Sample viewer

vx.netlux.org/Virus.DOS.Jerusalem.Satan.1719.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:16:09.342089675Z	255	PC: 12ab7 \| UNKNOWN!
2018-12-17T22:16:09.344440241Z	53	PC: 12ac2 \| Get interrupt vector (Interrupt = '241' AKA 'UNKNOWN!')
2018-12-17T22:16:09.345798063Z	42	PC: 12ace \| Get date 0x12ace: cmp dh, 0xc 0x12ad1: je 0x12af7 0x12ad3: cmp dh, 3 0x12ad6: je 0x12af7 0x12ad8: mov ah, 0xe3 0x12ada: int 0x21 0x12adc: cmp ah, 0xe3 0x12adf: jae 0x12b1e 0x12ae1: cmp ah, 3 0x12ae4: jb 0x12b1e 0x12ae6: mov ah, 0xdd 0x12ae8: mov di, 0x100 0x12aeb: mov si, 0x6b3 0x12aee: add si, di 0x12af0: mov cx, word ptr cs:[di + 8] 0x12af5: int 0x21 0x12af7: xor ax, ax 0x12af9: mov es, ax 0x12afb: mov di, 0x562 0x12afe: mov si, 0x362

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2906,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:43.41431622Z	255	PC: 12ab7 \| UNKNOWN!
2018-12-25T11:47:43.420806461Z	53	PC: 12ac2 \| Get interrupt vector (Interrupt = '241' AKA 'UNKNOWN!')
2018-12-25T11:47:43.422735005Z	42	PC: 12ace \| Get date 0x12ace: cmp dh, 0xc 0x12ad1: je 0x12af7 0x12ad3: cmp dh, 3 0x12ad6: je 0x12af7 0x12ad8: mov ah, 0xe3 0x12ada: int 0x21 0x12adc: cmp ah, 0xe3 0x12adf: jae 0x12b1e 0x12ae1: cmp ah, 3 0x12ae4: jb 0x12b1e 0x12ae6: mov ah, 0xdd 0x12ae8: mov di, 0x100 0x12aeb: mov si, 0x6b3 0x12aee: add si, di 0x12af0: mov cx, word ptr cs:[di + 8] 0x12af5: int 0x21 0x12af7: xor ax, ax 0x12af9: mov es, ax 0x12afb: mov di, 0x562 0x12afe: mov si, 0x362
2018-12-25T11:47:43.425107502Z	227	PC: 12adc \| UNKNOWN!
2018-12-25T11:47:43.426591935Z	255	PC: 12b58 \| UNKNOWN!
2018-12-25T11:47:43.427348915Z	53	PC: 12b63 \| Get interrupt vector (Interrupt = '241' AKA 'UNKNOWN!')
2018-12-25T11:47:43.428488627Z	42	PC: 12b6f \| Get date 0x12b6f: cmp dh, 0xc 0x12b72: je 0x12b85 0x12b74: cmp dh, 1 0x12b77: je 0x12b85 0x12b79: mov ah, 0xe3 0x12b7b: int 0x21 0x12b7d: cmp ah, 0xe3 0x12b80: jae 0x12b95 0x12b82: cmp ah, 3 0x12b85: pop es 0x12b86: mov ss, word ptr cs:[0x26] 0x12b8b: mov sp, word ptr cs:[0x24] 0x12b90: ljmp ptr cs:[0x28] 0x12b95: xor ax, ax 0x12b97: mov es, ax 0x12b99: mov ax, word ptr es:[0x3fc] 0x12b9d: mov word ptr cs:[0x2c], ax 0x12ba1: mov al, byte ptr es:[0x3fe] 0x12ba5: mov byte ptr cs:[0x2e], al 0x12ba9: mov word ptr es:[0x3fc], 0xa5f3

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2906,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:43.763330259Z	255	PC: 12ab7 \| UNKNOWN!
2018-12-25T11:47:43.775344077Z	53	PC: 12ac2 \| Get interrupt vector (Interrupt = '241' AKA 'UNKNOWN!')
2018-12-25T11:47:43.776461868Z	42	PC: 12ace \| Get date 0x12ace: cmp dh, 0xc 0x12ad1: je 0x12af7 0x12ad3: cmp dh, 3 0x12ad6: je 0x12af7 0x12ad8: mov ah, 0xe3 0x12ada: int 0x21 0x12adc: cmp ah, 0xe3 0x12adf: jae 0x12b1e 0x12ae1: cmp ah, 3 0x12ae4: jb 0x12b1e 0x12ae6: mov ah, 0xdd 0x12ae8: mov di, 0x100 0x12aeb: mov si, 0x6b3 0x12aee: add si, di 0x12af0: mov cx, word ptr cs:[di + 8] 0x12af5: int 0x21 0x12af7: xor ax, ax 0x12af9: mov es, ax 0x12afb: mov di, 0x562 0x12afe: mov si, 0x362

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2906,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:43.87305844Z	255	PC: 12ab7 \| UNKNOWN!
2018-12-25T11:47:43.874194527Z	53	PC: 12ac2 \| Get interrupt vector (Interrupt = '241' AKA 'UNKNOWN!')
2018-12-25T11:47:43.875418181Z	42	PC: 12ace \| Get date 0x12ace: cmp dh, 0xc 0x12ad1: je 0x12af7 0x12ad3: cmp dh, 3 0x12ad6: je 0x12af7 0x12ad8: mov ah, 0xe3 0x12ada: int 0x21 0x12adc: cmp ah, 0xe3 0x12adf: jae 0x12b1e 0x12ae1: cmp ah, 3 0x12ae4: jb 0x12b1e 0x12ae6: mov ah, 0xdd 0x12ae8: mov di, 0x100 0x12aeb: mov si, 0x6b3 0x12aee: add si, di 0x12af0: mov cx, word ptr cs:[di + 8] 0x12af5: int 0x21 0x12af7: xor ax, ax 0x12af9: mov es, ax 0x12afb: mov di, 0x562 0x12afe: mov si, 0x362