Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Taiwan.2900

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:28.481485934Z	163	PC: 13271 \| UNKNOWN!
2018-12-17T23:10:28.483247823Z	75	PC: 13288 \| Execute program
2018-12-17T23:10:28.485588753Z	75	PC: 132c1 \| Execute program
2018-12-17T23:10:28.581695367Z	74	PC: 1337e \| Reallocate memory
2018-12-17T23:10:28.583463777Z	53	PC: 13383 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:28.584852612Z	37	PC: 13397 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:28.585998297Z	42	PC: 133e4 \| Get date 0x133e4: sub cx, 0x7bc 0x133e8: mov ax, cx 0x133ea: mov bx, dx 0x133ec: mov cx, 0x168 0x133ef: mul cx 0x133f1: xchg ax, bx 0x133f2: add bl, al 0x133f4: adc bh, 0 0x133f7: mov al, ah 0x133f9: mov cl, 0x1e 0x133fb: mul cl 0x133fd: add ax, bx 0x133ff: sub ax, word ptr [0x31] 0x13403: ja 0x13408 0x13405: jmp 0x13470 0x13407: nop 0x13408: add word ptr [0x31], ax 0x1340c: cmp ax, 0x1e 0x1340f: ja 0x13414 0x13411: jmp 0x13470
2018-12-17T23:10:28.587996157Z	53	PC: 13419 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:10:28.589289253Z	44	PC: 13427 \| Get time 0x13427: mov cl, dh 0x13429: and cl, 1 0x1342c: cmp cl, 0 0x1342f: mov dx, 0x253 0x13432: mov byte ptr [0x7e], 0 0x13437: jne 0x13441 0x13439: mov dx, 0x276 0x1343c: mov byte ptr [0x7e], 1 0x13441: mov ax, 0x2508 0x13444: int 0x21 0x13446: mov ax, 0x3509 0x13449: int 0x21 0x1344b: mov word ptr [6], bx 0x1344f: mov word ptr [8], es 0x13453: mov dx, 0x300 0x13456: mov ax, 0x2509 0x13459: int 0x21 0x1345b: mov ax, 0x3513 0x1345e: int 0x21 0x13460: mov word ptr [0xa], bx
2018-12-17T23:10:28.591119288Z	37	PC: 13446 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:10:28.592048454Z	53	PC: 1344b \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:10:28.593681617Z	37	PC: 1345b \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:10:28.594550847Z	53	PC: 13460 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:10:28.595379417Z	37	PC: 13470 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:10:28.596799454Z	75	PC: 1347c \| Execute program
2018-12-17T23:10:28.618906429Z	163	PC: 14011 \| UNKNOWN!
2018-12-17T23:10:28.620290828Z	48	PC: 1443b \| Get DOS version
2018-12-17T23:10:28.622739525Z	9	PC: 14447 \| Display string (String= ' Incorrect DOS version ')
2018-12-17T23:10:28.630273883Z	73	PC: 13482 \| Release memory
2018-12-17T23:10:28.63190773Z	77	PC: 13486 \| Get program return code
2018-12-17T23:10:28.633746283Z	49	PC: 13494 \| Terminate and stay resident (Return code = '0' \| Memory size = '197')