Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Taiwan.2576

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:04:59.446199733Z 75 PC: 12d16 | Execute program
2018-12-17T22:04:59.448171168Z 75 PC: 12d67 | Execute program
2018-12-17T22:04:59.513478352Z 74 PC: 12e19 | Reallocate memory
2018-12-17T22:04:59.515050351Z 53 PC: 12e1e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:04:59.518999919Z 37 PC: 12e32 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:04:59.520509586Z 53 PC: 12e63 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:04:59.52215901Z 44 PC: 12e73 | Get time 0x12e73: mov cl, dh
0x12e75: and cl, 0xf
0x12e78: cmp cl, 0
0x12e7b: mov dx, 0x480
0x12e7e: jne 0x12e83
0x12e80: mov dx, 0x4a3
0x12e83: mov word ptr [0x14], 1
0x12e89: mov word ptr [0x93], 0
0x12e8f: mov byte ptr [0x92], 1
0x12e94: mov ax, 0x2508
0x12e97: int 0x21
0x12e99: pop dx
0x12e9a: pop cx
0x12e9b: pop bx
0x12e9c: pop ax
0x12e9d: pop es
0x12e9e: pop ds
0x12e9f: pushf
0x12ea0: lcall ptr cs:[0x3b]
0x12ea5: push ds
2018-12-17T22:04:59.525219463Z 37 PC: 12e99 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:04:59.527437173Z 75 PC: 12ea5 | Execute program
2018-12-17T22:04:59.544521228Z 73 PC: 12eab | Release memory
2018-12-17T22:04:59.545596102Z 77 PC: 12eaf | Get program return code
2018-12-17T22:04:59.547143484Z 49 PC: 12ebd | Terminate and stay resident (Return code = '0' | Memory size = '177')