Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.1733

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:48.756077217Z	9	PC: 12ce7 \| Display string (String= 'I HATE ALL VIRUS ')
2018-12-17T23:12:48.760597032Z	42	PC: 12ceb \| Get date 0x12ceb: cmp al, 5 0x12ced: jb 0x12cfa 0x12cef: mov dh, 8 0x12cf1: mov dl, 0x31 0x12cf3: mov ah, 0x2b 0x12cf5: int 0x21 0x12cf7: jmp 0x12d02 0x12cf9: jmp 0x12d02 0x12cfb: mov ah, 9 0x12cfd: mov dx, 0x3c5 0x12d00: int 0x21 0x12d02: mov ah, 0xef 0x12d04: ret 0x12d05: and byte ptr [si + 0x6f], dl 0x12d08: popaw 0x12d0a: jns 0x12d2c 0x12d0c: imul si, word ptr [bp + di + 0x20], 0x6f6e 0x12d11: je 0x12d33 0x12d13: insw word ptr es:[di], dx 0x12d14: jns 0x12d36
2018-12-17T23:12:48.763249105Z	9	PC: 12d02 \| Display string (String= ' !"#')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17639,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:14.953222743Z	9	PC: 12ce7 \| Display string (String= 'I HATE ALL VIRUS ')
2018-12-25T12:56:14.966114513Z	42	PC: 12ceb \| Get date 0x12ceb: cmp al, 5 0x12ced: jb 0x12cfa 0x12cef: mov dh, 8 0x12cf1: mov dl, 0x31 0x12cf3: mov ah, 0x2b 0x12cf5: int 0x21 0x12cf7: jmp 0x12d02 0x12cf9: jmp 0x12d02 0x12cfb: mov ah, 9 0x12cfd: mov dx, 0x3c5 0x12d00: int 0x21 0x12d02: mov ah, 0xef 0x12d04: ret 0x12d05: and byte ptr [si + 0x6f], dl 0x12d08: popaw 0x12d0a: jns 0x12d2c 0x12d0c: imul si, word ptr [bp + di + 0x20], 0x6f6e 0x12d11: je 0x12d33 0x12d13: insw word ptr es:[di], dx 0x12d14: jns 0x12d36
2018-12-25T12:56:14.968661911Z	9	PC: 12d02 \| Display string (String= ' !"#')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17639,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:56:15.286929924Z	9	PC: 12ce7 \| Display string (String= 'I HATE ALL VIRUS ')
2018-12-25T12:56:15.291995643Z	42	PC: 12ceb \| Get date 0x12ceb: cmp al, 5 0x12ced: jb 0x12cfa 0x12cef: mov dh, 8 0x12cf1: mov dl, 0x31 0x12cf3: mov ah, 0x2b 0x12cf5: int 0x21 0x12cf7: jmp 0x12d02 0x12cf9: jmp 0x12d02 0x12cfb: mov ah, 9 0x12cfd: mov dx, 0x3c5 0x12d00: int 0x21 0x12d02: mov ah, 0xef 0x12d04: ret 0x12d05: and byte ptr [si + 0x6f], dl 0x12d08: popaw 0x12d0a: jns 0x12d2c 0x12d0c: imul si, word ptr [bp + di + 0x20], 0x6f6e 0x12d11: je 0x12d33 0x12d13: insw word ptr es:[di], dx 0x12d14: jns 0x12d36
2018-12-25T12:56:15.29447047Z	43	PC: 12cf7 \| Set date
2018-12-25T12:56:15.295810556Z	239	PC: 12ada \| UNKNOWN!
2018-12-25T12:56:15.298645499Z	239	PC: 12b2d \| UNKNOWN!
2018-12-25T12:56:15.299823316Z	74	PC: 12bae \| Reallocate memory
2018-12-25T12:56:15.301333649Z	53	PC: 12bb3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:15.302640937Z	37	PC: 12bc7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:15.328098246Z	42	PC: 12bf7 \| Get date 0x12bf7: cmp al, 5 0x12bf9: jne 0x12c2d 0x12bfb: jmp 0x12c05 0x12bfd: add dh, byte ptr [bp + si - 0x32f9] 0x12c01: mov ah, 0xef 0x12c03: ret 0x12c04: ret 0x12c05: sar si, 1 0x12c07: inc byte ptr cs:[0xe] 0x12c0c: mov ax, 0x3508 0x12c0f: int 0x21 0x12c11: mov word ptr cs:[0x13], bx 0x12c16: mov word ptr cs:[0x15], es 0x12c1b: push ds 0x12c1c: push cs 0x12c1d: pop ds 0x12c1e: mov word ptr [0x1f], 0x7e90 0x12c24: mov ax, 0x2508 0x12c27: mov dx, 0x214 0x12c2a: int 0x21
2018-12-25T12:56:15.330689747Z	53	PC: 12c11 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:56:15.332074792Z	37	PC: 12c2c \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:56:15.334207234Z	75	PC: 12c39 \| Execute program
2018-12-25T12:56:15.349901042Z	9	PC: 13547 \| Display string (String= 'I HATE ALL VIRUS ')
2018-12-25T12:56:15.355850559Z	42	PC: 1354b \| Get date 0x1354b: cmp al, 5 0x1354d: jb 0x1355a 0x1354f: mov dh, 8 0x13551: mov dl, 0x31 0x13553: mov ah, 0x2b 0x13555: int 0x21 0x13557: jmp 0x13562 0x13559: jmp 0x13562 0x1355b: mov ah, 9 0x1355d: mov dx, 0x3c5 0x13560: int 0x21 0x13562: mov ah, 0xef 0x13564: ret 0x13565: and byte ptr [si + 0x6f], dl 0x13568: popaw 0x1356a: jns 0x1358c 0x1356c: imul si, word ptr [bp + di + 0x20], 0x6f6e 0x13571: je 0x13593 0x13573: insw word ptr es:[di], dx 0x13574: jns 0x13596
2018-12-25T12:56:15.359058624Z	43	PC: 13557 \| Set date
2018-12-25T12:56:15.36086433Z	74	PC: 1340e \| Reallocate memory
2018-12-25T12:56:15.36246617Z	53	PC: 13413 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:15.364788756Z	37	PC: 13427 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:15.366276006Z	42	PC: 13457 \| Get date 0x13457: cmp al, 5 0x13459: jne 0x1348d 0x1345b: jmp 0x13465 0x1345d: add dh, byte ptr [bp + si - 0x32f9] 0x13461: mov ah, 0xef 0x13463: ret 0x13464: ret 0x13465: sar si, 1 0x13467: inc byte ptr cs:[0xe] 0x1346c: mov ax, 0x3508 0x1346f: int 0x21 0x13471: mov word ptr cs:[0x13], bx 0x13476: mov word ptr cs:[0x15], es 0x1347b: push ds 0x1347c: push cs 0x1347d: pop ds 0x1347e: mov word ptr [0x1f], 0x7e90 0x13484: mov ax, 0x2508 0x13487: mov dx, 0x214 0x1348a: int 0x21
2018-12-25T12:56:15.368815652Z	53	PC: 13471 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:56:15.370581937Z	37	PC: 1348c \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:56:15.373712097Z	67	PC: 12d7f \| Get or set file attributes
2018-12-25T12:56:15.393428812Z	65	PC: 12d83 \| Delete file (Filename = '�')
2018-12-25T12:56:15.400690397Z	75	PC: 13499 \| Execute program
2018-12-25T12:56:15.409991518Z	73	PC: 1349f \| Release memory
2018-12-25T12:56:15.41158363Z	77	PC: 134a3 \| Get program return code
2018-12-25T12:56:15.412994135Z	49	PC: 134b1 \| Terminate and stay resident (Return code = '0' \| Memory size = '124')
2018-12-25T12:56:15.416055949Z	73	PC: 12c3f \| Release memory
2018-12-25T12:56:15.417679618Z	77	PC: 12c43 \| Get program return code
2018-12-25T12:56:15.419394853Z	49	PC: 12c51 \| Terminate and stay resident (Return code = '0' \| Memory size = '124')