Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Satan.1540

Time	Syscall Op	Syscall Name
2018-12-17T23:10:56.261133605Z	242	PC: 12aa8 \| UNKNOWN!
2018-12-17T23:10:56.262371885Z	42	PC: 12b42 \| Get date 0x12b42: cmp al, 6 0x12b44: jne 0x12b5d 0x12b46: mov ax, 0x3508 0x12b49: int 0x21 0x12b4b: mov word ptr cs:[0x58e], bx 0x12b50: mov word ptr cs:[0x590], es 0x12b55: mov dx, 0x55d 0x12b58: mov ax, 0x3508 0x12b5b: int 0x21 0x12b5d: mov ax, 0x3521 0x12b60: int 0x21 0x12b62: mov word ptr cs:[0x2bf], bx 0x12b67: mov word ptr cs:[0x2c1], es 0x12b6c: mov dx, 0x289 0x12b6f: mov ax, 0x2521 0x12b72: int 0x21 0x12b74: mov es, word ptr cs:[0x10b] 0x12b79: cmp word ptr cs:[0x107], 0x426b 0x12b80: je 0x12bc2 0x12b82: mov bx, 0x1000
2018-12-17T23:10:56.265467347Z	53	PC: 12b62 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:56.267041097Z	37	PC: 12b74 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:56.268650836Z	74	PC: 12b89 \| Reallocate memory
2018-12-17T23:10:56.271549087Z	75	PC: 12bc2 \| Execute program
2018-12-17T23:10:56.288590161Z	49	PC: 12bc9 \| Terminate and stay resident (Return code = '1' \| Memory size = '113')

Time	Syscall Op	Syscall Name
2018-12-25T12:54:39.166616651Z	242	PC: 12aa8 \| UNKNOWN!
2018-12-25T12:54:39.167778522Z	42	PC: 12b42 \| Get date 0x12b42: cmp al, 6 0x12b44: jne 0x12b5d 0x12b46: mov ax, 0x3508 0x12b49: int 0x21 0x12b4b: mov word ptr cs:[0x58e], bx 0x12b50: mov word ptr cs:[0x590], es 0x12b55: mov dx, 0x55d 0x12b58: mov ax, 0x3508 0x12b5b: int 0x21 0x12b5d: mov ax, 0x3521 0x12b60: int 0x21 0x12b62: mov word ptr cs:[0x2bf], bx 0x12b67: mov word ptr cs:[0x2c1], es 0x12b6c: mov dx, 0x289 0x12b6f: mov ax, 0x2521 0x12b72: int 0x21 0x12b74: mov es, word ptr cs:[0x10b] 0x12b79: cmp word ptr cs:[0x107], 0x426b 0x12b80: je 0x12bc2 0x12b82: mov bx, 0x1000
2018-12-25T12:54:39.169747116Z	53	PC: 12b62 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:39.170780432Z	37	PC: 12b74 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:39.172907105Z	74	PC: 12b89 \| Reallocate memory
2018-12-25T12:54:39.174525725Z	75	PC: 12bc2 \| Execute program
2018-12-25T12:54:39.189113517Z	49	PC: 12bc9 \| Terminate and stay resident (Return code = '1' \| Memory size = '113')

Time	Syscall Op	Syscall Name
2018-12-25T12:54:39.341851137Z	242	PC: 12aa8 \| UNKNOWN!
2018-12-25T12:54:39.343062031Z	42	PC: 12b42 \| Get date 0x12b42: cmp al, 6 0x12b44: jne 0x12b5d 0x12b46: mov ax, 0x3508 0x12b49: int 0x21 0x12b4b: mov word ptr cs:[0x58e], bx 0x12b50: mov word ptr cs:[0x590], es 0x12b55: mov dx, 0x55d 0x12b58: mov ax, 0x3508 0x12b5b: int 0x21 0x12b5d: mov ax, 0x3521 0x12b60: int 0x21 0x12b62: mov word ptr cs:[0x2bf], bx 0x12b67: mov word ptr cs:[0x2c1], es 0x12b6c: mov dx, 0x289 0x12b6f: mov ax, 0x2521 0x12b72: int 0x21 0x12b74: mov es, word ptr cs:[0x10b] 0x12b79: cmp word ptr cs:[0x107], 0x426b 0x12b80: je 0x12bc2 0x12b82: mov bx, 0x1000
2018-12-25T12:54:39.344645081Z	53	PC: 12b4b \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:54:39.345446584Z	53	PC: 12b5d \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:54:39.346477137Z	53	PC: 12b62 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:39.347847401Z	37	PC: 12b74 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:39.348743743Z	74	PC: 12b89 \| Reallocate memory
2018-12-25T12:54:39.349781225Z	75	PC: 12bc2 \| Execute program
2018-12-25T12:54:39.359030385Z	49	PC: 12bc9 \| Terminate and stay resident (Return code = '1' \| Memory size = '113')