Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Keeper.1570

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:31.37315241Z 240 PC: 12e58 | UNKNOWN!
2018-12-17T23:02:31.375827783Z 255 PC: 12ed9 | UNKNOWN!
2018-12-17T23:02:31.37843524Z 74 PC: 12f35 | Reallocate memory
2018-12-17T23:02:31.380993778Z 75 PC: 12f9b | Execute program
2018-12-17T23:02:31.399228744Z 76 PC: 132f5 | Terminate with return code (Return code = '0')
2018-12-17T23:02:31.404017133Z 73 PC: 12fa1 | Release memory
2018-12-17T23:02:31.406003915Z 77 PC: 12fa5 | Get program return code
2018-12-17T23:02:31.407913417Z 44 PC: 12fa9 | Get time 0x12fa9: cmp cl, 0xc
0x12fac: je 0x12fb6
0x12fae: mov ah, 0x31
0x12fb0: mov dx, 0x82
0x12fb3: call 0x22af1
0x12fb6: push cs
0x12fb7: pop ds
0x12fb8: mov dx, 0x68f
0x12fbb: mov ah, 9
0x12fbd: int 0x21
0x12fbf: mov ah, 0x19
0x12fc1: int 0x21
0x12fc3: mov dl, al
0x12fc5: cmp dl, 2
0x12fc8: jb 0x12fcc
0x12fca: add al, 0x7e
0x12fcc: mov ax, 0x309
0x12fcf: mov bx, 0x68f
0x12fd2: mov cx, 1
0x12fd5: mov dh, 0
2018-12-17T23:02:31.411036519Z 49 PC: 12af7 | Terminate and stay resident (Return code = '0' | Memory size = '130')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14245,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:11.358123293Z 240 PC: 12e58 | UNKNOWN!
2018-12-25T12:40:11.35991009Z 255 PC: 12ed9 | UNKNOWN!
2018-12-25T12:40:11.362132746Z 74 PC: 12f35 | Reallocate memory
2018-12-25T12:40:11.364044958Z 75 PC: 12f9b | Execute program
2018-12-25T12:40:11.380414991Z 76 PC: 132f5 | Terminate with return code (Return code = '0')
2018-12-25T12:40:11.384497475Z 73 PC: 12fa1 | Release memory
2018-12-25T12:40:11.386562705Z 77 PC: 12fa5 | Get program return code
2018-12-25T12:40:11.388375786Z 44 PC: 12fa9 | Get time 0x12fa9: cmp cl, 0xc
0x12fac: je 0x12fb6
0x12fae: mov ah, 0x31
0x12fb0: mov dx, 0x82
0x12fb3: call 0x22af1
0x12fb6: push cs
0x12fb7: pop ds
0x12fb8: mov dx, 0x68f
0x12fbb: mov ah, 9
0x12fbd: int 0x21
0x12fbf: mov ah, 0x19
0x12fc1: int 0x21
0x12fc3: mov dl, al
0x12fc5: cmp dl, 2
0x12fc8: jb 0x12fcc
0x12fca: add al, 0x7e
0x12fcc: mov ax, 0x309
0x12fcf: mov bx, 0x68f
0x12fd2: mov cx, 1
0x12fd5: mov dh, 0
2018-12-25T12:40:11.395727426Z 49 PC: 12af7 | Terminate and stay resident (Return code = '0' | Memory size = '130')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":12,"Second":0,"TimeBased":true,"OriginalID":14245,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:11.582391974Z 240 PC: 12e58 | UNKNOWN!
2018-12-25T12:40:11.583250715Z 255 PC: 12ed9 | UNKNOWN!
2018-12-25T12:40:11.58511405Z 74 PC: 12f35 | Reallocate memory
2018-12-25T12:40:11.586486673Z 75 PC: 12f9b | Execute program
2018-12-25T12:40:11.595720384Z 76 PC: 132f5 | Terminate with return code (Return code = '0')
2018-12-25T12:40:11.598535557Z 73 PC: 12fa1 | Release memory
2018-12-25T12:40:11.599700826Z 77 PC: 12fa5 | Get program return code
2018-12-25T12:40:11.600774727Z 44 PC: 12fa9 | Get time 0x12fa9: cmp cl, 0xc
0x12fac: je 0x12fb6
0x12fae: mov ah, 0x31
0x12fb0: mov dx, 0x82
0x12fb3: call 0x22af1
0x12fb6: push cs
0x12fb7: pop ds
0x12fb8: mov dx, 0x68f
0x12fbb: mov ah, 9
0x12fbd: int 0x21
0x12fbf: mov ah, 0x19
0x12fc1: int 0x21
0x12fc3: mov dl, al
0x12fc5: cmp dl, 2
0x12fc8: jb 0x12fcc
0x12fca: add al, 0x7e
0x12fcc: mov ax, 0x309
0x12fcf: mov bx, 0x68f
0x12fd2: mov cx, 1
0x12fd5: mov dh, 0
2018-12-25T12:40:11.603031196Z 9 PC: 12fbf | Display string (Could not find end pointer)
2018-12-25T12:40:11.607519731Z 25 PC: 12fc3 | Get default drive