Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Fumanchu.2080.c

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:10:34.843879977Z	225	PC: 12c33 \| UNKNOWN!
2018-12-17T22:10:34.845297553Z	225	PC: 12c8c \| UNKNOWN!
2018-12-17T22:10:34.846563652Z	74	PC: 12d0e \| Reallocate memory
2018-12-17T22:10:34.847979824Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:34.850694416Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:34.851936365Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:10:34.853132789Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:10:34.855025355Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov dx, 0x749 0x12d8e: mov ax, 0x2516 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-17T22:10:34.856663048Z	53	PC: 12d83 \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:10:34.857545431Z	37	PC: 12d93 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:10:34.858862657Z	75	PC: 12dd6 \| Execute program
2018-12-17T22:10:34.874495533Z	9	PC: 13635 \| Display string (String= '')
2018-12-17T22:10:34.87649432Z	9	PC: 1363c \| Display string (Could not find end pointer)
2018-12-17T22:10:34.89201596Z	76	PC: 13652 \| Terminate with return code (Return code = '0')
2018-12-17T22:10:34.895294539Z	73	PC: 12ddc \| Release memory
2018-12-17T22:10:34.897067978Z	77	PC: 12de0 \| Get program return code
2018-12-17T22:10:34.899167295Z	49	PC: 12dee \| Terminate and stay resident (Return code = '0' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2300,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:28.685889249Z	225	PC: 12c33 \| UNKNOWN!
2018-12-25T11:45:28.688374614Z	225	PC: 12c8c \| UNKNOWN!
2018-12-25T11:45:28.689721937Z	74	PC: 12d0e \| Reallocate memory
2018-12-25T11:45:28.691185098Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:28.692667121Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:28.695032686Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:45:28.696679341Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:45:28.698288658Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov dx, 0x749 0x12d8e: mov ax, 0x2516 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-25T11:45:28.701733404Z	75	PC: 12dd6 \| Execute program
2018-12-25T11:45:28.720815591Z	9	PC: 13635 \| Display string (String= '')
2018-12-25T11:45:28.723832739Z	9	PC: 1363c \| Display string (Could not find end pointer)
2018-12-25T11:45:28.73631396Z	76	PC: 13652 \| Terminate with return code (Return code = '0')
2018-12-25T11:45:28.739591531Z	73	PC: 12ddc \| Release memory
2018-12-25T11:45:28.740829494Z	77	PC: 12de0 \| Get program return code
2018-12-25T11:45:28.74242702Z	49	PC: 12dee \| Terminate and stay resident (Return code = '0' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":8,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2300,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:28.722974235Z	225	PC: 12c33 \| UNKNOWN!
2018-12-25T11:45:28.724993318Z	225	PC: 12c8c \| UNKNOWN!
2018-12-25T11:45:28.726261905Z	74	PC: 12d0e \| Reallocate memory
2018-12-25T11:45:28.727782065Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:28.73003375Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:28.731689064Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:45:28.733106854Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:45:28.734438804Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov dx, 0x749 0x12d8e: mov ax, 0x2516 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-25T11:45:28.737246609Z	53	PC: 12d83 \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:45:28.73861043Z	37	PC: 12d93 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:45:28.739889793Z	75	PC: 12dd6 \| Execute program
2018-12-25T11:45:28.75954Z	9	PC: 13635 \| Display string (String= '')
2018-12-25T11:45:28.762201134Z	9	PC: 1363c \| Display string (Could not find end pointer)
2018-12-25T11:45:28.779369509Z	76	PC: 13652 \| Terminate with return code (Return code = '0')
2018-12-25T11:45:28.78311803Z	73	PC: 12ddc \| Release memory
2018-12-25T11:45:28.785113967Z	77	PC: 12de0 \| Get program return code
2018-12-25T11:45:28.7868736Z	49	PC: 12dee \| Terminate and stay resident (Return code = '0' \| Memory size = '146')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2300,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:29.318891038Z	225	PC: 12c33 \| UNKNOWN!
2018-12-25T11:45:29.320454144Z	225	PC: 12c8c \| UNKNOWN!
2018-12-25T11:45:29.321488403Z	74	PC: 12d0e \| Reallocate memory
2018-12-25T11:45:29.322821272Z	53	PC: 12d13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:29.338717109Z	37	PC: 12d27 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:29.340721565Z	53	PC: 12d5a \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:45:29.342185703Z	37	PC: 12d6a \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:45:29.34487574Z	42	PC: 12d6e \| Get date 0x12d6e: cmp cx, 0x7c5 0x12d72: jl 0x12d93 0x12d74: cmp dh, 8 0x12d77: jl 0x12d93 0x12d79: mov byte ptr [0x89], 0 0x12d7e: mov ax, 0x3516 0x12d81: int 0x21 0x12d83: mov word ptr [0x18], bx 0x12d87: mov word ptr [0x1a], es 0x12d8b: mov dx, 0x749 0x12d8e: mov ax, 0x2516 0x12d91: int 0x21 0x12d93: mov bl, byte ptr [0x46c] 0x12d97: mov bh, bl 0x12d99: and bx, 0xf00f 0x12d9d: cmp bl, 0 0x12da0: jne 0x12dca 0x12da2: mov cl, 4 0x12da4: shr bh, cl 0x12da6: cmp bh, 0
2018-12-25T11:45:29.347955856Z	75	PC: 12dd6 \| Execute program
2018-12-25T11:45:29.365028244Z	9	PC: 13635 \| Display string (String= '')
2018-12-25T11:45:29.368389204Z	9	PC: 1363c \| Display string (Could not find end pointer)
2018-12-25T11:45:29.381331093Z	76	PC: 13652 \| Terminate with return code (Return code = '0')
2018-12-25T11:45:29.390839062Z	73	PC: 12ddc \| Release memory
2018-12-25T11:45:29.395306932Z	77	PC: 12de0 \| Get program return code
2018-12-25T11:45:29.396748879Z	49	PC: 12dee \| Terminate and stay resident (Return code = '0' \| Memory size = '146')