Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Eun.1975

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:17.391752278Z	240	PC: 12aa1 \| UNKNOWN!
2018-12-17T23:08:17.393513835Z	240	PC: 12af2 \| UNKNOWN!
2018-12-17T23:08:17.394775953Z	224	PC: 13199 \| UNKNOWN!
2018-12-17T23:08:17.395629683Z	74	PC: 12b76 \| Reallocate memory
2018-12-17T23:08:17.397560088Z	53	PC: 12b7b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:17.398813081Z	53	PC: 12b8a \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T23:08:17.399888344Z	53	PC: 12b99 \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T23:08:17.401402484Z	37	PC: 12bad \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:17.403112139Z	37	PC: 12bb5 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T23:08:17.404137552Z	37	PC: 12bbd \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T23:08:17.405808081Z	75	PC: 12be8 \| Execute program
2018-12-17T23:08:17.421746414Z	9	PC: 133d6 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-17T23:08:17.427324824Z	48	PC: 133df \| Get DOS version
2018-12-17T23:08:17.429273612Z	61	PC: 134ac \| Open file (Filename = '')
2018-12-17T23:08:17.436552355Z	93	PC: 1344e \| File sharing functions
2018-12-17T23:08:17.437897505Z	9	PC: 133d6 \| Display string (String= 'Size change=07B7h/01975d. ')
2018-12-17T23:08:17.445491757Z	224	PC: 13199 \| UNKNOWN!
2018-12-17T23:08:17.446395387Z	76	PC: 13433 \| Terminate with return code (Return code = '1')
2018-12-17T23:08:17.449254491Z	73	PC: 12bee \| Release memory
2018-12-17T23:08:17.450373608Z	77	PC: 12bf2 \| Get program return code
2018-12-17T23:08:17.451974101Z	224	PC: 13199 \| UNKNOWN!
2018-12-17T23:08:17.452815539Z	49	PC: 12c00 \| Terminate and stay resident (Return code = '1' \| Memory size = '141')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16143,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:26.873919352Z	240	PC: 12aa1 \| UNKNOWN!
2018-12-25T12:45:26.875326566Z	240	PC: 12af2 \| UNKNOWN!
2018-12-25T12:45:26.87623634Z	224	PC: 13199 \| UNKNOWN!
2018-12-25T12:45:26.876992639Z	74	PC: 12b76 \| Reallocate memory
2018-12-25T12:45:26.879682403Z	53	PC: 12b7b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:26.881382223Z	53	PC: 12b8a \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:45:26.882645043Z	53	PC: 12b99 \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:45:26.8843668Z	37	PC: 12bad \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:26.885929964Z	37	PC: 12bb5 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:45:26.887096389Z	37	PC: 12bbd \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:45:26.888689192Z	75	PC: 12be8 \| Execute program
2018-12-25T12:45:26.90726497Z	9	PC: 133d6 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:26.913409299Z	48	PC: 133df \| Get DOS version
2018-12-25T12:45:26.914833607Z	61	PC: 134ac \| Open file (Filename = '')
2018-12-25T12:45:26.922460354Z	93	PC: 1344e \| File sharing functions
2018-12-25T12:45:26.92448464Z	9	PC: 133d6 \| Display string (See above)
2018-12-25T12:45:26.929016683Z	224	PC: 13199 \| UNKNOWN! (See above)
2018-12-25T12:45:26.93064405Z	76	PC: 13433 \| Terminate with return code (Return code = '1')
2018-12-25T12:45:26.933904754Z	73	PC: 12bee \| Release memory
2018-12-25T12:45:26.935275552Z	77	PC: 12bf2 \| Get program return code
2018-12-25T12:45:26.936996485Z	224	PC: 13199 \| UNKNOWN! (See above)
2018-12-25T12:45:26.937844005Z	49	PC: 12c00 \| Terminate and stay resident (Return code = '1' \| Memory size = '141')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16143,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:27.03662193Z	240	PC: 12aa1 \| UNKNOWN!
2018-12-25T12:45:27.037863853Z	240	PC: 12af2 \| UNKNOWN!
2018-12-25T12:45:27.038603111Z	224	PC: 13199 \| UNKNOWN!
2018-12-25T12:45:27.039248922Z	74	PC: 12b76 \| Reallocate memory
2018-12-25T12:45:27.040675418Z	53	PC: 12b7b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:27.041701951Z	53	PC: 12b8a \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:45:27.042626137Z	53	PC: 12b99 \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:45:27.043835924Z	37	PC: 12bad \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:27.044730766Z	37	PC: 12bb5 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:45:27.0454996Z	37	PC: 12bbd \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:45:27.046565633Z	75	PC: 12be8 \| Execute program
2018-12-25T12:45:27.057729184Z	9	PC: 133d6 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:27.061926114Z	48	PC: 133df \| Get DOS version
2018-12-25T12:45:27.063041859Z	61	PC: 134ac \| Open file (Filename = '')
2018-12-25T12:45:27.067784055Z	93	PC: 1344e \| File sharing functions
2018-12-25T12:45:27.069073118Z	9	PC: 133d6 \| Display string (See above)
2018-12-25T12:45:27.071885381Z	224	PC: 13199 \| UNKNOWN! (See above)
2018-12-25T12:45:27.07285227Z	76	PC: 13433 \| Terminate with return code (Return code = '1')
2018-12-25T12:45:27.076284602Z	73	PC: 12bee \| Release memory
2018-12-25T12:45:27.077571625Z	77	PC: 12bf2 \| Get program return code
2018-12-25T12:45:27.07889681Z	224	PC: 13199 \| UNKNOWN! (See above)
2018-12-25T12:45:27.079554497Z	49	PC: 12c00 \| Terminate and stay resident (Return code = '1' \| Memory size = '141')

{"DateBased":true,"Day":30,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16143,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:28.084478358Z	240	PC: 12aa1 \| UNKNOWN!
2018-12-25T12:45:28.086308709Z	240	PC: 12af2 \| UNKNOWN!
2018-12-25T12:45:28.087258547Z	224	PC: 13199 \| UNKNOWN!
2018-12-25T12:45:28.088187561Z	74	PC: 12b76 \| Reallocate memory
2018-12-25T12:45:28.090013989Z	53	PC: 12b7b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:28.09138689Z	53	PC: 12b8a \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:45:28.092835365Z	53	PC: 12b99 \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:45:28.098280383Z	37	PC: 12bad \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:28.099451459Z	37	PC: 12bb5 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:45:28.100666222Z	37	PC: 12bbd \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:45:28.101813173Z	75	PC: 12be8 \| Execute program
2018-12-25T12:45:28.124828057Z	9	PC: 133d6 \| Display string (String= 'Goat file (COM/....). Size=00001FA4h/0000008100d bytes. ')
2018-12-25T12:45:28.130285066Z	48	PC: 133df \| Get DOS version
2018-12-25T12:45:28.131492423Z	61	PC: 134ac \| Open file (Filename = '')
2018-12-25T12:45:28.139380516Z	93	PC: 1344e \| File sharing functions
2018-12-25T12:45:28.141070105Z	9	PC: 133d6 \| Display string (See above)
2018-12-25T12:45:28.144851861Z	224	PC: 13199 \| UNKNOWN! (See above)
2018-12-25T12:45:28.146001307Z	76	PC: 13433 \| Terminate with return code (Return code = '1')
2018-12-25T12:45:28.148763865Z	73	PC: 12bee \| Release memory
2018-12-25T12:45:28.149851443Z	77	PC: 12bf2 \| Get program return code
2018-12-25T12:45:28.151670373Z	224	PC: 13199 \| UNKNOWN! (See above)
2018-12-25T12:45:28.152413616Z	49	PC: 12c00 \| Terminate and stay resident (Return code = '1' \| Memory size = '141')