Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.1682

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:50:34.502270655Z	131	PC: 12c5c \| UNKNOWN!
2018-12-17T21:50:34.503814395Z	37	PC: 12ace \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:50:34.504906355Z	42	PC: 12b20 \| Get date 0x12b20: cmp cx, 0x7c7 0x12b24: jb 0x12b8c 0x12b26: cmp al, 5 0x12b28: jne 0x12b8c 0x12b2a: sub ah, ah 0x12b2c: mov al, dl 0x12b2e: mov bx, 5 0x12b31: add ax, bx 0x12b33: div bl 0x12b35: or ah, ah 0x12b37: jne 0x12b8c 0x12b39: mov ax, 0x4d79 0x12b3c: int 0x11 0x12b3e: cmp bx, 0x4944 0x12b42: je 0x12b8c 0x12b44: push cs 0x12b45: pop ds 0x12b46: mov ax, 0x40 0x12b49: mov es, ax 0x12b4b: mov ah, byte ptr es:[0x76]
2018-12-17T21:50:34.506866885Z	74	PC: 12ba3 \| Reallocate memory
2018-12-17T21:50:34.508326671Z	75	PC: 12bd0 \| Execute program
2018-12-17T21:50:34.522785149Z	9	PC: 13272 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-17T21:50:34.527481412Z	76	PC: 13276 \| Terminate with return code (Return code = '36')
2018-12-17T21:50:34.530165216Z	73	PC: 12bd6 \| Release memory
2018-12-17T21:50:34.531865127Z	49	PC: 12be5 \| Terminate and stay resident (Return code = '0' \| Memory size = '105')

{"DateBased":true,"Day":4,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:39:44.637544864Z	131	PC: 12c5c \| UNKNOWN!
2018-12-25T11:39:44.639694544Z	37	PC: 12ace \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:39:44.641036258Z	42	PC: 12b20 \| Get date 0x12b20: cmp cx, 0x7c7 0x12b24: jb 0x12b8c 0x12b26: cmp al, 5 0x12b28: jne 0x12b8c 0x12b2a: sub ah, ah 0x12b2c: mov al, dl 0x12b2e: mov bx, 5 0x12b31: add ax, bx 0x12b33: div bl 0x12b35: or ah, ah 0x12b37: jne 0x12b8c 0x12b39: mov ax, 0x4d79 0x12b3c: int 0x11 0x12b3e: cmp bx, 0x4944 0x12b42: je 0x12b8c 0x12b44: push cs 0x12b45: pop ds 0x12b46: mov ax, 0x40 0x12b49: mov es, ax 0x12b4b: mov ah, byte ptr es:[0x76]
2018-12-25T11:39:44.648437542Z	74	PC: 12ba3 \| Reallocate memory
2018-12-25T11:39:44.649994407Z	75	PC: 12bd0 \| Execute program
2018-12-25T11:39:44.666635462Z	9	PC: 13272 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T11:39:44.672666346Z	76	PC: 13276 \| Terminate with return code (Return code = '36')
2018-12-25T11:39:44.675739288Z	73	PC: 12bd6 \| Release memory
2018-12-25T11:39:44.677929773Z	49	PC: 12be5 \| Terminate and stay resident (Return code = '0' \| Memory size = '105')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:39:44.829363353Z	131	PC: 12c5c \| UNKNOWN!
2018-12-25T11:39:44.831337251Z	37	PC: 12ace \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:39:44.832569569Z	42	PC: 12b20 \| Get date 0x12b20: cmp cx, 0x7c7 0x12b24: jb 0x12b8c 0x12b26: cmp al, 5 0x12b28: jne 0x12b8c 0x12b2a: sub ah, ah 0x12b2c: mov al, dl 0x12b2e: mov bx, 5 0x12b31: add ax, bx 0x12b33: div bl 0x12b35: or ah, ah 0x12b37: jne 0x12b8c 0x12b39: mov ax, 0x4d79 0x12b3c: int 0x11 0x12b3e: cmp bx, 0x4944 0x12b42: je 0x12b8c 0x12b44: push cs 0x12b45: pop ds 0x12b46: mov ax, 0x40 0x12b49: mov es, ax 0x12b4b: mov ah, byte ptr es:[0x76]
2018-12-25T11:39:44.834821229Z	74	PC: 12ba3 \| Reallocate memory
2018-12-25T11:39:44.836129579Z	75	PC: 12bd0 \| Execute program
2018-12-25T11:39:44.85311347Z	9	PC: 13272 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T11:39:44.859340849Z	76	PC: 13276 \| Terminate with return code (Return code = '36')
2018-12-25T11:39:44.862618867Z	73	PC: 12bd6 \| Release memory
2018-12-25T11:39:44.865306713Z	49	PC: 12be5 \| Terminate and stay resident (Return code = '0' \| Memory size = '105')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:39:45.036197462Z	131	PC: 12c5c \| UNKNOWN!
2018-12-25T11:39:45.037381399Z	37	PC: 12ace \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:39:45.03892997Z	42	PC: 12b20 \| Get date 0x12b20: cmp cx, 0x7c7 0x12b24: jb 0x12b8c 0x12b26: cmp al, 5 0x12b28: jne 0x12b8c 0x12b2a: sub ah, ah 0x12b2c: mov al, dl 0x12b2e: mov bx, 5 0x12b31: add ax, bx 0x12b33: div bl 0x12b35: or ah, ah 0x12b37: jne 0x12b8c 0x12b39: mov ax, 0x4d79 0x12b3c: int 0x11 0x12b3e: cmp bx, 0x4944 0x12b42: je 0x12b8c 0x12b44: push cs 0x12b45: pop ds 0x12b46: mov ax, 0x40 0x12b49: mov es, ax 0x12b4b: mov ah, byte ptr es:[0x76]
2018-12-25T11:39:45.041253242Z	74	PC: 12ba3 \| Reallocate memory
2018-12-25T11:39:45.042550914Z	75	PC: 12bd0 \| Execute program
2018-12-25T11:39:45.059589646Z	9	PC: 13272 \| Display string (String= 'Goat file (EXE). Size=000003E8h/0000001000d bytes. ')
2018-12-25T11:39:45.06627896Z	76	PC: 13276 \| Terminate with return code (Return code = '36')
2018-12-25T11:39:45.070042411Z	73	PC: 12bd6 \| Release memory
2018-12-25T11:39:45.072225669Z	49	PC: 12be5 \| Terminate and stay resident (Return code = '0' \| Memory size = '105')