al 0x12ba9: mov word ptr es:[0x3fc], 0xa5f3
2018-12-25T12:39:42.971659394Z	225	PC: 12b7d \| UNKNOWN!
2018-12-25T12:39:42.974020506Z	74	PC: 12c01 \| Reallocate memory
2018-12-25T12:39:42.978343259Z	53	PC: 12c06 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:42.980267961Z	37	PC: 12c1a \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:42.982240262Z	42	PC: 12c4a \| Get date 0x12c4a: mov byte ptr cs:[7], 0 0x12c50: cmp dl, 0xd 0x12c53: jne 0x12c5b 0x12c55: mov byte ptr cs:[7], 1 0x12c5b: pop dx 0x12c5c: pop cx 0x12c5d: pop bx 0x12c5e: pop ax 0x12c5f: pop es 0x12c60: pop ds 0x12c61: pushf 0x12c62: lcall ptr cs:[0xa] 0x12c67: push ds 0x12c68: pop es 0x12c69: mov ah, 0x49 0x12c6b: int 0x21 0x12c6d: mov ah, 0x4d 0x12c6f: int 0x21 0x12c71: mov ah, 0x31 0x12c73: mov dx, 0x6b3
2018-12-25T12:39:42.986910422Z	75	PC: 12c67 \| Execute program
2018-12-25T12:39:43.003200294Z	255	PC: 13317 \| UNKNOWN!
2018-12-25T12:39:43.004183066Z	53	PC: 13322 \| Get interrupt vector (Interrupt = '241' AKA 'UNKNOWN!')
2018-12-25T12:39:43.006263428Z	42	PC: 1332e \| Get date 0x1332e: cmp dh, 0xc 0x13331: je 0x13357 0x13333: cmp dh, 1 0x13336: je 0x13357 0x13338: mov ah, 0xe1 0x1333a: int 0x21 0x1333c: cmp ah, 0xe1 0x1333f: jae 0x1337e 0x13341: cmp ah, 3 0x13344: jb 0x1337e 0x13346: mov ah, 0xdd 0x13348: mov di, 0x100 0x1334b: mov si, 0x6b3 0x1334e: add si, di 0x13350: mov cx, word ptr cs:[di + 8] 0x13355: int 0x21 0x13357: xor ax, ax 0x13359: mov es, ax 0x1335b: mov di, 0x560 0x1335e: mov si, 0x362
2018-12-25T12:39:43.011441941Z	73	PC: 12c6d \| Release memory
2018-12-25T12:39:43.013329681Z	77	PC: 12c71 \| Get program return code
2018-12-25T12:39:43.016060037Z	49	PC: 12c7f \| Terminate and stay resident (Return code = '0' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14016,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:43.022540023Z	255	PC: 12ab7 \| UNKNOWN!
2018-12-25T12:39:43.024494731Z	53	PC: 12ac2 \| Get interrupt vector (Interrupt = '241' AKA 'UNKNOWN!')
2018-12-25T12:39:43.0257443Z	42	PC: 12ace \| Get date 0x12ace: cmp dh, 0xc 0x12ad1: je 0x12af7 0x12ad3: cmp dh, 1 0x12ad6: je 0x12af7 0x12ad8: mov ah, 0xe1 0x12ada: int 0x21 0x12adc: cmp ah, 0xe1 0x12adf: jae 0x12b1e 0x12ae1: cmp ah, 3 0x12ae4: jb 0x12b1e 0x12ae6: mov ah, 0xdd 0x12ae8: mov di, 0x100 0x12aeb: mov si, 0x6b3 0x12aee: add si, di 0x12af0: mov cx, word ptr cs:[di + 8] 0x12af5: int 0x21 0x12af7: xor ax, ax 0x12af9: mov es, ax 0x12afb: mov di, 0x560 0x12afe: mov si, 0x362