Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Scott.1716.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:58.070925107Z 48 PC: 12a44 | Get DOS version
2018-12-17T23:05:58.073335904Z 192 PC: 12a63 | UNKNOWN!
2018-12-17T23:05:58.074428716Z 192 PC: 12ad7 | UNKNOWN!
2018-12-17T23:05:58.07534743Z 74 PC: 12bca | Reallocate memory
2018-12-17T23:05:58.076901964Z 53 PC: 12bcf | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:58.078910034Z 37 PC: 12be3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:58.080493983Z 42 PC: 130a3 | Get date 0x130a3: mov byte ptr [bp - 6], dh
0x130a6: mov byte ptr [bp - 8], dl
0x130a9: mov byte ptr [bp - 5], 0
0x130ad: mov byte ptr [bp - 7], 0
0x130b1: mov di, cx
0x130b3: sub di, 0x7b2
0x130b7: mov ax, 0x16d
0x130ba: mul di
0x130bc: mov si, ax
0x130be: add di, 2
0x130c1: test di, 3
0x130c5: jne 0x130d0
0x130c7: cmp word ptr [bp - 6], 2
0x130cb: ja 0x130d0
0x130cd: sub di, 4
0x130d0: mov ax, di
0x130d2: shr ax, 1
0x130d4: shr ax, 1
0x130d6: add si, ax
0x130d8: mov bx, word ptr [bp - 6]
2018-12-17T23:05:58.08303025Z 42 PC: 12c32 | Get date 0x12c32: mov byte ptr cs:[0xeb], 0
0x12c38: cmp cx, 0x7c7
0x12c3c: jb 0x12c47
0x12c3e: cmp al, 5
0x12c40: jne 0x12c47
0x12c42: inc byte ptr cs:[0xeb]
0x12c47: pop dx
0x12c48: pop cx
0x12c49: pop bx
0x12c4a: pop ax
0x12c4b: pop es
0x12c4c: pop ds
0x12c4d: pushf
0x12c4e: lcall ptr cs:[0xf3]
0x12c53: push ds
0x12c54: pop es
0x12c55: mov ah, 0x49
0x12c57: int 0x21
0x12c59: mov ah, 0x4d
0x12c5b: int 0x21
2018-12-17T23:05:58.085842996Z 75 PC: 12c53 | Execute program
2018-12-17T23:05:58.09976061Z 48 PC: 13454 | Get DOS version
2018-12-17T23:05:58.102256665Z 9 PC: 1400b | Display string (String= ' ANSI v1.0 (c) 1990 The Nutty Professor. �For Personal Use only.� ')
2018-12-17T23:05:58.118511153Z 9 PC: 1400b | Display string (Could not find end pointer)
2018-12-17T23:05:58.13283549Z 9 PC: 1400b | Display string (String= 'Status: ')
2018-12-17T23:05:58.134751986Z 2 PC: 1400b | Character output (Char = '4f')
2018-12-17T23:05:58.146102247Z 2 PC: 1400b | Character output (Char = '4e')
2018-12-17T23:05:58.147984041Z 2 PC: 1400b | Character output (Char = '20')
2018-12-17T23:05:58.149775562Z 2 PC: 1400b | Character output (Char = '20')
2018-12-17T23:05:58.152472393Z 2 PC: 1400b | Character output (Char = '46')
2018-12-17T23:05:58.154295917Z 2 PC: 1400b | Character output (Char = '41')
2018-12-17T23:05:58.155908539Z 2 PC: 1400b | Character output (Char = '53')
2018-12-17T23:05:58.157853355Z 2 PC: 1400b | Character output (Char = '54')
2018-12-17T23:05:58.159625244Z 9 PC: 1400b | Display string (String= ' Buffer size: ')
2018-12-17T23:05:58.162891096Z 2 PC: 1400b | Character output (Char = '32')
2018-12-17T23:05:58.164672542Z 2 PC: 1400b | Character output (Char = '30')
2018-12-17T23:05:58.166924651Z 2 PC: 1400b | Character output (Char = '30')
2018-12-17T23:05:58.169813334Z 9 PC: 1400b | Display string (String= ' Bytes free: ')
2018-12-17T23:05:58.176399931Z 2 PC: 1400b | Character output (Char = '32')
2018-12-17T23:05:58.179360621Z 2 PC: 1400b | Character output (Char = '30')
2018-12-17T23:05:58.181831858Z 2 PC: 1400b | Character output (Char = '30')
2018-12-17T23:05:58.18392294Z 9 PC: 1400b | Display string (String= ' ')
2018-12-17T23:05:58.189035417Z 53 PC: 13e79 | Get interrupt vector (Interrupt = '41' AKA 'Parse filename')
2018-12-17T23:05:58.190273722Z 37 PC: 13e99 | Set interrupt vector (Interrupt = '41' AKA 'Parse filename')
2018-12-17T23:05:58.191553121Z 53 PC: 13e9e | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T23:05:58.193895703Z 37 PC: 13eae | Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T23:05:58.19503548Z 53 PC: 13eb3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:58.1961965Z 37 PC: 13ec3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:58.198330054Z 73 PC: 13ecc | Release memory
2018-12-17T23:05:58.19964766Z 9 PC: 1400b | Display string (String= 'dent programs in reverse order ')
2018-12-17T23:05:58.202938044Z 49 PC: 13ee0 | Terminate and stay resident (Return code = '0' | Memory size = '159')
2018-12-17T23:05:58.206872737Z 73 PC: 12c59 | Release memory
2018-12-17T23:05:58.221620521Z 77 PC: 12c5d | Get program return code
2018-12-17T23:05:58.222829699Z 49 PC: 12c6b | Terminate and stay resident (Return code = '0' | Memory size = '124')